Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

US 20060285693A1
Filed: 06/16/2005
Published: 12/21/2006
Est. Priority Date: 06/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:

establishing a symmetric key at a management server, said symmetric key automatically associated with a logical device identifier of a provisionable resource;

establishing an isolated virtual network between the management server and the provisionable resource;

providing the symmetric key to the provisionable resource; and

dissolving the isolated virtual network between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment. In one method embodiment, the present invention establishes a symmetric key at a management server, the symmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the symmetric key to the provisionable resource. Then, after the symmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.

35 Citations

View as Search Results

33 Claims

1. A method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:
- establishing a symmetric key at a management server, said symmetric key automatically associated with a logical device identifier of a provisionable resource;
  
  establishing an isolated virtual network between the management server and the provisionable resource;
  
  providing the symmetric key to the provisionable resource; and
  
  dissolving the isolated virtual network between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - re-keying the symmetric key during a provisional resource duplication process for each device involved in said provisional resource duplication process.
  - 3. The method of claim 1 further comprising:
    - providing a record entry on a database of said management server when said provisionable resource is assigned a symmetric key.
  - 4. The method of claim 3 further comprising:
    - deleting a record entry on said symmetric database of said management server when said provisionable resource is deleted.
  - 5. The method of claim 1 wherein said symmetric key is a shared secret.
  - 6. The method of claim 1 wherein said symmetric key is a cryptographic key.
  - 7. The method of claim 1 wherein said logical device identifier identifies a single provisionable resource, based on its logical identity, rather than physical identity.
  - 8. The method of claim 1 wherein said logical device identifier identifies a group of provisionable resources, based on their logical identity, rather than physical identities.
  - 9. The method of claim 1 wherein after said management server has provided said symmetric key, said management server further comprises:
    - receiving an authentication credential from a first provisionable resource; and
      
      providing said authentication credential to a second provisionable resource, wherein said management server securely provides said authentication credential to said second provisionable resource automatically.
  - 10. The method of claim 1 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 11. The method of claim 1 wherein after said management server has provided said symmetric key, said management server further comprises:
    - receiving a shared encryption credential from a first provisionable resource; and
      
      providing said shared encryption credential to a second provisionable resource, wherein said management server securely provides said shared encryption credential to said second provisionable resource automatically.

12. An automated symmetric key security credential distributor for a utility computing environment comprising:
- a symmetric key generator for generating a symmetric key at a management server;
  
  a logical device identifier coupler for coupling the symmetric key with a logical device identifier of a provisionable resource;
  
  a virtual network establisher for automatically establishing an isolated virtual network between the management server and the provisionable resource;
  
  a symmetric key provider for providing the symmetric key to the provisionable resource; and
  
  a virtual network dissolver for dissolving the isolated virtual network between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The automated symmetric key distributor of claim 12 further comprising:
    - a database on said management server for maintaining a record entry when said provisionable resource is assigned a symmetric key.
  - 14. The automated symmetric key distributor of claim 13 further comprising:
    - a database cleaner on said management server for deleting a record entry when said provisionable resource is deleted.
  - 15. The automated symmetric key distributor of claim 12 wherein said logical device identifier identifies a single provisionable resource, based on a logical identity, rather than a physical identity.
  - 16. The automated symmetric key distributor of claim 12 wherein said logical device identifier identifies a group of provisionable resources, based on a logical identity, rather than a physical identity of said group.
  - 17. The automated symmetric key distributor of claim 12 wherein after said management server has distributed said symmetric key, said management server further comprises:
    - a credential receiver for receiving an authentication credential from a first provisionable resource; and
      
      said credential provider for providing said authentication credential to a second provisionable resource, wherein said management server automatically and securely provides said authentication credential to said second provisionable resource.
  - 18. The automated symmetric key distributor of claim 12 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 19. The automated symmetric key distributor of claim 12 wherein after said provisionable resource has received said symmetric key, said management server further comprises:
    - a shared encryption credential receiver for receiving a shared encryption credential from a first provisionable resource; and
      
      said shared encryption credential provider for providing said shared encryption credential to a second provisionable resource, wherein said management server automatically and securely provides said shared encryption credential to said second provisionable resource.

20. A computer-usable medium having computer-readable program code embodied therein for causing a method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:
- establishing a symmetric key at a management server;
  
  associating the symmetric key with a logical device identifier of a provisionable resource;
  
  automatically establishing an isolated virtual network between the management server and the provisionable resource;
  
  providing the symmetric key to the provisionable resource; and
  
  dissolving the isolated virtual network between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The computer-usable medium of claim 20 further comprising:
    - re-keying the symmetric key during a provisional resource duplication process for each device involved in said provisional resource duplication process.
  - 22. The computer-usable medium of claim 20 further comprising:
    - providing a record entry on a symmetric database of said management server when said provisionable resource is assigned a symmetric key.
  - 23. The computer-usable medium of claim 22 further comprising:
    - deleting a record entry on said symmetric database of said management server when said provisionable resource is deleted.
  - 24. The computer-usable medium of claim 20 wherein said symmetric key is a shared secret.
  - 25. The computer-usable medium of claim 20 wherein said symmetric key is a cryptographic key.
  - 26. The computer-usable medium of claim 20 wherein said logical device identifier identifies a single provisionable resource, based on its logical identity, rather than physical identity.
  - 27. The computer-usable medium of claim 20 wherein said logical device identifier identifies a group of provisionable resources, based on their group logical identity, rather than physical identities.
  - 28. The computer-usable medium of claim 20 wherein after said management server has distributed said symmetric key, said management server further comprises:
    - receiving an authentication credential from a first provisionable resource; and
      
      providing said authentication credential to a second provisionable resource, wherein said management server securely provides said authentication credential to said second provisionable resource automatically.
  - 29. The computer-usable medium of claim 20 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 30. The computer-usable medium of claim 20 wherein after said provisionable resource has received said symmetric key, said management server further comprises:
    - receiving a shared encryption credential from a first provisionable resource; and
      
      providing said shared encryption credential to a second provisionable resource, wherein said management server securely provides said shared encryption credential to said second provisionable resource automatically.

31. A utility computing environment comprising:
- a plurality of information technology (IT) compute resources and connections coupled with said plurality of IT compute resources;
  
  with each of said plurality of IT compute resources represented in a machine-readable map; and
  
  a management server coupled with said plurality of IT compute resources, said management server configured to automatically distribute symmetric key security credentials for said IT compute resources for said data center.
- View Dependent Claims (32, 33)
- - 32. The utility computing environment of claim 31 further comprising:
    - a utility controller for automatically configuring and deploying a pool of said IT compute resources into farms using said machine-readable map as the specification.
  - 33. The utility computing environment of claim 31 further comprising:
    - a network operations center from which a data center operator can operate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Raikar, Amit

Granted Patent

US 7,822,982 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 63/062 for key distribution, e.g. ...

H04L 63/08 for authentication of entit...

Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links