TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE

US 20120284780A1
Filed: 05/04/2011
Published: 11/08/2012
Est. Priority Date: 05/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:

obtaining an environment specification for a target environment that is un-trusted, the environment specification obtained within a trusted environment;

creating a package to include;

certificates, a service image for a migrating service that is migrating to the target environment, a service identifier for the migrating service, and a package identifier for the package;

establishing trust configuration information for the target environment having a trust configuration identifier;

including the trust configuration information in the package; and

sending the package to a target service in the target environment for deployment of an instance of the migrating service, via the service image, within a created sub environment of the target environment that establishes trust with the trusted environment by processing components of the package.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment.

20 Citations

View as Search Results

20 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- obtaining an environment specification for a target environment that is un-trusted, the environment specification obtained within a trusted environment;
  
  creating a package to include;
  
  certificates, a service image for a migrating service that is migrating to the target environment, a service identifier for the migrating service, and a package identifier for the package;
  
  establishing trust configuration information for the target environment having a trust configuration identifier;
  
  including the trust configuration information in the package; and
  
  sending the package to a target service in the target environment for deployment of an instance of the migrating service, via the service image, within a created sub environment of the target environment that establishes trust with the trusted environment by processing components of the package.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising, authenticating the target service via information received back from the target service from the target environment and acquired by the target service from the package.
  - 3. The method of claim 2 further comprising, providing the target service a setup trust service for use in establishing the sub environment.
  - 4. The method of claim 3 further comprising, receiving a request from a sub environment service created with the sub environment to establish trust with the trusted environment.
  - 5. The method of claim 4 further comprising, authenticating the sub environment as being trusted with the trusted environment based on interactions with the sub environment service.
  - 6. The method of claim 5 further comprising, interacting with the instance the migrating service within the trusted environment, the instance of the migrating service processing in the trusted sub environment of the target environment.
  - 7. The method of claim 6, wherein interacting further includes using the service identifier of the instance of the migrating service and a trusted sub environment identifier of the trusted sub environment when interacting.
  - 8. The method of claim 1, wherein creating further includes identifying the certificates as public key certificates for keys used by the trusted environment to encrypt information that can only be decrypted by an associated private key of the trusted environment owned and controlled by the trusted environment.

9. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- obtaining an environment specification for a trusted target environment, the environment specification obtained within an initiating trusted environment;
  
  creating a package to include;
  
  certificates, keys, a service image for a migrating service that is migrating to the trusted target environment, a service identifier for the migrating service, and a package identifier for the package;
  
  establishing trust configuration information for the trusted target environment having a trust configuration identifier;
  
  including the trust configuration information in the package; and
  
  sending the package to a target service in the trusted target environment for deployment of an instance of the migrating service, via the service image, within the trusted target environment by processing components of the package.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein obtaining further includes recognizing the initiating trusted environment and the trusted target environment are in a same physical location or in clouds owned by a same cloud provider.
  - 11. The method of claim 9, wherein obtaining further includes recognizing the initiating trusted environment and the trusted target environment are in different physical locations or in clouds owned by different cloud providers.
  - 12. The method of claim 9, wherein creating further includes generating the certificates and the keys within the initiating trusted environment.
  - 13. The method of claim 9, wherein creating further includes receiving the certificates and keys from the trusted target environment.
  - 14. The method of claim 9 further comprising, receiving notice from the trusted target environment that the instance of the migrating service is deployed for interacting with the initiating trusted environment.
  - 15. The method of claim 9 further comprising, receiving interaction from the instance of the migrating service by one or more other services within the initiating trusted environment.

16. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising.gathering cloud metrics from a plurality of first clouds;
- obtaining service metrics from a plurality of first services that process in the first clouds;
  
  analyzing the cloud metrics and the service metrics to produce cloud cost metrics, cloud performance metrics, and cloud reputation metrics;
  
  receiving a query to locate a target cloud; and
  
  using environment requirements for the first clouds and the cloud cost metrics, cloud performance metrics, and cloud reputation metrics to produce a cloud package agent for the target cloud selected from the first clouds, the cloud package including a cloud agent that is deployed to the target cloud permitting the target cloud to establish trust with other trusted environments.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein gathering further includes collecting the cloud metrics as:
    - processing information, network bandwidth, and file access information for each of the first clouds.
  - 18. The method of claim 16, wherein obtaining further includes collecting the service metrics as:
    - processing information, network bandwidth, and file access information for each of the first services.
  - 19. The method of claim 16, wherein analyzing further includes collecting the cloud reputation metrics from an external source providing reputation information.
  - 20. The method of claim 16, wherein using further includes including in the cloud package certificates, keys, and trust information in the cloud package along with an image for installing an instance of the cloud agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Bergeson, Bruce L., McClain, Carolyn B., Henderson, Larry Hal, Carter, Stephen R., Tietjen, Carl

Granted Patent

US 8,813,192 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR ESTABLISHING A TRUSTED CLOUD SERVICE

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links