Security through metadata orchestrators

US 8,893,291 B2
Filed: 10/30/2012
Issued: 11/18/2014
Est. Priority Date: 10/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method of obtaining a service from a second cloud domain, the method being performed by a first cloud domain and comprising:

registering with a metadata orchestrator framework repository to connect to a plurality of cloud domains, which are registered with the metadata orchestrator framework repository, and obtain metadata parameters of the plurality of cloud domains;

identifying the second cloud domain which provides the service from among the plurality of cloud domains by analyzing the metadata parameters of the plurality of cloud domains;

receiving, from the second cloud domain, an indication of data which is owned by the first cloud domain and requested by the second cloud domain to perform the service;

transmitting the requested data along with metadata corresponding to the requested data to the second cloud domain; and

retrieving generic metadata corresponding to the requested data,wherein the generic metadata comprises;

regular metadata which indicates at least one of authorship and last modification date of the requested data; and

function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the requested data, andwherein at least one of the registering, the identifying, the receiving, and the transmitting is performed by a processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of obtaining a service from a second cloud domain, the method being performed by a first cloud domain, includes identifying the second cloud domain which provides the service from among a plurality of cloud domains by analyzing metadata parameters of the plurality of cloud domains, receiving an indication of data which is requested by the second cloud domain to perform the service, and transmitting the requested data along with metadata corresponding to the requested data to the second cloud domain.

Citations

19 Claims

1. A method of obtaining a service from a second cloud domain, the method being performed by a first cloud domain and comprising:
- registering with a metadata orchestrator framework repository to connect to a plurality of cloud domains, which are registered with the metadata orchestrator framework repository, and obtain metadata parameters of the plurality of cloud domains;
  
  identifying the second cloud domain which provides the service from among the plurality of cloud domains by analyzing the metadata parameters of the plurality of cloud domains;
  
  receiving, from the second cloud domain, an indication of data which is owned by the first cloud domain and requested by the second cloud domain to perform the service;
  
  transmitting the requested data along with metadata corresponding to the requested data to the second cloud domain; and
  
  retrieving generic metadata corresponding to the requested data,wherein the generic metadata comprises;
  
  regular metadata which indicates at least one of authorship and last modification date of the requested data; and
  
  function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the requested data, andwherein at least one of the registering, the identifying, the receiving, and the transmitting is performed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, further comprising:
    - requesting the service from the second cloud domain,wherein the second cloud domain transmits the indication of the requested data in response to the requesting of the service.
  - 3. The method according to claim 1, wherein the generic metadata indicates information related to the requested data and which is independent of any cloud domain.
  - 4. The method according to claim 3, further comprising:
    - creating domain specific metadata based on domain specific metadata parameters of the second cloud domain based on information obtained through the metadata orchestrator framework repository, wherein the domain specific metadata indicates a rule to be followed by the second cloud domain with respect to the requested data.
  - 5. The method according to claim 4, wherein the transmitting of the requested data along with the corresponding metadata comprises transmitting the domain specific metadata, the generic metadata and the requested data to the second cloud domain.
  - 6. The method according to claim 4, further comprising:
    - receiving a notification that the second cloud domain is experiencing a conflict due to the second cloud domain'"'"'s inability to comply with the rule indicated by the domain specific metadata;
      
      resolving the conflict and generating conflict resolution instructions based on the resolved conflict; and
      
      transmitting the conflict resolution instructions to the second cloud domain.
  - 7. The method according to claim 1, further comprising:
    - receiving a metadata update from the second cloud domain, wherein the metadata update indicates an update performed by the second cloud domain to the metadata.
  - 8. The method according to claim 1, wherein the registering comprises registering using key-based cryptography.
  - 9. The method according to claim 1, further comprising, after performing the registering, providing a list of security properties of the first cloud domain to the metadata orchestrator framework repository to be shared with the plurality of cloud domains which are registered with the metadata orchestrator framework repository.
  - 10. The method according to claim 9, wherein the security properties comprise at least one of a location of data centers, a location of storage and/or a location of a server of the first cloud domain or software and platforms implemented by the first cloud domain.
  - 11. The method according to claim 1, wherein the first cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker, and the second cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker.

12. A method of providing a service to a first cloud domain, the method being performed by a second cloud domain and comprising:
- receiving a request from the first cloud domain to perform the service;
  
  determining data of the first cloud domain which is necessary to perform the service;
  
  transmitting an indication of the data to the first cloud domain;
  
  receiving the data along with metadata corresponding to the data from the first cloud domain; and
  
  providing the service based on the data and the metadata,wherein the first cloud domain is registered with a metadata orchestrator framework repository, through which the first cloud domain connects to the second cloud domain and obtains metadata parameters of the second cloud domain,wherein the first cloud domain retrieves generic metadata corresponding to the data,wherein the generic metadata comprises;
  
  regular metadata which indicates at least one of authorship and last modification date of the data; and
  
  function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the data, andwherein at least one of the receiving, the determining, the transmitting, the receiving, and the providing is performed by a processor.
- View Dependent Claims (13)
- - 13. The method according to claim 12, wherein the first cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker, and the second cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker.

14. A metadata orchestrator residing in a first cloud domain, comprising:
- a processor;
  
  a storage; and
  
  an input/output unit,the storage storing instructions that enable the processor to carry out operations comprising;
  
  registering with a metadata orchestrator framework repository to connect to a plurality of cloud domains, which are registered with the metadata orchestrator framework repository, and obtain metadata parameters of the plurality of cloud domains;
  
  identifying a second cloud domain which provides a service from among the plurality of cloud domains by analyzing the metadata parameters of the plurality of cloud domains;
  
  receiving, from the second cloud domain, an indication of data which is owned by the first cloud domain and requested by the second cloud domain to perform the service;
  
  transmitting the requested data along with metadata corresponding to the requested data to the second cloud domain; and
  
  retrieving generic metadata corresponding to the requested data,wherein the generic metadata comprises;
  
  regular metadata which indicates at least one of authorship and last modification date of the requested data; and
  
  function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the requested data.
- View Dependent Claims (15)
- - 15. The metadata orchestrator according to claim 14, wherein the first cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker, and the second cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker.

16. A metadata manager residing in a second cloud domain, comprising:
- a processor;
  
  a storage; and
  
  an input/output unit,the storage storing instructions that enable the processor to carry out operations comprising;
  
  receiving a request from a first cloud domain to perform a service;
  
  determining data of the first cloud domain which is necessary to perform the service;
  
  transmitting an indication of the data to the first cloud domain;
  
  receiving the data along with metadata corresponding to the data from the first cloud domain; and
  
  providing the service based on the data and the metadata,wherein the first cloud domain is registered with a metadata orchestrator framework repository, through which the first cloud domain connects to the second cloud domain and obtains metadata parameters of the second cloud domain,wherein the first cloud domain retrieves generic metadata corresponding to the data, andwherein the generic metadata comprises;
  
  regular metadata which indicates at least one of authorship and last modification date of the data; and
  
  function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the data.
- View Dependent Claims (17)
- - 17. The metadata manager according to claim 16, wherein the first cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker, and the second cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker.

18. A metadata manager residing in a first cloud domain, comprising:
- a processor;
  
  an external metadata storage; and
  
  an input/output unit,the storage unit storing instructions that enable the processor to carry out operations comprising;
  
  registering with a metadata orchestrator framework repository to connect to a plurality of cloud domains, which are registered with the metadata orchestrator framework repository, and obtain metadata parameters of the plurality of cloud domains;
  
  identifying a second cloud domain which provides a service from among the plurality of cloud domains by analyzing the metadata parameters of the plurality of cloud domains;
  
  receiving, from the second cloud domain, an indication of data which is owned by the first cloud domain requested by the second cloud domain to perform the service;
  
  retrieving metadata from the external metadata storage, the metadata corresponding to the requested data;
  
  transmitting the requested data along with the metadata corresponding to the requested data to the second cloud domain; and
  
  retrieving generic metadata corresponding to the requested data,wherein the generic metadata comprises;
  
  regular metadata which indicates at least one of authorship and last modification date of the requested data; and
  
  function specific metadata which indicates at least one of an access policy, history, compliance information, and data ownership information associated with the requested data.
- View Dependent Claims (19)
- - 19. The metadata manager according to claim 18, wherein the first cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker, and the second cloud domain comprises one of a cloud consumer, a cloud provider, a cloud auditor, and a cloud broker.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Original Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Inventors
Leicher, Andreas, Subramanian, Lakshmi, Kim, Won Young
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/663,866
Publication Number

US 20140123296A1
Time in Patent Office

749 Days
Field of Search

726/26
US Class Current

726/26
CPC Class Codes

H04L 67/10 in which an application is ...

Security through metadata orchestrators

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security through metadata orchestrators

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links