Method and system for securing a commercial grid network

US 8,087,066 B2
Filed: 04/12/2007
Issued: 12/27/2011
Est. Priority Date: 04/12/2007
Status: Active Grant

First Claim

Patent Images

1. A commercial grid network comprising:

a plurality of computing resources;

a security label repository configured to store a plurality of unmapped security labels;

an administrative node comprising a processor and memory, wherein the memory comprises software instructions, which when executed by the processor, perform a method, the method comprising;

receiving a lease request from a client to lease a computing resource selected from the plurality of computing resources,mapping a unique identifier of the client to a security label selected from the plurality of unmapped security labels to obtain a client-label mapping based on the lease request,mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, andstoring the client-label mapping and the resource-label mapping in the security label repository to obtain stored security label mappings; and

a forwarding node configured to authenticate an access request from the client to the computing resource using the stored security label mappings.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.

36 Citations

View as Search Results

13 Claims

1. A commercial grid network comprising:
- a plurality of computing resources;
  
  a security label repository configured to store a plurality of unmapped security labels;
  
  an administrative node comprising a processor and memory, wherein the memory comprises software instructions, which when executed by the processor, perform a method, the method comprising;
  
  receiving a lease request from a client to lease a computing resource selected from the plurality of computing resources,mapping a unique identifier of the client to a security label selected from the plurality of unmapped security labels to obtain a client-label mapping based on the lease request,mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, andstoring the client-label mapping and the resource-label mapping in the security label repository to obtain stored security label mappings; and
  
  a forwarding node configured to authenticate an access request from the client to the computing resource using the stored security label mappings.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The commercial grid network of claim 1, further comprising:
    - a resource node comprising the computing resource and an accredited security label range, and configured to add the security label to the accredited security label range, wherein the accredited security label range defines an upper security label boundary and a lower security label boundary for accessing the computing resource.
  - 3. The commercial grid network of claim 1, wherein the method further comprises:
    - choosing the computing resource to service the lease request based on lease conditions comprised in the lease request.
  - 4. The commercial grid network of claim 1, wherein the forwarding node is configured to authenticate the access request by:
    - parsing the access request to obtain the unique identifier of the client and the unique identifier of the computing resource;
      
      accessing the stored security label mappings based on the unique identifier of the client and the unique identifier of the computing resource;
      
      verifying that both the client-label mapping and the resource-label mapping have the security label; and
      
      forwarding the access request based on a positive result of the verifying.
  - 5. The commercial grid network of claim 1, wherein the method further comprises:
    - remove the stored security label mappings from the security label repository and returning the security label to the plurality of unmapped security labels when a lease term associated with the client and the computing resource expires.
  - 6. The commercial grid network of claim 1, wherein the method further comprises:
    - propagate at least a portion of the security label repository to the forwarding node.

7. A non-transitory computer readable medium comprising executable instructions for:
- receiving a lease request from a client to lease a computing resource selected from a plurality of computing resources in a commercial grid network;
  
  mapping a unique identifier of the client to a security label selected from a plurality of unmapped security labels to obtain a client-label mapping based on the lease request;
  
  mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request;
  
  storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings; and
  
  authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The non-transitory computer readable medium of claim 7, further comprising executable instructions for:
    - adding the security label to an accredited security label range for the computing resource, wherein the accredited security label range defines an upper security label boundary and a lower security label boundary for accessing the computing resource.
  - 9. The non-transitory computer readable medium of claim 8, wherein the lease request is a request for an exclusive lease of the computing resource, wherein the exclusive lease is enforced by restricting the accredited security label range to only the security label.
  - 10. The non-transitory computer readable medium of claim 7, further comprising executable instructions for:
    - choosing the computing resource to service the lease request based on lease conditions comprised in the lease request.
  - 11. The non-transitory computer readable medium of claim 7, wherein executable instructions for authenticating the access request comprises executable instructions for:
    - parsing, by a forwarding node in the commercial grid network, the access request to obtain the unique identifier of the client and the unique identifier of the computing resource;
      
      accessing, by the forwarding node, the stored security label mappings based on the unique identifier of the client and the unique identifier of the computing resource;
      
      verifying, by the forwarding node, that both the client-label mapping and the resource-label mapping have the security label; and
      
      forwarding, by the forwarding node, the access request based on a positive result of the verifying.
  - 12. The non-transitory computer readable medium of claim 7, further comprising executable instructions for:
    - removing the stored security label mappings from the security label repository and returning the security label to the plurality of unmapped security labels when a lease term associated with the client and the computing resource expires.
  - 13. The non-transitory computer readable medium of claim 7, further comprising executable instructions for:
    - propagating at least a portion of the security label repository across a plurality of trusted forwarding nodes in the commercial grid network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Belgaied, Kais, Johnson, Darrin P.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US11/786,541
Publication Number

US 20080256603A1
Time in Patent Office

1,720 Days
Field of Search

726/3, 726/4, 726/1, 709/229, 709/223, 713/168
US Class Current

726/3
CPC Class Codes

G06Q 10/00   Administration; Management

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/10   in which an application is ...

Method and system for securing a commercial grid network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing a commercial grid network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links