Seamless provision of secret token to cloud-based assets on demand
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security tokens to cloud-based assets on demand over a network, comprising:
- receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource;
extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset;
authenticating the cloud-based asset based on the extracted information, wherein the extracted information is based on characteristics or configurations of the cloud-based asset and a virtualization platform deploying the cloud-based asset that is known to or managed by the trusted cloud platform resource;
generating a security token for the cloud-based asset;
making a first portion of the security token available to be injected into the cloud-based asset;
responding to the prompt with a second portion of the security token;
injecting the first portion of the security token into the cloud-based asset; and
enabling the cloud-based asset to obtain a credential needed for accessing the access-controlled resource by using the first portion of the security token and further based on the response to the prompt with the second portion of the security token.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments include systems and methods for providing security tokens to cloud-based assets on demand. Operations performed in the disclosed embodiments include receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource. Additionally, the operations include extracting information associated with the cloud-based asset by accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, where the trusted cloud platform resource is separate from the cloud-based asset, and authenticating the cloud-based asset based on the extracted information. The operations also include generating a security token for the cloud-based asset, making a first portion of the security token available to be injected into the cloud-based asset, and responding to the prompt with a second portion of the security token.
16 Citations
22 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security tokens to cloud-based assets on demand over a network, comprising:
-
receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticating the cloud-based asset based on the extracted information, wherein the extracted information is based on characteristics or configurations of the cloud-based asset and a virtualization platform deploying the cloud-based asset that is known to or managed by the trusted cloud platform resource; generating a security token for the cloud-based asset; making a first portion of the security token available to be injected into the cloud-based asset; responding to the prompt with a second portion of the security token; injecting the first portion of the security token into the cloud-based asset; and enabling the cloud-based asset to obtain a credential needed for accessing the access-controlled resource by using the first portion of the security token and further based on the response to the prompt with the second portion of the security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing security tokens to cloud-based assets on demand over a network, comprising:
-
receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticating the cloud-based asset based on the extracted information, wherein the extracted information is based on characteristics or configurations of the cloud-based asset and a virtualization platform deploying the cloud-based asset that is known to or managed by the trusted cloud platform resource; generating a security token for the cloud-based asset; making at least a first portion of the security token available to be injected into the cloud-based asset; injecting the first portion of the security token into the cloud-based asset; and enabling the cloud-based asset to obtain a credential needed for accessing the access-controlled resource by using the first portion of the security token and further based on a second portion of the security token.
-
-
17. A server system for providing security tokens to a cloud-based asset on demand over a network, the system comprising:
-
a memory device storing a set of instructions; and a processor configured to execute the set of instructions to; receive a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extract information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticate the cloud-based asset based on the extracted information, wherein the extracted information is based on characteristics or configurations of the cloud-based asset and a virtualization platform deploying the cloud-based asset that is known to or managed by the trusted cloud platform resource; generate a security token for the cloud-based asset; make a first portion of the security token available to be injected into the cloud-based asset; respond to the prompt with a second portion of the security token; inject the first portion of the security token into the cloud-based asset; and enable the cloud-based asset to obtain a credential needed for accessing the access-controlled resource by using the first portion of the security token and further based on the response to the prompt with the second portion of the security token.
-
-
18. A computer-implemented method, executable by a processor of a computing system, for providing a security token to a cloud-based asset on demand over a network, the method comprising:
-
receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticating the cloud-based asset based on the extracted information, wherein the extracted information is based on characteristics or configurations of the cloud-based asset and a virtualization platform deploying the cloud-based asset that is known to or managed by the trusted cloud platform resource; generating a security token for the cloud-based asset; making a first portion of the security token available to be injected into the cloud-based asset; responding to the prompt with a second portion of the security token; injecting the first portion of the security token into the cloud-based asset; and enabling the cloud-based asset to obtain a credential needed for accessing the access-controlled resource by using the first portion of the security token and further based on the response to the prompt with the second portion of the security token. - View Dependent Claims (19, 20, 21, 22)
-
Specification