Secure signature server system and associated method

US 8,393,001 B1
Filed: 07/26/2002
Issued: 03/05/2013
Est. Priority Date: 07/26/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securely generating signatures, comprising:

receiving, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server;

receiving, at the secure server from the first computer, an update for a second computer in association with the request;

determining at the secure server whether the authentication information has been compromised;

generating, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypting the update after receipt of the request and the update at the secure server, the encrypting utilizing the private key;

transmitting the signature and the encrypted update from the secure server to the first computer;

distributing the encrypted update and the signature from the first computer to the second computer; and

utilizing the signature, verifying an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for securely generating signatures. Initially received is a request to generate a signature at a secure server. Then, the signature is automatically generated at the secure server utilizing a private key stored at the secure server. The signature is then transmitted from the secure server. Such signature is capable of being used to verify an authenticity of an update (i.e. data and/or software) for a computer utilizing a public key.

82 Citations

View as Search Results

18 Claims

1. A method for securely generating signatures, comprising:
- receiving, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server;
  
  receiving, at the secure server from the first computer, an update for a second computer in association with the request;
  
  determining at the secure server whether the authentication information has been compromised;
  
  generating, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypting the update after receipt of the request and the update at the secure server, the encrypting utilizing the private key;
  
  transmitting the signature and the encrypted update from the secure server to the first computer;
  
  distributing the encrypted update and the signature from the first computer to the second computer; and
  
  utilizing the signature, verifying an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16, 17, 18)
- - 2. The method as recited in claim 1, wherein the secure server authenticates the request utilizing the authentication information.
  - 3. The method as recited in claim 1, wherein the authentication information is invalidated if it is determined that the authentication information has been compromised.
  - 4. The method as recited in claim 1, wherein the authentication information is logged at the secure server.
  - 5. The method as recited in claim 1, wherein the request is logged at the secure server.
  - 6. The method as recited in claim 1, wherein a connection with the secure server is logged at the secure server.
  - 7. The method as recited in claim 1, wherein the encrypted update includes virus signature data.
  - 8. The method as recited in claim 1, wherein the encrypted update includes software.
  - 9. The method as recited in claim 1, wherein the first computer and the second computer are equipped with anti-virus software.
  - 10. The method as recited in claim 9, wherein the encrypted update includes virus signatures for use in conjunction with the anti-virus software.
  - 14. The method as recited in claim 2, wherein the secure server transmits a welcome string including a string randomly generated for each of a plurality of connections.
  - 15. The method as recited in claim 2, wherein the secure server receives the authentication information from the first computer.
  - 16. The method as recited in claim 15, wherein the authentication information includes a login string comprised of a user name and a SHA1-hex conversion.
  - 17. The method as recited in claim 16, wherein the SHA1-hex conversion corresponds to a SHA1 signature of a password and a randomly generated string randomly generated for each of a plurality of connections.
  - 18. The method as recited in claim 16, wherein the user name is looked up in a local password file containing name and password couples.

11. A computer program product embodied on a non-transitory computer readable medium comprising instructions stored thereon to cause one or more processors to:
- receive, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server;
  
  receive, from the first computer at the secure server, an update for a second computer in association with the request;
  
  determine at the secure server whether the authentication information has been compromised;
  
  generate, in response to the request, the signature utilizing a private key stored at the secure server, and further encrypt the update after receipt of the request and the update at the secure server, the encryption utilizing the private key;
  
  transmit the signature and the encrypted update from the secure server to the first computer;
  
  distribute the encrypted update and the signature from the first computer to the second computer; and
  
  verify based on the signature an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.

12. A system for securely generating signatures, comprising:
- a memory for storing computer instructions; and
  
  one or more processing units communicatively coupled to the memory and configured to;
  
  receive, at a secure server from a first computer, a request including authentication information to generate a signature at the secure server;
  
  receive, at the secure server from the first computer, an update for a second computer in association with the request;
  
  determine at the secure server whether the authentication information has been compromised;
  
  generate, in response to the request, the signature utilizing a signature generation process which utilizes a private key stored at the secure server, and further encrypt the update after receipt of the request and the update at the secure server, the encryption utilizing the private key;
  
  transmit the signature and the encrypted update from the secure server to the first computer;
  
  distribute the encrypted update and the signature from the first computer to the second computer; and
  
  verify based on the signature an authenticity of the encrypted update for the second computer utilizing a public key, the private key at the secure server being inaccessible to the first computer and the second computer.

13. A method for securely generating signatures, comprising:
- identifying a connection between a computer and a secure server;
  
  receiving from the computer a request to generate a signature at the secure server, the request including authentication information;
  
  authenticating the computer utilizing the authentication information at the secure server;
  
  logging the connection, request, and authentication information at the secure server;
  
  receiving from the computer an update at the secure server;
  
  encrypting the update at the secure server utilizing a private key stored at the secure server;
  
  generating the signature for the encrypted update at the secure server utilizing the private key;
  
  transmitting the encrypted update and the signature from the secure server to the computer;
  
  determining at the secure server whether the authentication information has been compromised;
  
  invalidating the authentication information if it is determined that the authentication information has been compromised; and
  
  distributing the signature with the encrypted update from the computer to a wireless computer equipped with a public key for authenticating the signature and decrypting the encrypted update, the private key at the secure server being inaccessible to the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Libenzi, Davide, Kouznetsov, Victor
Primary Examiner(s)
Teslovich, Tamara

Application Number

US10/206,288
Time in Patent Office

3,875 Days
Field of Search

713/176, 717168-172, 717/177, 726 26- 30
US Class Current

726/26
CPC Class Codes

H04L 9/0891 Revocation or update of sec...

H04L 9/3247 involving digital signatures

Secure signature server system and associated method

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure signature server system and associated method

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links