Method and system for protecting root CA certificate in a virtualization environment

Assignees

• INSTITUTE OF INFORMATION ENGINEERING, CHINESE ACADEMY OF SCIENCES · CN
• DATA ASSURANCE & COMMUNICATION SECURITY CENTER, CHINESE ACADEMY OF SCIENCES · CN

Inventors

• Jingqiang Lin · Beijing, CN
• Jiwu Jing · Beijing, CN
• Le Guan · Beijing, CN
• Bingyu Li · Dalian, CN
• Jing Wang · Waterloo, CA
• Wuqiong Pan · Beijing, CN
• Yuewu Wang · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The present invention discloses a method and a system for protecting root CA certificates in a virtualization environment. The method installs a root CA certificate security manager on a host computer. The root CA certificate security manager stores the lists of root CA certificates and provides certificate validation service to virtual machines via a read-only interface. When a virtual machine needs the verification of a certificate, it sends a certificate validation service request to the root CA security manager. The root CA certificate security manager provides certificate validation services to the virtual machine in response to the request. The virtual list of root CA certificates in the present invention has the following features: it isolates the list of the root CA certificates from the virtual machine; the virtual machine can only access the list of the root CA certificates in a read-only manner; modification or configuration of the lists of root CA certificates can only be made via an interface of the CA certificate security manager on the host computer; and the virtual machine can flexibly choose the way how a certificate is to be verified.