Compound certifications for assurance without revealing infrastructure
First Claim
Patent Images
1. A method to employ compound certification for assurance, the method comprising:
- receiving, at an intermediary certification service executed by one or more computing devices, a redirected request for certification from a service application;
requesting certificates associated with the service application and service elements of the service application from a certification authority executed by one or more other computing devices;
receiving the certificates;
composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and
providing the compound certificate in response to the redirected request.
5 Assignments
0 Petitions
Accused Products
Abstract
Technologies are presented for providing compound certificates via a certificate intermediary. In some examples, a certificate intermediary may generate a compound certificate that captures the certified behavior of an application and its underlying sub-services without revealing the identities of the sub-services for providing to a customer. The certificate intermediary may receive individual certificates from a certification authority. In other examples, the certification authority may generate the compound certificate, or the certificate intermediary may act as the certification authority for at least a portion of the sub-services.
-
Citations
21 Claims
-
1. A method to employ compound certification for assurance, the method comprising:
-
receiving, at an intermediary certification service executed by one or more computing devices, a redirected request for certification from a service application; requesting certificates associated with the service application and service elements of the service application from a certification authority executed by one or more other computing devices; receiving the certificates; composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and providing the compound certificate in response to the redirected request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method to employ compound certification for assurance, the method comprising:
-
receiving a request for service from an application hosted by at least one virtual machine operable to be executed on one or more physical machines of a datacenter, wherein the request includes a request for certification; separating the request for certification from the request for service; requesting certificates associated with the application and service elements of the application from a certification authority executed by one or more computing devices at another datacenter; receiving the certificates; composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and providing the compound certificate in response to the request for service. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A cloud-based datacenter configured to employ compound certification for assurance, the datacenter comprising:
-
a plurality of virtual machines operable to be executed on one or more physical machines, wherein at least one of the virtual machines hosts a service application configured to provide a combination service to customers; and a datacenter controller configured to; receive a request for service from the service application hosted by the datacenter, wherein the request includes a request for certification; separate the request for certification from the request for service; and forward the request for certificate to an intermediary certification service such that a compound certificate composed of a logic combination of certified properties associated with service elements from individual certificates for sub-services that suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more of the service elements as defined by their respective certificates differ is provided by the intermediary certification service in response to the request for service. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification