Compound certifications for assurance without revealing infrastructure

US 9,210,051 B2
Filed: 09/12/2012
Issued: 12/08/2015
Est. Priority Date: 09/12/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method to employ compound certification for assurance, the method comprising:

receiving, at an intermediary certification service executed by one or more computing devices, a redirected request for certification from a service application;

requesting certificates associated with the service application and service elements of the service application from a certification authority executed by one or more other computing devices;

receiving the certificates;

composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and

providing the compound certificate in response to the redirected request.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are presented for providing compound certificates via a certificate intermediary. In some examples, a certificate intermediary may generate a compound certificate that captures the certified behavior of an application and its underlying sub-services without revealing the identities of the sub-services for providing to a customer. The certificate intermediary may receive individual certificates from a certification authority. In other examples, the certification authority may generate the compound certificate, or the certificate intermediary may act as the certification authority for at least a portion of the sub-services.

Citations

21 Claims

1. A method to employ compound certification for assurance, the method comprising:
- receiving, at an intermediary certification service executed by one or more computing devices, a redirected request for certification from a service application;
  
  requesting certificates associated with the service application and service elements of the service application from a certification authority executed by one or more other computing devices;
  
  receiving the certificates;
  
  composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and
  
  providing the compound certificate in response to the redirected request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the received certificates establish compliance of each service element with one or more of predefined rules, standards, and/or practices.
  - 3. The method according to claim 2, wherein the certificates prove compliance with one or more of payment card industry (PCI), health insurance portability and accountability act (HIPAA), controlled commerce list (CCL), ISO certifications, or international traffic in arms regulations (ITAR).
  - 4. The method according to claim 1, further comprising receiving the certificates from a plurality of certification authorities.
  - 5. The method according to claim 1, wherein the service elements include one or more of a computation service, a storage service, a platform service, and an interaction service.
  - 6. The method according to claim 1, further comprising performing one or more of testing and certification tasks for at least one of the service elements at the intermediary certification service.
  - 7. The method according to claim 1, further comprising enabling the service application to price certified and noncertified services by choosing whether to invoke the intermediary certification service.

8. A method to employ compound certification for assurance, the method comprising:
- receiving a request for service from an application hosted by at least one virtual machine operable to be executed on one or more physical machines of a datacenter, wherein the request includes a request for certification;
  
  separating the request for certification from the request for service;
  
  requesting certificates associated with the application and service elements of the application from a certification authority executed by one or more computing devices at another datacenter;
  
  receiving the certificates;
  
  composing a compound certificate based on a logic combination of certified properties associated with each of the service elements from the received certificates, wherein the compound certificate suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more service elements as defined by their respective certificates differ; and
  
  providing the compound certificate in response to the request for service.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method according to claim 8, further comprising:
    - intercepting the request for service that includes the request for certificate;
      
      separating the request for certificate; and
      
      forwarding the request for certificate to an intermediary certification service at one of a gateway or a session border controller of the datacenter hosting the application.
  - 10. The method according to claim 8, wherein the application has a service-based architecture.
  - 11. The method according to claim 8, wherein the service elements include one or more of a computation service, a storage service, a platform service, and an interaction service.
  - 12. The method according to claim 8, further comprising enabling the application to price certified and noncertified services by choosing whether to invoke the compound certificate.
  - 13. The method according to claim 8, further comprising:
    - enabling the service elements to provide tokens to the application; and
      
      receiving the tokens from the application for delivery to the certification authority.

14. A cloud-based datacenter configured to employ compound certification for assurance, the datacenter comprising:
- a plurality of virtual machines operable to be executed on one or more physical machines, wherein at least one of the virtual machines hosts a service application configured to provide a combination service to customers; and
  
  a datacenter controller configured to;
  
  receive a request for service from the service application hosted by the datacenter, wherein the request includes a request for certification;
  
  separate the request for certification from the request for service; and
  
  forward the request for certificate to an intermediary certification service such that a compound certificate composed of a logic combination of certified properties associated with service elements from individual certificates for sub-services that suppresses identities of the service elements and indicates a lowest common compliance level in the compound certificate in response to a determination that compliance levels of two or more of the service elements as defined by their respective certificates differ is provided by the intermediary certification service in response to the request for service.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The datacenter according to claim 14, wherein the datacenter controller is one of a gateway or a session border controller interfacing with the service application.
  - 16. The datacenter according to claim 14, wherein the intermediary certification service is provided by the datacenter.
  - 17. The datacenter according to claim 14, wherein the certificates establish compliance of each service element with one or more of predefined rules, standards, and/or practices.
  - 18. The datacenter according to claim 14, wherein the service elements include one or more of a computation service, a storage service, a platform service, and an interaction service.
  - 19. The datacenter according to claim 14, wherein the intermediary certification service is further configured to receive the certificates from a plurality of certification authorities.
  - 20. The datacenter according to claim 14, wherein the service application is enabled to price certified and noncertified services by choosing whether to invoke the compound certificate.
  - 21. The datacenter according to claim 14, wherein the datacenter controller is further configured to:
    - enable the service elements to provide tokens; and
      
      provide the tokens to the intermediary certification service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Kruglick, Ezekiel
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/004,902
Publication Number

US 20140325047A1
Time in Patent Office

1,182 Days
Field of Search

726/1, 726/10, 713/157, 713/180, 713/175
US Class Current

1/1
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G06Q 30/018   Certifying business or prod...

H04L 41/5041   characterised by the time r...

Compound certifications for assurance without revealing infrastructure

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Compound certifications for assurance without revealing infrastructure

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links