Password encryption for hybrid cloud services
First Claim
1. A system comprising:
- a gateway server, associated with an internal cloud, configured to receive messages from a user device and to forward the messages to a computing device associated with an external cloud different from the internal cloud; and
a workspace cloud connector computing device associated with the internal cloud, wherein the workspace cloud connector computing device is communicatively coupled to the gateway server and different from the user device, the workspace cloud connector computing device configured to;
prevent a first message of the messages being forwarded to the computing device associated with the external cloud, from being delivered to the computing device associated with the external cloud based on detecting that the first message includes plaintext user identity credentials for an internal application;
generate an encryption key;
encrypt the plaintext user identity credentials using the encryption key;
generate a first hash of the encryption key;
transmit a second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud;
in response to transmitting the second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud, receive a routing address of a virtual delivery agent computing device from the computing device associated with the external cloud; and
transmit a third message including the encryption key and the routing address of the virtual delivery agent computing device to the user device.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, computer-readable media, and apparatuses may provide password encryption for hybrid cloud services. A workspace cloud connector internally residing with an entity may intercept user credentials associated with an internal application being transmitted to an external cloud service. The workspace cloud connector may generate an encryption key and encrypt the user credentials via a reversible encryption methodology. The workspace cloud connector may encrypt the encryption key using an irreversible encryption methodology (e.g., use a hashing function to produce a first hash). The workspace cloud connector may transmit the encrypted user credentials and the first hash to a virtual delivery agent via a first path (e.g., via the external cloud service). In response, the workspace cloud connector may receive an address of the virtual delivery agent and, using the address, may send the encryption key to the virtual delivery agent via a second path different from the first path.
9 Citations
20 Claims
-
1. A system comprising:
-
a gateway server, associated with an internal cloud, configured to receive messages from a user device and to forward the messages to a computing device associated with an external cloud different from the internal cloud; and a workspace cloud connector computing device associated with the internal cloud, wherein the workspace cloud connector computing device is communicatively coupled to the gateway server and different from the user device, the workspace cloud connector computing device configured to; prevent a first message of the messages being forwarded to the computing device associated with the external cloud, from being delivered to the computing device associated with the external cloud based on detecting that the first message includes plaintext user identity credentials for an internal application; generate an encryption key; encrypt the plaintext user identity credentials using the encryption key; generate a first hash of the encryption key; transmit a second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud; in response to transmitting the second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud, receive a routing address of a virtual delivery agent computing device from the computing device associated with the external cloud; and transmit a third message including the encryption key and the routing address of the virtual delivery agent computing device to the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus, within an internal cloud, comprising:
-
a hardware processor; and a hardware computer readable medium storing instructions that, when executed by the hardware processor, configure the apparatus to; prevent a first message received from a user device from being delivered to a computing device associated with an external cloud different from the internal cloud, said preventing based on detecting that the first message includes plaintext user identity credentials associated with an application, wherein the apparatus is different from the user device; generate an encryption key; encrypt the plaintext user identity credentials using the encryption key; generate a first hash of the encryption key; transmit a second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud; in response to transmitting the second message including the encrypted user identity credentials and the first hash of the encryption key to the computing device associated with the external cloud, receive a routing address of a virtual delivery agent computing device from the computing device associated with the external cloud; and transmit a third message including the encryption key and the routing address of the virtual delivery agent computing device to the user device. - View Dependent Claims (14, 15, 16)
-
-
17. A method comprising:
-
preventing, by a computing device associated with an internal cloud and different from a user device, a first message received from the user device from being delivered to a computing device associated with an external cloud different from the internal cloud, said preventing being based on detecting that the first message includes plaintext user identity credentials associated with an internal application; extracting, by the computing device associated with the internal cloud, the plaintext user identity credentials included in the first message; generating, by the computing device associated with the internal cloud, a random logon ticket; encrypting, by the computing device associated with the internal cloud, the plaintext user identity credentials using the random logon ticket; generating, by the computing device associated with the internal cloud, a first hash of the random logon ticket; transmitting, by the computing device associated with the internal cloud and to the computing device associated with the external cloud, a second message including the encrypted user identity credentials and the first hash of the random logon ticket; in response to the transmitting, receiving, by the computing device associated with the internal cloud and from the computing device associated with the external cloud, a routing address of a virtual delivery agent computing device; and transmitting, from the computing device associated with the internal cloud and to the user device, a third message including the random logon ticket and the routing address of the virtual delivery agent computing device. - View Dependent Claims (18, 19, 20)
-
Specification