公开(公告)号：US08984621B2

公开(公告)日：2015-03-17

申请号：US12714452

申请日：2010-02-27

Applicant: Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

Inventor： Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

IPC: H04L29/06 ,  G06F21/33 ,  G06F9/455 ,  G06F21/53 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F9/455 ,  G06F9/45533 ,  G06F21/33 ,  G06F21/53 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L67/10

Abstract: Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server).

Abstract translation: 提供了对虚拟环境进行安全访问管理的技术。 为了建立虚拟机（VM），用户认证到门户。 门户与云服务器和身份服务器进行交互以验证用户，获取虚拟机的互联网协议（IP）地址和端口号，并获取安全令牌。 然后，用户与安全套接字层虚拟专用网（SSL VPN）服务器交互，以与VM建立SSL VPN会话。 SSL VPN服务器还通过身份服务器对令牌进行身份验证，并获取动态策略，以在用户与VM（由云端服务器管理的虚拟机）之间的SSL VPN会话期间执行。

公开(公告)号：US08799640B2

公开(公告)日：2014-08-05

申请号：US12714451

申请日：2010-02-27

Applicant: Prakash Umasankar Mukkara ,  Lloyd Leon Burch

Inventor： Prakash Umasankar Mukkara ,  Lloyd Leon Burch

IPC: H04L29/06 ,  G06F9/00

CPC classification number: H04L63/20 ,  H04L63/0272 ,  H04L63/166

Abstract: Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token.

Abstract translation: 提供了用于管理安全通信会话的技术。 非浏览器应用程序利用浏览器与服务器建立安全通信会话。 在浏览器中设置的会话cookie被服务器映射到通过浏览器提供给非浏览器应用程序的秘密令牌。 浏览器然后关闭，并且服务器和非浏览器应用程序之间的安全通信会话通过秘密令牌继续有增无减。

公开(公告)号：US20130073806A1

公开(公告)日：2013-03-21

申请号：US13622039

申请日：2012-09-18

Applicant: Felix Xavier ,  Umasankar Mukkara ,  Shyamsundar Ranganathan

Inventor： Felix Xavier ,  Umasankar Mukkara ,  Shyamsundar Ranganathan

IPC: G06F12/00

CPC classification number: G06F11/3442 ,  G06F11/3409 ,  G06F11/3485

Abstract: Techniques for translating Service Level Agreement (SLA) policy into storage controller requirements within a cloud storage environment are presented. System resource metrics for a storage controller are derived. The SLA policy is defined in terms of SLA parameters. Heuristics are used to translate the SLA parameters into defined percentages of system resources for the storage controller, which are compared to the system resource metrics and adjustments are updates are made as needed.

Abstract translation: 介绍了在云存储环境中将服务级别协议（SLA）策略转换为存储控制器要求的技术。 导出存储控制器的系统资源度量。 SLA策略是根据SLA参数定义的。 启发式用于将SLA参数转换为存储控制器的系统资源的定义百分比，与系统资源指标进行比较，并根据需要进行更新。

公开(公告)号：US20110296486A1

公开(公告)日：2011-12-01

申请号：US12787727

申请日：2010-05-26

Applicant: Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

Inventor： Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

IPC: G06F21/00 ,  G06F11/00 ,  G06F15/16

CPC classification number: H04L63/0807 ,  H04L29/12066 ,  H04L29/12113 ,  H04L61/1511 ,  H04L61/1541 ,  H04L63/0272 ,  H04L67/08 ,  H04L67/16 ,  H04L67/38

Abstract: Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.

Abstract translation: 装置，系统和方法可以操作以将身份服务（IS）的桌面客户端认证为从IS应用程序经由桌面客户端接收与一个虚拟服务网际协议（IP）地址相关联的虚拟服务网际协议（IP）地址的请求 服务。 当与IS相关联的策略允许通过与桌面客户端相关联的用户身份访问服务时，IS可以操作以构建包括与服务相关联的原始物理IP地址的路由令牌。 在验证路由令牌之后，应用程序可能通过桌面客户端连接到服务。 应用可以包括电子邮件应用或诸如虚拟网络计算（VNC）应用的远程控制应用。 公开了附加装置，系统和方法。

公开(公告)号：US20100154050A1

公开(公告)日：2010-06-17

申请号：US12334809

申请日：2008-12-15

Applicant: Prakash Umasankar Mukkara ,  Lloyd Leon Burch

Inventor： Prakash Umasankar Mukkara ,  Lloyd Leon Burch

IPC: G06F9/00

CPC classification number: H04L67/104 ,  H04L12/4641 ,  H04L63/0272

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.

Abstract translation: 提供了基于身份的对等（P2P）虚拟专用网（VPN）技术。 第一位和第二位负责人向受信任的第三方进行身份验证。 随后，第一个主体向第二个委托人请求了一个P2P VPN。 第二名委托人代表第一委托人联系，并获得许可。 然后发送第一和第二主体以直接建立彼此的P2P VPN通信会话命令。

公开(公告)号：US09141785B2

公开(公告)日：2015-09-22

申请号：US13558626

申请日：2012-07-26

Applicant: Umasankar Mukkara ,  Felix Xavier ,  Srivibhavan Balaram ,  Shailesh Bam

Inventor： Umasankar Mukkara ,  Felix Xavier ,  Srivibhavan Balaram ,  Shailesh Bam

IPC: G06F21/53 ,  G06F9/50

CPC classification number: G06F21/53 ,  G06F9/5072

Abstract: Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.

Abstract translation: 介绍了云环境中租户基础存储安全和服务级别保证的技术。 每个租户的租户存储机（TSM）使用唯一的标识符。 TSM动态分配操作系统资源，以根据约定的服务级别保证来运行流程。 服务级别保证存储在服务级别保证（SLA）策略存储中。 TSM通过TSM总线与SLA策略存储区进行通信，以获取为租户配置的SLA策略，并根据哪些资源进行动态分配。 在TSM下运行的进程以root权限运行，以提供安全性。

公开(公告)号：US08831993B2

公开(公告)日：2014-09-09

申请号：US12728115

申请日：2010-03-19

Applicant: Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

Inventor： Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

IPC: G06F21/00 ,  H04L29/08 ,  H04L29/06 ,  G06F9/455 ,  G06F9/50

CPC classification number: H04L63/10 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2212/151 ,  H04L9/3247 ,  H04L29/06612 ,  H04L29/08468 ,  H04L29/08846 ,  H04L63/08 ,  H04L63/20

Abstract: Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM).

Abstract translation: 提供了共享虚拟机（VM）资源的技术。 创建VM内资源的相对位置; 当主体在运行时请求访问资源时，相对位置会动态地解析为特定的物理位置。 主体位于与虚拟机相关的环境之外。 在主体和资源（位于VM环境中的资源）之间允许连接之前，认证和访问限制将针对主体发出的请求动态执行。

公开(公告)号：US08683574B2

公开(公告)日：2014-03-25

申请号：US12334809

申请日：2008-12-15

Applicant: Prakash Umasankar Mukkara ,  Lloyd Leon Burch

Inventor： Prakash Umasankar Mukkara ,  Lloyd Leon Burch

IPC: H04L29/00

CPC classification number: H04L67/104 ,  H04L12/4641 ,  H04L63/0272

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.

Abstract translation: 提供了基于身份的对等（P2P）虚拟专用网（VPN）技术。 第一位和第二位负责人向受信任的第三方进行身份验证。 随后，第一个主体向第二个委托人请求了一个P2P VPN。 第二名委托人代表第一委托人联系，并获得许可。 然后发送第一和第二主体以直接建立彼此的P2P VPN通信会话命令。

公开(公告)号：US20120328105A1

公开(公告)日：2012-12-27

申请号：US13611170

申请日：2012-09-12

Applicant: Umasankar Mukkara ,  Felix Xavier ,  Shyamsundar Ranganathan

Inventor： Umasankar Mukkara ,  Felix Xavier ,  Shyamsundar Ranganathan

IPC: H04L9/00

CPC classification number: H04L9/0897

Abstract: Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment.

Abstract translation: 介绍了在云环境中实现租户数据机密性的技术。 租户存储机器（TSM）中的守护进程管理具有多个其他租户的云存储环境的特定租户的密钥存储。 只有TSM存储过程才能访问密钥存储。 当需要访问时，为特定租户解密数据，并且在写入云存储环境时使用密钥库的加密密钥对数据进行加密。

公开(公告)号：US20100211780A1

公开(公告)日：2010-08-19

申请号：US12388658

申请日：2009-02-19

Applicant: Prakash Umasankar Mukkara ,  Ajith Kumar ,  Subbaraju Uppalapati ,  Vishnu Vardhan ,  Sureshkumar Thangavel

Inventor： Prakash Umasankar Mukkara ,  Ajith Kumar ,  Subbaraju Uppalapati ,  Vishnu Vardhan ,  Sureshkumar Thangavel

IPC: H04L9/00

CPC classification number: H04L63/1441 ,  H04L63/0823 ,  H04L63/1466

Abstract: Apparatus, systems, and methods may operate to establish a secure communications tunnel between a server node and a client node, and to receive user requests from the client node at the server node via the secure communications tunnel. The user requests may be received in conjunction with a device verification token derived from nonces generated by the server node and transmitted to the client node as part of keep-alive response messages. The nonces may change according to a period of time established by the server node. Additional apparatus, systems, and methods are disclosed.

Abstract translation: 设备，系统和方法可以操作以在服务器节点和客户机节点之间建立安全通信隧道，并且经由安全通信隧道从服务器节点处的客户端节点接收用户请求。 用户请求可以结合从由服务器节点生成的随机数导出的设备验证令牌被接收，并且作为保持活动响应消息的一部分被发送到客户端节点。 随机数可以根据由服务器节点建立的时间段而改变。 公开了附加装置，系统和方法。