US 12,238,226 B2
Secure distribution of a client certificate private key to client-based services
Vaneeswaran Natrayan, Tamil Nadu (IN); Mahadev Karadigudda, San Jose, CA (US); Satish Inampudi, San Jose, CA (US); and Senthil Ponnuswamy, San Jose, CA (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Jul. 12, 2022, as Appl. No. 17/862,840.
Prior Publication US 2024/0022435 A1, Jan. 18, 2024
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/3268 (2013.01) [H04L 9/0822 (2013.01); H04L 9/0841 (2013.01); H04L 9/085 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for a client system to securely distribute a client certificate private key to one or more client-based services, comprising:
one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
obtain a symmetric key generated using a key exchange algorithm, the symmetric key also provided to a first client-based service;
receive a request from the first client-based service to access a client certificate private key that is managed by a certificate manager and encrypted with a key-encryption-key, the request including a secret message encrypted with the symmetric key, the secret message generated by the first client-based service;
verify the request received from the first client-based service originates from a trusted device;
access the key-encryption key, in response to verifying the request originates from the trusted device, the key-encryption key accessed only by the certificate manager and not shared with any of the client-based services;
decrypt the client certificate private key with the key-encryption key;
decrypt the secret message with the symmetric key;
encrypt the client certificate private key with the secret message; and
provide access to the client certificate private key encrypted with the secret message to the first client-based service as a response to the request.