Establishing PKI chain of trust in air gapped cloud

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Pu Liu · Vestal, US
• Yingchang Charley Zhang · Redmond, US
• Sahil S. CHAVAN · Redmond, US
• Deyang Gu · Mercer Island, US
• Lucius B. Fleuchaus · Redmond, US
• Akshay Kishor Kulkarni · Redmond, US
• David Nunez Tejerina · Bellevue, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3268
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PKI certificate chain of trust.