| CPC H04L 9/0825 (2013.01) [H04L 9/006 (2013.01); H04L 9/3213 (2013.01); H04L 9/3247 (2013.01)] | 14 Claims |
|
1. A system for securing public key infrastructure with a custom microservice bridge that restricts client device access to a digital certificate, the system comprising:
a client device comprising a microprocessor executing a client application, the application configured to generate and digitally sign an identification token;
a central server configured generate an access token in response to authentication of the identification token; an
interface layer comprising a secure microservice bridge remote from the client device, the microservice bridge comprising a microservice orchestrator and a set of APIs that interact with the client device, the central server, and an enterprise digital certificate manager, the interface layer configured to:
in response to a call from the application, access an application-specific digital certificate stored by the enterprise digital certificate manager and generate an application-specific private key;
encrypt the application-specific private key for digital signature at the client application; in response to a call from the central server, access the application-specific digital certificate stored by the enterprise digital certificate manager and generate an application-specific public key; and
format the application-specific public key in a format compatible with the identification token for decrypting the digital signature at the central server;
wherein the client device is restricted from having access to the digital certificate, the private key, and the public key.
|