Customizable model for throttling and prioritizing orders in a cloud environment
US-9253113-B2 · Feb 2, 2016 · US
Security infrastructure for cloud services
US9319269B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9319269-B2 |
| Application number | US-201514618791-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 10, 2015 |
| Priority date | Sep 7, 2012 |
| Publication date | Apr 19, 2016 |
| Grant date | Apr 19, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A framework for handling a secure interaction between components in a cloud infrastructure system that wish to transfer information between each other during processing of a customer's subscription order is described. The framework orders the security zones of components based on security levels and protects the transfer of information between components in security zones with different security levels. The assignment of a component to a security zone is based upon the sensitivity of the data handled by the components, the sensitivity of functions performed by the component, and the like.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: storing, by a system comprising one or more computing devices, security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in the system; responsive to a request to transfer information from the first component to the second component: determining, by the system, based upon the security rules information, a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component; and determining, by the system, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring the information from the first component to the second component; determining, based on the particular transfer technique, that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and enabling, by the system, the transfer of the information from the first component to the second component using the particular transfer technique. 2. The method of claim 1 , wherein pushing the information from the first component to the second component comprises invoking a synchronous write Application Programming Interface (API) associated with the second component. 3. The method of claim 1 , wherein pushing information from the first component to the second component comprises publishing the information to a queue associated with the second component. 4. The method of claim 1 , wherein determining the first security zone and the first security level associated with the first component and the second security zone and the second security level associated with the second component further comprises: mapping the first component to the first security zone and mapping the first security zone to the first security level; and mapping the second component to the second security zone and mapping the second security zone to the second security level. 5. The method of claim 1 , wherein the first security level and the second security level are determined based on the information associated with the first component and the second component. 6. The method of claim 1 further comprising determining that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component. 7. The method of claim 6 , wherein pulling the information comprises the first component writing the information to an output queue associated with the second component and the second component pulling the information from the output queue. 8. The method of claim 1 further comprising: providing, by the system, a service that is subscribed to by a plurality of users of the system; and generating the request to transfer the information from the first component to the second component based on the providing, wherein the service is provided in accordance with a Software as a Service (SaaS) model. 9. A system comprising: one or more computing devices configured to provide one or more services; a memory configurable to store security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in the system, the first component and the second component executed by the one or more computing devices; and wherein a computing device from the one or more computing devices is configurable to: receive a request to transfer information from the first component to the second component; determine a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component based on the security rules information; determine, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring information from the first component to the second component; determine, based on the particular transfer technique, that the transfer of information from the first component to the second component is to be performed by pulling the information b the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component; and enable the transfer of the information from the first component to the second component using the particular transfer technique. 10. The system of claim 9 , wherein the computing device is further configured to determine that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component. 11. The system of claim 10 , wherein the computing device is configured to push information from the first component to the second component by publishing information to a queue associated with the second component. 12. The system of claim 9 , wherein pulling the information comprises the first component writing the information to an output queue associated with the second component and the second component pulling the information from the output queue. 13. The system of claim 9 , wherein the computing device is further configured to: map the first component to the first security zone and map the first security zone to the first security level; and map the second component to the second security zone and map the second security zone to the second security level. 14. A non-transitory computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising: instructions that cause at least one processor from the one or more processors to store security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in a system, the system comprising one or more computing devices; responsive to a request to transfer information from the first component to the second component: instructions that cause at least one processor from the one or more processors to determine, based on the security rules information, a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component; and instructions that cause at least one processor from the one or more processors to determine, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular tran
Assignees
Inventors
Classifications
- G06Q10/06315Primary
Needs-based resource requirements planning or analysis · CPC title
Admission control; Resource allocation · CPC title
- H04L41/0686Primary
Additional information in the notification, e.g. enhancement of specific meta-data · CPC title
Network service management, e.g. ensuring proper service fulfilment according to agreements · CPC title
for controlling access to devices or network resources · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9319269B2 cover?
- A framework for handling a secure interaction between components in a cloud infrastructure system that wish to transfer information between each other during processing of a customer's subscription order is described. The framework orders the security zones of components based on security levels and protects the transfer of information between components in security zones with different securit…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification G06Q10/06315. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).