Data security service
US-9590959-B2 · Mar 7, 2017 · US
Decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment
US11575713B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11575713-B2 |
| Application number | US-202117158968-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 26, 2021 |
| Priority date | Jul 24, 2013 |
| Publication date | Feb 7, 2023 |
| Grant date | Feb 7, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer system and method provides cloud-based network security software as a service in a distributed computing environment. A computer system executing on a portion of hardware computing resources associated with the distributed computing environment receives a security service request from a customer platform device external to the distributed computing environment, the request identifying a customer platform asset within the distributed computing environment and instructing that a security service selected by the customer platform device be provided to the identified customer platform asset. In response to receiving the security service request, a network security software component associated with the selected security service on one or more virtual machines within the distributed computing environment is executed to provide the selected security service to the identified customer platform asset. The one or more virtual machines are deployed on a set of the hardware computing resources associated with the distributed computing environment.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer system for providing cloud-based network security software as a service in a distributed computing environment, the computer system comprising: a processor; and a memory communicatively coupled to the processor, the memory storing computer-executable instructions which, when executed by the processor, cause the processor to perform operations comprising: receiving a security service request from a customer platform device external to the distributed computing environment, the security service request identifying a customer platform asset within the distributed computing environment, and instructing that a security service selected by the customer platform device be provided to the identified customer platform asset; and in response to receiving the security service request, executing a network security software component associated with the selected security service on one or more virtual machines within the distributed computing environment to provide the selected security service to the identified customer platform asset within the distributed computing environment, wherein the one or more virtual machines are deployed on a set of hardware computing resources associated with the distributed computing environment, and the network security software component is software that has been decoupled from a hardware of a network security device. 2. The computer system according to claim 1 , wherein the computer system executes on a portion of the hardware computing resources associated with the distributed computing environment. 3. The computer system according to claim 1 , wherein the identified customer platform asset is a virtualized asset deployed within the distributed computing environment. 4. The computer system according to claim 1 , wherein the identified customer platform asset is a virtualized asset to be deployed within the distributed computing environment. 5. The computer system according to claim 1 , wherein the selected security service is a firewall service. 6. The computer system according to claim 1 , wherein the memory further stores a configuration data store, the configuration data store storing a computer resource configuration required for executing a respective security service provided by each of one or more network security software components deployed within the distributed computing environment; and the processor identifies the set of hardware computing resources required for executing the network security software component associated with the selected security service in accordance with a computer resource configuration stored in connection with the network security software component associated with the selected security service, in the configuration data store. 7. The computer system according to claim 1 , wherein the operations further comprise exposing an application programming interface (API) to the customer platform device to provide the customer platform device with on-demand network access to the selected security service, and wherein the processor receives the security service request from the customer platform device via an API call. 8. The computer system according to claim 1 , wherein the operations further comprise extending a virtual machine creation template to the customer platform device, the virtual machine creation template permitting the customer platform device to identify the customer platform asset and instruct that the selected security service be provided to the identified customer platform asset, and wherein the security service request received from the customer platform device is a virtual machine configuration that utilizes the virtual machine creation template. 9. The computer system according to claim 1 , wherein the operations further comprise receiving a further security service request from the customer platform device external to the distributed computing environment, the further security service request identifying another customer platform asset and another security service selected by the customer platform device for protecting the identified another customer platform asset; and in response to receiving the further security service request, executing a network security software component associated with the another security service on one or more virtual machines within the distributed computing environment to provide the another security service to the identified another customer platform asset. 10. The computer system according to claim 9 , wherein the identified another customer platform asset is another customer platform asset deployed, or to be deployed, within the distributed computing environment. 11. A method for providing cloud-based network security software as a service in a distributed computing environment, the method comprising: receiving, by a computer system executing on a portion of hardware computing resources associated with the distributed computing environment, a security service request from a customer platform device external to the distributed computing environment, the security service request identifying a customer platform asset within the distributed computing environment, and instructing that a security service selected by the customer platform device be provided to the identified customer platform asset; and in response to receiving the security service request, executing a network security software component, associated with the selected security service on one or more virtual machines within the distributed computing environment to provide the selected security service to the identified customer platform asset, wherein the one or more virtual machines are deployed on a set of the hardware computing resources associated with the distributed computing environment, and the network security software component is software that has been decoupled from a hardware of a network security device. 12. The method according to claim 11 , wherein the identified customer platform asset is a virtualized asset deployed within the distributed computing environment. 13. The method according to claim 11 , wherein the identified customer platform asset is a virtualized asset to be deployed within the distributed computing environment. 14. The method according to claim 11 , wherein the selected security service is a firewall service. 15. The method according to claim 11 , further comprising: exposing, by the computer system, an application programming interface (API) to the customer platform device to provide the customer platform device with on-demand network access to the security service, and wherein the computer system receives the security service request from the customer platform device via an API call. 16. The method according to claim 11 , further comprising: extending a virtual machine creation template to the customer platform device, the virtual machine creation template permitting the customer platform device to identify the customer platform asset and instruct that the selected security service be provided to the identified customer platform asset, and wherein the security service request received from the customer platform device is a virtual machine configuration that utilizes the virtual machine creation template. 17. The method according to claim 11 , further comprising: receiving, by the computer system, a further security service request from the customer platform device external to the distributed computing environment, the further security service request identifying another customer platform as
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Hypervisor-specific management and integration aspects · CPC title
Access security · CPC title
Distribution of virtual machine instances; Migration and load balancing · CPC title
Managing security policies for mobile devices or for controlling mobile applications · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11575713B2 cover?
- A computer system and method provides cloud-based network security software as a service in a distributed computing environment. A computer system executing on a portion of hardware computing resources associated with the distributed computing environment receives a security service request from a customer platform device external to the distributed computing environment, the request identifyin…
- Who is the assignee on this patent?
- Kyocera Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).