Apparatus, systems and methods for agile enablement of secure communications for cloud based applications

US 9,485,099 B2
Filed: 10/25/2013
Issued: 11/01/2016
Est. Priority Date: 10/25/2013
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method comprising:

instantiating a first Virtual Machine (VM) associated with a cloud-based application on a cloud infrastructure, wherein the first VM is dynamically configured with a private key associated with the first VM and a first wildcard security certificate associated with the first VM, the first wildcard security certificate comprising;

a public key corresponding to the private key, anda Common Name, the Common Name including a wildcard character as a first substring; and

registering, with a domain name server, a domain name associated with the first VM, wherein the domain name is derived from an Internet Protocol (IP) address associated with the first VM and the Common Name associated with the first wildcard security certificate.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments disclosed facilitate secure communication for cloud-based and/or distributed computing applications. In some embodiments, a method may comprise: instantiating a first Virtual Machine (VM) on a cloud infrastructure, wherein the at least one first VM is dynamically configured with a private key and a wildcard security certificate comprising a public key corresponding to the private key, and registering, with a domain name server, a domain name derived from an Internet Protocol (IP) address associated with the first VM and a Common Name associated with the wildcard security certificate.

55 Citations

View as Search Results

23 Claims

1. A processor-implemented method comprising:
- instantiating a first Virtual Machine (VM) associated with a cloud-based application on a cloud infrastructure, wherein the first VM is dynamically configured with a private key associated with the first VM and a first wildcard security certificate associated with the first VM, the first wildcard security certificate comprising;
  
  a public key corresponding to the private key, anda Common Name, the Common Name including a wildcard character as a first substring; and
  
  registering, with a domain name server, a domain name associated with the first VM, wherein the domain name is derived from an Internet Protocol (IP) address associated with the first VM and the Common Name associated with the first wildcard security certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the domain name server is a DNS authoritative name server for a domain corresponding to the Common Name.
  - 3. The method of claim 1, wherein the domain name server is a second VM running on the cloud infrastructure.
  - 4. The method of claim 1, wherein the first wildcard security certificate is a X.509 based certificate.
  - 5. The method of claim 4, wherein the first wildcard security certificate is one of a wildcard Secure Sockets Layer (SSL) or a wildcard Transport Layer Security (TLS) certificate.
  - 6. The method of claim 1, further comprising:
    - determining an expiry date associated with the first wildcard security certificate.
  - 7. The method of claim 6, furthercomprising:
    - dynamically obtaining a second wildcard security certificate specifying the Common Name upon detecting that;
      
      the first wildcard security certificate has expired;
      
      ora period for expiry of the first wildcard security certificate is within a threshold of a current time.
  - 8. The method of claim 7, further comprising dynamically installing the second wildcard security certificate on the first VM.
  - 9. The method of claim 1, wherein the method is implemented using a virtual appliance configured with the first wildcard security certificate and wherein the virtual appliance instantiates the first VM.
  - 10. The method of claim 1, wherein the method is implemented using a cloud agnostic service.
  - 11. The method of claim 10, wherein the cloud agnostic service is an infrastructure independent representation that is implemented by utilizing at least one cloud-specific implementation of the infrastructure independent representation of the cloud agnostic service, and wherein the at least one cloud-specific implementation of the cloud agnostic service corresponds to the cloud infrastructure.

12. An apparatus comprising:
- at least one processing system comprising a memory, the at least one processing system coupled to a cloud-based infrastructure, the at least one processing system being configured to;
  
  dynamically configure a first Virtual Machine (VM) with a private key associated with the first VM and a first wildcard security certificate associated with the first VM, the first wildcard security certificate comprising;
  
  a public key corresponding to the private key, anda Common Name, the Common Name including a wildcard character as a first substring; and
  
  register, with a domain name server, a domain name associated with the first VM, wherein the domain name is derived from an Internet Protocol (IP) address associated with the first VM and the Common Name associated with the first wildcard security certificate.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the domain name server is a DNS authoritative name server for a domain corresponding to the Common Name.
  - 14. The apparatus of claim 12, wherein the domain name server is a second VM running on the cloud-based infrastructure.
  - 15. The apparatus of claim 12, wherein the processing system is further configured to:
    - dynamically determine an expiry date associated with the first wildcard security certificate.
  - 16. The apparatus of claim 15, wherein the processing system is further configured to:
    - dynamically obtain a second wildcard security certificate specifying the Common Name upon detecting that;
      
      the first wildcard security certificate has expired;
      
      ora period for expiry of the first wildcard security certificate is within a threshold of a current time.
  - 17. The apparatus of claim 12, wherein the processing system forms part of a virtual appliance configured with the first wildcard security certificate and wherein the virtual appliance instantiates the first VM.

18. A non-transitory computer-readable mediumcomprising instructions, which when executed by a processor, perform stepsin a method comprising:
- instantiating a first Virtual Machine (VM) associated with a cloud-based application on a cloud infrastructure, wherein the first VM is dynamically configured with a private key associated with the first VM and a first wildcard security certificate associated with the first VM, the first wildcard security certificate comprising;
  
  a public key corresponding to the private key, anda Common Name, the Common Name including a wildcard character as a first substring; and
  
  registering, with a domain name server, a domain name associated with the first VM, wherein the domain name is derived from an Internet Protocol (IP) address associated with the first VM and the Common Name associated with the first wildcard security certificate.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The computer-readable medium of claim 18, wherein the domain name server is a DNS authoritative name server for a domain corresponding to the Common Name.
  - 20. The computer-readable medium of claim 18, wherein the domain name server is a second VM running on the cloud infrastructure.
  - 21. The computer-readable medium of claim 18, further comprising:
    - determining an expiry date associated with the first wildcard security certificate.
  - 22. The computer-readable medium of claim 21, further comprising:
    - dynamically obtaining a second wildcard security certificate specifying the Common Name upon detecting that;
      
      the first wildcard security certificate has expired;
      
      ora period for expiry of the first wildcard security certificate is within a threshold of a current time.
  - 23. The computer-readable medium of claim 19, wherein the steps are implemented using a virtual appliance configured with the first wildcard security certificate and wherein the virtual appliance instantiates the first VM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
CliQr Technologies, Inc. (Cisco Systems, Inc.)
Inventors
Paranjape, Jagadish, Fu, Tianying
Primary Examiner(s)
King, John B

Application Number

US14/063,950
Publication Number

US 20150121078A1
Time in Patent Office

1,103 Days
Field of Search

713/175
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

H04L 9/006   involving public key infras...

H04L 9/3263   involving certificates, e.g...

Apparatus, systems and methods for agile enablement of secure communications for cloud based applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, systems and methods for agile enablement of secure communications for cloud based applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links