| CPC H04L 9/3268 (2013.01) [H04L 9/14 (2013.01)] | 20 Claims |
|
1. A system, comprising:
a plurality of computers comprising respective processors and memory and configured to implement a certificate authority comprising:
a plurality of components configured to perform a plurality of tasks of a certificate issuance workflow;
a workflow manager configured to coordinate performance of the plurality of tasks among the plurality of components to perform the certificate issuance workflow; and
a certificate issuance workflow approval component configured to verify successful completion of the certificate issuance workflow;
wherein individual components of the plurality of components are configured to:
perform one or more tasks of the plurality of tasks;
generate a cryptographic assertion for a result of performing the one or more tasks; and
return the cryptographic assertion to the workflow manager;
wherein the workflow manager is configured to:
collect the cryptographic assertions from the plurality of components; and
send a request to a workflow approval component to approve completion of the certificate issuance workflow, wherein the request includes a collection of the cryptographic assertions from the plurality of components for the certificate issuance workflow; and
wherein the workflow approval component is configured to:
validate the cryptographic assertions from the plurality of components using different cryptographic keys for respective components of the plurality of components; and
verify that the validated cryptographic assertions indicate successful completion of the certificate issuance workflow; and
wherein the certificate authority is configured to issue a certificate based on verification by the workflow approval component that the certificate issuance workflow was successfully completed.
|