×

Extending infrastructure security to services in a cloud computing environment

  • US 9,426,155 B2
  • Filed: 04/18/2013
  • Issued: 08/23/2016
  • Est. Priority Date: 04/18/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method of extending cloud computing infrastructure security to a service that is shared across virtual application deployments in the cloud computing infrastructure as a shared service, the method operative in a security service executing on a hardware element, comprising:

  • establishing a trust relationship between the shared service and the security service;

    upon receipt of a request from a user to access the shared service, the request issued from an application other than the shared service, executing a token exchange among the application, the security service and the shared service to exchange a first token for a shared services token that is distinct from the first token, the first token representing the user within the security service and identifying privileges the user has and resources the user can access, the shared services token including credential information and one or more deployment constraints on authorized access to the shared service, the credential information including user identity and one or more security roles, the token exchange that exchanges the first token for the shared services token executed transparently to a provider of the shared service; and

    issuing to the shared service the shared services token, the credential information therein facilitating a transfer of control from the application to shared service interface to enable access to the shared service by the user without challenge.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×