发明名称 |
Host identity bootstrapping |
摘要 |
Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place. |
申请公布号 |
US9432356(B1) |
申请公布日期 |
2016.08.30 |
申请号 |
US200912435995 |
申请日期 |
2009.05.05 |
申请人 |
Amazon Technologies, Inc. |
发明人 |
Johansson Jesper M.;Corddry Matthew T.;Hansen Tom F.;Kearney Luke F. |
分类号 |
H04L29/06;G06F21/33 |
主分类号 |
H04L29/06 |
代理机构 |
Davis Wright Tremaine LLP |
代理人 |
Davis Wright Tremaine LLP |
主权项 |
1. One or more non-transitory computer-readable storage media storing instructions that when executed instruct a processor of an infrastructure coordination server to perform acts comprising:
receiving an enrollment request from a host; mapping the host to a certificate profile; determining a validity of a host identity associated with the host; obtaining, without human intervention, a personal identification number (PIN) from a public key infrastructure (PKI); mapping multiple certificate authorities (CAs) to the host to accommodate for a failure of at least one of the multiple CAs; providing, without human intervention, the PIN and CA connection information to the host; signing an encryption certificate using a private key; issuing the signed encryption certificate to the host; sending, to the host, a new certificate; revoking the signed encryption certificate; and renewing the new certificate. |
地址 |
Seattle WA US |