Secure signature server system and associated method
First Claim
Patent Images
1. A method for securely generating signatures, comprising:
- receiving, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server;
receiving, at the secure server from the first computer, an update for a second computer in association with the request;
determining at the secure server whether the authentication information has been compromised;
generating, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypting the update after receipt of the request and the update at the secure server, the encrypting utilizing the private key;
transmitting the signature and the encrypted update from the secure server to the first computer;
distributing the encrypted update and the signature from the first computer to the second computer; and
utilizing the signature, verifying an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.
11 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for securely generating signatures. Initially received is a request to generate a signature at a secure server. Then, the signature is automatically generated at the secure server utilizing a private key stored at the secure server. The signature is then transmitted from the secure server. Such signature is capable of being used to verify an authenticity of an update (i.e. data and/or software) for a computer utilizing a public key.
82 Citations
18 Claims
-
1. A method for securely generating signatures, comprising:
-
receiving, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server; receiving, at the secure server from the first computer, an update for a second computer in association with the request; determining at the secure server whether the authentication information has been compromised; generating, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypting the update after receipt of the request and the update at the secure server, the encrypting utilizing the private key; transmitting the signature and the encrypted update from the secure server to the first computer; distributing the encrypted update and the signature from the first computer to the second computer; and utilizing the signature, verifying an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16, 17, 18)
-
-
11. A computer program product embodied on a non-transitory computer readable medium comprising instructions stored thereon to cause one or more processors to:
-
receive, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server; receive, from the first computer at the secure server, an update for a second computer in association with the request; determine at the secure server whether the authentication information has been compromised; generate, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypt the update after receipt of the request and the update at the secure server, the encryption utilizing the private key; transmit the signature and the encrypted update from the secure server to the first computer; distribute the encrypted update and the signature from the first computer to the second computer; and verify based on the signature an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.
-
-
12. A system for securely generating signatures, comprising:
-
a memory for storing computer instructions; and one or more processing units communicatively coupled to the memory and configured to; receive, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server; receive, at the secure server from the first computer, an update for a second computer in association with the request; determine at the secure server whether the authentication information has been compromised; generate, in response to the request, the signature utilizing a signature generation process which utilizes a private key stored at the secure server, and further encrypt the update after receipt of the request and the update at the secure server, the encryption utilizing the private key; transmit the signature and the encrypted update from the secure server to the first computer; distribute the encrypted update and the signature from the first computer to the second computer; and verify based on the signature an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.
-
-
13. A method for securely generating signatures, comprising:
-
identifying a connection between a computer and a secure server; receiving from the computer a request to generate a signature at the secure server, the request including authentication information; authenticating the computer utilizing the authentication information at the secure server; logging the connection, request, and authentication information at the secure server; receiving from the computer an update at the secure server; encrypting the update at the secure server utilizing a private key stored at the secure server; generating the signature for the encrypted update at the secure server utilizing the private key; transmitting the encrypted update and the signature from the secure server to the computer; determining at the secure server whether the authentication information has been compromised; invalidating the authentication information if it is determined that the authentication information has been compromised; and distributing the signature with the encrypted update from the computer to a wireless computer equipped with a public key for authenticating the signature and decrypting the encrypted update, the private key at the secure server being inaccessible to the computer.
-
Specification