US 9,813,418 B1
Method and system for visibility and control over access transactions between clouds using resource authorization messages
Deb Banerjee, Cupertino, CA (US)
Assigned to Symantec Corporation, Mountain View, CA (US)
Filed by SYMANTEC CORPORATION, Mountain View, CA (US)
Filed on Jan. 5, 2015, as Appl. No. 14/589,936.
Application 14/589,936 is a continuation of application No. 13/194,710, filed on Jul. 29, 2011, granted, now 8,931,041.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/00 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/10 (2013.01) [H04L 63/102 (2013.01)] 17 Claims
OG exemplary drawing
1. A method comprising:
detecting, by a computing system, an access transaction comprising one or more resource authorization messages transmitted via a resource authorization protocol, the access transaction pertaining to a consumer cloud requesting access to a protected resource hosted by a provider cloud;
generating, by the computing system, relationship data based on the resource authorization messages, the relationship data including an identifier for the provider cloud hosting the protected resource, an identifier for the consumer cloud requesting the access to the protected resource, and an identifier for a resource owner that is granting the access to the protected resource, wherein the relationship data represents a relationship between the provider cloud, the consumer cloud, and the resource owner;
storing policy data specifying cloud type criteria for access control actions;
storing security profile data for the resource owner indicating a security level for the resource owner;
generating a cloud trust model based on the relationship data, the security data, and the policy data, wherein the cloud trust model indicates a degree of the consumer cloud being a trusted cloud; and
performing, by the computing system, an access control action in relation to the access transaction based on the relationship data, wherein the access control action is at least one of allowing the consumer cloud the access to the protected resource or denying the consumer cloud the access to the protected resource.