Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing authentication credential data to cloud-based assets on demand, the operations comprising:
- receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource;
extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset;
authenticating the cloud-based asset based on the extracted information;
generating first authentication credential data for the cloud-based asset;
generating second authentication credential data for the cloud-based asset;
making the first authentication credential data available to the cloud-based asset via a first communication channel; and
making the second authentication credential data available to the cloud-based asset via a second communication channel;
wherein a combination of the first and the second authentication credential data is sufficient to authenticate the cloud-based asset to the access-controlled resource.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments include systems and methods for providing authentication credential data to cloud-based assets on demand. Operations include receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, extracting information associated with the cloud-based asset, authenticating the cloud-based asset based on the extracted information, generating first authentication credential data for the cloud-based asset, generating second authentication credential data for the cloud-based asset, making the first authentication credential data available to the cloud-based asset via a first communication channel, and making the second authentication credential data available to the cloud-based asset via a second communication channel. A combination of the first and the second authentication credential data may be sufficient to authenticate the cloud-based asset to the access-controlled resource.
104 Citations
30 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for providing authentication credential data to cloud-based assets on demand, the operations comprising:
-
receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticating the cloud-based asset based on the extracted information; generating first authentication credential data for the cloud-based asset; generating second authentication credential data for the cloud-based asset; making the first authentication credential data available to the cloud-based asset via a first communication channel; and making the second authentication credential data available to the cloud-based asset via a second communication channel; wherein a combination of the first and the second authentication credential data is sufficient to authenticate the cloud-based asset to the access-controlled resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method, executable by a processor of a computing system, for providing authentication credential data to a cloud-based asset on demand, the method comprising:
-
receiving a prompt indicating that a cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; extracting information associated with the cloud-based asset by, at least in part, accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, the trusted cloud platform resource being separate from the cloud-based asset; authenticating the cloud-based asset based on the extracted information; generating first authentication credential data for the cloud-based asset; generating second authentication credential data for the cloud-based asset; making the first authentication credential data available to the cloud-based asset via a first communication channel; and making the second authentication credential data available to the cloud-based asset via a second communication channel; wherein a combination of the first and the second authentication credential data is sufficient to authenticate the cloud-based asset to the access-controlled resource. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for obtaining access to authentication credential data on demand, the operations comprising:
-
requesting, by a cloud-based asset, to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource; in response to the request to communicate and conditional on the cloud-based asset being authenticated based on extracted information associated with the cloud-based asset, obtaining access to first authentication credential data for the cloud-based asset via a first communication channel; issuing a prompt, based on the first authentication credential data, requesting access to second authentication credential data for the cloud-based asset via a second communication channel; requesting authorization, using the first and the second authentication credential data, to access the access-controlled resource; and receiving authorization, in response to the request for authorization, to access the access-controlled resource. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification