Security mechanism within a local area network

摘要

A local area network server may issue security certificates to client devices on the network for two-way authentication across the network. The certificates may be issued through a transaction performed over the network and, in some cases, may be automated. The server may have a self signed or a trusted security certificate which may serve as a basis for issuing certificates to various clients. After a certificate is issued, future communications on the network may be authenticated by both the server and client, and the communications may be encrypted using the certificates.

主权项

1. A method, comprising:
sending, from a client device, a first request to a server, the first request comprising a request for a server public key associated with the server; in response to sending the first request, receiving, at the client device, the server public key from the server; using the received server public key to establish a secure communication channel for the client device with the server within a local area network, wherein establishing the secure communication channel includes encrypting, at the client device, a second request to the server for a client security certificate using the received server public key from the server; sending, from the client device, the encrypted second request to the server for the client security certificate using the secure communication channel; in response to sending the encrypted second request and without providing any further authentication in addition to sending the encrypted second request using the secure communication channel within the local area network established for the client device with the server, receiving, at the client device, the client security certificate from the server wherein the security certificate is a self-signed certificate; and installing the received security certificate on the client device.