Security infrastructure for cloud services
First Claim
Patent Images
1. A method comprising:
- storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices;
receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system , the first component and the second component executed by the one or more computing devices;
determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component;
determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone;
determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level; and
determining that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework for handling a secure interaction between components in a cloud infrastructure system that wish to transfer information between each other during processing of a customer'"'"'s subscription order is described. The framework orders the security zones of components based on security levels and protects the transfer of information between components in security zones with different security levels. The assignment of a component to a security zone is based upon the sensitivity of the data handled by the components, the sensitivity of functions performed by the component, and the like.
-
Citations
14 Claims
-
1. A method comprising:
-
storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices; receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system , the first component and the second component executed by the one or more computing devices; determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component; determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone; determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level; and determining that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices; receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices; determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component; determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone; determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and determining that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component. - View Dependent Claims (5)
-
-
6. A system comprising:
-
one or more computing devices configurable to provide one or more services; a memory configurable to store a subscription order related to the one or more services; and wherein a computing device from the one or more computing devices is configurable to; receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices; determine a first security zone for the first component and a second security zone for the second component; determine a first security level associated with the first security zone and a second security level associated with the second security zone; determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and determine that the transfer of information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
one or more computing devices configurable to provide one or more services; a memory configurable to store a subscription order related to the one or more services; and wherein a computing device from the one or more computing devices is configurable to; receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices; determine a first security zone for the first component and a second security zone for the second component; determine a first security level associated with the first security zone and a second security level associated with the second security zone; determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and determine that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component.
-
-
12. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
instructions that cause at least one processor from the one or more processors to store a subscription order related to one or more services from a set of services subscribed to by a customer; instructions that cause at least one processor from the one or more processors to receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by one or more computing devices; instructions that cause at least one processor from the one or more processors to determine a first security zone for the first component and a second security zone for the second component; instructions that cause at least one processor from the one or more processors to determine a first security level associated with the first security zone and a second security level associated with the second security zone; instructions that cause at least one processor from the one or more processors to determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level; instructions that cause at least one processor from the one or more processors to determine that the transfer of information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and instructions that cause at least one processor from the one or more processors to determine that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component. - View Dependent Claims (13, 14)
-
Specification