Browse Prior Art Database

System and method to simplify security of Cloud based environments through a trusted SSL Certificate Service Disclosure Number: IPCOM000244679D
Publication Date: 2016-Jan-06
Document File: 5 page(s) / 103K

Publishing Venue

The Prior Art Database


Embodiments are directed to simplification of SSL setup in PAAS (Platform as a Service) environments such that each Cloud service provider and client need to trust only one certificate. It is achieved by proposing the SSL trust service. The objective of SSL trust service is for establishing secure SSL communication channel between Cloud service and client. Once Trust service verifies mutual trust between Cloud service and client, Cloud service and clients communicate directly through SSL.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 34% of the total text.

Page 01 of 5

System and method to simplify security of Cloud based environments through a trusted SSL Certificate Service

Brief Summary

In Platform as a Service environments (PAAS), where new Web Services and Clients get introduced routinely, the dynamically generated Web Services could use self signed Certificates that a Client would not be able to trust by default. Even if Services and Clients use certificates from well known Certificate Authorities, each Service or Client may end up needing to trust many such root certificates. Hence we propose a system and method of establishing SSL communication in PAAS environments such that each Service or Client would need to trust only one certificate.

the article proposes a new end to end flow to establish SSL communication between Service

providers in a PAAS environment and their Clients such that each Service or Client needs to trust only one certificate and delegate the verification and validation of other Certificates on their behalf to a central SSL Trust Service available in the environment.

We introduce the central SSL Trust Service - that acts as a registry of well known Web services and could even keep record of authorized Clients for these web services. This registry holds the public SSL Certificate information that these Services and Clients need/or are authorized to use for establishing mutual trust. Service providers and Clients need to trust only the certificate of the SSL Trust service, instead of needing to directly trust each others' certificates. Service providers and Clients rely on the SSL Trust Service to validate certificates presented by each other.

The registration of Service providers and Clients with the SSL Trust Service use any existing, established process present in the PAAS for safe authentication and authorization when registering their Certificate information.

Detailed Description

The embodiment is in the form of:

SSL Trust Service that is accessible over HTTPS (HTTP over SSL) or TLS that ensures the integrity of data and identity of communicating parties.

SSL Trust Service client libraries for different platforms and runtimes that make the service easily integrated using standard means with consumers of the SSL Trust Service - for example, custom TrustStore implementations for Java based applications that validate the trust through invoking the SSL Trust Service.

Usually in a PAAS encvionrment, it is more common to have servers authenticate themselves with to the client, and client certificate authentication is optional. However, this can extend to client certificate authentication as well, therefore, below steps assume both server and client authentication is needed.. End to end flow is captured below:


Page 02 of 5

1) As part of onboarding process in the PAAS environment, the incoming Service registers its certificate with the Trust Service. This certificate can be self signed or issued by a well known Certification Authority. Registration process stores the cert...