Allocation of network resources

US 7,681,242 B2
Filed: 08/26/2004
Issued: 03/16/2010
Est. Priority Date: 08/26/2004
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a machine-readable medium that executes on a machine and for allocating a resource, comprising:

receiving a request to allocate at least a portion of a resource, availability of the portion of the resource was previously published to a trusted third party along with resource characteristics that include a processing speed for the resource, a memory speed for the resource, a memory size for the resource, a storage size for the resource, and a bandwidth capability for the resource, and a decision to make the portion of the resource available was based on a deciding event that is represented as a trust credential that conforms to contractual arrangements for the resource, the portion of the resource is not available unless the trust credential remains valid;

dynamically establishing a trust relationship between the resource and a requestor that issues the request via the trusted third party and the trusted third party is remotely located over a network separately from the resource and the requestor, the trust relationship is established by acquiring authentication information and an authentication technique for the requestor to use with the authentication information, the authentication information and the authentication technique acquired from the trusted third party;

allocating at least the portion of the resource to the requestor, when the trust relationship was successfully established, and the resource and the requestor securely interact with one another thereafter;

providing a consumption specification to the requestor, the consumption specification defining utilization restrictions on usage of the resource by the requestor, the consumption specification hierarchical having global specifications of an enterprise that override local specifications for groups of users for conflicts occurring with the utilization restrictions.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for allocating resources over a network. A resource consumer requests access to a resource over a network. As part of that request, the resource consumer acquires information that permits it to securely communicate with a resource provider. The resource provider controls the resource and once satisfied with the security of a request from a resource consumer allocates the resource for access by the resource consumer.

Citations

31 Claims

1. A method implemented in a machine-readable medium that executes on a machine and for allocating a resource, comprising:
- receiving a request to allocate at least a portion of a resource, availability of the portion of the resource was previously published to a trusted third party along with resource characteristics that include a processing speed for the resource, a memory speed for the resource, a memory size for the resource, a storage size for the resource, and a bandwidth capability for the resource, and a decision to make the portion of the resource available was based on a deciding event that is represented as a trust credential that conforms to contractual arrangements for the resource, the portion of the resource is not available unless the trust credential remains valid;
  
  dynamically establishing a trust relationship between the resource and a requestor that issues the request via the trusted third party and the trusted third party is remotely located over a network separately from the resource and the requestor, the trust relationship is established by acquiring authentication information and an authentication technique for the requestor to use with the authentication information, the authentication information and the authentication technique acquired from the trusted third party;
  
  allocating at least the portion of the resource to the requestor, when the trust relationship was successfully established, and the resource and the requestor securely interact with one another thereafter;
  
  providing a consumption specification to the requestor, the consumption specification defining utilization restrictions on usage of the resource by the requestor, the consumption specification hierarchical having global specifications of an enterprise that override local specifications for groups of users for conflicts occurring with the utilization restrictions.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising, acquiring one or more policies that drive the consumption of the resource by the requestor.
  - 3. The method of claim 1 further comprising, communicating secure information between the requestor and the resource, while at least the portion of the resource is allocated to the requestor.
  - 4. The method of claim 1 further comprising, registering at least the portion of the resource with an identity service before receiving the request, wherein the registration is acquired by the requestor through the identity service.
  - 5. The method of claim 1, wherein dynamically establishing further includes dynamically interacting with an identity service to establish the trust relationship after the request is received.

6. A method implemented in a machine-readable medium that executes on a machine and for facilitating the allocation of resources, comprising:
- receiving, at an identity service, registrations from resource providers, wherein the registrations identify resources that may be accessed over a network by resource consumers;
  
  receiving, at the identity service, requests from the resource consumers for desired consumption of the resources; and
  
  facilitating, at the identity service, allocation of the resources to the resource consumers by providing the resource consumers with authentication information and authentication techniques for acquiring specific ones of the resources from the resource providers, at least some of the authentication information distributed as alias names for anonymous usage of the resources by one or more of the resource consumers, the identity service is separately and remotely located over the network from the resource providers and the resource consumers, and the resource consumers use the authentication information and the authentication techniques to authenticate to the resources via the resource providers, and the identity service receives the requests with characteristics that the identity services matches to published characteristics for the resources, the identity service validates trust specifications for the resource consumers before matching the characteristics received with the requests to the published characteristics to identify the resources to allocate to the resource consumers, and the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein receiving the requests further includes receiving the requests as generic requests from the resource consumers not directed to any specific resource provider.
  - 8. The method of claim 7 further comprising, managing the assignment of a number of the resources to the generic requests based on existing usage patterns or policies associated with the resource providers.
  - 9. The method of claim 6, wherein receiving the requests further includes receiving the requests from the resources consumers, wherein the requests are directed to specific ones of the resources.
  - 10. The method of claim 6, wherein facilitating further includes providing a number of the resource consumers with consumption specifications which dictate the conditions under which access to a number of the resources is to conform when communicating with a number of the resource providers.
  - 11. The method of claim 6 further comprising, identifying at least one resource provider as one of the resource consumers.
  - 12. The method of claim 6 further comprising, periodically receiving, from the resource providers, utilization metrics for registered resources.
  - 13. The method of claim 12 further comprising, determining which of the resources to identify to the resource consumers based on thresholds associated with the utilization metrics.

14. A method implemented in a machine-readable medium that executes on a machine and for acquiring allocation of a resource, comprising:
- querying an identity service for available resources using characteristics that the identity service matches to published characteristics to identify the resources, and the identity validates a trust specification for the resources before matching the characteristics to the published characteristics, and the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources;
  
  receiving at least one resource identifier for a specific resource;
  
  receiving a trust certificate and authentication technique from the identity service for a resource provider of the specific resource, the resource provider is separate and remote from the identity service over a network; and
  
  initiating communication with the resource provider by supplying the trust certificate and using the authentication technique, the communication results in the specific resource being allocated for use and the usage of the specific resource circumscribed by a consumption specification received from the identity service, the consumption specification defined as hierarchical policies having global rules used to enforce priority of the usage on the specific resource.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14 further comprising, accessing the specific resource over the network, wherein the resource is used for at least one of storage, memory, processing, and bandwidth access.
  - 16. The method of claim 14, wherein querying further includes inspecting a list acquired from the identity service which presents the available resources for selection.

17. A network resource allocation system implemented in a machine-readable medium that executes on a machine, comprising:
- a resource located on a resource provider; and
  
  an identity service, the resource provider registers the resource with the identity service, the identity service identifies the resource to a resource consumer in response to characteristics received from the resource consumer that match the resource, and the characteristics include processing speed of the resource, memory speed of the resource, memory size of the resource, storage size of the resource, and bandwidth capability of the resource and when a trust specification for the resource with respect to the resource consumer is validated, the resource consumer is located remotely over a network from the resource provider and from the identity service, and the identity service provides to the resource consumer authentication information and authentication techniques for authenticating anonymously to the resource provider via an alias name and acquiring allocation to the resource, and the identity service is remotely located over the network from the resource provider and the resource, and resource consumer uses the authentication information and the authentication techniques to authenticate to the resource via the resource provider and thereafter the resource consumer and resource securely communicate with one another.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The network resource allocation system of claim 17, wherein the identity service manages a consumption specification for the resource, wherein the consumption specification defines the conditions of consumption for the resource consumer, and wherein the consumption specification is provided by the resource provider.
  - 19. The network resource allocation system of claim 17, wherein the identity service manages policies associated with identifying the resource to the resource consumer.
  - 20. The network resource allocation system of claim 17, wherein the identity service periodically acquires utilization metrics from the resource provider and uses a policy associated with the resource or resource provider to determine when it is appropriate to identify the resource to the resource consumer.
  - 21. The network resource allocation system of claim 17, wherein the resource provider registers additional resources with the identity service which may be identified to the resource consumer or other resource consumers, wherein the resource provider provides priorities for the resource and the additional resources, and wherein the identity service in response to the priorities makes decisions about which of the resource or the additional resources to identify to which of the resource consumer or the other resource consumers.
  - 22. The network resource allocation system of claim 17 further comprising, additional resources which are registered with the identity service by other resource providers.
  - 23. The network resource allocation system of claim 17, wherein the identity service provides the resource consumer with a public certificate, public key, or trust certificate of the resource provider as part of the authentication information.

24. A network resource allocation system implemented in a machine-readable medium that executes on a machine, comprising:
- a resource provider; and
  
  a resource consumer, wherein the resource provider identifies one or more resources which are available to be allocated to the resource consumer when trust specifications for the resources permit and in response to characteristics supplied by the resource consumer that match published characteristics of the resources, the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources, the resource consumer acquires the identity of the resource and authentication information for interacting with the resource provider in order to acquire allocation to at least a portion of the one or more resources, and the resource consumer acquires the identity and the authentication information via a third party service that is remotely located over a network from the resource provider and from the resource consumer, and the resource consumer also acquires an authentication technique that the resource consumer uses with the authentication information to authenticate to a particular resource via the resource provider and thereafter the resource consumer securely communicates with that particular resource and usage of the particular resource is circumscribed by a particular trust specification that is hierarchical having global specifications that override local specifications for conflicts occurring with the usage.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The network resource allocation system of claim 24 further comprising, an identity service that identifies the one or more resources and dynamically provides the authentication information to the resource consumer, wherein the identity service is the third party service.
  - 26. The network resource allocation system of claim 24, wherein the resource consumer contacts a registration service to at least acquire the identity of the one or more resources and the authentication information, wherein the registration service is the third party service.
  - 27. The network resource allocation system of claim 24, wherein the resource consumer acquires a consumption specification that dictates the conditions under which at least a portion of the one or more resources may be accessed by the resource consumer.
  - 28. The network resource allocation system of claim 24, wherein the resource consumer and the resource provider are in a trusted relationship when the resource consumer accesses at least a portion of the one or more resources on the resource provider.
  - 29. The network resource allocation system of claim 24, wherein information exchanged between the resource provider and resource consumer during access of the at least a portion of the one or more resources is communicated in a secure manner.
  - 30. The network resource allocation system of claim 24, wherein the resource is at least one of storage, a processor, memory, and bandwidth, which is under the control of the resource provider.
  - 31. The network resource allocation system of claim 24, wherein an identity of the resource consumer is concealed or held anonymous from the resource provider and/or wherein an identity of the resource provider is concealed or held anonymous from the resource consumer during the interactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Green, Tammy Anita, Carter, Stephen R., Burch, Lloyd Leon, Earl, Douglas G.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US10/927,553
Publication Number

US 20060059565A1
Time in Patent Office

2,028 Days
Field of Search

726/27, 709/249
US Class Current

726/27
CPC Class Codes

G06F 9/50   Allocation of resources, e....

G06F 9/5044   considering hardware capabi...

H04L 47/15   in relation to multipoint t...

H04L 47/70   Admission control; Resource...

H04L 47/808   User-type aware

H04L 47/822   Collecting or measuring res...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

Allocation of network resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Allocation of network resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links