Security infrastructure for cloud services

US 8,972,725 B2
Filed: 03/15/2013
Issued: 03/03/2015
Est. Priority Date: 09/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices;

receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system , the first component and the second component executed by the one or more computing devices;

determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component;

determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone;

determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level; and

determining that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A framework for handling a secure interaction between components in a cloud infrastructure system that wish to transfer information between each other during processing of a customer'"'"'s subscription order is described. The framework orders the security zones of components based on security levels and protects the transfer of information between components in security zones with different security levels. The assignment of a component to a security zone is based upon the sensitivity of the data handled by the components, the sensitivity of functions performed by the component, and the like.

Citations

14 Claims

1. A method comprising:
- storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices;
  
  receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system , the first component and the second component executed by the one or more computing devices;
  
  determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component;
  
  determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone;
  
  determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level; and
  
  determining that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein pushing the information from the first component to the second component comprises invoking a synchronous write API of the second component.
  - 3. The method of claim 1, wherein pushing information from the first component to second component comprises publishing information to a queue in the second component, wherein an interaction between the first component and the second component is asynchronous.

4. A method comprising:
- storing, by a cloud infrastructure system, a subscription order related to one or more services subscribed to by a customer, the one or more services provided by the cloud infrastructure system, the cloud infrastructure system comprising one or more computing devices;
  
  receiving, by a computing device from the one or more computing devices, a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices;
  
  determining, by a computing device of the one or more computing devices, a first security zone for the first component and a second security zone for the second component;
  
  determining, by a computing device of the one or more computing devices, a first security level associated with the first security zone and a second security level associated with the second security zone;
  
  determining, by a computing device of the one or more computing devices, a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and
  
  determining that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component.
- View Dependent Claims (5)
- - 5. The method of claim 4 wherein pulling the information further comprises the first component writing the information to an output queue of the second component and the second component pulling the information from the output queue.

6. A system comprising:
- one or more computing devices configurable to provide one or more services;
  
  a memory configurable to store a subscription order related to the one or more services; and
  
  wherein a computing device from the one or more computing devices is configurable to;
  
  receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices;
  
  determine a first security zone for the first component and a second security zone for the second component;
  
  determine a first security level associated with the first security zone and a second security level associated with the second security zone;
  
  determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and
  
  determine that the transfer of information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the computing device is configured to push the information from the first component to the second component by invoking a synchronous write API of the second component.
  - 8. The system of claim 6, wherein the computing device is configured to push information from the first component to second component by publishing information to a queue in the second component, wherein an interaction between the first component and the second component is asynchronous.
  - 9. The system of claim 6, wherein the computing device is configured to assign at least one of an existing security zone with an existing security level or a new security zone with a new security level to a new component in the cloud infrastructure system.
  - 10. The system of claim 6, wherein the computing device is configured to update at least one of a security zone or a security level of the one or more components in the cloud infrastructure system.

11. A system comprising:
- one or more computing devices configurable to provide one or more services;
  
  a memory configurable to store a subscription order related to the one or more services; and
  
  wherein a computing device from the one or more computing devices is configurable to;
  
  receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by the one or more computing devices;
  
  determine a first security zone for the first component and a second security zone for the second component;
  
  determine a first security level associated with the first security zone and a second security level associated with the second security zone;
  
  determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of information between the first security level and the second security level; and
  
  determine that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component.

12. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- instructions that cause at least one processor from the one or more processors to store a subscription order related to one or more services from a set of services subscribed to by a customer;
  
  instructions that cause at least one processor from the one or more processors to receive a request to transfer information between a first component and a second component in the cloud infrastructure system, the first component and the second component executed by one or more computing devices;
  
  instructions that cause at least one processor from the one or more processors to determine a first security zone for the first component and a second security zone for the second component;
  
  instructions that cause at least one processor from the one or more processors to determine a first security level associated with the first security zone and a second security level associated with the second security zone;
  
  instructions that cause at least one processor from the one or more processors to determine a way to transfer the information between the first component and the second component based upon security rules information, wherein the security rules information specifies one or more rules related to the transfer of the information between the first security level and the second security level;
  
  instructions that cause at least one processor from the one or more processors to determine that the transfer of information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and
  
  instructions that cause at least one processor from the one or more processors to determine that the transfer of information from the first component to the second component is to be performed by pulling the information by the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component.
- View Dependent Claims (13, 14)
- - 13. The computer-readable memory of claim 12 wherein the instructions that cause at least one processor from the one or more processors to push the information from the first component to the second component comprises instructions to invoke a synchronous write API of the second component.
  - 14. The computer-readable memory of claim 12 wherein the instructions that cause at least one processor from the one or more processors to pull the information further comprise instructions for the first component to write the information to an output queue of the second component and the second component to pull the information from the output queue.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Arun, Gopalan, Chatterjee, Ramkrishna, Vasudevan, Ramesh
Primary Examiner(s)
Zee, Edward

Application Number

US13/842,269
Publication Number

US 20140075499A1
Time in Patent Office

718 Days
Field of Search

726/11, 726/12, 726/14, 713/166
US Class Current

713/166
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/178   Techniques for file synchro...

G06F 16/2282   Tablespace storage structur...

G06F 16/2308   Concurrency control transac...

G06F 16/2365   Ensuring data consistency a...

G06F 16/27   Replication, distribution o...

G06F 16/273   Asynchronous replication or...

G06F 16/283   Multi-dimensional databases...

G06F 16/284   Relational databases

G06Q 10/06315   Needs-based resource requir...

G06Q 10/0633   Workflow analysis

G06Q 30/0633   Lists, e.g. purchase orders...

G06Q 30/0635   Processing of requisition o...

H04L 41/00   Arrangements for maintenanc...

H04L 41/0686   Additional information in t...

H04L 41/50   Network service management,...

H04L 41/5041   characterised by the time r...

H04L 41/5054   Automatic deployment of ser...

H04L 41/5064   Customer relationship manag...

H04L 43/0876   Network utilisation, e.g. v...

H04L 47/70 : Admission control; Resource...

H04L 63/10 : for controlling access to d...

H04L 63/20 : for managing network securi...

H04L 67/10 : in which an application is ...

View All

Security infrastructure for cloud services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Security infrastructure for cloud services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links