Providing security services on the cloud
First Claim
1. In a computer networking environment that includes a cloud computing environment accessed by plurality of computing systems and at least one publisher computer system, a computer program product comprising at least one storage device having stored computer-executable instructions which, when executed by one or more processors perform a computer-implemented method which, when implemented by the publisher computer system, provides secure storage for a selected software package in the cloud computing environment, the computer-implemented method comprising acts of:
- generating at the publisher computing system a hash for a selected software package;
sending from the publisher computing system a signing request that includes the hash of the selected software package, the signing request being sent to a keying and signing service located at the cloud computing environment and the signing request requesting that the selected software package be signed;
receiving at the publisher computing system the digitally signed hash signed with a public key from a public/private key pair generated for the selected software package of the publisher computing system at the keying and signing service;
attaching the digitally signed hash to the selected software package at the publisher computing system;
the publisher computing system encrypting the selected software package with a symmetric key; and
sending from the publisher computing system the symmetric key to the keying and signing service at the cloud computing environment, wherein the symmetric key is encrypted and stored at a secure data store of the cloud computing environment with an encrypted version of the private key from said public/private key pair generated for the selected software package.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to the providing a cloud keying and signing service and to securing software package distribution on the cloud. In an embodiment, a computer system instantiates a signing service configured to sign software packages. The computer system receives a signing request from a computer user requesting that a selected software package be signed. The signing request includes a computed hash of the selected software package. The computer system generates a private and public key pair on behalf of the computer user and stores the private key of the generated key pair in a secure data store.
12 Citations
19 Claims
-
1. In a computer networking environment that includes a cloud computing environment accessed by plurality of computing systems and at least one publisher computer system, a computer program product comprising at least one storage device having stored computer-executable instructions which, when executed by one or more processors perform a computer-implemented method which, when implemented by the publisher computer system, provides secure storage for a selected software package in the cloud computing environment, the computer-implemented method comprising acts of:
-
generating at the publisher computing system a hash for a selected software package; sending from the publisher computing system a signing request that includes the hash of the selected software package, the signing request being sent to a keying and signing service located at the cloud computing environment and the signing request requesting that the selected software package be signed; receiving at the publisher computing system the digitally signed hash signed with a public key from a public/private key pair generated for the selected software package of the publisher computing system at the keying and signing service; attaching the digitally signed hash to the selected software package at the publisher computing system; the publisher computing system encrypting the selected software package with a symmetric key; and sending from the publisher computing system the symmetric key to the keying and signing service at the cloud computing environment, wherein the symmetric key is encrypted and stored at a secure data store of the cloud computing environment with an encrypted version of the private key from said public/private key pair generated for the selected software package. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computer networking environment that includes a cloud computing environment accessed by plurality of computing systems and at least one publisher computer system, a computer-implemented method which, when implemented by the publisher computer system, provides secure storage for a selected software package in the cloud computing environment, the computer-implemented method comprising acts of:
-
generating at the publisher computing system a hash for a selected software package; sending from the publisher computing system a signing request that includes the hash of the selected software package, the signing request being sent to a keying and signing service located at the cloud computing environment and the signing request requesting that the selected software package be signed; receiving at the publisher computing system the digitally signed hash signed with a public key from a public/private key pair generated for the selected software package of the publisher computing system at the keying and signing service; attaching the digitally signed hash to the selected software package at the publisher computing system; the publisher computing system encrypting the selected software package with a symmetric key; and sending from the publisher computing system the symmetric key to the keying and signing service at the cloud computing environment, wherein the symmetric key is encrypted and stored at a secure data store of the cloud computing environment with an encrypted version of the private key from said public/private key pair generated for the selected software package. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. In a computer networking environment that includes a cloud computing environment accessed by plurality of computing systems and at least one publisher computer system a computer-implemented method that provides secure access to the selected software package stored in the cloud computing environment by one or more targeted computing systems of the computer networking environment, the computer-implemented method comprising acts of:
-
instantiating at the cloud computing environment a keying and signing service; receiving at the keying and signing service a request from a publisher computer system requesting that a selected software package be signed, wherein the signing request includes a computed hash of the selected software package; the keying and signing service generating a private and public key pair for the selected software package, and digitally signing the hash with the public key; the keying and signing service returning the digitally signed hash to the publisher computer system, wherein the digitally signed hash is subsequently attached to the selected software package; the keying and signing service receiving, subsequent to returning the digitally signed hash to the publisher computer system, a symmetric key from the publisher computer system, wherein the symmetric key is used by the publisher computer system to encrypt the selected software package, and the signing service encrypting the symmetric key; the keying and signing service storing the encrypted symmetric key and an encrypted version of the private key of the generated key pair in a secure data store at the cloud computing environment; and one or more targeted computing systems of the computing network environment obtaining the encrypted symmetric key for the selected software package for the secure data store of the cloud computing environment, and the one or more targeted computing systems then sending the encrypted symmetric key for decryption by the keying and signing service using the private key of the private and public key pair so that thereafter the one or more targeted computing systems can decrypt and access the selected software package using the decrypted symmetric key. - View Dependent Claims (16, 17, 18, 19)
-
Specification