PROVIDING SECURITY SERVICES ON THE CLOUD
First Claim
1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing a cloud keying and signing service, the method comprising:
- an act of instantiating a signing service configured to sign software packages;
an act of receiving at the signing service a signing request from a publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;
an act of the signing service generating a private and public key pair on behalf of the publisher; and
an act of the signing service storing the private key of the generated key pair in a secure data store.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.
132 Citations
20 Claims
-
1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing a cloud keying and signing service, the method comprising:
-
an act of instantiating a signing service configured to sign software packages; an act of receiving at the signing service a signing request from a publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of the signing service generating a private and public key pair on behalf of the publisher; and an act of the signing service storing the private key of the generated key pair in a secure data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for implementing a method for securing software package distribution on the cloud, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
-
an act of instantiating a signing service configured to decrypt an encrypted symmetric key. an act of the signing service receiving the encrypted symmetric key from a software publisher, wherein the encrypted symmetric key was encrypted using a public key; an act of the signing service decrypting the symmetric key using a corresponding stored private key; and an act of the signing service sending a decrypted symmetric key corresponding to the software package to the end-user'"'"'s computer for decryption. - View Dependent Claims (17, 18, 19)
-
-
20. A computer system comprising the following:
-
one or more processors; system memory; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for providing a cloud keying and signing service, the method comprising the following; an act of instantiating a signing service configured to sign software packages; an act of receiving at the signing service a signing request from a first publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of the signing service generating a private and public key pair on behalf of the publisher; an act of the signing service storing the private key of the generated key pair in a secure data store; an act of the signing service sending the generated public key and signed hash with a corresponding timestamp signature to the first user; an act of the publisher applying the received public key, signed hash and timestamp signature to the selected software package; an act of the signing service sending to one or more of the users the public key certificate; and an act of the publisher publishing the selected software package.
-
Specification