ESTABLISHING PKI CHAIN OF TRUST IN AIR GAPPED CLOUD

ESTABLISHING PKI CHAIN OF TRUST IN AIR GAPPED CLOUD

Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: GU, Deyang, KULKARNI, Akshay Kishor, FLEUCHAUS, Lucius B, ZHANG, Yingchang Charley, TEJERINA, David Nunez, LIU, Pu, CHAVAN, Sahil S
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PM certificate chain of trust.