US2024015032A1PendingUtilityA1

Systems and Methods for Self-Contained Certificate Signing Request in Delegation Scenarios

63
Assignee: INDEED INCPriority: May 26, 2020Filed: Jul 7, 2023Published: Jan 11, 2024
Est. expiryMay 26, 2040(~13.9 yrs left)· nominal 20-yr term from priority
H04L 9/3268H04L 9/3247H04L 63/166G06F 16/957G06F 3/04812G06F 3/0482G06F 3/0485G06F 11/32G06F 11/3409G06F 11/3438G06V 30/416G06V 30/414G06F 18/2163G06F 18/40G06F 18/2155G06F 16/9035G06Q 10/1053G06Q 10/109H04L 65/403H04L 63/0428G06F 11/3452G06F 2203/04803G06Q 30/0243H04L 63/0823G06Q 10/063112H04L 63/0815G06F 3/0481G06F 21/44G06F 2221/2129H04L 9/321G06N 20/00G06N 3/09G06F 18/2178G06F 40/131G06V 30/1456G06V 30/18086G06T 2210/12
63
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A platform security system and method improve security by binding an identity of a self-contained certificate signing request (SC CSR) requestor to the SC CSR to prevent malicious tampering, such as man-in-the-middle attacks. In at least one embodiment, the requestor, such as a client computer system or other source of a request, requests certificates from a certificate authority (CA). Binding the identity of the SC CSR to the requestor can prevent unauthorized system and/or data access and potentially resultant unauthorized access, malicious tampering, such as man-in-the-middle attacks, and other unauthorized actions or observations. Validation can be performed at the CA on the SC CSR to determine the integrity of the requestor and authorization to receive certificates before the CA sends the certificate to the requestor.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A computer-implemented method for providing a self-contained certificate signing request (SC CSR), the method comprising:
 determining an entity that requires a certificate, wherein the certificate identifies the entity to other entities;   binding an identity of a requestor to the SC CSR;   sending the SC CSR that is bound with the identity to one or more intermediaries which is passed along to a certificate authority (CA), wherein the CA performs a validation on the SC CSR that is bound with the identity to verify identity and authorization to receive certificates by the requestor; and   receiving the certificate from the CA.   
     
     
         2 . The computer-implemented method of  claim 1 , wherein the requestor requests a certificate for itself or a deployed service. 
     
     
         3 . The computer-implemented method of  claim 1 , wherein the binding the identity comprises providing with the SC CSR with a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ) and a public certificate (PC_ 1 ). 
     
     
         4 . The computer-implemented method of  claim 3 , wherein the public certificate (PC_ 1 ) is replaced with a JSON Web Token (JWT) when JWT is implemented for authentication and authorization. 
     
     
         5 . The computer-implemented method of  claim 1 , wherein the requestor establishes a transport layer security (TLS) connection with the one or more intermediaries using a private key (PrK_ 1 ) and a public certificate (PC_ 1 ) pair (PrK_ 1 , PC_ 1 ), wherein the (PrK_ 1 , PC_ 1 ) is used by the one or more intermediaries for authentication and authorization. 
     
     
         6 . The computer-implemented method of  claim 1 , wherein validation performed at the CA is performed by a component that validates the integrity of the SC CSR and uses a public certificate (PC_ 1 ) to verify a signature of a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ). 
     
     
         7 . The computer-implemented method of  claim 1 , wherein the one or more intermediaries and CA communicate with an identity access management (IAM) service. 
     
     
         8 . A system comprising:
 a processor; and   a non-transitory, computer-readable storage medium having code stored therein and executable by the processor to perform operations comprising:
 determine an entity that requires a certificate, wherein the certificate identifies the entity to other entities; 
 bind an identity of a requestor to the SC CSR; 
 send the SC CSR that is bound with the identity to one or more intermediaries which is passed along to a certificate authority (CA), wherein the CA performs a validation on the SC CSR that is bound with the identity to verify identity and authorization to receive certificates by the requestor; and 
 receive the certificate from the CA. 
   
     
     
         9 . The system of  claim 8 , wherein the requestor requests a certificate for itself or a deployed service. 
     
     
         10 . The system of  claim 8 , wherein the binding the identity comprises providing with the SC CSR with a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ) and a public certificate (PC_ 1 ). 
     
     
         11 . The system of  claim 10 , wherein the public certificate (PC_ 1 ) is replaced with a JSON Web Token (JWT) when JWT is implemented for authentication and authorization. 
     
     
         12 . The system of  claim 8 , wherein the requestor establishes a transport layer security (TLS) connection with the one or more intermediaries using a private key (PrK_ 1 ) and a public certificate (PC_ 1 ) pair (PrK_ 1 , PC_ 1 ), wherein the (PrK_ 1 , PC_ 1 ) is used by the one or more intermediaries for authentication and authorization. 
     
     
         13 . The system of  claim 8 , wherein validation performed at the CA is performed by a component that validates the integrity of the SC CSR and uses a public certificate (PC_ 1 ) to verify a signature of a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ). 
     
     
         14 . The system of  claim 8 , wherein the one or more intermediaries and CA communicate with an identity access management (IAM) service. 
     
     
         15 . A non-transitory computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions that when executed by a processor perform operations comprising:
 determine an entity that requires a certificate, wherein the certificate identifies the entity to other entities;   bind an identity of a requestor to the SC CSR;   send the SC CSR that is bound with the identity to one or more intermediaries which is passed along to a certificate authority (CA), wherein the CA performs a validation on the SC CSR that is bound with the identity to verify identity and authorization to receive certificates by the requestor; and   receive the certificate from the CA.   
     
     
         16 . The non-transitory, computer-readable storage medium of  claim 15 , wherein the requestor requests a certificate for itself or a deployed service. 
     
     
         17 . The non-transitory, computer-readable storage medium of  claim 15  wherein the binding the identity comprises providing with the SC CSR with a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ) and a public certificate (PC_ 1 ). 
     
     
         18 . The non-transitory, computer-readable storage medium of  claim 17 , wherein the public certificate (PC_ 1 ) is replaced with a JSON Web Token (JWT) when JWT is implemented for authentication and authorization. 
     
     
         19 . The non-transitory, computer-readable storage medium of  claim 15 , wherein the requestor establishes a transport layer security (TLS) connection with the one or more intermediaries using a private key (PrK_ 1 ) and a public certificate (PC_ 1 ) pair (PrK_ 1 , PC_ 1 ), wherein the (PrK_ 1 , PC_ 1 ) is used by the one or more intermediaries for authentication and authorization. 
     
     
         20 . The non-transitory, computer-readable storage medium of  claim 15 , wherein validation performed at the CA is performed by a component that validates the integrity of the SC CSR and uses a public certificate (PC_ 1 ) to verify a signature of a public key  2  (PuK_ 2 ) signed by private key (PrK_ 1 ).

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.