Secure storage of enterprise certificates for cloud services

US 10,013,668 B2
Filed: 02/04/2016
Issued: 07/03/2018
Est. Priority Date: 08/14/2015
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause one or more processors to perform functionality to secure storage of certificate keys, the functionality comprising:

receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device;

unlocking the certificate using the user password within a temporary keychain;

exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce;

discarding the temporary keychain;

receiving, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;

encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;

receiving at the application development machine a request for building the application; and

sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system performs secure storage of certificate keys. The system receives a user password and a certificate that is locked by the user password. The certificate is configured to be used for signing binaries of an application. The system sends, to a build server, the user password and the certificate that is locked by the user password. The system then receives, from the build server, a first portion of a certificate key and the certificate that is locked by the certificate key, and stores the first portion of the certificate key and the certificate that is locked by the certificate key.

164 Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause one or more processors to perform functionality to secure storage of certificate keys, the functionality comprising:
- receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device;
  
  unlocking the certificate using the user password within a temporary keychain;
  
  exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce;
  
  discarding the temporary keychain;
  
  receiving, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;
  
  encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;
  
  receiving at the application development machine a request for building the application; and
  
  sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable medium of claim 1, wherein the build server unlocks the certificate with the user password, imports the certificate into a keychain, and exports the certificate from the keychain by locking the certificate with the certificate key.
  - 3. The computer readable medium of claim 2, wherein the build server constructs the certificate key by using the standard portion and the unique portion.
  - 4. The computer readable medium of claim 1, wherein the application development machine comprises a web-based virtual machine.
  - 5. The computer readable medium of claim 1, wherein the standard portion of the certificate key is a machine key stored on the build server.
  - 6. The computer readable medium of claim 1, wherein the unique portion of the certificate key and the certificate that is locked by the certificate key are stored on a tenant database by the application development machine.
  - 7. The computer readable medium of claim 1, wherein the build server builds binaries of the application and signs the binaries of the application using the certificate.

8. A method for secure storage of certificate keys, comprising:
- receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device;
  
  unlocking the certificate using the user password within a temporary keychain;
  
  exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce;
  
  discarding the temporary keychain;
  
  receiving, from the build server, a the unique portion of a certificate key and the certificate that is locked by the certificate key;
  
  encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;
  
  receiving at the application development machine a request for building the application; and
  
  sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the build server unlocks the certificate with the user password, imports the certificate into a keychain, and exports the certificate from the keychain by locking the certificate with the certificate key.
  - 10. The method of claim 9, wherein the build server constructs the certificate key by using the standard portion and the unique portion.
  - 11. The method of claim 10, wherein the standard portion of the certificate key is a secure password previously generated on the build server.
  - 12. The method of claim 8, wherein the application development machine comprises a web-based virtual machine.
  - 13. The method of claim 8, wherein the unique portion of the certificate key and the certificate that is locked by the certificate key are stored on a tenant database by the application development machine.
  - 14. The method of claim 8, wherein the build server builds binaries of the application and signs the binaries of the application using the certificate.

15. A system for secure storage of certificate keys, comprising:
- a storage device that stores instructions; and
  
  one or more hardware processors that execute the instructions to cause the processors to;
  
  receive, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device;
  
  unlocking the certificate using the user password within a temporary keychain;
  
  export and lock the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce;
  
  discard the temporary keychain;
  
  receive, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;
  
  encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;
  
  receive at the application development machine a request for building the application; and
  
  send by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the application development machine comprises a web-based virtual machine.
  - 17. The system of claim 15, wherein the unique portion of the certificate key and the certificate that is locked by the certificate key are stored on a tenant database by the application development machine.
  - 18. The system of claim 15, wherein the build server builds binaries of the application and signs the binaries of the application using the certificate.
  - 19. The system of claim 15, wherein the build server unlocks the certificate with the user password, imports the certificate into a keychain, and exports the certificate from the keychain by locking the certificate with the certificate key.
  - 20. The system of claim 15, wherein the build server constructs the certificate key by using the standard portion and the unique portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Straub, Christian David
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Mohammadi, Fahimeh

Application Number

US15/015,200
Publication Number

US 20170048215A1
Time in Patent Office

880 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/087   Inventory or stock manageme...

G06Q 30/0603   Catalogue ordering

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

Secure storage of enterprise certificates for cloud services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

164 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage of enterprise certificates for cloud services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links