Security infrastructure for cloud services
First Claim
Patent Images
1. A method comprising:
- storing, by a system comprising one or more computing devices, security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in the system;
responsive to a request to transfer information from the first component to the second component;
determining, by the system, based upon the security rules information, a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component; and
determining, by the system, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring the information from the first component to the second component;
determining, based on the particular transfer technique, that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and
enabling, by the system, the transfer of the information from the first component to the second component using the particular transfer technique.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework for handling a secure interaction between components in a cloud infrastructure system that wish to transfer information between each other during processing of a customer'"'"'s subscription order is described. The framework orders the security zones of components based on security levels and protects the transfer of information between components in security zones with different security levels. The assignment of a component to a security zone is based upon the sensitivity of the data handled by the components, the sensitivity of functions performed by the component, and the like.
229 Citations
17 Claims
-
1. A method comprising:
-
storing, by a system comprising one or more computing devices, security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in the system; responsive to a request to transfer information from the first component to the second component; determining, by the system, based upon the security rules information, a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component; and determining, by the system, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring the information from the first component to the second component; determining, based on the particular transfer technique, that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and enabling, by the system, the transfer of the information from the first component to the second component using the particular transfer technique. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
one or more computing devices configured to provide one or more services; a memory configurable to store security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in the system, the first component and the second component executed by the one or more computing devices; and wherein a computing device from the one or more computing devices is configurable to; receive a request to transfer information from the first component to the second component; determine a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component based on the security rules information; determine, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring information from the first component to the second component; determine, based on the particular transfer technique, that the transfer of information from the first component to the second component is to be performed by pulling the information b the second component from the first component if the second security level associated with the second component is greater than the first security level of the first component; and enable the transfer of the information from the first component to the second component using the particular transfer technique. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
instructions that cause at least one processor from the one or more processors to store security rules information comprising one or more rules that govern a transfer of information between a first component and a second component in a system, the system comprising one or more computing devices; responsive to a request to transfer information from the first component to the second component; instructions that cause at least one processor from the one or more processors to determine, based on the security rules information, a first security zone and a first security level associated with the first component and a second security zone and a second security level associated with the second component; and instructions that cause at least one processor from the one or more processors to determine, based upon the first security zone and the first security level determined for the first component and the second security zone and the second security level determined for the second component, a particular transfer technique from a plurality of transfer techniques that is permitted for transferring information from the first component to the second component; instructions that cause at least one processor from the one or more processors to determine, based on the particular transfer technique, that the transfer of the information from the first component to the second component is to be performed by pushing the information from the first component to the second component if the second security level associated with the second component is same as or lower than the first security level associated with the first component; and instructions that cause at least one processor from the one or more processors to enable the transfer of the information from the first component to the second component using the particular transfer technique. - View Dependent Claims (15, 16, 17)
-
Specification