Identity cloud service authorization model with dynamic roles and scopes
US-2017329957-A1 · Nov 16, 2017 · US
Method for obtaining vetted certificates by microservices in elastic cloud environments
US10404680B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10404680-B2 |
| Application number | US-201615234180-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 11, 2016 |
| Priority date | Aug 11, 2016 |
| Publication date | Sep 3, 2019 |
| Grant date | Sep 3, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and is provided for obtaining a vetted certificate for a microservice in an elastic cloud environment. The microservice receives a one-time authentication credential. The microservice utilizes the one-time authentication credential to obtain a client secret. The microservice obtains an access token and CSR (Certificate Signing Request) attributes using the client secret and constructs a CSR utilizing the CSR attributes. The microservice requests a vetted certificate from a Certificate Authority (CA) and includes the access token and the CSR in the request. If the access token and the CSR pass vetting at the CA, the CA sends a vetted certificate to the microservice.
First claim
Opening claim text (preview).
We claim: 1. A method for obtaining a vetted certificate for a microservice in an elastic cloud environment, the method comprising: receiving a one-time authentication credential at the microservice; utilizing the one-time authentication credential to obtain a client secret; obtaining an access token and CSR (Certificate Signing Request) attributes at the microservice using the client secret; constructing a CSR at the microservice utilizing the CSR attributes; requesting a vetted certificate from a Certificate Authority (CA), the request including the access token and the CSR; and receiving a vetted certificate from the CA at the microservice. 2. The method of claim 1 , wherein the one-time authentication credential comprises a type of microservice. 3. The method of claim 1 , wherein the one-time authentication credential comprises a first piece of data and a second piece of data, wherein the first piece of data comprises a service type and the second piece of data comprises a service instance. 4. The method of claim 1 , wherein the client secret associates a type of service with a secret management service. 5. The method of claim 1 , wherein the step of receiving a vetted certificate from the CA at the microservice comprises receiving a vetted certificate from the CA at the microservice when the access token matches a stored access token at the CA. 6. The method of claim 1 , wherein the step of receiving a vetted certificate from the CA at the microservice comprises receiving a vetted certificate from the CA at the microservice when the access token maps to a stored access token at the CA. 7. The method of claim 1 , wherein the step of receiving a vetted certificate from the CA at the microservice comprises receiving a vetted certificate from the CA at the microservice when the access token is equivalent to a stored access token at the CA. 8. The method of claim 1 , wherein the step of receiving a vetted certificate from the CA at the microservice comprises receiving a vetted certificate from the CA at the microservice when the access token is associated with a stored access token at the CA. 9. The method of claim 1 , wherein the step of receiving a vetted certificate from the CA at the microservice comprises receiving a vetted certificate from the CA at the microservice when the CSR matches a stored CSR at the CA. 10. A microservice comprising: a transceiver; and a processor configured to: receive a one-time authentication credential via the transceiver; utilize the one-time authentication credential to obtain a client secret via the transceiver; obtain an access token and CSR (Certificate Signing Request) attributes using the client secret via the transceiver; construct a CSR utilizing the CSR attributes; request a vetted certificate from a Certificate Authority (CA) via the transceiver, the request including the access token and the CSR; and receive a vetted certificate from the CA via the transceiver if the access token and the CSR pass vetting. 11. The microservice of claim 10 , wherein the onetime authentication credential comprises a type of microservice. 12. The microservice of claim 10 , wherein the one-time authentication credential comprises a first piece of data and a second piece of data, wherein the first piece of data comprises a service type and the second piece of data comprises a service instance. 13. The microservice of claim 10 , wherein the client secret associates a type of service with a secret management service. 14. The microservice of claim 10 , wherein the processor is configured to receive a vetted certificate from the CA via the transceiver if the access token matches a stored access token at the CA. 15. The microservice of claim 10 , wherein the processor is configured to receive a vetted certificate from the CA via the transceiver if the CSR matches a stored CSR at the CA.
Assignees
Inventors
Classifications
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Isolation or security of virtual machine instances · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Logical partitioning of resources; Management or configuration of virtualized resources (specific details on emulation or internal functioning of virtual machines G06F9/455) · CPC title
Hypervisors; Virtual machine monitors · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10404680B2 cover?
- A method and is provided for obtaining a vetted certificate for a microservice in an elastic cloud environment. The microservice receives a one-time authentication credential. The microservice utilizes the one-time authentication credential to obtain a client secret. The microservice obtains an access token and CSR (Certificate Signing Request) attributes using the client secret and constructs …
- Who is the assignee on this patent?
- Motorola Solutions Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3228. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 03 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).