Virtual machine service access

US 8,800,009 B1
Filed: 02/23/2012
Issued: 08/05/2014
Est. Priority Date: 12/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented by data processing apparatus, the method comprising:

receiving a plurality of requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account;

providing one or more of the long-term security tokens to the host machine based on the plurality of requests, wherein the one or more long-term security tokens can be used to generate short-term security tokens for virtual machines executing on the host machine, wherein the virtual machines are hardware virtualizations on the host machine and cannot access the one or more long-term security token provided to the host machine; and

generating by a process executing in a host operating system of the host machine a short-term security token based on a long-term security token of the one or more long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is different than the long-term security token and the short-term security token is useable for a pre-determined amount of time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for accessing services from a virtual machine. One of the methods includes receiving requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account. The method include providing long-term security tokens to the host machine, wherein the long-term security tokens can be used to generate short-term security tokens for a virtual machine executing on the host machine. The method also includes generating by a process executing in a host operating system of the host machines a short-term security token based on a long-term security token of the long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is useable for a pre-determined amount of time.

531 Citations

21 Claims

1. A method implemented by data processing apparatus, the method comprising:
- receiving a plurality of requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account;
  
  providing one or more of the long-term security tokens to the host machine based on the plurality of requests, wherein the one or more long-term security tokens can be used to generate short-term security tokens for virtual machines executing on the host machine, wherein the virtual machines are hardware virtualizations on the host machine and cannot access the one or more long-term security token provided to the host machine; and
  
  generating by a process executing in a host operating system of the host machine a short-term security token based on a long-term security token of the one or more long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is different than the long-term security token and the short-term security token is useable for a pre-determined amount of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein a particular request of the plurality of requests includes scope information and wherein the scope information identifies limits of access to one of the respective service accounts.
  - 3. The method of claim 2 wherein a distinct long-term security token is provided for each service account and corresponding scope information.
  - 4. The method of claim 1 wherein providing the one or more long-term security tokens comprises:
    - determining that a long-term security token is not available for a respective service account; and
      
      generating the long-term security token.
  - 5. The method of claim 1 wherein the process executing in the host operating system executes in user process space of the host operating system.
  - 6. The method of claim 1, further comprising:
    - receiving a request to modify service accounts associated with a virtual machine executing on a host machine;
      
      obtaining a long-term security token based on the request; and
      
      providing the long-term security token to the host machine.
  - 7. The method of claim 1, further comprising receiving a request for the short-term access token from the virtual machine, wherein the request is received by a virtualized network service.

8. A non-transitory, computer storage medium encoded with computer program instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- receiving a plurality of requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account;
  
  providing one or more of the long-term security tokens to the host machine based on the plurality of requests, wherein the one or more long-term security tokens can be used to generate short-term security tokens for virtual machines executing on the host machine, wherein the virtual machines are hardware virtualizations on the host machine and cannot access the one or more long-term security token provided to the host machine; and
  
  generating by a process executing in a host operating system of the host machine a short-term security token based on a long-term security token of the one or more long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is different than the lone-term security token and the short-term security token is useable for a pre-determined amount of time.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The medium of claim 8 wherein a particular request of the plurality of requests includes scope information and wherein the scope information identifies limits of access to one of the respective service accounts.
  - 10. The medium of claim 9 wherein a distinct long-term security token is provided for each service account and corresponding scope information.
  - 11. The medium of claim 8 wherein providing the one or more long-term security tokens comprises:
    - determining that a long-term security token is not available for a respective service account; and
      
      generating the long-term security token.
  - 12. The medium of claim 8 wherein the process executing in the host operating system executes in user process space of the host operating system.
  - 13. The medium of claim 8, further comprising computer program instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
    - receiving a request to modify service accounts associated with a virtual machine executing on a host machine;
      
      obtaining a long-term security token based on the request; and
      
      providing the long-term security token to the host machine.
  - 14. The medium of claim 8, further comprising computer program instructions that when executed by one or more computers cause the one or more computers to perform operations comprising receiving a request for the short-term access token from the virtual machine, wherein the request is received by a virtualized network service.

15. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving a plurality of requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account;
  
  providing one or more of the long-term security tokens to the host machine based on the plurality of requests, wherein the one or more long-term security tokens can be used to generate short-term security tokens for virtual machines executing on the host machine, wherein the virtual machines are hardware virtualizations on the host machine and cannot access the one or more long-term security token provided to the host machine; and
  
  generating by a process executing in a host operating system of the host machine a short-term security token based on a long-term security token of the one or more long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is different than the lone-term security token and the short-term security token is useable for a pre-determined amount of time.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15 wherein a particular request of the plurality of requests includes scope information and wherein the scope information identifies limits of access to one of the respective service accounts.
  - 17. The system of claim 16 wherein a distinct long-term security token is provided for each service account and corresponding scope information.
  - 18. The system of claim 15 wherein providing the one or more long-term security token comprises:
    - determining that a long-term security token is not available for a respective service account; and
      
      generating the long-term security token.
  - 19. The system of claim 15 wherein the process executing in the host operating system executes in user process space of the host operating system.
  - 20. The system of claim 15 wherein the one or more storage devices further store instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:
    - receiving a request to modify service accounts associated with a virtual machine executing on a host machine;
      
      obtaining a long-term security token based on the request; and
      
      providing the long-term security token to the host machine.
  - 21. The system of claim 15, wherein the one or more storage devices further store instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising receiving a request for the short-term access token from the virtual machine, wherein the request is received by a virtualized network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Beda, Joseph S. III, Kedia, Ridhima
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US13/402,975
Time in Patent Office

894 Days
Field of Search

713155-159
US Class Current

726/6
CPC Class Codes

H04L 63/0846 using time-dependent-passwo...

Virtual machine service access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

531 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual machine service access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

531 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links