Entity authentication for pre-authenticated links
US-2024396898-A1 · Nov 28, 2024 · US
Trusted public infrastructure grid cloud
US9626526B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9626526-B2 |
| Application number | US-201213459593-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 30, 2012 |
| Priority date | Apr 30, 2012 |
| Publication date | Apr 18, 2017 |
| Grant date | Apr 18, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system comprising: a processor; a memory having computer readable program code, the program code executable by the processor to cause the system to: select a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element; indicate a communication connection between a first component template of the plurality of component templates and a second component template of the plurality of component templates; detect a first of a plurality of security levels specified for at least the first component template of the plurality of component templates; in response to detection of the first security level, select from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels; assign the first set of security policies to at least the first component template; build a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection; deploy components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies; detect a second of the plurality of security levels specified for at least the first component template of the plurality of component templates; in response to detection of the second security level and after authentication of a password, select from the plurality of security policies a second set of one or more security policies that satisfies a second set of one or more security attributes that corresponds to the second security level and lower levels of the plurality of security levels; update at least the first component template of the plurality of component templates in accordance with the second set of security policies; and modify the cloud computing application blueprint, wherein the program code executable by the processor to cause the system to modify the cloud computing application blueprint comprises program code executable by the processor to cause the system to update the deployment descriptors to indicate configuration in accordance with the second set of security policies for any of the components deployed based on the first or the second component templates. 2. The system of claim 1 , wherein the second component template is not assigned a security policy. 3. The system of claim 1 , wherein the program code executable by the processor to cause the system to assign the first set of security policies to at least the first component template comprises program code executable by the process to cause the system to modify the first component template to comply with the first set of security policies. 4. The system of claim 1 , further comprising program code executable by the processor to cause the system to: collect audit and reporting information regarding compliance with the first security policy; and generate a compliance report based, at least in part, on the collected audit and reporting information. 5. The system of claim 1 further comprising program code executable by the processor cause the system to: determine whether the second of the plurality of security levels requires components which are communicatively connected to the components based on the first component template to maintain at least a third of the plurality of security levels, wherein the third security level is less secure than the second security level; in response to a determination that the second security level requires components which are communicatively connected to the components based on the first component template to maintain at least the third security level, select from the plurality of security policies a third set of one or more security policies that satisfies a third set of one or more security attributes that corresponds to the third security level and lower levels of the plurality of security levels; and update the second component template in accordance with the third set of security policies; wherein the program code executable by the processor cause the system to modify the cloud computing application blueprint comprises program code executable by the processor cause the system to update the deployment descriptors to indicate configuration also in accordance with the third set of security policies for any of the components deployed based on the first or the second component templates. 6. The system of claim 1 , wherein the program code executable by the processor cause the system to deploy the components for the cloud computing application according to the deployment descriptors comprises program code executable by the processor cause the system to track a deployment location of the components. 7. A method comprising: selecting a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element; indicating a communication connection between at least a first component template of the plurality of component templates and a second component template of the plurality of component templates; detecting a first of a plurality of security levels specified for at least the first component template of the plurality of component templates; in response to detection of the first security level, selecting from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels; assigning the first set of security policies to at least the first component template; building a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection; deploying components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies; detecting a second of the plurality of security levels specified for at least the first component template of the plurality of component templates; in response to detection of the second security level and after authentication of a
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
for controlling access to devices or network resources · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Multi-level security, e.g. mandatory access control · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9626526B2 cover?
- Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the…
- Who is the assignee on this patent?
- Hadar Eitan, Kletskin Michael, Barak Nir, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 18 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).