PROVIDING SECURITY SERVICES ON THE CLOUD
First Claim
Patent Images
1. A publisher computer system comprising:
- at least one processor; and
at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising;
an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;
an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key;
an act of attaching the digitally signed hash to the selected software package;
an act of encrypting the selected software package with a symmetric key; and
an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.
6 Citations
20 Claims
-
1. A publisher computer system comprising:
-
at least one processor; and at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising; an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key; an act of attaching the digitally signed hash to the selected software package; an act of encrypting the selected software package with a symmetric key; and an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more storage device having stored computer-executable instructions which, when executed by one or more processors, implement method for a publisher computing system utilizing a cloud keying and signing service, the method comprising:
-
an act of the publisher computing system providing a signing request to a signing service requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of receiving the digitally signed hash from the signing service, wherein the signing service has access to a private and public key pair for the publisher computing system and wherein the hash is digitally signed with the public key; an act of attaching the digitally signed hash to the selected software package; an act of encrypting the selected software package with a symmetric key; and an act of providing the symmetric key to the signing service, wherein the symmetric key is encrypted with the public key and stored at the secure data store. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A signing service computer system comprising:
-
at least one processor; and at least one storage media having stored computer-executable instructions which, when executed by the at least one processor, implement a method for utilizing a cloud keying and signing service, the method comprising; an act of instantiating a signing service configured to sign software packages; the signing service generating a private and public key pair on behalf of a publisher, wherein the public key is used to encrypt a symmetric key from a publisher that was used to encrypt a selected software package; an act of receiving the encrypted symmetric key from a client system; decrypting the symmetric key with the private key associated with the publisher; and the signing service sending the decrypted symmetric key to the client system. - View Dependent Claims (20)
-
Specification