Securely identifying host systems

US 8,694,777 B2
Filed: 08/13/2010
Issued: 04/08/2014
Est. Priority Date: 08/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securely identifying host systems, comprising:

receiving, using at least one computing device, a request for an instance;

identifying, using the at least one computing device, a template corresponding to the request;

provisioning, using the at least one computing device, the instance from the template, the instance being provisioned to include a security key within a read-only partition for validating a request from the instance;

receiving, using the at least one computing device, the request from the instance; and

validating, using the at least one computing device, the request from the instance using the security key and at least one additional security validation factor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s).

49 Citations

View as Search Results

22 Claims

1. A method for securely identifying host systems, comprising:
- receiving, using at least one computing device, a request for an instance;
  
  identifying, using the at least one computing device, a template corresponding to the request;
  
  provisioning, using the at least one computing device, the instance from the template, the instance being provisioned to include a security key within a read-only partition for validating a request from the instance;
  
  receiving, using the at least one computing device, the request from the instance; and
  
  validating, using the at least one computing device, the request from the instance using the security key and at least one additional security validation factor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 3. The method of claim 1, further comprising generating, using the at least one computing device, a globally unique string to yield the security key.
  - 4. The method of claim 1, further comprising generating, using the at least one computing device, a secure hash to yield the security key.
  - 5. The method of claim 1, further comprising accessing, using the at least one computing device, an application programming interface (API) to yield the security key.
  - 6. The method of claim 1, further comprising hashing, using the at least one computing device, a set of files to yield the security key.
  - 7. The method of claim 1, further comprising executing, using the at least one computing device, a binary to yield the security key.
  - 8. The method of claim 1, the template comprising an image, the instance comprising a virtual machine, and, the instance being provisioned within a cloud computing environment.

9. A system for securely identifying host systems, comprising:
- a bus;
  
  a processor coupled to the bus; and
  
  a memory medium coupled to the bus, the memory medium comprising instructions to;
  
  receive a request for an instance;
  
  identify a template corresponding to the request; and
  
  provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising executable binary code.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, the memory medium further comprising instructions to:
    - receive the request from the instance; and
      
      validate the request from the instance using the security key and at least one additional security validation factor.
  - 11. The system of claim 10, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 12. The system of claim 9, the template comprising an image, the instance comprising a virtual machine, and the instance being provisioned within a cloud computing environment.
  - 13. The system of claim 9, the memory medium further comprising instructions to generate the security key.
  - 14. The system of claim 9, the security key being generated from at least one of the following:
    - a globally unique string, a secure hash, an application programming interface (API) to yield the security key;
      
      a hashed set of files;
      
      or a set of pointers to the set of hashed files.

15. A computer program product for securely identifying host systems, the computer program product comprising a non-transitory computer readable storage medium, and program instructions stored on the non-transitory computer readable storage medium, to:
- receive a request for an instance;
  
  identify a template corresponding to the request; and
  
  provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising a linked asset.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising program instructions stored on the non-transitory computer readable storage medium to:
    - receive the request from the instance; and
      
      validate the request from the instance using the security key and at least one additional security validation factor.
  - 17. The computer program product of claim 16, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.
  - 18. The computer program product of claim 15, the template comprising an image, the instance comprising a virtual machine, and the instance being provisioned within a cloud computing environment.
  - 19. The computer program product of claim 15, further comprising program instructions stored on the non-transitory computer readable storage medium to generate the security key.
  - 20. The computer program product of claim 15, the security key being generated from at least one of the following:
    - a globally unique string, a secure hash, an application programming interface (API) to yield the security key;
      
      a hashed set of files;
      
      or a set of pointers to the set of hashed files.

21. A method for deploying a system for securely identifying host systems, comprising:
- providing a computer infrastructure being operable to;
  
  receive a request for an instance;
  
  identify a template corresponding to the request;
  
  provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising a protected partition;
  
  receive the request from the instance; and
  
  validate the request from the instance using the security key and at least one additional security validation factor.
- View Dependent Claims (22)
- - 22. The method of claim 21, the additional security factor comprising at least one of the following:
    - an internet protocol (IP) address associated with the instance, or header information associated with the request received from the instance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workday Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Goodman, Brian D., DeLuca, Lisa Seacat
Primary Examiner(s)
McNally, Michael S

Application Number

US12/856,045
Publication Number

US 20120042163A1
Time in Patent Office

1,334 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

G06F 21/73   by creating or determining ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

Securely identifying host systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Securely identifying host systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links