COLLABORATIVE RULES BASED SECURITY

US 20120159572A1
Filed: 12/15/2010
Published: 06/21/2012
Est. Priority Date: 12/15/2010
Status: Active Grant

First Claim

Patent Images

1. A cloud computing security system, comprising:

an access manager module including a first client profile and a second client profile, wherein the first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and wherein the second client profile has a second set of rules enabling access to a second set of cloud computing system resources; and

a security logic module in communication with the access manager module, wherein the security logic module is configured to;

receive an access request for access to one of the first and second sets of cloud computing system resources; and

responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud computing security system. An access manager module includes first and second client profiles. The first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and the second client profile has a second set of rules enabling access to a second set of cloud computing system resources. A security logic module is in communication with the access manager module. The security logic module is configured to receive an access request for access to one of the first and second sets of cloud computing system resources. Responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, the security logic module is configured to provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources.

36 Citations

View as Search Results

20 Claims

1. A cloud computing security system, comprising:
- an access manager module including a first client profile and a second client profile, wherein the first client profile has a first set of rules enabling access to a first set of cloud computing system resources, and wherein the second client profile has a second set of rules enabling access to a second set of cloud computing system resources; and
  
  a security logic module in communication with the access manager module, wherein the security logic module is configured to;
  
  receive an access request for access to one of the first and second sets of cloud computing system resources; and
  
  responsive to determining that the access request complies with at least one of the first set of rules and the second set of rules, provide an access grant that grants access to at least one of the first and second sets of cloud computing system resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The cloud computing security system of claim 1, wherein the security logic module further comprises:
    - an association definition module configured to establish a model network resource association compliant with the access grant.
  - 3. The cloud computing security system of claim 2, wherein the association definition module is further configured to modify the first client profile to accommodate the model network resource association.
  - 4. The cloud computing security system of claim 1, wherein the security logic module further comprises:
    - a request validator module configured to compare the access request with the first and second sets of rules to determine compliance.
  - 5. The cloud computing security system of claim 4, wherein the request validator module is further configured to interrogate the access request and determine whether a requestor associated with the access request is a valid candidate for utilization of the security logic module.
  - 6. The cloud computing security system of claim 4, wherein the request validator module is further configured to interrogate the access request and determine whether a network service of a client device associated with a requestor is a valid candidate for utilization of the security logic module.
  - 7. The cloud computing security system of claim 1, wherein the security logic module further comprises:
    - a notification preparation module configured to generate a notification that contains the access grant.
  - 8. The cloud computing security system of claim 1, wherein the access grant provides granular access to the at least one of the first and second cloud computing system resources.
  - 9. The cloud computing security system of claim 1, wherein the at least one of the first and second cloud computing system resources is a network as a service.
  - 10. The cloud computing security system of claim 9, wherein the security logic module enables granular access to the at least one of the first and second sets of cloud computing system resources accessed through the network as a service.

11. A method for implementing cloud computing system security, the method implemented by a processor, the method comprising:
- evaluating an access request to at least one cloud computing system resource against a set of rules associated with a requestor to determine compliance of the access request with the set of rules; and
  
  granting access to the at least one cloud computing system resource to the requestor in response to a determination of compliance.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 further comprising:
    - maintaining a profile associated with the requestor, wherein the profile has the set of rules, and wherein the set of rules defines granular access to the at least one cloud computing system resource.
  - 13. The method of claim 11 further comprising:
    - responsive to evaluating the access request and the determination of compliance, establishing a model network resource association to form a network services association definition.
  - 14. The method of claim 11 further comprising:
    - responsive to evaluating the access request, modifying a profile, associated with a requestor, within a plurality of client profiles to include a network service association definition.
  - 15. The method of claim 11 further comprising:
    - interrogating the access request to determine whether the requestor is a valid candidate for utilization of a security logic module.
  - 16. The method of claim 15 further comprising:
    - interrogating the access request to determine whether a network service associated with the access request is a valid candidate for utilization of the security logic module.
  - 17. The method of claim 11 further comprising:
    - generating a notification to a client device associated with the requestor indicating an access grant.
  - 18. The method of claim 11, wherein the at least one computing system resource is selected from the group consisting of:
    - a platform as a service, data as a service, software as a service, infrastructure as a service, and network as a service.
  - 19. The method of claim 11, wherein the at least one cloud computing system resource is a network as a service and wherein a security logic module enables granular access to shared data in a collaborative environment accessed through the network as a service.

20. A cloud computing apparatus, comprising:
- a security logic module;
  
  an access manager module in communication with the security logic module, wherein the access manager module is configured to receive an access request from a client device for access to at least one cloud computing system resource;
  
  a request validator module operatively coupled to the access manager module and configured to determine whether the access request is a valid request and whether a requestor associated with the client device is a valid candidate for utilization of the security logic module;
  
  the access manager module including a plurality of client profiles, each profile in the plurality of client profiles having a set of rules defining granular access to the at least one cloud computing system resource by the client device, wherein an access grant is provided upon determination of request compliance with the set of rules; and
  
  an association definition module configured to establish a model network resource association compliant with the access grant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Rubert, James M., Nelson, David Wayne, Patel, Depti, Rencher, Robert John

Granted Patent

US 8,726,348 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/102 Entity profiles

COLLABORATIVE RULES BASED SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

COLLABORATIVE RULES BASED SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others