Environment-differentiated named credential instances for development and deployment
US-2017339148-A1 · Nov 23, 2017 · US
Efficient centralized credential storage for remotely managed networks
US10587592B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10587592-B2 |
| Application number | US-201715587042-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 4, 2017 |
| Priority date | May 4, 2017 |
| Publication date | Mar 10, 2020 |
| Grant date | Mar 10, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An example embodiment may involve receiving, by a server device that stores a plurality of access credentials for computing devices that are disposed within a managed network, a request containing a label and an indication of an application service. The server device may be disposed within a remote network management platform that remotely manages the managed network. The example embodiment may further involve mapping, by the server device, the label and the application service to an endpoint identifier of a target computing device that is disposed within the managed network. The endpoint identifier may be associated with particular access credentials that are usable to access the application service executing on the target computing device. The example embodiment may further involve transmitting, by the server device, the endpoint identifier and the particular access credentials.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a proxy server application executing on a proxy server device that is disposed within a managed network; and a server device that is disposed within a remote network management platform that remotely manages the managed network, wherein the server device stores a plurality of access credentials for computing devices that are disposed within the managed network, and wherein the server device is configured to: receive, from the proxy server application, a request containing a label and an indication of an application service, map the label and the application service to an endpoint identifier of a target computing device that is disposed within the managed network, wherein the endpoint identifier is associated with particular access credentials of the plurality of access credentials that are usable to access the application service executing on the target computing device, and wherein the particular access credentials include a password usable to log on to the application service executing on the target computing device, and transmit, to the proxy server application, the endpoint identifier and the particular access credentials, wherein reception of the endpoint identifier and the particular access credentials causes the proxy server application to remotely access the application service executing on the target computing device, and wherein transmitting the particular access credentials comprises: decrypting the password with an instance key that is not available to the proxy server application; encrypting the password with a session key that is shared between the server device and the proxy server application; and transmitting the password as encrypted with the session key. 2. The system of claim 1 , wherein the endpoint identifier is an IP address or uniform resource locator. 3. The system of claim 1 , wherein reception of the endpoint identifier and the particular access credentials also causes the proxy server application to store a record associating the label, the application service, and the particular access credentials. 4. The system of claim 1 , wherein the application service is a remote login service. 5. The system of claim 1 , wherein the server device is a first server device that is part of a first computing instance that is disposed within the remote network management platform, wherein the target computing device is a first target computing device, wherein the endpoint identifier is a first endpoint identifier, and wherein the plurality of access credentials are a first plurality of access credentials, the system further comprising: a second server device that stores a second plurality of access credentials for computing devices that are disposed within the managed network, wherein the second server device is part of a second computing instance that is disposed within the remote network management platform, wherein the second computing instance is logically isolated from the first computing instance, and wherein the second server device is configured to: receive, from the proxy server application, a second request containing the label and the indication of the application service, map the label and the application service to a second endpoint identifier of a second target computing device that is disposed within the managed network, wherein second particular access credentials of the second plurality of access credentials are usable to access the application service executing on the second target computing device, and transmit, to the proxy server application, the second endpoint identifier and the second particular access credentials. 6. The system of claim 1 , wherein the particular access credentials include a userid usable to log on to the application service executing on the target computing device. 7. The system of claim 1 , wherein the password is stored, in the server device, in an encrypted manner. 8. The system of claim 1 , wherein the server device stores, in a single database table, all access credentials that are managed by the remote network management platform on behalf of the managed network. 9. A method comprising: receiving, by a server device that stores a plurality of access credentials for computing devices that are disposed within a managed network, a request containing a label and an indication of an application service, wherein the server device is disposed within a remote network management platform that remotely manages the managed network, and wherein the request is received from a requesting device; mapping, by the server device, the label and the application service to an endpoint identifier of a target computing device that is disposed within the managed network, wherein the endpoint identifier is associated with particular access credentials of the plurality of access credentials that are usable to access the application service executing on the target computing device, and wherein the particular access credentials include a password usable to log on to the application service executing on the target computing device; and transmitting, by the server device and to the requesting device, the endpoint identifier and the particular access credentials, wherein reception of the endpoint identifier and the particular access credentials causes the requesting device to remotely access the application service executing on the target computing device, and wherein transmitting the particular access credentials comprises: decrypting the password with an instance key that is not available to the proxy server application; encrypting the password with a session key that is shared between the server device and the proxy server application; and transmitting the password as encrypted with the session key. 10. The method of claim 9 , wherein the requesting device is a proxy server device that is disposed within the managed network. 11. The method of claim 9 , wherein the endpoint identifier is an IP address or uniform resource locator. 12. The method of claim 9 , wherein reception of the endpoint identifier and the particular access credentials also causes the requesting device to store a record associating the label, the application service, and the particular access credentials. 13. The method of claim 9 , wherein the application service is a remote login service. 14. The method of claim 9 , wherein the server device is a first server device that is part of a first computing instance that is disposed within the remote network management platform, wherein the target computing device is a first target computing device, wherein the endpoint identifier is a first endpoint identifier, and wherein the plurality of access credentials are a first plurality of access credentials, the method further comprising: receiving, by a second server device that stores a second plurality of access credentials for computing devices that are disposed within the managed network, a second request containing the label and the application service, wherein the second server device is part of a second computing instance that is disposed within the remote network management platform, wherein second particular access credentials of the second plurality of access credentials are usable to access the application service executing on a second target computing device that is disposed within the managed network, and wherein the second request is received from the requesting device; mapping, by the second server device, the label and the application service to a second endpoint identifier of the second target computing device, wherein the second endpoint identifier is associated with the
Assignees
Inventors
Classifications
Authenticate client device independently of the user · CPC title
- H04L63/062Primary
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
Proxies · CPC title
for controlling access to devices or network resources · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10587592B2 cover?
- An example embodiment may involve receiving, by a server device that stores a plurality of access credentials for computing devices that are disposed within a managed network, a request containing a label and an indication of an application service. The server device may be disposed within a remote network management platform that remotely manages the managed network. The example embodiment may…
- Who is the assignee on this patent?
- Servicenow Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/062. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 10 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).