Object signing within a cloud-based architecture

US 9,900,157 B2
Filed: 08/12/2013
Issued: 02/20/2018
Est. Priority Date: 08/16/2012
Status: Active Grant

First Claim

Patent Images

1. A system for cloud-based object signing, the system comprising:

an object signing agent that receives an object to be signed;

a remote signing system that communicates with the object signing agent and validates an identity associated with the object provided by the object signing agent using one or more policies to verify the integrity and sign-ability of the object, the remote signing system configured to, in response to determining that the object is not in compliance for signing, one or more of present an alert to a user requesting the object to be signed, and lock the user out of the remote signing system; and

an isolated virtual machine dynamically created by the remote signing system in response to receiving a request for object signing, the isolated virtual machine signing the object using a digital certificate within a new encrypted store space generated using an encryption store key, the isolated virtual machine being one or more of deleted and archived in response to signing the object,wherein at least a portion of the object signing agent, the remote signing system, and the isolated virtual machine comprises one or more of logic hardware and executable code, the executable code stored on one or more non-transitory computer readable storage media.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for digitally signing an object. An object signing agent sends a signing request for an object to remote signing server, which, in response to receiving the request, generates a virtual machine executing code for signing the object. The object is signed within the virtual machine and returned to the object signing agent.

7 Citations

View as Search Results

19 Claims

1. A system for cloud-based object signing, the system comprising:
- an object signing agent that receives an object to be signed;
  
  a remote signing system that communicates with the object signing agent and validates an identity associated with the object provided by the object signing agent using one or more policies to verify the integrity and sign-ability of the object, the remote signing system configured to, in response to determining that the object is not in compliance for signing, one or more of present an alert to a user requesting the object to be signed, and lock the user out of the remote signing system; and
  
  an isolated virtual machine dynamically created by the remote signing system in response to receiving a request for object signing, the isolated virtual machine signing the object using a digital certificate within a new encrypted store space generated using an encryption store key, the isolated virtual machine being one or more of deleted and archived in response to signing the object,wherein at least a portion of the object signing agent, the remote signing system, and the isolated virtual machine comprises one or more of logic hardware and executable code, the executable code stored on one or more non-transitory computer readable storage media.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system according to claim 1, wherein the remote signing system further creates a signing key in response to receiving a request for signing.
  - 3. A system according to claim 1, wherein the remote signing system further creates a tenancy specific to the entity requesting the object signing and wherein the isolated virtual machine is created in the created tenancy.
  - 4. A system according to claim 1, wherein the remote signing system further comprises a compliance engine that runs one or more compliance checks against the object to verify the integrity and sign-ability of the object.
  - 5. A system according to claim 1, further comprising an identity service that verifies the identity of one or more of an organization and a signer associated with the object based on one or more provided credentials.
  - 6. A system according to claim 1, further comprising an object signing manager that executes within the isolated virtual machine and signs the object in response to verification of the validity of the object.

7. A method for cloud-based object signing, the method comprising:
- receiving a request for object signing from an object signing agent;
  
  receiving, from the object signing agent at a remote signing system, an object that is designated to be signed;
  
  validating, at the remote signing system, an identity associated with the object using one or more policies to verify the integrity and sign-ability of the object;
  
  in response to determining that the object is not in compliance for signing, one or more of;
  
  presenting an alert to a user requesting the object to be signed; and
  
  locking the user out of the remote signing system;
  
  in response to determining that the object is in compliance for signing;
  
  creating, dynamically, by the remote signing system, an isolated virtual space in response to receiving the request to sign the object, the isolated virtual space comprising an object signing manager that signs the object using a digital certificate within a new encrypted store space generated using an encryption store key, the isolated virtual space being one or more of deleted and archived in response to signing the object; and
  
  sending the signed object to the object signing agent.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 8. A method according to claim 7, further comprising authenticating the request for signing the object.
  - 9. A method according to claim 7, further comprising authenticating one or more credentials for signing the object, the one or more credentials associated with one or more of an organization and a signer associated with the object.
  - 10. A method according to claim 7, wherein the determination that the object is not in compliance for signing is performed by a compliance engine, the compliance engine running one or more compliance checks against the object to verify the integrity and sign-ability of the object.
  - 11. A method according to claim 10, wherein the determination that the object is not in compliance for signing is based on information in the one or more policies, the one or more policies provided by a policy engine.
  - 12. A method according to claim 7, further comprising generating a signing key in response to the request for signing the object.
  - 13. A method according to claim 12, wherein the signing key is stored in a tenancy specific to the entity requesting the object signing.
  - 14. A method according to claim 7, wherein the virtual space is encrypted.
  - 15. A method according to claim 14, wherein the signing key is created in the virtual space.
  - 16. A method according to claim 7, wherein a key used to sign the object is destroyed in response to one or more of deleting and archiving the isolated virtual space.
  - 17. A method according to claim 7, wherein a key used to sign the object is transferred to a separate location before one or more of deleting and archiving the isolated virtual space.
  - 18. A method according to claim 10, wherein the one or more compliance checks comprise one or more of:
    - running one or more security scans against the object;
      
      running one or more vulnerability scans against the object;
      
      running one or more Payment Card Industry/Sarbanes-Oxley (PCI/SOX) scans against the object;
      
      verifying that the object is in a correct format; and
      
      verifying that the object is free of malware.
  - 19. A method according to claim 10, further comprising evaluating one or more risks associated with the object based on the one or more compliance checks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
DigiCert Incorporated
Inventors
Sabin, Jason Allen
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Elmore, Gregory M

Application Number

US13/965,184
Publication Number

US 20140052994A1
Time in Patent Office

1,653 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/45558   Hypervisor-specific managem...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Object signing within a cloud-based architecture

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Object signing within a cloud-based architecture

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others