What technology area does this patent fall under?

Primary CPC classification G06F21/604. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method of establishing a trust relationship for sharing resources between two tenants in a cloud network

US9509698B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9509698-B2
Application number	US-201414561099-A
Country	US
Kind code	B2
Filing date	Dec 4, 2014
Priority date	Dec 5, 2013
Publication date	Nov 29, 2016
Grant date	Nov 29, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of sharing resources between a trustee tenant in a cloud network and a trustor tenant in the cloud network, the method comprising: receiving, by a trust builder module, a requirement file from the trustee tenant in the cloud network, said requirement file including at least one permission desired by said trustee tenant in the cloud network; searching, by the trust builder module, a storage zone for at least one opportunity file sent by the trustor tenant in the cloud network, said at least one opportunity file including said at least one permission; and storing, by the trust builder module, information representative of a trust relationship for sharing resources between said trustee and trustor tenants in the cloud network; receiving, by a reception module, from the trustee tenant in the cloud network a request to benefit from a permission to access a resource; identifying, by an identification module, a virtual role of the trustee tenant in the cloud network; verifying, by a verification module, that the trustor tenant in the cloud network includes a role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network, said verification comprising determining that said virtual role of the trustee tenant in the cloud network points to said role of the trustor tenant in the cloud network; and authorizing or denying, by an access control module, said access as a function of whether it is determined during said verification that the trustor tenant in the cloud network includes the role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network. 2. The method of claim 1 , further comprising: creating, by the trust builder module, at least one virtual role in a namespace of the trustee tenant in the cloud network, said at least one virtual role pointing towards a corresponding role of a namespace of the trustor tenant in the cloud network including said at least one permission. 3. A cloud network for sharing resources between a trustee tenant and a trustor tenant in a cloud network, the cloud network comprising: a reception module which receives a requirement file from the trustee tenant in the cloud network, said requirement file including at least one permission desired by the trustee tenant in the cloud network; a search module which searches for at least one opportunity file sent by a trustor tenant in the cloud network, said at least one opportunity file including said at least one permission; a storage module which stores information representative of a trust relationship for sharing resources between the trustee tenant in the cloud network and the trustor tenant in the cloud network; a reception module which receives from the trustee tenant in the cloud network a request to benefit from a permission to access a resource; an identification module which identifies a virtual role of the trustee tenant in the cloud network; a verification module which verifies that the trustor tenant in the cloud network includes a role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network, said verification comprising determining that said virtual role of the trustee tenant in the cloud network points to said role of the trustor tenant in the cloud network; and an access control module which authorizes or denies said access as a function of whether it is determined during said verification that the trustor tenant in the cloud network includes the role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network. 4. A computer system for controlling access to a resource of a trustor tenant in a cloud network by a trustee tenant in the cloud network, the system comprising: a reception module which receives from the trustee tenant in the cloud network a request to benefit from a permission to access the resource; an identification module which identifies a virtual role of the trustee tenant in the cloud network; a verification module which verifies that the trustor tenant in the cloud network includes a role that offers said permission and that a trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network, said verification module being suitable for determining that said virtual role of the trustee tenant in the cloud network points to said role of the trustor tenant in the cloud network; and an access control module which authorizes or denies said access as a function of whether it is determined during said verification that the trustor tenant in the cloud network includes the role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network; wherein: said reception module includes a policy enforcement point (PEP) block suitable for applying an access control policy; said access control module includes a policy decision point (PDP) block suitable for taking a decision concerning access control; and said blocks PEP and PDP comply with an extensible access control markup language reference architecture as used by an organization-based access control (OrBAC) model. 5. The computer system according to claim 4 , wherein: said identification module includes a block PDP and a block policy information block (PIP), said blocks PDP and PIP complying with the extensible access control markup language reference architecture as used by the OrBAC model. 6. A computer having stored thereon a program including instructions for performing a method for sharing resources between a trustee tenant in a cloud network and a trustor tenant in the cloud network when said program is executed by said computer, the method comprising: receiving, by a trust builder module, a requirement file from the trustee tenant in the cloud network, said requirement file including at least one permission desired by said trustee tenant; searching, by the trust builder module, a storage zone for at least one opportunity file sent by the trustor tenant in the cloud network, said at least one opportunity file including said at least one permission; storing, by the trust builder module, information representative of a trust relationship for sharing resources between said trustee and trustor tenants in the cloud network; receiving, by a reception module, from the trustee tenant in the cloud network a request to benefit from a permission to access a resource; identifying, by an identification module, a virtual role of the trustee tenant in the cloud network; verifying, by a verification module, that the trustor tenant in the cloud network includes a role that offers said permission and that the trust relationship for sharing resources has been established between the trustor tenant in the cloud network and the trustee tenant in the cloud network, said verification comprising determining that said virtual role of the trustee tenant in the cloud network points to said role of the trustor tenant in the cloud network; and authorizing or denying, by an access control module, said access as a function of whether it is determined during said verification that the trustor tenant in the cloud network includes the role that offers said permission and that the trus

Assignees

Orange

Inventors

Classifications

G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L47/70
Admission control; Resource allocation · CPC title
G06F21/604Primary
Tools and structures for managing or administering access control systems · CPC title
H04L63/10Primary
for controlling access to devices or network resources · CPC title

Patent family

Related publications grouped by family.

View patent family 50489207

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9509698B2 cover?: One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file i…
Who is the assignee on this patent?: Orange
What technology area does this patent fall under?: Primary CPC classification G06F21/604. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).