METHOD, DEVICE, AND SYSTEM FOR ACCESS CONTROL OF A CLOUD HOSTING SERVICE

US 20170063836A1
Filed: 08/30/2016
Published: 03/02/2017
Est. Priority Date: 09/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a first authentication request from a client, wherein the first authentication request comprises first account information;

performing a first authentication of the first account information;

in the event that the first authentication is successful, generating an authentication password and communicating the authentication password to the client;

receiving a second authentication request from a proxy server, wherein the second authentication request comprises the authentication password transmitted to the proxy server by the client, wherein the proxy server is a proxy for the client in connection with accessing a cloud host;

performing a second authentication of the authentication password; and

in the event that the second authentication is successful, notifying the proxy server of an indication that the second authentication succeeded and causing the proxy server to request the cloud host to perform a third authentication of second account information, and in the event that the third authentication is successful, causing the client to access one or more service resources deployed on the cloud host via the proxy server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present application relate to a method and device for access control of a cloud hosting service. The method includes receiving a first authentication request from a client, performing a first authentication of the first account information, in the event that the first authentication is successful, generating an authentication password and communicating the authentication password to the client, receiving a second authentication request from a proxy server, wherein the second authentication request comprises the authentication password transmitted to the proxy server by the client, performing a second authentication of the authentication password and causing the proxy server to request the cloud host to perform a third authentication of second account information, and in the event that the third authentication is successful, causing the client to access one or more service resources deployed on the cloud host via the proxy server.

12 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving a first authentication request from a client, wherein the first authentication request comprises first account information;
  
  performing a first authentication of the first account information;
  
  in the event that the first authentication is successful, generating an authentication password and communicating the authentication password to the client;
  
  receiving a second authentication request from a proxy server, wherein the second authentication request comprises the authentication password transmitted to the proxy server by the client, wherein the proxy server is a proxy for the client in connection with accessing a cloud host;
  
  performing a second authentication of the authentication password; and
  
  in the event that the second authentication is successful, notifying the proxy server of an indication that the second authentication succeeded and causing the proxy server to request the cloud host to perform a third authentication of second account information, and in the event that the third authentication is successful, causing the client to access one or more service resources deployed on the cloud host via the proxy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first account information is associated with a software vendor providing a service on the cloud host.
  - 3. The method of claim 1, wherein:
    - the first account information includes business account information used by a software vendor providing a service on the cloud host; and
      
      the second account information includes service account information used by the client in connection with accessing services deployed by the software vendor on the cloud host.
  - 4. The method of claim 1, wherein the first authentication request further comprises the second account information and an address associated with the one or more service resources deployed on the cloud host;
    - andwherein before the authentication password is generated and communicated to the client, the method further comprises;
      
      extracting privilege information from the first authentication request, the privilege information comprising the first account information, the second account information, and the address associated with the one or more service resources;
      
      comparing the privilege information with one or more preset privilege records; and
      
      determining that the privilege information matches at least one of the one or more preset privilege records, wherein the one or more preset privilege records comprise multiple groups of correspondingly saved pieces of first account information, second account information, and addresses of cloud hosting services.
  - 5. The method of claim 1, wherein the client and the proxy server communicate at a session layer based on a proxy protocol.
  - 6. The method of claim 1, wherein the performing of the second authentication of the authentication password comprises:
    - determining whether the authentication password is expired; and
      
      in the event that the authentication password is not expired, determining that the second authentication of the authentication password is successful.
  - 7. The method of claim 1, wherein in the event that the second authentication is successful, the method further comprises:
    - setting, by an authentication server, the authentication password as invalid.

8. A method, comprising:
- receiving second account information and an authentication password from a client, wherein the authentication password was communicated to the client in the event that an authentication server authenticates first account information;
  
  requesting the authentication server to perform a second authentication of the authentication password;
  
  receiving a notification indicating that the second authentication is successful;
  
  in the event that the notification indicates that the second authentication is successful, requesting a cloud host to perform a third authentication of the second account information; and
  
  in the event that the third authentication is successful, accessing, on behalf of the client, one or more service resources deployed on the cloud host.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising:
    - generating an access log to record a current visit by the client to the cloud host associated with the accessing of the one or more service resources; and
      
      wherein the accessing of the one or more service resources deployed on the cloud host comprises;
      
      transmitting a service resource access request to the cloud host, wherein the service resource access request comprises an address of the one or more service resources deployed on the cloud host and an IP address of a proxy server; and
      
      receiving data returned by the cloud host associated with the service resource access request in the event that the cloud host identified the IP address of the proxy server.

10. A method, comprising:
- communicating a first authentication request to an authentication server, wherein the first authentication request comprises first account information;
  
  is receiving an authentication password from the authentication server in the event that a first authentication of the first account information is successful;
  
  transmitting second account information and the authentication password to a proxy server in connection with a request from the proxy server to the authentication server to perform a second authentication of the authentication password;
  
  receiving a notification indicating that the second authentication is successful;
  
  in response to receiving the notification indicating that the second authentication is successful, requesting a cloud host to perform a third authentication of the second account information;
  
  receiving a notification indicating that the third authentication is successful; and
  
  in response to receiving the notification indicating that the third authentication is successful, accessing one or more service resources deployed on the cloud host via the proxy server.

11. An authentication server, comprising:
- one or more processors configured to;
  
  receive a first authentication request from a client, wherein the first authentication request comprises first account information;
  
  perform a first authentication of the first account information;
  
  in the event that the first authentication is successful, generate an authentication password and communicate the authentication password to the client;
  
  receive a second authentication request from a proxy server, wherein the second authentication request comprises the authentication password transmitted to the proxy server by the client, wherein the proxy server is a proxy for the client in connection with accessing a cloud host;
  
  perform a second authentication of the authentication password; and
  
  in the event that the second authentication is successful, notify the proxy server of an indication that the second authentication succeeded and cause the proxy server to request the cloud host to perform a third authentication of second account information, and in the event that the third authentication is successful, cause the client to access one or more service resources deployed on the cloud host via the proxy server; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The authentication server of claim 11, wherein:
    - the first account information includes business account information used by a software vendor in an electronic transaction platform associated with the cloud host; and
      
      the second account information includes service account information used by the client in connection with accessing services deployed by the software vendor on the cloud host.
  - 13. The authentication server of claim 11, wherein the first authentication request further comprises the second account information and an address associated with the one or more service resources deployed on the cloud host;
    - andwherein the one or more processors are further configured to;
      
      extract privilege information from the first authentication request, the privilege information comprising the first account information, the second account information, and the address associated with the one or more service resources;
      
      compare the privilege information with one or more preset privilege records; and
      
      determine that the privilege information matches at least one of the one or more preset privilege records, wherein the one or more preset privilege records comprise multiple groups of correspondingly saved pieces of first account information, second account information, and addresses of cloud hosting services.
  - 14. The authentication server of claim 11, wherein the client and the proxy server communicate at a session layer based on a proxy protocol.
  - 15. The authentication server of claim 11, wherein the performing of the second authentication of the authentication password comprises:
    - determining whether the authentication password is expired; and
      
      in the event that the authentication password is not expired, determining that the second authentication of the authentication password is successful.
  - 16. The authentication server of claim 11, wherein the one or more processors are further configured to:
    - set the authentication password as invalid.

17. A proxy server, comprising:
- one or more processors configured to;
  
  receive second account information and an authentication password from a client, wherein the authentication password was communicated to the client in the event that an authentication server authenticates first account information;
  
  request the authentication server to perform a second authentication of the authentication password;
  
  receive a notification indicating that the second authentication is successful;
  
  in the event that the proxy server receives the notification indicating that the second authentication is successful, request a cloud host to perform a third authentication of the second account information; and
  
  in the event that the third authentication is successful, access, on behalf of the client, one or more service resources deployed on the cloud host; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.
- View Dependent Claims (18)
- - 18. The proxy server of claim 17, wherein the one or more processors are further configured to generate an access log to record a current visit by the client to the cloud host associated with the accessing of the one or more service resources;
    - andwherein to access the one or more service resources deployed on the cloud host comprises to;
      
      transmit a service resource access request to the cloud host, wherein the service resource access request comprises an address of the one or more service resources deployed on the cloud host and an IP address of the proxy server; and
      
      receive data returned by the cloud host associated with the service resource access request in the event that the cloud host identified the IP address of the proxy server.

19. A client, comprising:
- one or more processors configured to;
  
  communicate a first authentication request to an authentication server, wherein the first authentication request comprises first account information;
  
  receive an authentication password from the authentication server in the event that a first authentication of the first account information is successful;
  
  transmit second account information and the authentication password to a proxy server in connection with a request from the proxy server to the authentication server to perform a second authentication of the authentication password;
  
  receive a notification indicating that the second authentication is successful;
  
  in response to receiving the notification indicating that the second authentication is successful, request a cloud host to perform a third authentication of the second account information;
  
  receive a notification indicating that the third authentication is successful; and
  
  in response to receiving the notification indicating that the third authentication is successful, access one or more service resources deployed on the cloud host via the proxy server; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.

20. A system, comprising:
- a client, the client comprising;
  
  one or more processors configured to;
  
  communicate a first authentication request to an authentication server, wherein the first authentication request comprises first account information;
  
  receive an authentication password from the authentication server in the event that a first authentication of the first account information is successful;
  
  transmit second account information and the authentication password to a proxy server in connection with a request from the proxy server to the authentication server to perform a second authentication of the authentication password;
  
  request a notification indicating that the second authentication is successful;
  
  in response to receiving the notification indicating that the second authentication is successful, request a cloud host to perform a third authentication of the second account information;
  
  receive a notification indicating that the third authentication is successful; and
  
  in response to receiving the notification indicating that the third authentication is successful, access one or more service resources deployed on the cloud host via the proxy server; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions;
  
  a proxy, the proxy comprising;
  
  one or more processors configured to;
  
  receive second account information and the authentication password from the client, wherein the authentication password was communicated to the client in the event that the authentication server authenticates first account information;
  
  request the authentication server to perform the second authentication of the authentication password;
  
  receive, by the proxy server, the notification indicating that the second authentication is successful;
  
  in the event that the proxy server receives the notification indicating that the second authentication is successful, request the cloud host to perform the third authentication of the second account information; and
  
  in the event that the third authentication is successful, access, on behalf of the client, the one or more service resources deployed on the cloud host; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions; and
  
  the authentication server, the authentication server comprising;
  
  one or more processors configured to;
  
  receive the first authentication request from the client, wherein the first authentication request comprises first account information;
  
  perform the first authentication of the first account information;
  
  in the event that the first authentication is successful, generate the authentication password and communicate the authentication password to the client;
  
  receive a second authentication request from the proxy server, wherein the second authentication request comprises the authentication password transmitted to the proxy server by the client, wherein the proxy server is a proxy for the client in connection with accessing the cloud host;
  
  perform the second authentication of the authentication password; and
  
  in the event that the second authentication is successful, notify the proxy server of an indication that the second authentication succeeded and cause the proxy server to request the cloud host to perform the third authentication of the second account information, and in the event that the third authentication is successful, cause the client to access the one or more service resources deployed on the cloud host via the proxy server; and
  
  a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alibaba Group Holding Ltd.
Original Assignee
Alibaba Group Holding Ltd.
Inventors
Cui, Jie

Granted Patent

US 10,419,425 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 30/0601   Electronic shopping [e-shop...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 67/10   in which an application is ...

METHOD, DEVICE, AND SYSTEM FOR ACCESS CONTROL OF A CLOUD HOSTING SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD, DEVICE, AND SYSTEM FOR ACCESS CONTROL OF A CLOUD HOSTING SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others