	US 11,811,784 B2
	Integrity verified paths between entities in a container-orchestration system
Nagendra Kumar Nainar, Morrisville, NC (US); Carlos M. Pignataro, Cary, NC (US); and Akram Ismail Sheriff, San Jose, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jun. 3, 2022, as Appl. No. 17/832,159.
Application 17/832,159 is a continuation of application No. 17/035,065, filed on Sep. 28, 2020, granted, now 11,356,461.
Prior Publication US 2022/0294806 A1, Sep. 15, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 9/40 (2022.01); H04L 45/00 (2022.01)

CPC H04L 63/126 (2013.01) [H04L 9/3213 (2013.01); H04L 9/3265 (2013.01); H04L 45/22 (2013.01); H04L 45/46 (2013.01); H04L 45/54 (2013.01)]

18 Claims

1. A computer-implemented method comprising:

receiving, by a first network service mesh (NSM) from a first pod of a first node, a first request to instantiate a first integrity verified path to a first service endpoint pod of a second node;

receiving, by the first NSM from the first pod, a first attestation token, the first attestation token being based at least in part on a first randomly generated nonce provided by the NSM;

verifying, by the first NSM, the first attestation token with a certificate authority (CA) server;

receiving, by the first NSM from the first service endpoint pod, a second attestation token, the second attestation token being based at least in part on a second randomly generated nonce provided by the NSM;

verifying, by the first NSM, the second attestation token with the CA server; and

based at least in part on the (i) verifying the first attestation token with the CA server and (ii) verifying the second attestation token with the CA server, instantiating, by the first NSM, the first integrity verified path between the first pod and the first service endpoint pod.