US Patent 11606198 Centrally managed PKI provisioning and rotation

Embodiments relate to systems for distribution of cryptographic keys generated with high quality entropy on to new or configurable devices using a centralized entropy provider located at a server and a provisioning device that communicates between the server and the configurable devices. The server may receive a request from a provisioning device for a cryptographic keypair. For example, the provisioning device may be physically connected to a configurable device for bootstrapping and requests the identity keys to install on to the configurable device. The server generates the cryptographic keypair having newly generated public and private keys for the configurable device. The server encrypts the newly generated keypair (e.g., in the form of a private key and a certificate having the public key) using the public key of the provisioning device and transmits the encrypted keypair to the provisioning device for decryption and installation on to the configurable device.