Mobile cloud service architecture

US 9,231,946 B2
Filed: 09/02/2014
Issued: 01/05/2016
Est. Priority Date: 02/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a cloud computer system, from a mobile computing device, a request for a service from an enterprise computer system, wherein the cloud computer system is located at a first geographical location that is different from a second geographical location of the enterprise computer system, wherein the cloud computer system and the enterprise computer system communicate over a public communication network, and wherein the cloud computer system provides an application programming interface (API), the API using a first communication protocol to receive requests for services;

obtaining, by the cloud computer system, for a user of the mobile computing device associated with the request, a security authentication to obtain at least one service through the cloud computer system;

storing, by the cloud computer system, information indicating the security authentication;

identifying, based on the security authentication of the user, by the cloud computer system, a plurality of enterprise computer systems accessible to the user through the cloud computer system, wherein each enterprise computer system of the plurality of enterprise computer systems uses a second communication protocol to receive the requests for services, and wherein the second communication protocol is different from the first communication protocol;

verifying, by the cloud computer system, that the enterprise computer system is included in the plurality of enterprise computer systems accessible to the user;

determining, by the cloud computer system, a security protocol for requesting the service from the enterprise computer system;

generating, by the cloud computer system, a security token corresponding to the determined security protocol for the enterprise computer system, wherein the security token is generated based on the information indicating the security authentication of the user;

converting the request from a format of the first communication protocol to a different format corresponding to the second communication protocol;

sending, by the cloud computer system, to the enterprise computer system, the converted request for the service, wherein the converted request includes the generated security token;

receiving, from the enterprise computer system, a response to the converted request, wherein the response has a format of the second communication protocol used by the enterprise computer system;

converting the response from the format of the second communication protocol to the format of the first communication protocol; and

providing the converted response to the mobile computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for implementing a cloud computer system to facilitate communication between a computing device (e.g., a mobile computing device) and enterprise computer systems. In certain embodiments, the cloud computer system may receive, from a computing device, a request for a service provided by an enterprise computer system. The cloud computer system may determine security authentication of a user for the requested service. A security protocol may be determined for a requested enterprise computer system and a security token may be generated for the request according to the determined security protocol. The request may be sent to the requested enterprise computer system. In some embodiments, security authentication for a request to an enterprise computer system may be determined based on previous authentication. The cloud computer system may be configured to communicate with several different enterprise computer systems according to their supported protocols (e.g., communication protocol and/or security protocol).

Citations

17 Claims

1. A method comprising:
- receiving, by a cloud computer system, from a mobile computing device, a request for a service from an enterprise computer system, wherein the cloud computer system is located at a first geographical location that is different from a second geographical location of the enterprise computer system, wherein the cloud computer system and the enterprise computer system communicate over a public communication network, and wherein the cloud computer system provides an application programming interface (API), the API using a first communication protocol to receive requests for services;
  
  obtaining, by the cloud computer system, for a user of the mobile computing device associated with the request, a security authentication to obtain at least one service through the cloud computer system;
  
  storing, by the cloud computer system, information indicating the security authentication;
  
  identifying, based on the security authentication of the user, by the cloud computer system, a plurality of enterprise computer systems accessible to the user through the cloud computer system, wherein each enterprise computer system of the plurality of enterprise computer systems uses a second communication protocol to receive the requests for services, and wherein the second communication protocol is different from the first communication protocol;
  
  verifying, by the cloud computer system, that the enterprise computer system is included in the plurality of enterprise computer systems accessible to the user;
  
  determining, by the cloud computer system, a security protocol for requesting the service from the enterprise computer system;
  
  generating, by the cloud computer system, a security token corresponding to the determined security protocol for the enterprise computer system, wherein the security token is generated based on the information indicating the security authentication of the user;
  
  converting the request from a format of the first communication protocol to a different format corresponding to the second communication protocol;
  
  sending, by the cloud computer system, to the enterprise computer system, the converted request for the service, wherein the converted request includes the generated security token;
  
  receiving, from the enterprise computer system, a response to the converted request, wherein the response has a format of the second communication protocol used by the enterprise computer system;
  
  converting the response from the format of the second communication protocol to the format of the first communication protocol; and
  
  providing the converted response to the mobile computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein at least one of the plurality of enterprise computer systems communicates using a different security protocol than a different one of the plurality of enterprise computer systems.
  - 3. The method of claim 1, wherein the request received from the mobile computing device and the converted request sent to the enterprise computer system conform to different representational state transfer (REST) architectural styles.
  - 4. The method of claim 1, wherein the request received from the mobile computing device includes a first hypertext transfer protocol (HTTP) message and wherein the converted request sent to the enterprise computer system includes a second HTTP message.
  - 5. The method of claim 1, wherein the request received from the mobile computing device includes user identity information of the user.
  - 6. The method of claim 1, further comprising:
    - sending an authentication request to an identity management system to determine the security authentication of the user.
  - 7. The method of claim 1, wherein the security token is structured in a format using Security Assertion Markup Language (SAML).
  - 8. The method of claim 1, wherein the plurality of enterprise computer systems includes the enterprise computer system having an on-premises agent system, wherein the on-premises agent system including a plurality of server computers, each server computer of the plurality of server computers providing a different enterprise service, and wherein the on-premises agent system communicates with the cloud computer system over the public communication network.
  - 9. The method of claim 1, wherein the first communication protocol and the second communication protocol conform to a hypertext transfer protocol (HTTP).
  - 10. The method of claim 1, wherein each enterprise computer system of the plurality of enterprise computer systems supports a different second communication protocol for receiving the requests for services.
  - 11. The method of claim 1, wherein the API is configurable by the user of the mobile computing device.
  - 12. The method of claim 1, wherein the cloud computer system includes a database that stores metadata corresponding to one or more configurations of the API.

13. A computer system comprising:
- one or more processors; and
  
  one or more memory devices coupled to the one or more processors, the one or more memory devices containing instructions, which when executed on the one or more processors, cause the one or more processors to;
  
  receive, from a mobile computing device using a first communication protocol, a request for a service, wherein the service is provided by an enterprise computer system, wherein the enterprise computer system is located at a first geographical location that is different from a second geographical location of the computer system, and wherein the enterprise computer system and the computer system communicate over a public communication network;
  
  obtain, for a user of the mobile computing device associated with the request, a security authentication to obtain at least one service via the computer system;
  
  store information indicating the security authentication;
  
  identify, based on the security authentication of the user, a plurality of enterprise computer systems accessible to the user through the computer system that provides an application programming interface (API);
  
  verify that the enterprise computer system is included in the plurality of enterprise computer systems accessible to the user;
  
  determine a security protocol for requesting the service from the enterprise computer system;
  
  generate a security token corresponding to the determined security protocol for the enterprise computer system, wherein the security token is generated based on the information indicating the security authentication of the user, and wherein the generated security token is included in a request sent to the enterprise computer system;
  
  convert the request received from the mobile computing device, wherein the request is converted from a first format of the first communication protocol to a second format of a second communication protocol, wherein the second communication protocol is different from the first communication protocol;
  
  send the converted request to the enterprise computer system;
  
  receive, from the enterprise computer system via the second communication protocol, a response to the converted request for the service;
  
  convert the response received from the enterprise computer system, wherein the response is converted from the second format of the second communication protocol to the first format of the first communication protocol; and
  
  send the converted response to the mobile computing device.
- View Dependent Claims (14, 15)
- - 14. The computer system of claim 13, wherein the enterprise computer system includes an on-premises agent system, wherein the on-premises agent system is associated with an on-premises local area network of an entity, wherein the on-premises agent system includes a plurality of server computers, each server computer of the plurality of server computers providing a different enterprise service, and wherein the on-premises agent system communicates with the computer system over the public communication network.
  - 15. The computer system of claim 14, further comprising:
    - a firewall connected with the computer system, wherein an internal network and an external network are separated by the firewall, and wherein the firewall is configured to;
      
      permit communication, conforming to the first communication protocol, between the mobile computing device and the computer system; and
      
      permit communication, conforming to the second communication protocol, between the computer system and the on-premises agent system.

16. A cloud computer system to facilitate communication between a mobile computing device and an on-premises enterprise computer system, the cloud computer system comprising:
- a cloud computer device configured to;
  
  receive, through an application programming interface (API), from a mobile computing device, a message conforming to a first format of a first application protocol; and
  
  generate and send, to an agent, a message conforming to a second format of a second application protocol;
  
  a firewall connected with the cloud computer device, wherein an internal network and an external network are separated by the firewall, and wherein the firewall is configured to;
  
  permit communication of messages, conforming to the first format of the first application protocol, between the mobile computing device and the cloud computer device; and
  
  permit communication of messages, conforming to the second format of the second application protocol, between the cloud computer device and the agent; and
  
  a metadata repository connected with the cloud computer device, wherein the metadata repository is configured to store metadata for implementing the API, the implementing including translating between the first format and the second format, and wherein the metadata repository is modifiable by an authenticated user via the external network.
- View Dependent Claims (17)
- - 17. The cloud computer system of claim 16, wherein the agent includes a plurality of server computers, each server computer of the plurality of server computers providing a different enterprise service, and wherein the agent communicates with the computer system over a public communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Loo, Kaj van de
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US14/475,285
Publication Number

US 20150229638A1
Time in Patent Office

490 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 8/65   Updates security arrangemen...

G06Q 10/10   Office automation; Time man...

H04L 41/0226   Mapping or translating mult...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 67/34   involving the movement of s...

H04L 67/565   Conversion or adaptation of...

H04L 69/08   Protocols for interworking;...

H04W 12/06   Authentication

H04W 12/084   using delegated authorisati...

H04W 12/30 : Security of mobile devices;...

H04W 12/63 : Location-dependent; Proximi...

H04W 4/18 : Information format or conte...

View All

Mobile cloud service architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile cloud service architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links