Secure and automated credential information transfer mechanism
First Claim
Patent Images
1. A computer-implemented method comprising:
- generating, by a central server that has access to credential information, a one-time-use password;
transmitting, by the central server, an instruction to a remote server to activate an application instance, the instruction including the one-time-use password;
receiving, by the central server and from the remote server, a request for the credential information, the request including at least (i) the one-time-use password, and (ii) an unique identifier associated with the application instance;
verifying, by the central server, (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request;
in response to verifying (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request, invalidating, by the central server, the one-time-use password; and
transmitting, by the central server, a secure message that causes the remote server to create a file that includes the credential information in a secure location on the remote server.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for securely transmitting credentials to instantiated virtual machines is provided. A central server is used to turn on a virtual machine. When the virtual machine is turned on, the central server sends it a secret text string. The virtual machine requests the credentials from the central server by transmitting the secret string and its instance ID. The central server validates the secret string and source IP to determine whether they are authentic. Once verified, the central server transmits the credentials to the virtual machine in a secure channel and invalidates the secret string. The credentials can now be used to authenticate API calls.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
generating, by a central server that has access to credential information, a one-time-use password; transmitting, by the central server, an instruction to a remote server to activate an application instance, the instruction including the one-time-use password; receiving, by the central server and from the remote server, a request for the credential information, the request including at least (i) the one-time-use password, and (ii) an unique identifier associated with the application instance; verifying, by the central server, (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request; in response to verifying (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request, invalidating, by the central server, the one-time-use password; and transmitting, by the central server, a secure message that causes the remote server to create a file that includes the credential information in a secure location on the remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; generating, by a central server that has access to credential information, a one-time-use password; transmitting, by the central server, an instruction to a remote server to activate an application instance, the instruction including the one-time-use password; receiving, by the central server and from the remote server, a request for the credential information, the request including at least (i) the one-time-use password, and (ii) an unique identifier associated with the application instance; verifying, by the central server, (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request; in response to verifying (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request, invalidating, by the central server, the one-time-use password; and transmitting, by the central server, a secure message that causes the remote server to create a file that includes the credential information in a secure location on the remote server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
-
generating, by a central server that has access to credential information, a one-time-use password; transmitting, by the central server, an instruction to a remote server to activate an application instance, the instruction including the one-time-use password; receiving, by the central server and from the remote server, a request for the credential information, the request including at least (i) the one-time-use password, and (ii) an unique identifier associated with the application instance; verifying, by the central server, (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request; in response to verifying (i) the one-time-use password that is included in the received request, and (ii) the unique identifier that is included in the received request, invalidating, by the central server, the one-time-use password; and transmitting, by the central server, a secure message that causes the remote server to create a file that includes the credential information in a secure location on the remote server. - View Dependent Claims (18, 19, 20)
-
Specification