Securely activating functionality of a computing device in a dispersed storage network
US-2019109711-A1 · Apr 11, 2019 · US
System and method for providing least privilege access in a microservices architecture
US10484379B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10484379-B2 |
| Application number | US-201715461299-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 16, 2017 |
| Priority date | Mar 16, 2017 |
| Publication date | Nov 19, 2019 |
| Grant date | Nov 19, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
System and method of providing administrative access to an endpoint server. In one example, the method includes receiving, at an admin server, a request for performing an admin operation on the endpoint server and a first portion of an admin key from a microservice server. The method also includes receiving, at the admin server, a second portion of the admin key. The method further includes generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key. The method also includes performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key. The method further includes deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server.
First claim
Opening claim text (preview).
We claim: 1. A method of providing administrative access to an endpoint server, the method comprising: responsive to receiving a key update request at a bootstrap server, generating an admin key at the bootstrap server, partitioning, at the bootstrap server, the admin key into a first portion and a second portion, transmitting, from the bootstrap server, the admin key to the endpoint server, deleting the admin key from the bootstrap server after transmitting the admin key to the endpoint server, and storing, at the bootstrap server, the first portion and the second portion of the admin key in a secret management server; receiving, at an admin server, a request for performing an admin operation on the endpoint server and the first portion of the admin key from a microservice server; receiving, at the admin server, the second portion of the admin key; generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key; performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key; deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server; transmitting, from the admin server, a first key update request to the bootstrap server; and transmitting, from the microservice server, a second key update request to the bootstrap server. 2. The method of claim 1 , wherein the admin server receives the second portion of the admin key from the secret management server. 3. The method of claim 2 , further comprising authenticating the admin server to the secret management server prior to receiving the second portion of the admin key. 4. The method of claim 2 , further comprising receiving, at the microservice server, the first portion of the admin key from the secret management server, wherein the microservice server is unable to obtain the second portion of the admin key; transmitting, from the microservice server, the request for performing the admin operation on the endpoint server to the admin server; and transmitting, from the microservice server, the first portion of the admin key to the admin server. 5. The method of claim 4 , further comprising authenticating the microservice server to the secret management server prior to receiving the first portion of the admin key. 6. The method of claim 1 , wherein the admin key is a first admin key, the method further comprising responsive to receiving the first and second key update requests at the bootstrap server generating a second admin key at the bootstrap server, partitioning, at the bootstrap server, the second admin key into a third portion and a fourth portion, transmitting, from the bootstrap server, the second admin key to the endpoint server, deleting the second admin key from the bootstrap server after transmitting the second admin key to the endpoint server, and storing, at the bootstrap server, the third portion and the fourth portion of the second admin key in the secret management server. 7. The method of claim 1 , further comprising receiving, at the admin server, an operation result from the endpoint server after performing the admin operation on the endpoint server; and transmitting, from the admin server, the operation result to the microservice server. 8. The method of claim 1 , wherein the microservice server is a first microservice server, wherein the endpoint server includes at least one selected from a group consisting of an application server, a second microservice server, and a database. 9. A system of providing administrative access to an endpoint server, the system comprising: a bootstrap server including a bootstrap transceiver, a bootstrap memory, and a bootstrap electronic processor electrically coupled to the bootstrap transceiver and the bootstrap memory, wherein responsive to receiving a key update request, the bootstrap electronic processor configured to generate an admin key, divide the admin key into an first portion and an second portion, transmit, via the bootstrap transceiver, the admin key to the endpoint server; delete the admin key from the bootstrap memory after transmitting the admin key, and store the first portion and the second portion of the admin key in a secret management server; a microservice server; and an admin server including an admin transceiver, an admin memory, and an admin electronic processor electrically coupled to the admin transceiver and to the admin memory, the admin electronic processor configured to receive, via the admin transceiver, a request for performing an admin operation on the endpoint server and the first portion of the admin key from the microservice server, receive, via the admin transceiver, the second portion of the admin key, generate a copy of the admin key based at least in part on the first portion and the second portion of the admin key, perform the admin operation on the endpoint server using the copy of the admin key, delete the copy of the admin key stored in the admin memory after performing the admin operation on the endpoint server, and transmit, via the admin transceiver, a first key update request to the bootstrap server, wherein the microservice server is configured to transmit, via a microservice transceiver, a second key update request to the bootstrap server. 10. The system of claim 9 , wherein the admin electronic processor receives the second portion of the admin key from the secret management server. 11. The system of claim 10 , wherein the admin electronic processor is further configured to authenticate to the secret management server prior to receiving the second portion of the admin key. 12. The system of claim 10 , wherein the microservice server includes a microservice transceiver and a microservice electronic processor electrically coupled to the microservice transceiver, the microservice electronic processor configured to receive, via the microservice transceiver, the first portion of the admin key from the secret management server, wherein the microservice server is unable to obtain the second portion of the admin key, and transmit, via the microservice transceiver, the request for performing the admin operation on the endpoint server and the first portion of the admin key to the admin server. 13. The system of claim 12 , wherein the microservice electronic processor is further configured to authenticate to the secret management server prior to receiving the first portion of the admin key. 14. The system of claim 9 , wherein the admin key is a first admin key, wherein responsive to receiving the first and second key update requests, the bootstrap electronic processor is further configured to generate a second admin key, divide the second admin key into a third portion and a fourth portion, transmit, via the bootstrap transceiver, the second admin key to the endpoint server, delete the second admin key from the bootstrap memory after transmitting the second admin key, and store the third portion and the fourth portion of the second admin key in the secret management server. 15. The system of claim 9 , wherein the admin electronic processor is further configured to receive, via the admin transceiver, an operation result from the endpoint server after performing the admin operation on the endpoint server; and transmit, via the admin transceiver, the operation result to the microservice server. 16. The system of claim 9 , wherein the microservice server is a first microservice server, wherein the endpoint server inc
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
using one-time keys (cryptographic mechanisms or cryptographic arrangements for generation of one-time passwords H04L9/0863) · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10484379B2 cover?
- System and method of providing administrative access to an endpoint server. In one example, the method includes receiving, at an admin server, a request for performing an admin operation on the endpoint server and a first portion of an admin key from a microservice server. The method also includes receiving, at the admin server, a second portion of the admin key. The method further includes gen…
- Who is the assignee on this patent?
- Motorola Solutions Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/04. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).