Establishing trust within a cloud computing system

US 9,838,382 B2
Filed: 01/06/2017
Issued: 12/05/2017
Est. Priority Date: 06/05/2012
Status: Active Grant

First Claim

Patent Images

1. A cloud computing system comprises:

a cloud system managing unit having a system level manager trusted certificate;

a set of devices includes one or more devices having a common aspect; and

an authentication server associated with the set of devices based on the common aspect, wherein the authentication server has a unique device level server trusted certificate and a unique system level server trusted certificate;

wherein;

the authentication servers and the one or more devices of the set of devices establishes trust therebetween based on the unique device level server trusted certificate of the authentication server;

the authentication server and the cloud system managing unit establishes trust therebetween based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;

the cloud system managing unit and the one or more devices of the set of devices establish trust therebetween based on the trust between the authentication server and the one or more device of the set of devices and the trust between the authentication servers and the cloud system managing unit; and

the cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and the one or more devices of the set of devices, wherein the configuring includes facilitating subsequent operation of a device of the one or more devices of the set of devices in accessing another set of devices of the cloud computing system using a signed certificate from the cloud system managing unit.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud computing system includes a cloud system managing unit, a plurality of sets of devices, where a set of devices includes one or more devices having a common aspect, and a plurality of authentication servers, where an authentication server is associated with one of the plurality of sets of devices based on the common aspect. The cloud computing system functions to establish trust between a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices, between the corresponding one of the plurality of authentication servers and the cloud system managing unit, and between the cloud system managing unit and the one or more devices. The cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

82 Citations

20 Claims

1. A cloud computing system comprises:
- a cloud system managing unit having a system level manager trusted certificate;
  
  a set of devices includes one or more devices having a common aspect; and
  
  an authentication server associated with the set of devices based on the common aspect, wherein the authentication server has a unique device level server trusted certificate and a unique system level server trusted certificate;
  
  wherein;
  
  the authentication servers and the one or more devices of the set of devices establishes trust therebetween based on the unique device level server trusted certificate of the authentication server;
  
  the authentication server and the cloud system managing unit establishes trust therebetween based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  the cloud system managing unit and the one or more devices of the set of devices establish trust therebetween based on the trust between the authentication server and the one or more device of the set of devices and the trust between the authentication servers and the cloud system managing unit; and
  
  the cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and the one or more devices of the set of devices, wherein the configuring includes facilitating subsequent operation of a device of the one or more devices of the set of devices in accessing another set of devices of the cloud computing system using a signed certificate from the cloud system managing unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The cloud computing system of claim 1, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 3. The cloud computing system of claim 1 further comprises:
    - a plurality of certificate authorities, wherein one of the plurality of certificate authorities is affiliated with the authentication server based on the common aspect and wherein the one of the plurality of certificate authorities generates the unique device level server trusted certificate for the authentication server.
  - 4. The cloud computing system of claim 1 further comprises:
    - a cloud system certificate authority operable to;
      
      generate the system level manager trusted certificate for the cloud system managing unit; and
      
      generate the unique system level server trusted certificate for the authentication server.
  - 5. The cloud computing system of claim 1, wherein the authentication server and the one or more devices of the set of devices establishing trust therebetween comprises:
    - sending, by a device of the one or more devices, an authentication request to the authentication server, wherein the device is programmed with the unique device level server trusted certificate and wherein the authentication request references the unique device level server trusted certificate;
      
      generating, by the authentication server, an authentication response based on the authentication request;
      
      when the authentication response is verified, sending, by the device, device configuration information to the authentication server; and
      
      receiving, by the device, manager information regarding the cloud system managing unit.
  - 6. The cloud computing system of claim 1, wherein the cloud system managing unit and the one or more devices of the set of devices establishing trust therebetween comprises:
    - sending, by a device of the one or more devices, a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generating, by the cloud system managing unit, a manager authentication response based on the manager authentication request;
      
      sending, by the device, a certificate signing request to the cloud system managing unit; and
      
      sending, by the cloud system managing unit, a signed certificate to the device in response to the certificate signing request.
  - 7. The cloud computing system of claim 1 further comprises:
    - the authentication server and the one or more devices of the set of devices establishes trust therebetween based on the common aspect and the unique device level server trusted certificate of the authentication server.
  - 8. The cloud computing system of claim 1 further comprises:
    - the cloud system managing unit and the one or more devices of the set of devices establish trust therebetween based on the trust between each of a plurality of other authentication servers and the one or more devices of the set of devices and the trust between each of the plurality of other authentication servers and the cloud system managing unit.

9. A method comprises:
- storing a system level manager trusted certificate for a cloud system managing unit that includes a processor;
  
  storing a unique device level server trusted certificate and a unique system level server trusted certificate for a plurality of authentication servers;
  
  establishing trust, via a corresponding one of the plurality of authentication servers, between the corresponding one of the plurality of authentication servers and one or more devices of one of a plurality of sets of devices based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers, wherein a set of devices of the plurality of sets of devices includes the one or more devices having a common aspect;
  
  establishing trust, via the cloud system managing unit, between the corresponding one of the plurality of authentication servers and the cloud system managing unit based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  establishing trust, via the cloud system managing unit, between the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and
  
  configuring, via the cloud system managing unit, a cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices, wherein the configuring includes facilitating subsequent operation of a device of the plurality of sets of devices in accessing another of the plurality of sets of devices of the cloud computing system using a signed certificate from the cloud system managing unit.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 11. The method of claim 9 further comprises:
    - generating the unique device level server trusted certificate for the corresponding one of the plurality of authentication servers based on the common aspect.
  - 12. The method of claim 9 further comprises:
    - generating the system level manager trusted certificate for the cloud system managing unit; and
      
      generating the unique system level server trusted certificates for each of the plurality of authentication servers.
  - 13. The method of claim 9, wherein establishing the trust between the corresponding one of the plurality of authentication servers and one or more devices of one of a plurality of sets of devices includes:
    - sending, from a device of the one or more devices of the one of the plurality of sets of devices, an authentication request to the corresponding one of the plurality of authentication servers, wherein the device is programmed with the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers and wherein the authentication request references the unique device level server trusted certificate;
      
      generating an authentication response based on the authentication request;
      
      when the authentication response is verified, sending, device configuration information to the corresponding one of the plurality of authentication servers; and
      
      receiving, manager information regarding the cloud system managing unit.
  - 14. The method of claim 9, wherein establishing trust between the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices includes:
    - sending a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generating a manager authentication response based on the manager authentication request;
      
      sending a certificate signing request to the cloud system managing unit; and
      
      sending a signed certificate to the device in response to the certificate signing request.

15. A cloud computing system set up unit comprises:
- memory for storing;
  
  a system level manager trusted certificate of a cloud system managing unit;
  
  a unique device level server trusted certificate for each of a plurality of authentication servers; and
  
  a unique system level server trusted certificate for the each of the plurality of authentication servers; and
  
  a processor having processing hardware, the processor operable to;
  
  establish trust between a corresponding one of the plurality of authentication servers and one or more devices of one of a plurality of sets of devices based on the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers, wherein a set of devices of the plurality of sets of devices includes one or more devices having a common aspect;
  
  establish trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit based on at least one of the unique system level server trusted certificate and the system level manager trusted certificate;
  
  establish trust between the cloud system managing unit and the one or more devices of the one of the plurality of sets of devices based on the trust between the corresponding one of the plurality of authentication servers and the one or more devices of the one of the plurality of sets of devices and the trust between the corresponding one of the plurality of authentication servers and the cloud system managing unit; and
  
  configure the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices wherein the configuring includes facilitating subsequent operation of a device of the plurality of sets of devices in accessing another of the plurality of sets of devices of the cloud computing system using a signed certificate from the cloud system managing unit.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The cloud computing system set up unit of claim 15, wherein the common aspect comprises at least one of:
    - a vendor identifier;
      
      a device type identifier;
      
      a version identifier;
      
      a functionality identifier; and
      
      an assigned identifier.
  - 17. The cloud computing system set up unit of claim 15, wherein the processor is further operable to:
    - generate the unique device level server trusted certificate for the corresponding one of the plurality of authentication servers based on the common aspect.
  - 18. The cloud computing system set up unit of claim 15, wherein the processor is further operable to:
    - generate the system level manager trusted certificate for the cloud system managing unit; and
      
      generate the unique system level server trusted certificates for the each of the plurality of authentication servers.
  - 19. The cloud computing system set up unit of claim 15, wherein the processor is further operable to:
    - send, as a device of the one or more devices, an authentication request to the corresponding one of the plurality of authentication servers, wherein the device is programmed with the unique device level server trusted certificate of the corresponding one of the plurality of authentication servers and wherein the authentication request references the unique device level server trusted certificate;
      
      generate, as the corresponding one of the plurality of authentication servers, an authentication response based on the authentication request;
      
      when the authentication response is verified, send, as the device, device configuration information to the corresponding one of the plurality of authentication servers; and
      
      receive, as the device, manager information regarding the cloud system managing unit.
  - 20. The cloud computing system set up unit of claim 15, wherein the processor is further operable to:
    - send, as a device of the one or more devices, a manager authentication request to the cloud system managing unit based on manager information, wherein the manager authentication request references the system level manager trusted certificate;
      
      generate, as the cloud system managing unit, a manager authentication response based on the manager authentication request;
      
      send, as the device, a certificate signing request to the cloud system managing unit; and
      
      send, as the cloud system managing unit, a signed certificate to the device in response to the certificate signing request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Leggette, Wesley, Resch, Jason K.
Primary Examiner(s)
Powers, William
Assistant Examiner(s)
LE, THANH H

Application Number

US15/400,769
Publication Number

US 20170118200A1
Time in Patent Office

333 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/172   Caching, prefetching or hoa...

G06F 16/1873   Versioning file systems, te...

G06F 21/33   using certificates

G06F 21/57   Certifying or maintaining t...

G06F 21/604   Tools and structures for ma...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

Establishing trust within a cloud computing system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Establishing trust within a cloud computing system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others