TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

US 20160261607A1
Filed: 11/09/2015
Published: 09/08/2016
Est. Priority Date: 07/15/2010
Status: Abandoned Application

First Claim

Patent Images

1. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.

12 Citations

View as Search Results

21 Claims

1. (canceled)

2. A method, comprising:
- authenticating, by a cloud agent, for operation within a cloud environment;
  
  obtaining, by the cloud agent, security policy for the cloud environment; and
  
  enforcing, by the cloud agent, the security policy within the cloud environment
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. The method of claim 2, wherein authenticating further includes obtaining a credential that expires when authenticating.
  - 4. The method of claim 3, wherein obtaining further includes using a mechanism for obtaining a new credential when the credential expires and re-authenticating, by the cloud agent, for operating within the cloud environment.
  - 5. The method of claim 2, wherein authenticating further includes obtaining a token when authenticating that is unique to the cloud environment and the cloud agent, wherein the token required for operation of the cloud agent within the cloud environment.
  - 6. The method of claim 2, wherein authenticating further includes receiving a Time-To-Live setting that defines how long the cloud agent is permitted to process within cloud environment.
  - 7. The method of claim 6, wherein enforcing further includes sending an even indicating by the cloud agent that the cloud agent expects to processing longer than a time identified in the TTL setting.
  - 8. The method of claim 7, wherein sending further includes receiving a credential by the cloud agent in response to the event.
  - 9. The method of claim 8 further comprising, detecting, by the cloud agent, a lapse in the time and re-authenticating, by the cloud agent, for processing within the cloud environment.
  - 10. The method of claim 9, wherein detecting further includes obtaining, by the cloud agent, a new TTL with a new time for the cloud agent to process within the cloud environment.
  - 11. The method of claim 2, wherein authenticating further includes receiving, by the cloud agent, a token in response to authenticating, wherein the token is encrypted and includes identity information for the cloud agent and an expiration specification that identifies conditions for which the authentication of the cloud agent expires for processing with the cloud environment.

12. A method, comprising:
- receiving a request for authentication of a cloud agent for processing within a cloud environment;
  
  providing the cloud agent with a token having encrypted identity information cloud agent and an expiration specification defining conditions that revoke authentication of the cloud agent in response to successful authentication of the cloud agent;
  
  obtaining a second request from the cloud agent subsequent to the successful authentication of the cloud agent requesting modification to the expiration specification; and
  
  sending the cloud agent, a new token having the modified expiration specification.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12 further comprising, receiving the new token from the cloud environment and re-authenticating the cloud agent for processing within the cloud environment in accordance with the modified expiration specification.
  - 14. The method of claim 12, wherein providing further includes associating access rights for the cloud agent when processing within the cloud environment with the token.
  - 15. The method of claim 14, wherein associating further includes identifying at least some access rights as permissions that authorize the cloud agent to authenticate other applications for processing within the cloud environment.
  - 16. The method of claim 14, wherein associating further includes identifying at least some access rights as permissions that authorize the cloud agent to enforce security policies within the cloud environment.
  - 17. The method of claim 14, wherein associating further includes identifying at least some access rights as permission that authorize the cloud agent to interact with an existing security manager of the cloud environment to augment security enforcement within the cloud environment.
  - 18. The method of claim 12, wherein providing further includes augmenting the token with identify information that is unique to the cloud environment.

19. A system comprising:
- a server; and
  
  an identity manager configured to;
  
  i) execute on one or more processors of the server, ii) provide a mechanism for authenticating a cloud agent for enforcing security policy within a cloud environment, and iii) provide a mechanism for the cloud agent to extend authentication for enforcing the security policy within the cloud environment before a condition occurs that invalidates the cloud agent for enforcing security policy within the cloud environment.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein the mechanism at least in part includes an encrypted token identifying a unique identity for the cloud agent, a unique identity for the cloud environment, a credential, and the condition.
  - 21. The system of claim 19, wherein the mechanism also includes access rights permitting the cloud agent to enforce additional security within the cloud environment beyond what is performed by an existing security manager that processes within the cloud environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Earl, Douglas Garry

Application Number

US14/935,581
Publication Number

US 20160261607A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 9/3213   using tickets or tokens, e....

TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR IDENTITY-ENABLED INTERFACE DEPLOYMENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links