US2016261607A1PendingUtilityA1

Techniques for identity-enabled interface deployment

Assignee: NOVELL INCPriority: Jul 15, 2010Filed: Nov 9, 2015Published: Sep 8, 2016
Est. expiryJul 15, 2030(~4 yrs left)· nominal 20-yr term from priority
G06F 21/41H04L 63/083H04L 9/3213H04L 63/0435H04L 63/06H04L 63/108
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A method, comprising:
 authenticating, by a cloud agent, for operation within a cloud environment;   obtaining, by the cloud agent, security policy for the cloud environment; and   enforcing, by the cloud agent, the security policy within the cloud environment   
     
     
         3 . The method of  claim 2 , wherein authenticating further includes obtaining a credential that expires when authenticating. 
     
     
         4 . The method of  claim 3 , wherein obtaining further includes using a mechanism for obtaining a new credential when the credential expires and re-authenticating, by the cloud agent, for operating within the cloud environment. 
     
     
         5 . The method of  claim 2 , wherein authenticating further includes obtaining a token when authenticating that is unique to the cloud environment and the cloud agent, wherein the token required for operation of the cloud agent within the cloud environment. 
     
     
         6 . The method of  claim 2 , wherein authenticating further includes receiving a Time-To-Live setting that defines how long the cloud agent is permitted to process within cloud environment. 
     
     
         7 . The method of  claim 6 , wherein enforcing further includes sending an even indicating by the cloud agent that the cloud agent expects to processing longer than a time identified in the TTL setting. 
     
     
         8 . The method of  claim 7 , wherein sending further includes receiving a credential by the cloud agent in response to the event. 
     
     
         9 . The method of  claim 8  further comprising, detecting, by the cloud agent, a lapse in the time and re-authenticating, by the cloud agent, for processing within the cloud environment. 
     
     
         10 . The method of  claim 9 , wherein detecting further includes obtaining, by the cloud agent, a new TTL with a new time for the cloud agent to process within the cloud environment. 
     
     
         11 . The method of  claim 2 , wherein authenticating further includes receiving, by the cloud agent, a token in response to authenticating, wherein the token is encrypted and includes identity information for the cloud agent and an expiration specification that identifies conditions for which the authentication of the cloud agent expires for processing with the cloud environment. 
     
     
         12 . A method, comprising:
 receiving a request for authentication of a cloud agent for processing within a cloud environment;   providing the cloud agent with a token having encrypted identity information cloud agent and an expiration specification defining conditions that revoke authentication of the cloud agent in response to successful authentication of the cloud agent;   obtaining a second request from the cloud agent subsequent to the successful authentication of the cloud agent requesting modification to the expiration specification; and   sending the cloud agent, a new token having the modified expiration specification.   
     
     
         13 . The method of  claim 12  further comprising, receiving the new token from the cloud environment and re-authenticating the cloud agent for processing within the cloud environment in accordance with the modified expiration specification. 
     
     
         14 . The method of  claim 12 , wherein providing further includes associating access rights for the cloud agent when processing within the cloud environment with the token. 
     
     
         15 . The method of  claim 14 , wherein associating further includes identifying at least some access rights as permissions that authorize the cloud agent to authenticate other applications for processing within the cloud environment. 
     
     
         16 . The method of  claim 14 , wherein associating further includes identifying at least some access rights as permissions that authorize the cloud agent to enforce security policies within the cloud environment. 
     
     
         17 . The method of  claim 14 , wherein associating further includes identifying at least some access rights as permission that authorize the cloud agent to interact with an existing security manager of the cloud environment to augment security enforcement within the cloud environment. 
     
     
         18 . The method of  claim 12 , wherein providing further includes augmenting the token with identify information that is unique to the cloud environment. 
     
     
         19 . A system comprising:
 a server; and   an identity manager configured to: i) execute on one or more processors of the server, ii) provide a mechanism for authenticating a cloud agent for enforcing security policy within a cloud environment, and iii) provide a mechanism for the cloud agent to extend authentication for enforcing the security policy within the cloud environment before a condition occurs that invalidates the cloud agent for enforcing security policy within the cloud environment.   
     
     
         20 . The system of  claim 19 , wherein the mechanism at least in part includes an encrypted token identifying a unique identity for the cloud agent, a unique identity for the cloud environment, a credential, and the condition. 
     
     
         21 . The system of  claim 19 , wherein the mechanism also includes access rights permitting the cloud agent to enforce additional security within the cloud environment beyond what is performed by an existing security manager that processes within the cloud environment.

Join the waitlist — get patent alerts

Track US2016261607A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.