Securely identifying host systems
First Claim
1. A method for securely identifying host systems, comprising:
- receiving, using at least one computing device, a request for an instance;
identifying, using the at least one computing device, a template corresponding to the request;
provisioning, using the at least one computing device, the instance from the template, the instance being provisioned to include a security key within a read-only partition for validating a request from the instance;
receiving, using the at least one computing device, the request from the instance; and
validating, using the at least one computing device, the request from the instance using the security key and at least one additional security validation factor.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention allow for “end-user” provisioned instances to securely identify themselves beyond a simple user ID and password. Specifically, embodiments of the present invention use a multi-part security approach that includes (among other things): an identifying key (e.g., a shared private key) known by the cloud security system and the instance; and at least one additional security factor such as an identifier found in TCP/IP packets (e.g., an internet protocol address). In a typical embodiment, a request for an instance (e.g., a virtual machine) is received, and a template (e.g., an image) corresponding to the requested instance is identified. From this template, the instance is provisioned. Under the embodiments of the present invention, the instance will be provisioned to include a security key. When a request is thereafter received from the instance, the request is validated using the security key and the additional security factor(s).
49 Citations
22 Claims
-
1. A method for securely identifying host systems, comprising:
-
receiving, using at least one computing device, a request for an instance; identifying, using the at least one computing device, a template corresponding to the request; provisioning, using the at least one computing device, the instance from the template, the instance being provisioned to include a security key within a read-only partition for validating a request from the instance; receiving, using the at least one computing device, the request from the instance; and validating, using the at least one computing device, the request from the instance using the security key and at least one additional security validation factor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for securely identifying host systems, comprising:
-
a bus; a processor coupled to the bus; and a memory medium coupled to the bus, the memory medium comprising instructions to; receive a request for an instance; identify a template corresponding to the request; and provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising executable binary code. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product for securely identifying host systems, the computer program product comprising a non-transitory computer readable storage medium, and program instructions stored on the non-transitory computer readable storage medium, to:
-
receive a request for an instance; identify a template corresponding to the request; and provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising a linked asset. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method for deploying a system for securely identifying host systems, comprising:
providing a computer infrastructure being operable to; receive a request for an instance; identify a template corresponding to the request; provision the instance from the template, the instance being provisioned to include a security key for validating a request from the instance, the key comprising a protected partition; receive the request from the instance; and validate the request from the instance using the security key and at least one additional security validation factor. - View Dependent Claims (22)
Specification