-
公开(公告)号:US11533185B1
公开(公告)日:2022-12-20
申请号:US16910010
申请日:2020-06-23
发明人: Param Sharma , Jonathan Kozolchyk , Todd Cignetti , Kyle Benjamin Schultheiss , Josh Rosenthol , Jose Maria Silveira Neto , Yiwen Wu
IPC分类号: H04L9/32
摘要: Systems and method for generating and managing certificate authorities. For instance, a certificate service may provide one or more user interfaces for creating certificate authorities, such as a root certificate authority, a subordinate certificate authority, and/or an intermediate certificate authority. For example, a user may use a user device to create a certificate hierarchy. The certificate service may also provide one or more user interfaces for issuing certificates using the certificate authorities. One or more computing resources may then use the end-entity certificates issued from the certificate authority hierarchy for authentication and/or encryption. For security purposes, the certificate authority may also allow the user to set policies representing users that are able to access and/or utilize the certificate authorities to perform actions, such as issuing certificates. The certificate service may also generate audit reports indicating certificates that are created using the certificate authorities.
-
公开(公告)号:US12088738B2
公开(公告)日:2024-09-10
申请号:US17541998
申请日:2021-12-03
CPC分类号: H04L9/3268 , H04L9/0825 , H04L9/3213 , H04L63/102 , H04L63/20
摘要: Techniques are described for enabling users of a certificate management service to create certificate issuance policies that can be applied to certificate issuance requests across both public and private certificate authorities (CAs) and other certificate-related services. According to embodiments described herein, a certificate issuance policy includes one or more certificate issuance rules to be applied to requests associated with one or more specified user accounts or roles for certificate-related resources (e.g., public certificates, private certificates, etc.). The application of a certificate issuance rule can be conditioned on a particular request context (e.g., based on a user account or role associated with a request, a type of certificate requested, a subject name identified in the request, etc.) and can specify a wide range of actions to be performed on requests matching a rule (e.g., allowing or denying a request, modifying one or more parameters of the request, etc.).
-
公开(公告)号:US12034872B1
公开(公告)日:2024-07-09
申请号:US17411740
申请日:2021-08-25
发明人: Param Sharma , Todd Cignetti
CPC分类号: H04L9/3268 , H04L9/0825 , H04L9/0861
摘要: Techniques for providing specialized certificate authorities are described. A method of providing specialized certificate authorities may include receiving a request to generate a private certificate at a specialized certificate authority, the specialized certificate authority configured to generate only one type of digital certificate using a user-specified template, generating a certificate based on the customer-specified template, and returning the certificate.
-
公开(公告)号:US12132722B1
公开(公告)日:2024-10-29
申请号:US16457478
申请日:2019-06-28
发明人: Todd Cignetti , Michael S. Slaughter , Dayong Hao
IPC分类号: H04L9/40
CPC分类号: H04L63/0823 , H04L63/108 , H04L63/164
摘要: Methods, systems, and computer-readable media for a certificate management system with forced certificate renewal are disclosed. The certificate management system may receive a request to renew a digital certificate. The request may be received at a selected time prior to an automatic renewal date for the certificate, and the automatic renewal date may be stored by the certificate management system. The certificate management system may acquire, based at least in part on the request to renew the certificate, a renewed certificate from a certificate authority. The renewed certificate may be obtained prior to the automatic renewal date. The renewed certificate may be exported from the certificate management system and bound to a computing resource (e.g., a server) prior to the automatic renewal date.
-
公开(公告)号:US20240097918A1
公开(公告)日:2024-03-21
申请号:US17947957
申请日:2022-09-19
发明人: Param Sharma , Todd Cignetti , Trevor Freeman
IPC分类号: H04L9/32
CPC分类号: H04L9/3268 , H04L9/321
摘要: Approaches presented herein relate to the management of secure secrets in a distributed environment. In particular, various embodiments provide for the management of unique digital identities across multiple regions, where each region can include its own certificate authority. While these certificate authorities may operate independently, they can be part of a multi-primary system where unique identities and keys are stored redundantly across environments. In the event of a failure of a certificate authority in one region, another certificate authority in another region can continue security and authentication management, without a need to issue new identities or change operation of any of the regions. Parties to secure communications, such as application containers, can each receive their own unique identity which can be shared across various regions to allow related tasks (e.g., certificate issuance or revocation) to be performed identically from any of those regions.
-
公开(公告)号:US11888994B1
公开(公告)日:2024-01-30
申请号:US17364232
申请日:2021-06-30
CPC分类号: H04L9/3263 , H04L9/0825 , H04L9/0836 , H04L9/0891
摘要: Described are automated systems and methods for providing a template design for a public-key infrastructure (PKI) system. For example, certain infrastructure information and stored PKI information can be processed to determine a PKI template, which can specify the configuration for a proposed PKI hierarchy. A configurable representation of the proposed PKI hierarchy can be generated and presented to the user, which can facilitate review, modification, and further customization of the proposed PKI hierarchy. Aspects of the present disclosure can also determine costs associated with the proposed PKI hierarchy, and can create and deploy the proposed PKI hierarchy.
-
公开(公告)号:US11671264B1
公开(公告)日:2023-06-06
申请号:US17024983
申请日:2020-09-18
发明人: Todd Cignetti , Trevoli Ponds-White , Michael S. Slaughter , Param Sharma , Kyle Benjamin Schultheiss , Chris Stoner
CPC分类号: H04L9/3268 , H04L9/3247
摘要: Techniques for validating digital certificate information before signing are described. A method of validating digital certificate information before signing may include generating a to-be-signed (TBS) certificate, providing the TBS certificate to a certificate pre-issuance validation service to perform one or more validations on the TBS certificate, and receiving a request to issue a signed certificate based on the TBS certificate following validation of the TBS certificate by the certificate pre-issuance validation service.
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.015 秒)
