High-assurance private certificate authorities

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Trevor W. Freeman · Sammamish, US
• Param Sharma · Haymarket, US
• Todd Lawrence Cignetti · Ashburn, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/50
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Approaches presented herein relate to the management of secure secrets, such as digital certificates. When an operation is performed by a certificate authority (CA) with respect to a digital certificate, information for the operation is written to a blockchain (or other distributed and verifiable ledger) in addition to a secure database accessible to the CA. The ability of an external party to access the blockchain and independently verify information about a digital certificate can help to increase a level or assurance in the integrity of the CA, which can be important when an entity wants to act as (or offer) their own private certificate authority. Information in the blockchain can also help to identify “dark” certificates, which may appear valid but were not issued by a CA using a valid and secure process, and thus can be identified by a lack of valid transactions included in the corresponding blockchain.