Controlling Exposure of Sensitive Data and Operation Using Process Bound Security Tokens in Cloud Computing Environment
First Claim
1. A method for controlling exposure of sensitive data using process-bound security tokens comprising:
- receiving by an owning process from a requester a set of user authentication credentials to create a request message to access or communicate to a targeted server, wherein the owning process and the requester are separate computing entities;
creating and signing with a first token issuer cryptographic key a first security token that is owned by the owning process;
sending by the owning process to a downstream server the first security token and the request message;
endorsing the request message by the downstream server by attaching a second security token representing the downstream server, wherein the second security token is signed by a second token issuer cryptographic key;
sending by the downstream server the endorsed request message to the targeted server;
responsive to one or more security verifications of the endorsed request message, issuing by the targeted server a user token;
returning the user token to the owning process;
storing and associating by the owning process the user token with a single sign-on token, wherein the single sign-on token is separate from the user token;
sending by the owning process the associated single sign-on token to the requester identified by the user authentication credentials;
thereby preventing exposure of the user token to the requester.
1 Assignment
0 Petitions
Accused Products
Abstract
Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request. A receiving server accepts a request if (1) the token-owning process endorses the request by signing the request; (2) the token is valid (token is signed by its issuer and the digital signature is verified and unexpired); (3) user entity, which can be a real user or a deployment or a server process, that is represented by the token has the authorization to access the specified resources; and (4) the token-owning process is authorized to endorse the user entity represented by the token to access the specified resources.
-
Citations
16 Claims
-
1. A method for controlling exposure of sensitive data using process-bound security tokens comprising:
-
receiving by an owning process from a requester a set of user authentication credentials to create a request message to access or communicate to a targeted server, wherein the owning process and the requester are separate computing entities; creating and signing with a first token issuer cryptographic key a first security token that is owned by the owning process; sending by the owning process to a downstream server the first security token and the request message; endorsing the request message by the downstream server by attaching a second security token representing the downstream server, wherein the second security token is signed by a second token issuer cryptographic key; sending by the downstream server the endorsed request message to the targeted server; responsive to one or more security verifications of the endorsed request message, issuing by the targeted server a user token; returning the user token to the owning process; storing and associating by the owning process the user token with a single sign-on token, wherein the single sign-on token is separate from the user token; sending by the owning process the associated single sign-on token to the requester identified by the user authentication credentials; thereby preventing exposure of the user token to the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product for controlling exposure of sensitive data using process-bound security tokens comprising:
-
a computer-readable storage memory which is not a propagating signal per se; program instructions embodied by the computer-readable storage memory which cause a processor to, when executed, perform the steps of; receiving by an owning process from a requester a set of user authentication credentials to create a request message to access or communicate to a targeted server, wherein the owning process and the requester are separate computing entities; creating and signing with a first token issuer cryptographic key a first security token that is owned by the owning process; sending by the owning process to a downstream server the first security token and the request message; endorsing the request message by the downstream server by attaching a second security token representing the downstream server, wherein the second security token is signed by a second token issuer cryptographic key; sending by the downstream server the endorsed request message to the targeted server; responsive to one or more security verifications of the endorsed request message, issuing by the targeted server a user token; returning the user token to the owning process; storing and associating by the owning process the user token with a single sign-on token, wherein the single sign-on token is separate from the user token; sending by the owning process the associated single sign-on token to the requester identified by the user authentication credentials; thereby preventing exposure of the user token to the requester. - View Dependent Claims (10, 11, 12)
-
-
13. A system for controlling exposure of sensitive data using process-bound security tokens comprising:
-
a computing system having a processor; a computer-readable storage memory which is not a propagating signal per se; program instructions embodied by the computer-readable storage memory which cause the processor to, when executed, perform the steps of; receiving by an owning process from a requester a set of user authentication credentials to create a request message to access or communicate to a targeted server, wherein the owning process and the requester are separate computing entities; creating and signing with a first token issuer cryptographic key a first security token that is owned by the owning process; sending by the owning process to a downstream server the first security token and the request message; endorsing the request message by the downstream server by attaching a second security token representing the downstream server, wherein the second security token is signed by a second token issuer cryptographic key; sending by the downstream server the endorsed request message to the targeted server; responsive to one or more security verifications of the endorsed request message, issuing by the targeted server a user token; returning the user token to the owning process; storing and associating by the owning process the user token with a single sign-on token, wherein the single sign-on token is separate from the user token; sending by the owning process the associated single sign-on token to the requester identified by the user authentication credentials; thereby preventing exposure of the user token to the requester. - View Dependent Claims (14, 15, 16)
-
Specification