Cisco Systems, Inc.
Distributed certificate authority

Abstract:

The present disclosure provides an approach for a certificate authority (CA) that is distributed among nodes of a network, such that only a portion of the network nodes are required to sign and issue a digital certificate. Each node of the network includes a partial private key, the partial private key having been obtained by sharding the full private key. The sharding may be performed by a process known in the art, such as Shamir Secret Sharing and Distributed Key Generation. Systems that are inherently distributed may use the techniques herein to create a CA that is not centralized. The techniques herein leverage a database in the form of a distributed blockchain to store issued certificates and status of the certificates.