PROVIDING SECURITY SERVICES ON THE CLOUD

US 20130283056A1
Filed: 06/20/2013
Published: 10/24/2013
Est. Priority Date: 12/15/2010
Status: Active Grant

First Claim

Patent Images

1. A publisher computer system comprising:

at least one processor; and

at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising;

an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;

an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key;

an act of attaching the digitally signed hash to the selected software package;

an act of encrypting the selected software package with a symmetric key; and

an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.

6 Citations

View as Search Results

20 Claims

1. A publisher computer system comprising:
- at least one processor; and
  
  at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising;
  
  an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;
  
  an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key;
  
  an act of attaching the digitally signed hash to the selected software package;
  
  an act of encrypting the selected software package with a symmetric key; and
  
  an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the computed hash of the selected software package is computed on the publisher'"'"'s computer system.
  - 3. The system of claim 1, wherein the signing service is an isolated, secure service provided on the cloud.
  - 4. The system of claim 1, further comprising receiving the generated public key and signed hash with a counter-signed timestamp signature.
  - 5. The system of claim 4, wherein the method further includes applying the received public key, signed hash and timestamp signature to the selected software package.
  - 6. The system of claim 5, wherein a public key certificate corresponding to the selected package is sent to both the publisher computing system and one or more end-users.
  - 7. The system of claim 6, wherein the method further includes publishing the selected software package encrypted with the symmetric key and signed with the private key.
  - 8. The system of claim 7, wherein each end-user'"'"'s computer system has a stored public key that allows each end-user'"'"'s computer system to verify that the published software package is from the identified publisher.
  - 9. The system of claim 1, wherein the method further includes generating the symmetric key used to encrypt the software package.
  - 10. The system of claim 9, wherein separate symmetric keys are generated for each software package and such that the symmetric key is unique to the selected software package.

11. One or more storage device having stored computer-executable instructions which, when executed by one or more processors, implement method for a publisher computing system utilizing a cloud keying and signing service, the method comprising:
- an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;
  
  an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key;
  
  an act of attaching the digitally signed hash to the selected software package;
  
  an act of encrypting the selected software package with a symmetric key; and
  
  an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The one or more storage device of claim 11, wherein the computed hash of the selected software package is computed on the publisher'"'"'s computer system.
  - 13. The one or more storage device of claim 11, wherein the signing service is an isolated, secure service provided on the cloud.
  - 14. The one or more storage device of claim 11, further comprising receiving the generated public key and signed hash with a counter-signed timestamp signature.
  - 15. The one or more storage device of claim 14, wherein the method further includes applying the received public key, signed hash and timestamp signature to the selected software package.
  - 16. The one or more storage device of claim 15, wherein a public key certificate corresponding to the selected package is sent to both the publisher computing system and one or more end-users.
  - 17. The one or more storage device of claim 16, wherein the method further includes publishing the selected software package encrypted with the symmetric key and signed with the private key.
  - 18. The one or more storage device of claim 17, wherein each end-user'"'"'s computer system has a stored public key that allows each end-user'"'"'s computer system to verify that the published software package is from the identified publisher.

19. A signing service computer system comprising:
- at least one processor; and
  
  at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising;
  
  an act of instantiating a signing service configured to sign software packages;
  
  the signing service generating a private and public key pair on behalf of a publisher, wherein the public key is used to encrypt a symmetric key from a publisher that was used to encrypt a selected software package;
  
  an act of receiving the encrypted symmetric key from a client system;
  
  decrypting the symmetric key with the private key associated with the publisher; and
  
  the signing service sending the decrypted symmetric key to the client system.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the decrypted symmetric key is subsequently used by the client to decrypt the selected software package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lin, Jian, Liokumovich, Igor, Reus, Edward F.

Granted Patent

US 9,059,856 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/045   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/123   received data contents, e.g...

H04L 9/3247   involving digital signatures

PROVIDING SECURITY SERVICES ON THE CLOUD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING SECURITY SERVICES ON THE CLOUD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links