Seamless provision of authentication credential data to cloud-based assets on demand
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing authentication credential data to cloud-based assets on demand, the operations comprising:
- receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource;
extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset and being configured to analyze information associated with a creation of the cloud-based asset;
authenticating the cloud-based asset based on the extracted information;
making first authentication credential data available to the cloud-based asset in response to a first request;
authenticating the cloud-based asset based on the first authentication credential data;
making second authentication credential data available to the cloud-based asset, in response to a second request; and
concatenating the first authentication credential data and the second authentication credential data;
wherein the cloud-based asset'"'"'s right to access the access-controlled resource is contingent on the cloud-based asset providing the first and second authentication credential data, on the first and second authentication credential data being concatenated, and on a verification of the concatenated first and second authentication credential data.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments include systems and methods for providing security tokens to cloud-based assets on demand. Operations performed in the disclosed embodiments include receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource. Additionally, the operations include extracting information associated with the cloud-based asset by accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, where the trusted cloud platform resource is separate from the cloud-based asset, and authenticating the cloud-based asset based on the extracted information. The operations also include generating a security token for the cloud-based asset, making a first portion of the security token available to be injected into the cloud-based asset, and responding to the prompt with a second portion of the security token.
-
Citations
21 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing authentication credential data to cloud-based assets on demand, the operations comprising:
-
receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset and being configured to analyze information associated with a creation of the cloud-based asset; authenticating the cloud-based asset based on the extracted information; making first authentication credential data available to the cloud-based asset in response to a first request; authenticating the cloud-based asset based on the first authentication credential data; making second authentication credential data available to the cloud-based asset, in response to a second request; and concatenating the first authentication credential data and the second authentication credential data; wherein the cloud-based asset'"'"'s right to access the access-controlled resource is contingent on the cloud-based asset providing the first and second authentication credential data, on the first and second authentication credential data being concatenated, and on a verification of the concatenated first and second authentication credential data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, executable by a processor of a computing system, for providing authentication credential data to a cloud-based asset on demand, the method comprising:
-
receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset and being configured to analyze information associated with a creation of the cloud-based asset; wherein the extracted information includes information regarding a virtualization platform used to spin up the cloud-based asset and a parameter or configuration setting of the virtualization platform; authenticating the cloud-based asset based on the extracted information; making first authentication credential data available to the cloud-based asset in response to a first request; authenticating the cloud-based asset based on the first authentication credential data; and making second authentication credential data available to the cloud-based asset, in response to a second request; wherein the cloud-based asset'"'"'s right to access the access-controlled resource is contingent on the cloud-based asset providing the first and second authentication credential data, and on a verification of both the first and second authentication credential data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for obtaining access to authentication credential data on demand, the operations comprising:
-
requesting, by a cloud-based asset, to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; in response to the request to communicate and conditional on the cloud-based asset being authenticated based on extracted information associated with the cloud-based asset, obtaining access to first authentication credential data for the cloud-based asset; wherein the extracted information is maintained by a trusted cloud platform resource that is configured to analyze information associated with a creation of the cloud-based asset; in response to a subsequent request, obtaining access to second authentication credential data for the cloud-based asset; requesting authorization, using the first authentication credential data and the second authentication credential data, to access the access-controlled resource; and receiving authorization, in response to the request for authorization, to access the access-controlled resource; wherein the cloud-based asset'"'"'s right to access the access-controlled resource is contingent on the cloud-based asset providing the first and second authentication credential data, on the first and second authentication credential data being concatenated, and on a verification of the concatenated first and second authentication credential data. - View Dependent Claims (19, 20, 21)
-
Specification