Patent attributes
The method provides for dynamic retrieval of certificates, with remote, secure, and scalable lifecycle management. It enables configuring, generating, issuing, and sending client certificates by a certificate broker service to client applications, sending client certificates by client applications to server applications, and verifying of client certificates by server applications for host address, network address, network mash, network scope, and IP address pool-based authorization. It is an agentless method to achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud secure communications. It helps Transport Layer Security and Internet Key Exchange enabled applications retrieve leaf certificates and the associated private key, and verify certificates, programmatically for certificate-based authentication during protocol handshake, with host and network address-based authorization policies.
