Providing security services on the cloud
First Claim
1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing a cloud keying and signing service, the method comprising:
- an act of instantiating a signing service configured to sign software packages;
an act of receiving at the signing service a signing request from a publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package;
an act of the signing service generating a private and public key pair on behalf of the publisher;
the signing service digitally signing the hash with the public key;
the signing service returning the digitally signed hash to the publisher, wherein the digitally signed hash is subsequently attached to the selected software package;
the signing service receiving, subsequent to returning the digitally signed hash to the publisher, a symmetric key from the publisher, wherein the symmetric key is used by the publisher to encrypt the selected software package;
wherein the symmetric key is encrypted with the public key; and
an act of the signing service storing the private key of the generated key pair in a secure data store.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.
24 Citations
21 Claims
-
1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing a cloud keying and signing service, the method comprising:
-
an act of instantiating a signing service configured to sign software packages; an act of receiving at the signing service a signing request from a publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of the signing service generating a private and public key pair on behalf of the publisher; the signing service digitally signing the hash with the public key; the signing service returning the digitally signed hash to the publisher, wherein the digitally signed hash is subsequently attached to the selected software package; the signing service receiving, subsequent to returning the digitally signed hash to the publisher, a symmetric key from the publisher, wherein the symmetric key is used by the publisher to encrypt the selected software package; wherein the symmetric key is encrypted with the public key; and an act of the signing service storing the private key of the generated key pair in a secure data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system comprising the following:
-
one or more processors; system memory; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for providing a cloud keying and signing service, the method comprising the following; an act of instantiating a signing service configured to sign software packages; an act of receiving at the signing service a signing request from a first publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of the signing service generating a private and public key pair on behalf of the publisher; the signing service digitally signing the hash with the public key; the signing service returning the digitally signed hash to the publisher, wherein the digitally signed hash is subsequently attached to the selected software package; the signing service receiving, subsequent to returning the digitally signed hash to the publisher, a symmetric key from the publisher, wherein the symmetric key is used by the publisher to encrypt the selected software package; wherein the symmetric key is encrypted with the public key; and an act of the signing service storing the private key of the generated key pair in a secure data store. - View Dependent Claims (17)
-
-
18. A computer program product for implementing a method for securing software package distribution on the cloud, the computer program product comprising one or more computer-readable storage device distinguished from a transmission media, the computer-readable storage device comprising a recordable-type storage device having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
-
an act of instantiating a signing service configured to sign software packages; an act of receiving at the signing service a signing request from a publisher requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; an act of the signing service generating a private and public key pair on behalf of the publisher; the signing service digitally signing the hash with the public key; the signing service returning the digitally signed hash to the publisher, wherein the digitally signed hash is subsequently attached to the selected software package; the signing service receiving, subsequent to returning the digitally signed hash to the publisher, a symmetric key from the publisher, wherein the symmetric key is used by the publisher to encrypt the selected software package; wherein the symmetric key is encrypted with the public key; and an act of the signing service storing the private key of the generated key pair in a secure data store. - View Dependent Claims (19, 20, 21)
-
Specification