Certificate authority (CA) security model in an overlay network supporting a branch appliance
US11418352B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 14, 2019 |
| Grant date | Aug 16, 2022 |
| Priority date | — |
| Expiry date | Sep 26, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/06
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method to generate a trusted certificate on an endpoint appliance located in an untrusted network, wherein client devices are configured to trust a first Certificate Authority (CA) that is administered by the untrusted network. In this approach, an overlay network is configured between the endpoint appliance and an origin server associated with the endpoint appliance. The overlay comprises an edge machine located proximate the endpoint appliance, and an associated key management service. A second CA is configured in association with the key management service to receive a second certificate signed by the first CA. A third CA is configured in association with the edge machine to receive a third certificate signed by the second CA. In response to a request from the appliance, a server certificate signed by the third CA is dynamically generated and provided to the appliance. A client device receiving the server certificate from the endpoint appliance trusts the server certificate as if the server certificate originated from the first CA, thereby enabling the endpoint appliance to terminate a secure information flow received at the endpoint appliance.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.