Secure storage of enterprise certificates for cloud services
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause one or more processors to perform functionality to secure storage of certificate keys, the functionality comprising:
- receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device;
unlocking the certificate using the user password within a temporary keychain;
exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce;
discarding the temporary keychain;
receiving, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;
encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;
receiving at the application development machine a request for building the application; and
sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A system performs secure storage of certificate keys. The system receives a user password and a certificate that is locked by the user password. The certificate is configured to be used for signing binaries of an application. The system sends, to a build server, the user password and the certificate that is locked by the user password. The system then receives, from the build server, a first portion of a certificate key and the certificate that is locked by the certificate key, and stores the first portion of the certificate key and the certificate that is locked by the certificate key.
164 Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause one or more processors to perform functionality to secure storage of certificate keys, the functionality comprising:
-
receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device; unlocking the certificate using the user password within a temporary keychain; exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce; discarding the temporary keychain; receiving, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;
encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;receiving at the application development machine a request for building the application; and sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for secure storage of certificate keys, comprising:
-
receiving, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device; unlocking the certificate using the user password within a temporary keychain; exporting and locking the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce; discarding the temporary keychain; receiving, from the build server, a the unique portion of a certificate key and the certificate that is locked by the certificate key; encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key; receiving at the application development machine a request for building the application; and sending by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for secure storage of certificate keys, comprising:
-
a storage device that stores instructions; and one or more hardware processors that execute the instructions to cause the processors to; receive, at an application development machine, remotely from an end user device, a user password and a certificate that is locked by the user password, wherein the certificate is configured to be used for signing binaries of an application and the password and certificate are stored on the user device; unlocking the certificate using the user password within a temporary keychain; export and lock the unlocked certificate from the temporary keychain using a certificate key that comprises a standard portion and a randomly generated unique portion that is unique to the certificate, wherein the standard portion of the certificate key comprises a secure password previously generated on a build server and the unique portion of the certificate key comprises a nonce; discard the temporary keychain; receive, from the build server, the unique portion of a certificate key and the certificate that is locked by the certificate key;
encrypting and storing by the application development machine the unique portion of the certificate key and the certificate that is locked by the certificate key;receive at the application development machine a request for building the application; and send by the application development machine to the build server, the unique portion of the certificate key and the certificate that is locked by the certificate key, in response to the request. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification