TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

US 20120017085A1
Filed: 07/13/2011
Published: 01/19/2012
Est. Priority Date: 07/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:

configuring a cloud agent for deployment within a target cloud environment, the cloud agent configured within an enterprise environment;

authenticating the cloud agent and obtaining a cloud agent identity;

assigning an expiration condition to the cloud agent identity that when satisfied renders the cloud agent identity invalid; and

deploying the cloud agent to the target cloud environment for enforcement of enterprise policy within the target cloud environment, via the cloud agent.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.

52 Citations

View as Search Results

20 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- configuring a cloud agent for deployment within a target cloud environment, the cloud agent configured within an enterprise environment;
  
  authenticating the cloud agent and obtaining a cloud agent identity;
  
  assigning an expiration condition to the cloud agent identity that when satisfied renders the cloud agent identity invalid; and
  
  deploying the cloud agent to the target cloud environment for enforcement of enterprise policy within the target cloud environment, via the cloud agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising, requesting, by the cloud agent, a security token from a security manager of the target cloud environment, the security token unique to the target cloud environment.
  - 3. The method of claim 2 further comprising, using, by the cloud agent, the security token with each request issued within the target cloud environment to validate each request and to enforce the enterprise policy with each request.
  - 4. The method of claim 2 further comprising, receiving, by the cloud agent, a token expiration condition with the security token, and when the token expiration condition is met, the security token becomes invalid for use within the target cloud environment.
  - 5. The method of claim 4, wherein receiving further includes identifying the token expiration condition as being different from the expiration condition of the cloud agent identity.
  - 6. The method of claim 2 further comprising, recognizing, by the cloud agent, the security token as a globally unique identifier for the target cloud environment.
  - 7. The method of claim 2 further comprising, using, by the cloud agent a cloud provider interface dictated by the target cloud environment to interact with the security manager.
  - 8. The method of claim 1, wherein authenticating further includes interacting with an identity service and supplying credentials for the cloud agent, the credentials supplied by an administrator via an agent console.
  - 9. The method of claim 1, wherein assigning further includes receiving an event from the cloud agent that it will extend beyond the expiration condition and re-authenticating the cloud agent to obtain a new expiration condition for a length of time that the cloud agent extends its processing.
  - 10. The method of claim 1, wherein assigning further includes assigning the expiration condition as a time-to-live attribute to the cloud agent identity.
  - 11. The method of claim 1, wherein deploying further includes using, by the cloud agent, the cloud agent identity to authenticate to the target cloud environment and to enforce the enterprise policy within the target cloud environment.

12. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- interacting with a cloud agent deployed to a cloud environment by an enterprise environment using a cloud provider interface;
  
  requesting the cloud agent to authenticate a security manager of the cloud environment to the enterprise environment;
  
  receiving, by the security manager, an enterprise token that is specific to the enterprise environment in response to the authentication of the security manager; and
  
  using, by the security manager, the enterprise token to enforce cloud policy within the enterprise environment.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 further comprising, using a policy decision point manager to enforce the cloud policy within the enterprise environment.
  - 14. The method of claim 12 further comprising, operating the security manager as a particular cloud environment interface within the enterprise environment.
  - 15. The method of claim 12, wherein requesting further includes authenticating the security manager to specific rights, permissions, and roles within the enterprise environment.
  - 16. The method of claim 12, wherein receiving further includes obtaining the enterprise token in an encrypted format.
  - 17. The method of claim 16 further comprising, using a symmetric key to decrypt the encrypted format of the enterprise token.

18. A processor-implemented system, comprising:
- an enterprise processing environment including enterprise processing devices; and
  
  a cloud processing environment including cloud processing devices;
  
  wherein the enterprise processing environment configures a cloud agent for deployment to the cloud processing environment to enforce enterprise policy within the cloud processing environment, and wherein a security manager of the cloud processing environment interacts with the cloud agent to enforce cloud policy in the enterprise processing environment.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the cloud agent acquires a cloud token that is specific to the cloud processing environment from the security manager to enforce the enterprise policy.
  - 20. The system of claim 19, wherein the security manager acquires an enterprise token that is specific to the enterprise processing environment from the cloud agent to enforce the cloud policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Earl, Douglas Garry

Granted Patent

US 9,183,374 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 9/3213   using tickets or tokens, e....

TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links