PROXY SYSTEM FOR SECURELY PROVISIONING COMPUTING RESOURCES IN CLOUD COMPUTING ENVIRONMENT

US 20180115551A1
Filed: 05/31/2017
Published: 04/26/2018
Est. Priority Date: 10/20/2016
Status: Abandoned Application

First Claim

Patent Images

1. A computer process for interacting with a cloud computing system having one or more computing resources available for provisioning to one or more client machines to increase data security, the computer process comprising:

obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines;

establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts; and

applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to limit provisioning of the one or more computing resources that would otherwise be available from the cloud computing system via the one or more cloud accounts.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer process includes, but is not limited to, obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines; establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts; and applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to limit provisioning of the one or more computing resources that would otherwise be available from the cloud computing system via the one or more cloud accounts.

Citations

30 Claims

1. A computer process for interacting with a cloud computing system having one or more computing resources available for provisioning to one or more client machines to increase data security, the computer process comprising:
- obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines;
  
  establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts; and
  
  applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to limit provisioning of the one or more computing resources that would otherwise be available from the cloud computing system via the one or more cloud accounts.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. The computer process of claim 1, wherein the computer process executed by the cloud computing system.
  - 3. The computer process of claim 1, wherein the computer process is executed by a proxy computing system.
  - 4. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining from user input cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines.
  - 5. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining electronically cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines.
  - 6. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining cloud credential data that includes at least one of the following types of authentication data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines;
      
      username, password, Public Key infrastructure (PKI) certificate, RSA token, biometric information, or a combination of any of the foregoing.
  - 7. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more of the following types of computing resources available for provisioning to one or more client machines;
      
      hardware, virtual machine, storage, internet connectivity, software application, a database, a web application, network, application, service, container, or script.
  - 8. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for granting access to one or more client machines.
  - 9. The computer process of claim 1, wherein the obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more client machines comprises:
    - obtaining cloud credential data for accessing one or more cloud accounts of a cloud computing system having one or more computing resources available for provisioning to one or more of the following types of client machines;
      
      mobile phone, computer, tablet, virtual reality glasses, wearable, or server.
  - 10. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - obtaining access to at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts.
  - 11. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - creating at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts.
  - 12. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - receiving input identifying at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts.
  - 13. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing by the cloud computing system at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts.
  - 14. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing by at least one proxy system at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts.
  - 15. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including proxy credential data that includes at least one of the following types of authentication data;
      
      username, password, Public Key Infrastructure (PKI) certificate, RSA token, biometric information, or a combination of any of the foregoing.
  - 16. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more of the following types of provisioning constraints with respect to provisioning the one or more computing resources;
      
      creating resource, maintaining resource, starting resource, stopping resource, increasing resource, decreasing resource, or deletion of resource.
  - 17. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more of the following types of provisioning constraints with respect to provisioning the one or more computing resources;
      
      permitted, denied, authorized, conditioned, authenticated, or dependent.
  - 18. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more of the following types of provisioning constraints with respect to provisioning the one or more computing resources;
      
      work flow requirement, multiple account approval requirement, provenance requirement, static analysis requirement, network capability requirement, resource relationship, use requirement, action trigger requirement, prior provisioning requirement.
  - 19. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning modification constraints with respect to changing the at least one provisioning policy.
  - 20. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy that includes any of the following;
      
      declarative statement, script, compiled code, executable code, or template.
  - 21. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more of the following administration features;
      
      enable proxy account, disable proxy account, create proxy account, suspend proxy account, or unsuspend proxy account.
  - 22. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources statically, dynamically, as an end-user service, or just-in-time.
  - 23. The computer process of claim 1, wherein the establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts comprises:
    - establishing a plurality of proxy accounts associated with the one or more cloud accounts of the cloud computing system, each of the plurality of proxy accounts including different proxy credential data and access to different provisioning policies.
  - 24. The computer process of claim 1, wherein the applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to limit provisioning of the one or more computing resources that would otherwise be available from the cloud computing system via the one or more cloud accounts comprises:
    - applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to effectively fix provisioning of the one or more computing resources at a specified state.
  - 25. The computer process of claim 1, further comprising:
    - performing at least one of the following operations before or after provisioning of the one or more computing resources;
      
      verifying environment, building or checking required artifacts, performing authentication challenge, or initiating a workflow.
  - 26. The computer process of claim 1, further comprising:
    - monitoring use of the one or more computing resources.
  - 27. The computer process of claim 1, further comprising:
    - limiting or eliminating the one or more cloud accounts at a specified time or upon a certain event.
  - 28. The computer process of claim 1, further comprising:
    - restricting the cloud credential data required for authentication to the one or more cloud accounts of the cloud computing system to a proxy computing system.

29. A computer process for interacting with a cloud computing system having one or more computing resources available for provisioning to one or more client machines to increase data security, the computer process comprising:
- receiving at least one request via at least one proxy account to provision one or more computing resources of a cloud computing system;
  
  determining whether provisioning of the one or more computing resources of the cloud computing system is permitted by at least one provisioning policy associated with the at least one proxy account, the provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not imposed by the cloud computing system; and
  
  denying the at least one request to provision the one or more computing resources of the one or more cloud accounts in response to a determination that the at least one provisioning policy associated with the at least one proxy account does not permit provisioning of the one or more computing resources.

30. A system that increases security of data in a cloud computing environment, the system comprising:
- a cloud computing system having one or more computing resources available for provisioning to one or more client machines via one or more cloud accounts; and
  
  a proxy computing system that is communicably linked to the cloud computing system, the proxy computing system includingmemory bearing one or more computer executable instructions; and
  
  at least one processing device operably coupled to the memory and configured to implement the one or more computer executable instructions to perform operations comprising;
  
  establishing at least one proxy account associated with the one or more cloud accounts of the cloud computing system, the at least one proxy account including at least proxy credential data and access to at least one provisioning policy, the at least one provisioning policy including one or more provisioning constraints with respect to provisioning the one or more computing resources which one or more provisioning constraints are not present in the one or more cloud accounts; and
  
  applying the one or more provisioning constraints of the at least one provisioning policy with respect to all provisioning requests of the one or more client machines that originate via the at least one proxy account to limit provisioning of the one or more computing resources of the one or more cloud accounts that would otherwise be available from the cloud computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brian Cole
Original Assignee
Brian Cole
Inventors
Cole, Brian

Application Number

US15/609,737
Publication Number

US 20180115551A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/18   Delegation of network manag...

H04L 41/28   Restricting access to netwo...

H04L 41/5096   wherein the managed service...

H04L 47/70   Admission control; Resource...

H04L 47/783   Distributed allocation of r...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

PROXY SYSTEM FOR SECURELY PROVISIONING COMPUTING RESOURCES IN CLOUD COMPUTING ENVIRONMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

PROXY SYSTEM FOR SECURELY PROVISIONING COMPUTING RESOURCES IN CLOUD COMPUTING ENVIRONMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links