Dynamic and secure cloud to on-premise interaction and connection management

US 10,171,322 B2
Filed: 01/11/2016
Issued: 01/01/2019
Est. Priority Date: 01/11/2016
Status: Active Grant

First Claim

Patent Images

1. A method executed by a passport service executed by at least one processor coupled to at least one memory, comprising:

creating a passport on a cloud application that comprises connectivity details for a tunnel, the connectivity details including pre-allocated transmission control protocol ports for a setup of the tunnel, the tunnel securing and directing access by the cloud application to data of an on-premise appliance;

activating the on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel;

generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties for secure communications; and

binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The described herein relates to a method executed by a passport service executed by at least one processor coupled to at least one memory. The method includes creating a passport on a cloud application that comprises connectivity details for a tunnel and activating an on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel. The method further includes generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties. The method also includes binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.

Citations

17 Claims

1. A method executed by a passport service executed by at least one processor coupled to at least one memory, comprising:
- creating a passport on a cloud application that comprises connectivity details for a tunnel, the connectivity details including pre-allocated transmission control protocol ports for a setup of the tunnel, the tunnel securing and directing access by the cloud application to data of an on-premise appliance;
  
  activating the on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel;
  
  generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties for secure communications; and
  
  binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the tunnel activates a management tunnel and data tunnel.
  - 3. The method of claim 1, wherein the passport token enables a revocation of an individual token without impact to subsequent cloud applications.
  - 4. The method of claim 1, wherein the passport token is passed to a passport library along with internet protocol addresses of the on-premise appliance.
  - 5. The method of claim 1, wherein the passport service acquires the passport token from a passport library when the passport service receives from the cloud application a request for a dynamic connection.
  - 6. The method of claim 1, wherein the binding of the cloud application and the on-premise appliance includes creating a bridge between a first port of the passport service to a second port of the passport service.
  - 7. The method of claim 6, wherein the first port connects to the cloud application.
  - 8. The method of claim 6, wherein the second port connects to the tunnel.

9. A computer program product for a passport service, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform:
- creating a passport on a cloud application that comprises connectivity details for a tunnel, the connectivity details including pre-allocated transmission control protocol ports for a setup of the tunnel, the tunnel securing and directing access by the cloud application to data of an on-premise appliance;
  
  activating the on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel;
  
  generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties for secure communications; and
  
  binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, wherein the tunnel activates a management tunnel and data tunnel.
  - 11. The computer program product of claim 9, wherein the passport token enables a revocation of an individual token without impact to subsequent cloud applications.
  - 12. The computer program product of claim 9, wherein the passport token is passed to a passport library along with internet protocol addresses of the on-premise appliance.
  - 13. The computer program product of claim 9, wherein the passport service acquires the passport token from a passport library when the passport service receives from the cloud application a request for a dynamic connection.
  - 14. The computer program product of claim 9, wherein the binding of the cloud application and the on-premise appliance includes creating a bridge between a first port of the passport service to a second port of the passport service.
  - 15. The computer program product of claim 14, wherein the first port connects to the cloud application.
  - 16. The computer program product of claim 14, wherein the second port connects to the tunnel.

17. A system, comprising:
- a memory having computer readable instructions; and
  
  a processor for executing the computer readable instructions for a passport service, the computer readable instructions causing the processor to perform;
  
  creating a passport on a cloud application that comprises connectivity details for a tunnel, the connectivity details including pre-allocated transmission control protocol ports for a setup of the tunnel, the tunnel securing and directing access by the cloud application to data of an on-premise appliance;
  
  activating the on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel;
  
  generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties for secure communications; and
  
  binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Alewine, Neal J., Liu, Chih-Hsiung, Mosakowski, Barry, Muralidharan, Srinivasan
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Alamamun, Abdullah

Application Number

US14/992,481
Publication Number

US 20170201509A1
Time in Patent Office

1,086 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/0811   by checking connectivity

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

Dynamic and secure cloud to on-premise interaction and connection management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic and secure cloud to on-premise interaction and connection management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links