The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. In many instances, organizations configure and operate remote networks using hardware manufactured externally, thereby reducing infrastructure costs and achieving other advantages. With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
In many instances, a network may, for security reasons, require computer hardware and/or software on the network to be authorized for use on the network. A mechanism for authorizing specific devices for use on a network is to provide authorized devices with a digital certificate that can be verified on the network.
An organization utilizing networks of computing devices may not have the ability, capacity, or desire to manufacture its own hardware. Instead, the organization may purchase computing devices from a third-party manufacturer. In instances where devices are authorized to a network with a digital certificate, the organization may provide a digital certificate or digital certificate generation mechanism to the third-party manufacturer. However, providing the digital certificate or digital certificate generation mechanism to a third-party manufacturer may not provide sufficient assurances of security to the organization—for example, ensuring that the third-party manufacturer does not create a rogue device that may be used to infiltrate the organization's network, or ensuring that a malicious party does not steal the digital certificate or digital certificate generation mechanism and use it to create a rogue device that may be used to infiltrate the organization's network typically requires complicated and extensive effort.