Federated identity management for data repositories
US-2024348610-A1 · Oct 17, 2024 · US
Protected application stack and method and system of utilizing
US9300688B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9300688-B2 |
| Application number | US-201113089180-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 18, 2011 |
| Priority date | Apr 18, 2010 |
| Publication date | Mar 29, 2016 |
| Grant date | Mar 29, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).
First claim
Opening claim text (preview).
The invention claimed is: 1. A server computer, comprising: a memory, the memory stores a set of policy constraints; and a set of hardware processors in communication with the memory, the set of hardware processors executes a hypervisor, the hypervisor executes a first virtual policy enforcement point appliance, the first virtual policy enforcement point appliance runs a first operating system that includes a firewall, the first operating system runs a first application and a first policy enforcement point, the first virtual policy enforcement point appliance restricts all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point controls all application layer communication to and from the first application based on the set of policy constraints. 2. The server computer of claim 1 , wherein: the set of hardware processors receives a message from a second server different from the server computer, the first policy enforcement point determines whether to pass the message to the first application based on the set of policy constraints. 3. The server computer of claim 1 , wherein: the first virtual policy enforcement point appliance provides individual application isolation for only the first application. 4. The server computer of claim 1 , wherein: the set of hardware processors executes a second application, the first policy enforcement point controls all application layer communication from the second application to the first application based on the set of policy constraints. 5. The server computer of claim 4 , wherein: the first application communicates with the first policy enforcement point using a localhost connection. 6. The server computer of claim 1 , wherein: the first policy enforcement point communicates with the first application using exclusively localhost connections. 7. A system, comprising: a first hardware processor, the first hardware processor executes a hypervisor, the hypervisor executes a first virtual policy enforcement point appliance, the first virtual policy enforcement point appliance runs a first operating system that includes a firewall, the first operating system runs a first application and a first policy enforcement point, the first virtual policy enforcement point appliance restricts all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point controls all application layer communication to and from the first application based on a first set of policy constraints; and a second hardware processor, the second hardware processor in communication with the first hardware processor, the second hardware processor executes a third application, the first policy enforcement point controls all application layer communication from the third application to the first application based on the first set of policy constraints. 8. The system of claim 7 , wherein: the hypervisor executes a second virtual policy enforcement point appliance, the second virtual policy enforcement point appliance runs a second operating system that includes a second firewall, the second operating system runs a second application and a second policy enforcement point, the second virtual policy enforcement point appliance restricts all application layer communication to and from the second application to pass through the second policy enforcement point. 9. The system of claim 8 , wherein: the second operating system is different from the first operating system. 10. The system of claim 8 , wherein: the second policy enforcement point controls all application layer communication to and from the second application based on the first set of policy constraints. 11. The system of claim 7 , wherein: the first virtual policy enforcement point appliance provides individual application isolation for only the first application. 12. The system of claim 7 , wherein: the first application communicates with the first policy enforcement point using a localhost connection. 13. The system of claim 7 , wherein: the first policy enforcement point communicates with the first application using exclusively localhost connections. 14. A system, comprising: a first hardware server, the first hardware server executes a hypervisor, the hypervisor executes a first virtual policy enforcement point appliance, the first virtual policy enforcement point appliance runs a first operating system that includes a firewall, the first operating system runs a first application and a first policy enforcement point, the first virtual policy enforcement point appliance restricts all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point controls all application layer communication to and from the first application based on a first set of policy constraints; and a second hardware server, the second hardware server executes a third application, the first policy enforcement point controls all application layer communication from the third application to the first application based on the first set of policy constraints. 15. The system of claim 14 , wherein: the first hardware server receives a message from the second hardware server, the first policy enforcement point determines whether to pass the message to the first application based on the first set of policy constraints. 16. The system of claim 15 , wherein: the hypervisor executes a second virtual policy enforcement point appliance, the second virtual policy enforcement point appliance runs a second operating system that includes a second firewall, the second operating system runs a second application and a second policy enforcement point, the second virtual policy enforcement point appliance restricts all application layer communication to and from the second application to pass through the second policy enforcement point. 17. The system of claim 16 , wherein: the second operating system is different from the first operating system. 18. The system of claim 14 , wherein: the first application communicates with the first policy enforcement point using a localhost connection. 19. The system of claim 14 , wherein: the first virtual policy enforcement point appliance provides individual application isolation for only the first application.
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- H04L63/168Primary
above the transport layer · CPC title
Distributed architectures, e.g. distributed firewalls · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9300688B2 cover?
- A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).
- Who is the assignee on this patent?
- Morrison Kenneth W S, Thorne Jay W, Ca Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/168. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).