Secure key distribution service

摘要

A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

主权项

1. A method comprising:
receiving, by a secure key distribution service (SKDS) server device, identity information from a requesting server device, the identity information comprising a fully-qualified domain name (FQDN) of the requesting server device, a credential string, and a network address of the requesting server device; providing, by the SKDS server device, the FQDN to a domain name server device; retrieving, by the SKDS server device, from the domain name server device a resolved network address at least partly in response to providing the FQDN to the domain name server device; comparing, by the SKDS server device, the network address of the requesting server device with the resolved network address; authorizing, by the SKDS server device, transmission of encryption key information at least partly in response to determining that the network address of the requesting server device matches the resolved network address; determining that automatic acceptance of credential strings is enabled for the requesting server device; and determining that an encryption key is accessible to the requesting server device at least partly in response to determining that automatic acceptance of credential strings is enabled for the requesting server device.