Provisioning systems for installing credentials

US 10,187,426 B2
Filed: 09/28/2016
Issued: 01/22/2019
Est. Priority Date: 12/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method for creating a new virtual data processing instance, comprising:

creating and starting the new virtual data processing instance at a host via a communication network in a virtualization environment, wherein the host comprises memory, one or more processors and an interface for communication with a management system via the communication network; and

enrolling the new virtual data processing instance into the management system, the enrolling comprising installing at least one credential via the communication network on the new virtual data processing instance at the host for use by the new virtual data processing instance in securing communications with the management system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

73 Citations

View as Search Results

16 Claims

1. A method for creating a new virtual data processing instance, comprising:
- creating and starting the new virtual data processing instance at a host via a communication network in a virtualization environment, wherein the host comprises memory, one or more processors and an interface for communication with a management system via the communication network; and
  
  enrolling the new virtual data processing instance into the management system, the enrolling comprising installing at least one credential via the communication network on the new virtual data processing instance at the host for use by the new virtual data processing instance in securing communications with the management system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising installing a certificate on the new virtual data processing instance.
  - 3. The method according to claim 1, further comprising installing at least one configuration object on the new virtual data processing instance.
  - 4. The method according to claim 1, further comprising inserting the new virtual data processing instance into a host group.
  - 5. The method according to claim 1, further comprising installing at least one of an identity key, a host key and an authorized key on the new virtual data processing instance before booting thereof.
  - 6. The method according to claim 1, further comprising installing the at least one credential on the new virtual data processing instance during a boot process thereof.
  - 7. The method according to claim 1, further comprising inserting credential management system credentials into a virtual machine image for use in booting of the new virtual data processing instance.
  - 8. The method according to claim 1, further comprising configuring the new virtual data processing instance, based on the at least one credential, for at least one of:
    - authentication to a credential management system, use of a host key for at least one other host in the virtualization environment, enabling an account in another data processing instance to log into the new virtual data processing instance, and logging into at least one other data processing instance.
  - 9. The method according to claim 1, wherein parts of a kernel are shared by multiple instances.

10. An apparatus for a host in a virtualization environment system for creating a new virtual data processing instance in the host, the apparatus comprising:
- an interface for communication with a management system via a communication network for creation and starting new virtual data processing instances;
  
  one or more processors; and
  
  memory storing executable instructions that, when executed by the one or more processors, cause the host to;
  
  create and start the new virtual data processing instance based on information communicated via the communication network; and
  
  enroll the new virtual data processing instance into the management system, the enrolling comprising installing at least one credential on the new virtual data processing instance for use by the new virtual data processing instance in securing communications with the management system.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus according to claim 10, wherein the instructions, when executed by the one or more processors, cause performance of at least one of the following:
    - install a certificate on the new virtual data processing instance;
      
      install at least one configuration object on the new virtual data processing instance;
      
      orinsert the new virtual data processing instance into a host group.
  - 12. The apparatus according to claim 10, wherein the instructions, when executed by the one or more processors, cause installing of at least one key on the new virtual data processing instance before or during booting thereof.
  - 13. The apparatus according to claim 10, wherein the instructions, when executed by the one or more processors, cause insertion of credential management system credentials into a virtual machine image for use in booting of the new virtual data processing instance.
  - 14. The apparatus according to claim 10, wherein the instructions, when executed by the one or more processors, cause configuring of the new virtual data processing instance, based on the at least one credential, for at least one of:
    - authentication to a credential management system, use of a host key for at least one other host in the virtualized environment, enabling an account in another data processing instance to log into the new virtual data processing instance, and logging into at least one other data processing instance.
  - 15. The apparatus according to claim 10, wherein parts of a kernel of the host are shared by multiple virtual data processing instances.

16. A non-transitory computer readable media comprising program code for causing an apparatus operable in a virtualized environment and comprising a processor to perform instructions for:
- creating a new virtual data processing instance on a host, wherein the creating comprises;
  
  creating and starting the new virtual data processing instance in the virtualized environment based on communications by the host via a communication network; and
  
  enrolling the new virtual data processing instance into a management system, the enrolling comprising installing at least one credential on the new virtual data processing instance based on communications by the host via the communication network for use by the new virtual data processing instance in securing communications with the management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SSH Communications Security Oyj
Original Assignee
SSH Communications Security Oyj
Inventors
Ylonen, Tatu J.
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/278,124
Publication Number

US 20170019387A1
Time in Patent Office

846 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 61/4523   using lightweight directory...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321 : involving a third party or ...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3268 : using certificate validatio...

View All

Provisioning systems for installing credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning systems for installing credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links