Remote access control of vm console located in cloud from on-premises computer device
US-2021224092-A1 · Jul 22, 2021 · US
Cloud identity integration for cloud-based management of on-premises devices
US11843604B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11843604-B2 |
| Application number | US-202217731986-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 28, 2022 |
| Priority date | Apr 28, 2022 |
| Publication date | Dec 12, 2023 |
| Grant date | Dec 12, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, method, and computer-readable medium are disclosed for performing a data center connectivity management operation. The connectivity management operation includes: exchanging an entity token for a proxy access token and a device access token via a communication management system authorization service; using the proxy access token to authenticate the data center service to a mesh service proxy; establishing connectivity between the data center service and the mesh service proxy based upon the proxy access token; establishing a secure communication channel between the data center service and a data center asset based upon the device access token; providing the device access token to the data center asset from the data center service; validating the data center asset using the device access token; establishing an end-to-end secure connection between the data center service and the data center asset when the device access token has been validated; and, exchanging information between the data center service and the data center asset via the secure communication channel.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implementable method for performing a data center connectivity management operation, comprising: exchanging an entity token for a proxy access token and a device access token via a communication management system authorization service; using the proxy access token to authenticate the data center service to a mesh service proxy; establishing connectivity between the data center service and the mesh service proxy based upon the proxy access token; establishing a secure communication channel between the data center service and a data center asset based upon the device access token; providing the device access token to the data center asset from the data center service; validating the data center asset using the device access token; establishing an end-to-end secure connection between the data center service and the data center asset when the device access token has been validated; and, exchanging information between the data center service and the data center asset via the secure communication channel. 2. The method of claim 1 , wherein: the entity token comprises at least one of a user entity token and a service entity token. 3. The method of claim 1 , wherein: the entity token and the proxy access token decouple proxy authorization from device API authorization. 4. The method of claim 1 , further comprising: establishing a transport layer security (TLS) session when the connectivity is established between the mesh service proxy and the data center service. 5. The method of claim 4 , wherein: the transport layer security session comprises a mutual transport security layer (mTLS) session, the mTLS session providing two way verification. 6. The method of claim 1 , further comprising: establishing a connection between a data center service and a data center asset, the connection comprising an application program (API) request and the data center asset comprising an associated device API. 7. A system comprising: a processor; a data bus coupled to the processor; a data center asset client module; and, a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for: exchanging an entity token for a proxy access token and a device access token via a communication management system authorization service; using the proxy access token to authenticate the data center service to a mesh service proxy; establishing connectivity between the data center service and the mesh service proxy based upon the proxy access token; establishing a secure communication channel between the data center service and a data center asset based upon the device access token; providing the device access token to the data center asset from the data center service; validating the data center asset using the device access token; establishing an end-to-end secure connection between the data center service and the data center asset when the device access token has been validated; and, exchanging information between the data center service and the data center asset via the secure communication channel. 8. The system of claim 7 , wherein: the entity token comprises at least one of a user entity token and a service entity token. 9. The system of claim 7 , wherein: the entity token and the proxy access token decouple proxy authorization from device API authorization. 10. The system of claim 7 , wherein the instructions executable by the processor are further configured for: establishing a transport layer security (TLS) session when the connectivity is established between the mesh service proxy and the data center service. 11. The system of claim 10 , wherein: the transport layer security session comprises a mutual transport security layer (mTLS) session, the mTLS session providing two way verification. 12. The system of claim 7 , wherein the instructions executable by the processor are further configured for: establishing a connection between a data center service and a data center asset, the connection comprising an application program (API) request and the data center asset comprising an associated device API. 13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for: exchanging an entity token for a proxy access token and a device access token via a communication management system authorization service; using the proxy access token to authenticate the data center service to a mesh service proxy; establishing connectivity between the data center service and the mesh service proxy based upon the proxy access token; establishing a secure communication channel between the data center service and a data center asset based upon the device access token; providing the device access token to the data center asset from the data center service; validating the data center asset using the device access token; establishing an end-to-end secure connection between the data center service and the data center asset when the device access token has been validated; and, exchanging information between the data center service and the data center asset via the secure communication channel. 14. The non-transitory, computer-readable storage medium of claim 13 , wherein: the entity token comprises at least one of a user entity token and a service entity token. 15. The non-transitory, computer-readable storage medium of claim 13 , wherein: the entity token and the proxy access token decouple proxy authorization from device API authorization. 16. The non-transitory, computer-readable storage medium of claim 13 , wherein the computer executable instructions are further configured for: establishing a transport layer security (TLS) session when the connectivity is established between the mesh service proxy and the data center service. 17. The non-transitory, computer-readable storage medium of claim 16 , wherein: the transport layer security session comprises a mutual transport security layer (mTLS) session, the mTLS session providing two way verification. 18. The non-transitory, computer-readable storage medium of claim 13 , wherein the computer executable instructions are further configured for: establishing a connection between a data center service and a data center asset, the connection comprising an application program (API) request and the data center asset comprising an associated device API. 19. The non-transitory, computer-readable storage medium of claim 13 , wherein: the computer executable instructions are deployable to a client system from a server system at a remote location. 20. The non-transitory, computer-readable storage medium of claim 13 , wherein: the computer executable instructions are provided by a service provider to a user on an on-demand basis.
Assignees
Inventors
Classifications
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
at the transport layer · CPC title
Adding application-functional data or data for application control, e.g. adding metadata · CPC title
Proxies · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11843604B2 cover?
- A system, method, and computer-readable medium are disclosed for performing a data center connectivity management operation. The connectivity management operation includes: exchanging an entity token for a proxy access token and a device access token via a communication management system authorization service; using the proxy access token to authenticate the data center service to a mesh servic…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 12 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).