Method and system for distributing secrets
First Claim
1. A system for distributing credentials comprising:
- at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for distributing credentials, the process for distributing credentials including;
receiving request data from a requesting virtual asset, the request data including a request for one or more credentials required in order for the requesting virtual asset to be allowed to access one or more resources, the requested credentials being of a first type of a plurality of credential types, the one or more resources being cloud-accessible resources;
responsive to receiving the request data, obtaining profile data associated with the requesting virtual asset;
responsive to receiving the request data, authenticating, by a secrets distribution management system, the requesting virtual asset;
responsive to authenticating the requesting virtual asset and obtaining profile data associated with the requesting virtual asset, analyzing, by the secrets distribution management system, the profile data using one or more distribution factors to determine one or more credentials of the first type that the requesting virtual asset is authorized to receive, the determination being at least partly based on a role assigned to the requesting virtual asset, the requesting virtual asset being assigned at least two different roles;
determining a first source from which the first type of credential is available, wherein a plurality of credential sources are available each having different types of credentials, wherein credentials of a first type are only available from a first source, and credentials of a second type are only available from a second source; and
providing, from the first source, credentials data representing the determined one or more credentials to the requesting virtual asset, the provided credentials data including data representing one or more of the credentials associated with the request data, the providing being accomplished through at least;
encrypting set data;
assigning identification data to the encrypted set data;
storing the encrypted set data in a credentials store;
providing the requesting virtual asset the identification data and an encryption key for identifying and decrypting the encrypted set data; and
providing the requesting virtual asset access to the credentials store.
1 Assignment
0 Petitions
Accused Products
Abstract
Secrets data representing one or more secrets required to access associated resources is provided along with secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of the secrets. When a requesting virtual asset submits secrets request data, virtual asset profile data associated with the requesting virtual asset is obtained. The requesting virtual asset profile data is then analyzed using at least one of the secrets distribution factors to authenticate the requesting virtual asset. The requesting virtual asset profile data is then analyzed using one or more of secrets distribution factors to determine what secrets the requesting virtual asset legitimately needs. Authorized secrets data for the requesting virtual asset representing one or more authorized secrets is then generated. The requesting virtual asset is then provided access to the authorized secrets data.
77 Citations
50 Claims
-
1. A system for distributing credentials comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for distributing credentials, the process for distributing credentials including; receiving request data from a requesting virtual asset, the request data including a request for one or more credentials required in order for the requesting virtual asset to be allowed to access one or more resources, the requested credentials being of a first type of a plurality of credential types, the one or more resources being cloud-accessible resources; responsive to receiving the request data, obtaining profile data associated with the requesting virtual asset; responsive to receiving the request data, authenticating, by a secrets distribution management system, the requesting virtual asset; responsive to authenticating the requesting virtual asset and obtaining profile data associated with the requesting virtual asset, analyzing, by the secrets distribution management system, the profile data using one or more distribution factors to determine one or more credentials of the first type that the requesting virtual asset is authorized to receive, the determination being at least partly based on a role assigned to the requesting virtual asset, the requesting virtual asset being assigned at least two different roles; determining a first source from which the first type of credential is available, wherein a plurality of credential sources are available each having different types of credentials, wherein credentials of a first type are only available from a first source, and credentials of a second type are only available from a second source; and providing, from the first source, credentials data representing the determined one or more credentials to the requesting virtual asset, the provided credentials data including data representing one or more of the credentials associated with the request data, the providing being accomplished through at least; encrypting set data; assigning identification data to the encrypted set data; storing the encrypted set data in a credentials store; providing the requesting virtual asset the identification data and an encryption key for identifying and decrypting the encrypted set data; and providing the requesting virtual asset access to the credentials store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for distributing credentials comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for distributing credentials, the process for distributing credentials including; receiving request data from a requesting virtual asset, the request data including a request for one or more credentials required in order for the requesting virtual asset to be allowed to access one or more resources, the requested credentials being of a first type of a plurality of credential types, the one or more resources being cloud-accessible resources; responsive to receiving the request data, obtaining profile data associated with the requesting virtual asset; responsive to receiving the request data, authenticating, by a secrets distribution management system, the requesting virtual asset; responsive to authenticating the requesting virtual asset and obtaining profile data associated with the requesting virtual asset, analyzing, by a secrets distribution management system, the profile data using one or more distribution factors to determine one or more classes of credentials the requesting virtual asset is authorized to receive, the determination being at least partly based on a role assigned to the requesting virtual asset, the virtual asset being assigned at least two different roles; determining a first source from which the first type of credential is available, wherein a plurality of credential sources are available each having different types of credentials, wherein credentials of a first type are only available from a first source, and credentials of a second type are only available from a second source; obtaining set data for the requesting virtual asset, the set data representing a set of credentials for the requesting virtual asset of the classes of credentials the requesting virtual asset is authorized to receive; and providing the set data to the requesting virtual asset by at least; encrypting the set data; assigning identification data to the encrypted set data; storing the encrypted set data in a credentials store; providing the requesting virtual asset the identification data and an encryption key for identifying and decrypting the encrypted set data; and providing the requesting virtual asset access to the credentials store. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for distributing credentials comprising:
-
one or more resources potentially accessible by one or more virtual assets, the one or more resources being of two or more resource types; two or more credentials databases, each credentials database including credentials data representing one or more credentials, the one or more credentials being required to access associated ones of the one or more resources, the one or more credentials being of one or more credential classes, each of the credential classes being associated with one of the one or more resource types; a credentials distribution management system, the credentials distribution management system having access to the one or more credentials in the one or more credentials databases, the credentials distribution management system further having access to credentials distribution policy data representing one or more distribution factors used to control the distribution of the one or more credentials; a requesting virtual asset; a services gateway, the services gateway being communicatively coupled to the requesting virtual asset, the services gateway being communicatively coupled to the credentials distribution management system; at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for distributing credentials, the process for distributing credentials including; receiving request data at the service gateway from the requesting virtual asset for credentials required in order for the requesting virtual asset to be allowed to access one or more resources, the requested credentials including a first type of a plurality of credential types, the one or more resources being cloud-accessible resources; responsive to receiving the request data, the credentials distribution management system authenticating the requesting virtual asset; responsive to authenticating the requesting virtual asset, the credentials distribution management system analyzing profile data of the requesting virtual asset using one or more of the one or more distribution factors to determine classes of credentials the requesting virtual asset is authorized to receive, the determination being at least partly based on a role assigned to the requesting virtual asset, the virtual asset being assigned at least two different roles; determining a first source from which the first type of credential is available, wherein a plurality of credential sources are available each having different types of credentials, wherein credentials of a first type are only available from a first source, and credentials of a second type are only available from a second source; the credentials distribution management system obtaining set data for the requesting virtual asset, the set data including the requested credential and representing a set of credentials for the requesting virtual asset of the classes of credentials the requesting virtual asset is authorized to receive, the set data being obtained from the one or more credentials databases; and providing the set data to the requesting virtual asset by at least; encrypting the set data; assigning identification data to the encrypted set data; storing the encrypted set data in a credentials store; providing the requesting virtual asset the identification data and an encryption key for identifying and decrypting the encrypted set data; and providing the requesting virtual asset access to the credentials store. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification