Method and system for securing a commercial grid network

US 20080256603A1
Filed: 04/12/2007
Published: 10/16/2008
Est. Priority Date: 04/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method for securing a commercial grid network, comprising:

receiving a lease request from a client to lease a computing resource selected from a plurality of computing resources in the commercial grid network;

mapping a unique identifier of the client to a security label selected from a plurality of unmapped security labels to obtain a client-label mapping based on the lease request;

mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request;

storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings; and

authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.

36 Citations

View as Search Results

20 Claims

1. A method for securing a commercial grid network, comprising:
- receiving a lease request from a client to lease a computing resource selected from a plurality of computing resources in the commercial grid network;
  
  mapping a unique identifier of the client to a security label selected from a plurality of unmapped security labels to obtain a client-label mapping based on the lease request;
  
  mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request;
  
  storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings; and
  
  authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - adding the security label to an accredited security label range for the computing resource, wherein the accredited security label range defines an upper security label boundary and a lower security label boundary for accessing the computing resource.
  - 3. The method of claim 2, wherein the lease request is a request for an exclusive lease of the computing resource, wherein the exclusive lease is enforced by restricting the accredited security label range to only the security label.
  - 4. The method of claim 1, further comprising:
    - choosing the computing resource to service the lease request based on lease conditions comprised in the lease request.
  - 5. The method of claim 1, wherein authenticating the access request comprises:
    - parsing, by a forwarding node in the commercial grid network, the access request to obtain the unique identifier of the client and the unique identifier of the computing resource;
      
      accessing, by the forwarding node, the stored security label mappings based on the unique identifier of the client and the unique identifier of the computing resource;
      
      verifying, by the forwarding node, that both the client-label mapping and the resource-label mapping have the security label; and
      
      forwarding, by the forwarding node, the access request based on a positive result of the verifying.
  - 6. The method of claim 1, further comprising:
    - removing the stored security label mappings from the security label repository and returning the security label to the plurality of unmapped security labels when a lease term associated with the client and the computing resource expires.
  - 7. The method of claim 1, further comprising:
    - propagating at least a portion of the security label repository across a plurality of trusted forwarding nodes in the commercial grid network.

8. A commercial grid network comprising:
- a plurality of computing resources;
  
  a security label repository configured to store a plurality of unmapped security labels;
  
  an administrative node configured to;
  
  receive a lease request from a client to lease a computing resource selected from the plurality of computing resources,map a unique identifier of the client to a security label selected from the plurality of unmapped security labels to obtain a client-label mapping based on the lease request,map a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, andstore the client-label mapping and the resource-label mapping in the security label repository to obtain stored security label mappings; and
  
  a forwarding node configured to authenticate an access request from the client to the computing resource using the stored security label mappings.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The commercial grid network of claim 8, further comprising:
    - a resource node comprising the computing resource and an accredited security label range, and configured to add the security label to the accredited security label range, wherein the accredited security label range defines an upper security label boundary and a lower security label boundary for accessing the computing resource.
  - 10. The commercial grid network of claim 8, wherein the administrative node is further configured to:
    - choosing the computing resource to service the lease request based on lease conditions comprised in the lease request.
  - 11. The commercial grid network of claim 8, wherein the forwarding node is configured to authenticate the access request by:
    - parsing the access request to obtain the unique identifier of the client and the unique identifier of the computing resource;
      
      accessing the stored security label mappings based on the unique identifier of the client and the unique identifier of the computing resource;
      
      verifying that both the client-label mapping and the resource-label mapping have the security label; and
      
      forwarding the access request based on a positive result of the verifying.
  - 12. The commercial grid network of claim 8, wherein the administrative node is further configured to:
    - remove the stored security label mappings from the security label repository and returning the security label to the plurality of unmapped security labels when a lease term associated with the client and the computing resource expires.
  - 13. The commercial grid network of claim 8, wherein the administrative node is further configured to:
    - propagate at least a portion of the security label repository to the forwarding node.

14. A computer readable medium comprising executable instructions for:
- receiving a lease request from a client to lease a computing resource selected from a plurality of computing resources in the commercial grid network;
  
  mapping a unique identifier of the client to a security label selected from a plurality of unmapped security labels to obtain a client-label mapping based on the lease request;
  
  mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request;
  
  storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings; and
  
  authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer readable medium of claim 14, further comprising executable instructions for:
    - adding the security label to an accredited security label range for the computing resource, wherein the accredited security label range defines an upper security label boundary and a lower security label boundary for accessing the computing resource.
  - 16. The computer readable medium of claim 15, wherein the lease request is a request for an exclusive lease of the computing resource, wherein the exclusive lease is enforced by restricting the accredited security label range to only the security label.
  - 17. The computer readable medium of claim 14, further comprising executable instructions for:
    - choosing the computing resource to service the lease request based on lease conditions comprised in the lease request.
  - 18. The computer readable medium of claim 14, wherein executable instructions for authenticating the access request comprises executable instructions for:
    - parsing, by a forwarding node in the commercial grid network, the access request to obtain the unique identifier of the client and the unique identifier of the computing resource;
      
      accessing, by the forwarding node, the stored security label mappings based on the unique identifier of the client and the unique identifier of the computing resource;
      
      verifying, by the forwarding node, that both the client-label mapping and the resource-label mapping have the security label; and
      
      forwarding, by the forwarding node, the access request based on a positive result of the verifying.
  - 19. The computer readable medium of claim 14, further comprising executable instructions for:
    - removing the stored security label mappings from the security label repository and returning the security label to the plurality of unmapped security labels when a lease term associated with the client and the computing resource expires.
  - 20. The computer readable medium of claim 14, further comprising executable instructions for:
    - propagating at least a portion of the security label repository across a plurality of trusted forwarding nodes in the commercial grid network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Johnson, Darrin P., Belgaied, Kais

Granted Patent

US 8,087,066 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06Q 10/00   Administration; Management

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/10   in which an application is ...

Method and system for securing a commercial grid network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing a commercial grid network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links