| CPC H04L 9/3263 (2013.01) [H04L 9/30 (2013.01); H04L 9/3247 (2013.01)] | 29 Claims |
|
1. One or more non-transitory computer-readable media storing instructions, which when executed by one or more hardware processors, cause performance of operations comprising:
receiving, from a first network entity, a first credential request and a first digital certificate,
wherein the first credential request comprises a first digital signature generated from a first private key corresponding to the first network entity, and
wherein the first digital certificate comprises a first public key corresponding to the first network entity, and a second digital signature generated from a second private key corresponding to a certificate authority (CA);
performing a first validation of the second digital signature using a second public key corresponding to the CA;
determining, based on the first validation, that the second digital signature corresponds to the CA;
determining, based on the second digital signature corresponding to the CA, that the first digital certificate is valid;
responsive to determining that the first digital certificate is valid, obtaining the first public key from the first digital certificate and performing a second validation of the first credential request using the first public key;
determining, based on the second validation, that the first digital signature corresponds to the first public key;
determining, based on the first digital signature corresponding to the first public key, that the first network entity is authorized to access a cloud resource corresponding to the first credential request;
responsive to determining that the first network entity is authorized to access the cloud resource, transmitting a first access credential to the first network entity,
wherein the first network entity uses the first access credential, directly or indirectly, to access the cloud resource.
|