Securely identifying host systems

US 9,148,426 B2
Filed: 02/25/2014
Issued: 09/29/2015
Est. Priority Date: 08/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securely identifying host systems, comprising:

receiving a request for an instance, the instance comprising a virtual machine;

identifying a template corresponding to the request, the template comprising an image; and

provisioning the instance from the template, the instance being provisioned to include a security key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s).

37 Citations

View as Search Results

20 Claims

1. A method for securely identifying host systems, comprising:
- receiving a request for an instance, the instance comprising a virtual machine;
  
  identifying a template corresponding to the request, the template comprising an image; and
  
  provisioning the instance from the template, the instance being provisioned to include a security key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving a request from the instance; and
      
      validating the request from the instance using the security key and at least one additional security validation factor.
  - 3. The method of claim 2, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 4. The method of claim 1, the instance being provisioned within a cloud computing environment.
  - 5. The method of claim 1, further comprising generating a globally unique string to yield the security key.
  - 6. The method of claim 1, further comprising generating a secure hash to yield the security key.
  - 7. The method of claim 1, further comprising accessing an application programming interface (API) to yield the security key.
  - 8. The method of claim 1, further comprising hashing a set of files to yield the security key.
  - 9. The method of claim 1, further comprising executing a binary to yield the security key.
  - 10. The method of claim 1, wherein a service solution provider provides a computer infrastructure that performs the method for one or more consumers.

11. A system for securely identifying host systems, comprising:
- a bus;
  
  a processor coupled to the bus; and
  
  a memory medium coupled to the bus, the memory medium comprising instructions to;
  
  receive a request for an instance, the instance comprising a virtual machine;
  
  identify a template corresponding to the request, the template comprising an image; and
  
  provision the instance from the template, the instance being provisioned to include a security key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, the memory medium further comprising instructions to:
    - receive a request from the instance; and
      
      validate the request from the instance using the security key and at least one additional security validation factor.
  - 13. The system of claim 12, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 14. The system of claim 11, the instance being provisioned within a cloud computing environment.
  - 15. The system of claim 11, the memory medium further comprising instructions to generate the security key from at least one of the following:
    - a globally unique string, a secure hash, an application programming interface (API) to yield the security key;
      
      a hashed set of files;
      
      or a set of pointers to the set of hashed files.

16. A computer program product for securely identifying host systems, the computer program product comprising a computer readable hardware storage device, and program instructions stored on the computer readable storage media, to:
- receive a request for an instance, the instance comprising a virtual machine;
  
  identify a template corresponding to the request, the template comprising an image; and
  
  provision the instance from the template, the instance being provisioned to include a security key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, further comprising program instructions stored on the computer readable hardware storage device to:
    - receive a request from the instance; and
      
      validate the request from the instance using the security key and at least one additional security validation factor.
  - 18. The computer program product of claim 17, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 19. The computer program product of claim 16, the instance being provisioned within a cloud computing environment.
  - 20. The computer program product of claim 16, further comprising program instructions stored on the computer readable hardware storage device to generate the security key from at least one of the following:
    - a globally unique string, a secure hash, an application programming interface (API) to yield the security key;
      
      a hashed set of files;
      
      or a set of pointers to the set of hashed files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workday Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Goodman, Brian D., DeLuca, Lisa Seacat
Primary Examiner(s)
McNally, Michael S

Application Number

US14/188,758
Publication Number

US 20140173279A1
Time in Patent Office

581 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

G06F 21/73   by creating or determining ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

Securely identifying host systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securely identifying host systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links