Security credential deployment in cloud environment

US 8,838,961 B2
Filed: 09/14/2012
Issued: 09/16/2014
Est. Priority Date: 09/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method of deploying a security credential for an application deployed in a cloud, comprising:

receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential;

retrieving the security credential using the authentication information;

encrypting, by operation of one or more computer processors, the security credential; and

transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for deploying a security credential for an application deployed in a cloud. An encrypted security credential is received from a remote system and is inserted into a virtual machine instance associated with the application. Upon deploying the virtual machine instance, embodiments transmit a request to a cryptex server for a decrypted security credential, the request including the encrypted security credential and a virtual machine identifier for the deployed virtual machine instance. The cryptex server is configured to retrieve metadata associated with the virtual machine identifier and to authenticate the deployed virtual machine instance using the retrieved metadata. Embodiments receive, from the cryptex server, the decrypted security credential for use by the application.

Citations

24 Claims

1. A method of deploying a security credential for an application deployed in a cloud, comprising:
- receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential;
  
  retrieving the security credential using the authentication information;
  
  encrypting, by operation of one or more computer processors, the security credential; and
  
  transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the authentication information comprises a login name and a password.
  - 3. The method of claim 1, wherein retrieving the security credential further comprises:
    - accessing a database using the authentication information; and
      
      retrieving the security credential from the database.
  - 4. The method of claim 1, wherein the security credential is encrypted using at least one of RSA encryption and AES encryption.
  - 5. The method of claim 1, wherein the request further specifies a deployment system identifier corresponding to an intended system on which the security credential is to be deployed, and further comprising transmitting the deployment system identifier to the cloud management system.
  - 6. The method of claim 5, wherein the deployment system identifier comprises a network address corresponding to the intended system.
  - 7. The method of claim 5, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier.
  - 8. The method of claim 7, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier before obtaining a decrypted security credential for the application.

9. A non-transitory computer-readable medium containing a program that, when executed, performs an operation for deploying a security credential for an application deployed in a cloud, the operation comprising:
- receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential;
  
  retrieving the security credential using the authentication information;
  
  encrypting the security credential; and
  
  transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable medium of claim 9, wherein the authentication information comprises a login name and a password.
  - 11. The non-transitory computer-readable medium of claim 9, wherein retrieving the security credential further comprises:
    - accessing a database using the authentication information; and
      
      retrieving the security credential from the database.
  - 12. The non-transitory computer-readable medium of claim 9, wherein the security credential is encrypted using at least one of RSA encryption and AES encryption.
  - 13. The non-transitory computer-readable medium of claim 9, wherein the request further specifies a deployment system identifier corresponding to an intended system on which the security credential is to be deployed, and further comprising transmitting the deployment system identifier to the cloud management system.
  - 14. The non-transitory computer-readable medium of claim 13, wherein the deployment system identifier comprises a network address corresponding to the intended system.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier.
  - 16. The non-transitory computer-readable medium of claim 15, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier before obtaining a decrypted security credential for the application.

17. A system, comprising:
- a processor; and
  
  a memory containing a program that, when executed on the processor, performs an operation for deploying a security credential for an application deployed in a cloud, the operation comprising;
  
  receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential;
  
  retrieving the security credential using the authentication information;
  
  encrypting the security credential; and
  
  transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the authentication information comprises a login name and a password.
  - 19. The system of claim 17, wherein retrieving the security credential further comprises:
    - accessing a database using the authentication information; and
      
      retrieving the security credential from the database.
  - 20. The system of claim 17, wherein the security credential is encrypted using at least one of RSA encryption and AES encryption.
  - 21. The system of claim 17, wherein the request further specifies a deployment system identifier corresponding to an intended system on which the security credential is to be deployed, and further comprising transmitting the deployment system identifier to the cloud management system.
  - 22. The system of claim 21, wherein the deployment system identifier comprises a network address corresponding to the intended system.
  - 23. The system of claim 21, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier.
  - 24. The system of claim 23, wherein the cloud management system is configured to verify the virtual machine instance using the deployment system identifier before obtaining a decrypted security credential for the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netflix, Inc.
Original Assignee
Netflix, Inc.
Inventors
Zarfoss, James R. III, Yuan, Yong
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US13/617,941
Publication Number

US 20140082350A1
Time in Patent Office

732 Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

Security credential deployment in cloud environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Security credential deployment in cloud environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links