Recommending terms to specify ontology space
US-9081852-B2 · Jul 14, 2015 · US
Providing context-based visibility of cloud resources in a multi-tenant environment
US9444820B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9444820-B2 |
| Application number | US-201414503091-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 30, 2014 |
| Priority date | Jan 16, 2014 |
| Publication date | Sep 13, 2016 |
| Grant date | Sep 13, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure tag generation service is associated with a cloud infrastructure. This service establishes a security context for a particular cloud tenant based on a tenant's security requirements, one or more cloud resource attributes, and the like. The security content is encoded into a data structure, such as a tag that uniquely identifies that security context. The tag is then encrypted. The encrypted tag is then propagated to one or more cloud management services, such as a logging service. When one or more cloud resources are then used, such use is associated with the encrypted security context tag. In this manner, the encrypted tag is used to monitor activities that are required to meet the security context. When it comes time to perform a security or compliance management task, any cloud system logs that reference the encrypted security context tag are correlated to generate a report for the security context.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of resource security and compliance monitoring in a multi-tenant cloud computing infrastructure, the cloud computing infrastructure comprising a set of network-accessible computing machines and software executed by one or more processors in the cloud computing infrastructure, comprising: for a given tenant, deriving a security context from cloud resource meta-data and user-specific input data, the user-specific input data being security requirements for the given tenant in the cloud computing infrastructure; encapsulating the cloud resource meta-data and the user-specific input data into a data structure; processing the data structure into a data string that securely and uniquely represents the security context for the given tenant; propagating the data string for the given tenant into machine-based logs generated by one or more cloud resource automation services that monitor the cloud computing infrastructure; associating the data string to activities associated with one or more secure resources as the activities are monitored by the one or more cloud resource automation services to provide context-based visibility for the resource security and compliance monitoring in the cloud computing infrastructure by the one or more cloud resource automation services; and responsive to a request associated with the resource security and compliance monitoring, correlating information from the machine-based logs and that includes the data string to generate a security context-specific response, the security context-specific response associated with a tenant-specific compliance view; wherein operations of the processing, the propagating and the correlating are carried out by the one or more processors. 2. The method as described in claim 1 wherein the data string is a security context tag that encodes the cloud resource meta-data and the user-specific input data. 3. The method as described in claim 2 wherein the data string is protected by a security wrapper generated by applying a given mathematical function to the security context tag. 4. The method as described in claim 3 further including removing the security wrapper prior to correlating the information. 5. The method as described in claim 1 further including updating the security context and the associated data string based on one of: a runtime behavior, and an event. 6. The method as described in claim 1 wherein the security context-specific response is a report detailing one of: user activity, resource usage, network monitoring, and workload execution. 7. The method as described in claim 6 wherein the report is specific to the given tenant and the security context for the given tenant.
Assignees
Inventors
Classifications
Architectures of resource allocation · CPC title
Vulnerability analysis · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Network service management, e.g. ensuring proper service fulfilment according to agreements · CPC title
Tools and structures for managing or administering access control systems · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9444820B2 cover?
- A secure tag generation service is associated with a cloud infrastructure. This service establishes a security context for a particular cloud tenant based on a tenant's security requirements, one or more cloud resource attributes, and the like. The security content is encoded into a data structure, such as a tag that uniquely identifies that security context. The tag is then encrypted. The encr…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 13 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).