CPC H04L 63/126 (2013.01) [H04L 9/3213 (2013.01); H04L 9/3265 (2013.01); H04L 45/22 (2013.01); H04L 45/46 (2013.01); H04L 45/54 (2013.01)] | 18 Claims |
1. A computer-implemented method comprising:
receiving, by a first network service mesh (NSM) from a first pod of a first node, a first request to instantiate a first integrity verified path to a first service endpoint pod of a second node;
receiving, by the first NSM from the first pod, a first attestation token, the first attestation token being based at least in part on a first randomly generated nonce provided by the NSM;
verifying, by the first NSM, the first attestation token with a certificate authority (CA) server;
receiving, by the first NSM from the first service endpoint pod, a second attestation token, the second attestation token being based at least in part on a second randomly generated nonce provided by the NSM;
verifying, by the first NSM, the second attestation token with the CA server; and
based at least in part on the (i) verifying the first attestation token with the CA server and (ii) verifying the second attestation token with the CA server, instantiating, by the first NSM, the first integrity verified path between the first pod and the first service endpoint pod.
|