ESTABLISHING TRUST WITHIN A CLOUD COMPUTING SYSTEM

US 20130326215A1
Filed: 04/23/2013
Published: 12/05/2013
Est. Priority Date: 06/05/2012
Status: Active Grant

First Claim

Patent Images

1. A cloud computing system comprises:

a cloud system managing unit having a system level manager trusted certificate;

a plurality of sets of devices, wherein a set of devices of the plurality of sets of devices includes one or more devices having a common aspect; and

a plurality of authentication servers, wherein an authentication server of the plurality of authentication servers is associated with one of the plurality of sets of devices based on the common aspect, wherein each of the plurality of authentication servers has a unique device level server trusted certificate and a unique system level server trusted certificate;

wherein;

a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices establishes trust therebetween based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers;

the corresponding one of the plurality of authentication servers and the cloud system managing unit establishes trust therebetween based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;

the cloud system managing unit and the one or more devices of one of the plurality of sets of devices establish trust therebetween based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and

the cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud computing system includes a cloud system managing unit, a plurality of sets of devices, where a set of devices includes one or more devices having a common aspect, and a plurality of authentication servers, where an authentication server is associated with one of the plurality of sets of devices based on the common aspect. The cloud computing system functions to establish trust between a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices, between the corresponding one of the plurality of authentication servers and the cloud system managing unit, and between the cloud system managing unit and the one or more devices. The cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

Citations

20 Claims

1. A cloud computing system comprises:
- a cloud system managing unit having a system level manager trusted certificate;
  
  a plurality of sets of devices, wherein a set of devices of the plurality of sets of devices includes one or more devices having a common aspect; and
  
  a plurality of authentication servers, wherein an authentication server of the plurality of authentication servers is associated with one of the plurality of sets of devices based on the common aspect, wherein each of the plurality of authentication servers has a unique device level server trusted certificate and a unique system level server trusted certificate;
  
  wherein;
  
  a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices establishes trust therebetween based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers;
  
  the corresponding one of the plurality of authentication servers and the cloud system managing unit establishes trust therebetween based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  the cloud system managing unit and the one or more devices of one of the plurality of sets of devices establish trust therebetween based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and
  
  the cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The cloud computing system of claim 1, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 3. The cloud computing system of claim 1 further comprises:
    - a plurality of certificate authorities, wherein one of the plurality of certificate authorities is affiliated with the corresponding one of the plurality of authentication servers based on the common aspect and wherein the one of the plurality of certificate authorities generates the unique device level server trusted certificate for the corresponding one of the plurality of authentication servers.
  - 4. The cloud computing system of claim 1 further comprises:
    - a cloud system certificate authority operable to;
      
      generate the system level manager trusted certificate for the cloud system managing unit; and
      
      generate the unique system level server trusted certificates for each of the plurality of authentication servers.
  - 5. The cloud computing system of claim 1, wherein the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices establishing trust therebetween comprises:
    - sending, by a device of the one or more devices, an authentication request to the corresponding one of the plurality of authentication servers, wherein the device is programmed with the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers and wherein the authentication request references the unique device level server trusted certificate;
      
      generating, by the corresponding one of the plurality of authentication servers, an authentication response based on the authentication request;
      
      when the authentication response is verified, sending, by the device, device configuration information to the corresponding one of the plurality of authentication servers; and
      
      receiving, by the device, manager information regarding the cloud system managing unit.
  - 6. The cloud computing system of claim 1, wherein the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices establishing trust therebetween comprises:
    - sending, by a device of the one or more devices, a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generating, by the cloud system managing unit, a manager authentication response based on the manager authentication request;
      
      sending, by the device, a certificate signing request to the cloud system managing unit; and
      
      sending, by the cloud system managing unit, a signed certificate to the device in response to the certificate signing request.
  - 7. The cloud computing system of claim 1 further comprises:
    - each of the plurality of authentication servers and the one or more devices of each of the plurality of sets of devices establishes trust therebetween based on the common aspect and the unique device level server trusted certificate of the each of the plurality of authentication servers.
  - 8. The cloud computing system of claim 1 further comprises:
    - the cloud system managing unit and the one or more devices of each the plurality of sets of devices establish trust therebetween based on the trust between each of the plurality of authentication servers and the one or more devices of each of the plurality of sets of devices and the trust between each of the plurality of authentication servers and the cloud system managing unit.

9. A computer readable storage medium comprises:
- a first memory section that stores a system level manager trusted certificate for a cloud system managing unit;
  
  a plurality of second memory sections, where a second memory section of the plurality of second memory sections stores a unique device level server trusted certificate and a unique system level server trusted certificate for one of a plurality of authentication servers;
  
  a plurality of third memory sections, where a third memory section of the plurality of third memory sections stores operational instructions that, when executed by one or more processing modules, causes the one or more processing modules to;
  
  establish trust between a corresponding one of the plurality of authentication servers and one or more devices of one of a plurality of sets of devices based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers, wherein a set of devices of the plurality of sets of devices includes the one or more devices having a common aspect;
  
  a plurality of fourth memory sections, where a fourth memory section of the plurality of fourth memory sections stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to;
  
  establish trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  a plurality of fifth memory sections, where a fifth memory section of the plurality of fifth memory sections stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to;
  
  establish trust between the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and
  
  a sixth memory section stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to;
  
  configure a cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer readable storage medium of claim 9, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 11. The computer readable storage medium of claim 9 further comprises:
    - a plurality of seventh memory sections, where a seventh memory section of the plurality of seventh memory sections stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to;
      
      generate the unique device level server trusted certificate for the corresponding one of the plurality of authentication servers based on the common aspect.
  - 12. The computer readable storage medium of claim 9 further comprises:
    - a seventh memory section that stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to;
      
      generate the system level manager trusted certificate for the cloud system managing unit; and
      
      generate the unique system level server trusted certificates for each of the plurality of authentication servers.
  - 13. The computer readable storage medium of claim 9, wherein the third memory section further stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to:
    - send, as a processing module of a device of the one or more devices, an authentication request to the corresponding one of the plurality of authentication servers, wherein the device is programmed with the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers and wherein the authentication request references the unique device level server trusted certificate;
      
      generate, as a processing module of the corresponding one of the plurality of authentication servers, an authentication response based on the authentication request;
      
      when the authentication response is verified, send, as the processing module of the device, device configuration information to the corresponding one of the plurality of authentication servers; and
      
      receive, as the processing module of the device, manager information regarding the cloud system managing unit.
  - 14. The computer readable storage medium of claim 9, wherein the fifth memory section further stores operational instructions that, when executed by the one or more processing modules, causes the one or more processing modules to:
    - send, as a processing module of a device of the one or more devices, a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generate, as a processing module of the cloud system managing unit, a manager authentication response based on the manager authentication request;
      
      send, as the processing module of the device, a certificate signing request to the cloud system managing unit; and
      
      send, as the processing module of the cloud system managing unit, a signed certificate to the device in response to the certificate signing request.

15. A cloud computing system set up unit comprises:
- memory for storing;
  
  a system level manager trusted certificate of a cloud system managing unit;
  
  a unique device level server trusted certificate for each of a plurality of authentication servers; and
  
  a unique system level server trusted certificate for the each of the plurality of authentication servers; and
  
  a processing module operable to;
  
  establish trust between a corresponding one of the plurality of authentication servers and one or more devices of one of a plurality of sets of devices based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers, wherein a set of devices of the plurality of sets of devices includes one or more devices having a common aspect;
  
  establish trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  establish trust between the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and
  
  configure the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The cloud computing system set up unit of claim 15, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 17. The cloud computing system set up unit of claim 15, wherein the processing module is further operable to:
    - generate the unique device level server trusted certificate for the corresponding one of the plurality of authentication servers based on the common aspect.
  - 18. The cloud computing system set up unit of claim 15, wherein the processing module is further operable to:
    - generate the system level manager trusted certificate for the cloud system managing unit; and
      
      generate the unique system level server trusted certificates for the each of the plurality of authentication servers.
  - 19. The cloud computing system set up unit of claim 15, wherein the processing module is further operable to:
    - send, as a device of the one or more devices, an authentication request to the corresponding one of the plurality of authentication servers, wherein the device is programmed with the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers and wherein the authentication request references the unique device level server trusted certificate;
      
      generate, as the corresponding one of the plurality of authentication servers, an authentication response based on the authentication request;
      
      when the authentication response is verified, send, as the device, device configuration information to the corresponding one of the plurality of authentication servers; and
      
      receive, as the device, manager information regarding the cloud system managing unit.
  - 20. The cloud computing system set up unit of claim 15, wherein the processing module is further operable to:
    - send, as a device of the one or more devices, a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generate, as the cloud system managing unit, a manager authentication response based on the manager authentication request;
      
      send, as the device, a certificate signing request to the cloud system managing unit; and
      
      send, as the cloud system managing unit, a signed certificate to the device in response to the certificate signing request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Leggette, Wesley, Resch, Jason K.

Granted Patent

US 9,613,052 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 16/172   Caching, prefetching or hoa...

G06F 16/1873   Versioning file systems, te...

G06F 21/33   using certificates

G06F 21/57   Certifying or maintaining t...

G06F 21/604   Tools and structures for ma...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

ESTABLISHING TRUST WITHIN A CLOUD COMPUTING SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ESTABLISHING TRUST WITHIN A CLOUD COMPUTING SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links