WO2011141579A3 - System and method for providing security for cloud computing resources using portable security devices - Google Patents

System and method for providing security for cloud computing resources using portable security devices Download PDF

Info

Publication number
WO2011141579A3
WO2011141579A3 PCT/EP2011/057871 EP2011057871W WO2011141579A3 WO 2011141579 A3 WO2011141579 A3 WO 2011141579A3 EP 2011057871 W EP2011057871 W EP 2011057871W WO 2011141579 A3 WO2011141579 A3 WO 2011141579A3
Authority
WO
WIPO (PCT)
Prior art keywords
cloud computing
key
portable security
request
host computer
Prior art date
Application number
PCT/EP2011/057871
Other languages
French (fr)
Other versions
WO2011141579A2 (en
Inventor
Laurent Castillo
Karen Lu Hongqian
Kapil Sachdeva
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2011141579A2 publication Critical patent/WO2011141579A2/en
Publication of WO2011141579A3 publication Critical patent/WO2011141579A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

A system, method, portable security device, and associated computer programs for secure key exchange, key storage, and key usage to secure a cloud computing system having a cloud computing service hosting computing resources and providing means for accessing the resources through a network, a host computer and a portable security device connected to the host computer. The method includes associating a first key with a first computing resource hosted on the cloud computing service and storing the first key on the portable security device. A host computer is operated to request the portable security device to sign a request to access the first computing resource using the first key. The signed request to access the first computing resource is transmitted from the host computer to the cloud computing service. The cloud computing service is operated to verify the signature on the request as corresponding to the first key.
PCT/EP2011/057871 2010-05-14 2011-05-16 System and method for providing security for cloud computing resources using portable security devices WO2011141579A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US34500910P 2010-05-14 2010-05-14
US61/345,009 2010-05-14

Publications (2)

Publication Number Publication Date
WO2011141579A2 WO2011141579A2 (en) 2011-11-17
WO2011141579A3 true WO2011141579A3 (en) 2012-01-05

Family

ID=44343942

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/057871 WO2011141579A2 (en) 2010-05-14 2011-05-16 System and method for providing security for cloud computing resources using portable security devices

Country Status (1)

Country Link
WO (1) WO2011141579A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103843303B (en) * 2012-11-22 2017-03-29 华为技术有限公司 The management control method and device of virtual machine, system

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2702724B1 (en) * 2011-04-26 2017-03-29 Telefonaktiebolaget LM Ericsson (publ) Secure virtual machine provisioning
CN102347957A (en) * 2011-11-18 2012-02-08 王鑫 Cloud network admission identifying system and admission identifying technology
CN102790799B (en) * 2012-06-05 2015-01-21 电子科技大学 Resource downloading method based on cloud security service
US9497194B2 (en) * 2013-09-06 2016-11-15 Oracle International Corporation Protection of resources downloaded to portable devices from enterprise systems
EP2953290A1 (en) * 2014-06-06 2015-12-09 Gemalto SA Management of high number of unique keys by a secure element
US9832024B2 (en) 2015-11-13 2017-11-28 Visa International Service Association Methods and systems for PKI-based authentication

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1349031A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user and data authentication over a communication network
US20040088545A1 (en) * 2002-10-31 2004-05-06 Foster Ward Scott Secure resource

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7748609B2 (en) 2007-08-31 2010-07-06 Gemalto Inc. System and method for browser based access to smart cards

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1349031A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user and data authentication over a communication network
US20040088545A1 (en) * 2002-10-31 2004-05-06 Foster Ward Scott Secure resource

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103843303B (en) * 2012-11-22 2017-03-29 华为技术有限公司 The management control method and device of virtual machine, system

Also Published As

Publication number Publication date
WO2011141579A2 (en) 2011-11-17

Similar Documents

Publication Publication Date Title
WO2011141579A3 (en) System and method for providing security for cloud computing resources using portable security devices
WO2012024420A3 (en) Viral offers
WO2010105246A3 (en) Accessing resources based on capturing information from a rendered document
WO2010135108A3 (en) Portable secure computing network
WO2009145987A3 (en) System, method, and apparatus for single sign-on and managing access to resources across a network
WO2013003265A3 (en) Persistent key access to a resources in a collection
WO2014036540A3 (en) Network service system and method with off-heap caching
WO2012094205A3 (en) Methods and systems for providing a signed digital certificate in real time
WO2009102915A3 (en) Systems and methods for secure handling of secure attention sequences
WO2012024118A3 (en) Apparatus and method for managing software applications using partitioned data storage devices
GB201010546D0 (en) Method of indentity verification
WO2013106094A3 (en) System and method for device registration and authentication
WO2014059438A3 (en) Verifying the geographic location of a workload in a cloud computing environment
WO2012024508A3 (en) Systems and methods for securing virtual machine computing environments
IN2014DN09465A (en)
MX345061B (en) Method, one or more computer-readable non-transitory storage media and a device, in particular relating to computing resources and/or mobile-device-based trust computing.
CA2832447C (en) Document management system using printer emulation
WO2010103466A3 (en) Integrity verification using a peripheral device
MX339108B (en) Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements.
MX2011012671A (en) Trusted integrity manager (tim).
MX362308B (en) Method and system for verifying an access request.
WO2013081983A3 (en) Migrating authenticated content towards content consumer
WO2012177581A3 (en) Virtual identity manager
EP2505021A4 (en) Method, apparatus and system for accessing an application across a plurality of computers
MX2016006056A (en) Solar charger energy management and monitoring system.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11730236

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11730236

Country of ref document: EP

Kind code of ref document: A2