Device enrollment in a cloud service using an authenticated application
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/04
G05B-019/418
H04L-029/06
H04L-029/08
G06F-003/0482
G06F-003/0484
G06F-003/0488
H04L-012/24
H04L-012/26
G06Q-010/04
G06Q-010/06
출원번호
US-0094737
(2016-04-08)
등록번호
US-10156842
(2018-12-18)
발명자
/ 주소
Wu, Jiaqi
Lammers, Greg
출원인 / 주소
General Electric Company
대리인 / 주소
Fitch, Even, Tabin & Flannery LLP
인용정보
피인용 횟수 :
0인용 특허 :
125
초록▼
In various example embodiments, systems and methods for administering machine access to a cloud service are presented. An edge manager device in a cloud computing environment can establish a first client for a first application that is executed externally to the cloud computing environment. The edge
In various example embodiments, systems and methods for administering machine access to a cloud service are presented. An edge manager device in a cloud computing environment can establish a first client for a first application that is executed externally to the cloud computing environment. The edge manager device can provide a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client. The edge manager device can receive the client identification and client secret information from the authorization service application via the first network. The client identification and client secret information can be selected by the authorization service application to permit later data access to the edge manager device by the first client. The edge manager device can provide the client identification and client secret information to the first client via a second network.
대표청구항▼
1. A method for negotiating machine access to a cloud-based application using an edge manager device; the method comprising: establishing, at an edge manager device in a cloud computing environment, a first client corresponding to a first application that is executed externally to the cloud computin
1. A method for negotiating machine access to a cloud-based application using an edge manager device; the method comprising: establishing, at an edge manager device in a cloud computing environment, a first client corresponding to a first application that is executed externally to the cloud computing environment, the first application configured to register identification information about one or more external devices with the edge manager device using the first client, to permit later data access to the edge manager device by the one or more external devices;using the edge manager device, providing a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client;receiving the client identification and client secret information at the edge manager device from the authorization service application via the first network, wherein the client identification and client secret information are selected by the authorization service application to permit later data access to the edge manager device by the first client; andusing the edge manager device, providing the client identification and client secret information to the first client via a second network. 2. The method of claim 1, further comprising receiving, at the edge manager device and from the first client via the third network, a request to pre-register a first external device with the edge manager device, the request including first device identification information for the first external device. 3. The method of claim 2, further comprising using the edge manager device, updating a cloud-based device registry database to include the first device identification information for the first external device. 4. The method of claim 3, further comprising receiving, at the edge manager device and via a third network, the first device identification information and a certificate signing request (CSR) from the first external device. 5. The method of claim 4, wherein the receiving the first device identification information and the CSR from the first external device includes receiving a JSON web token from the first external device. 6. The method of claim 4, wherein the receiving the first device identification information and the CSR from the first external device further includes receiving at least one of a MAC address, IP address, OS version, or BIOS version corresponding to the first external device. 7. The method of claim 4, further comprising: using the edge manager device, establishing credential data for use by the first external device to access a first cloud-based application; andusing the edge manager device, providing the credential data to the first external device via the third network. 8. The method of claim 7, wherein the establishing the credential data for use by the first external device includes, using the edge manager device, requesting device credential data from the authorization service application via the first network. 9. The method of claim 8, further comprising using the edge manager device, providing the CSR to a registration authority application via the first network and, in return, receiving a signed certificate at the edge manager device. 10. The method of claim 9, further comprising using the edge manager device, providing the signed certificate to the first external device via the third network. 11. The method of claim 8, further comprising receiving, at the edge manager device and in response to the requesting the device credential data, an OAuth2 token for use by the first external device to establish a secure data communication link between the first external device and the first cloud-based application. 12. The method of claim 11, further comprising using the edge manager device, providing the OAuth2 token to the first external device. 13. The method of claim 1, further comprising receiving, at the edge manager device and from the first client via the second network, one or more requests to pre-register a plurality of external devices with the edge manager device, the one or more requests including respective device identification information for each of the plurality of external devices; and using the edge manager device, adding the respective device information for each of plurality of external devices to a cloud-based device registry database. 14. The method of claim 13, further comprising: receiving, at the edge manager device via a third network, a device enrollment request from a first external device of the plurality of external devices, the device enrollment request including first device identification information corresponding to the first external device; andusing the edge manager device, querying the cloud-based device registry database to determine whether the first external device is pre-registered with the edge manager device. 15. The method of claim 14, further comprising using the edge manager device to obtain, from the authorization service application, device-specific identification and secret information for use by the first external device to access a cloud-based application service. 16. The method of claim 13, further comprising: receiving, at the edge manager device via a third network, a device enrollment request from a first external device other than the plurality of external devices, the device enrollment request including first device identification information corresponding to the first external device; andusing the edge manager device, returning a denial of access indication to the first external device when the first device identification information does not correspond to the device identification information for any one of the plurality of external devices. 17. A method for administering machine access to a cloud service application, the method comprising: using an authenticated application outside of a cloud environment, assigning first identification information for use by a first machine, including providing the first identification information to the first machine and to a cloud-based enrollment service application via separate networks;receiving, via a network and at the enrollment service application, an enrollment request from the first machine, the enrollment request including the assigned first identification information corresponding to the first machine; anddetermining, using the enrollment service application, whether the received first identification information corresponds to valid identification information based on a comparison of the received first identification information and previously-known valid identification information, wherein when the received first identification information is determined to correspond to the previously-known valid identification information, returning a certificate from the enrollment service application to the first machine, the certificate for use by the first machine to obtain data access to one or more cloud-based applications. 18. The method of claim 17, further comprising enrolling the authenticated application with a cloud service, including using the enrollment service application to provide credential data to the authenticated application, the credential data configured to permit the authenticated application data access to one or more cloud-based applications. 19. The method of claim 17, further comprising using the first machine, generating a certificate signing request (CSR) and providing the CSR and the first identification information from the first machine to the cloud-based enrollment service application via a network. 20. A method for using a device-based authentication certificate to obtain data access to a cloud-based destination application, the method comprising: using an edge manager device, receiving, via a first network, a first token and first data access request from a first machine wherein the first machine is outside of the cloud, the edge manager device configured to administer data access for the first machine to one or more cloud-based applications;using the edge manager device, querying a device registry database via a second network to determine whether an authentication certificate associated with the first token is previously known to correspond with the first machine;receiving an indication via the second network whether the authentication certificate is previously known to correspond with the first machine and, when the authentication certificate is previously known to correspond with the first machine, using the edge manager device, providing the first token and information about the first machine from the edge manager device to a cloud-based authorization service application via a third network;using the cloud-based authorization service application, verifying the first token against a cloud-based device registry, generating an OAuth2 token for use by the first machine when the first token is verified, and providing the OAuth2 token to the edge manager device via the third network; andusing the edge manager device, providing the OAuth2 token to the first machine via the first network.
Den Dekker Dirk Jan Marinus (CM Bergen NLX), Assembly of filtering apparatus and replaceable filter; and filtering apparatus and filter for use therein.
Imming, David P.; Zornio, Peter; Schleiss, Trevor D.; Peterson, Neil J.; Nixon, Mark J.; Rotvold, Eric D.; Karschnia, Robert J., Asset tracking in process control environments.
Angst, Hermann; Götz, Franz-Josef; Klotz, Dieter; Lohmeyer, Joachim; Scheffel, Matthias, Communication device and method for redundant message transmission in an industrial communication network.
Kimura Yutaka (Nagoya JPX) Okumura Hiroshi (Nagoya JPX) Mihara Hirokata (Nagoya JPX) Yoshida Mitsutoshi (Nagoya JPX), Control system of an industrial robot.
Mirra, Jason; Paulus, Michael; Chan, Wai Loon; Martell, III, Richard Thomas; Ross, Justin D.; Greenbaum, Michael Lee, Controlled creation of reports from table views.
Challener, David Carroll; Cromer, Daryl Carvis; Desai, Dhruv Manmohandas; Locker, Howard Jeffrey; Trotter, Andy Lloyd; Ward, James Peter, Data processing system and method for permitting only preregistered hardware to access a remote service.
Koudo Toshikazu,JPX ; Imura Masaharu,JPX ; Kuno Yoshiki,JPX ; Mashiko Yasuhisa,JPX ; Ishibashi Hidefumi,JPX, Disk reproducing device a disk reproducing method a disk rotation control method and a regenerative clock signal generating device.
Torrens, Richard Ian; Gierer, Conrad Mark; Tonkin, Trevor Graham; Goberdhansingh, Errol, Executing a utility in a distributed computing system based on an integrated model.
Byrne, Brian P.; Oberhofer, Martin A.; Pandit, Sushain; Wolfson, Charles D., Generating a semantic graph relating information assets using feedback re-enforced search and navigation.
Bob Spriggs ; Bob Hayashida ; Ken Ceglia ; Diana Seymour ; Mike Peden ; Paul Richetta ; Matt Anderson ; Rich Bennington ; Daryl Frogget ; Scott Roby ; Mark Jensen, Industrial plant asset management system: apparatus and method.
Welles ; II Kenneth Brakeley (Scotia NY) Tiemann Jerome Johnson (Schenectady NY) Chennakeshu Sandeep (Cary NC) Tomlinson ; Jr. Harold Woodruff (Scotia NY), Local communication network for power reduction and enhanced reliability in a multiple node tracking system.
Shepherd, Michael David; Gaucas, Dale Ellen; Ocke, Kirk J., Method and system for adding processes to print production workflows utilizing asset metadata and automated reasoning.
Arnold, William C.; Beaton, Murray J.; Berg, Daniel C.; Eilam, Tamar; Kalantar, Michael H.; Konstantinou, Alexander V.; Mendel, Gili; Roth, Tova; Sluiman, Harm; Snible, Edward C., Method for managing lifecycles for virtual image assets.
Kiessling, Marcel; Lohmeyer, Joachim, Method for transmitting messages in a redundantly operable industrial communication network and communication device for the redundantly operable industrial communication network.
Walker, Jay S.; Tedesco, Robert C.; Jorasch, James A.; Patterson, Michael W., Methods and systems for determining and selling outcomes for slot machine games to be viewed remotely.
Walker, Jay S.; Tedesco, Robert C.; Jorasch, James A.; Patterson, Michael W., Methods and systems for determining and selling outcomes for strategy games to be viewed remotely.
Walker, Jay S.; Tedesco, Robert C.; Jorasch, James A.; Patterson, Michael W., Methods and systems for determining and selling wagering game outcomes for a plurality of players.
Walker, Jay S.; Tedesco, Robert C.; Jorasch, James A.; Patterson, Michael W., Methods and systems for representing outcomes of a casino game in a non-casino game format.
Gastineau, Gary L.; Broms, Todd J., Methods, systems, and computer program products for managing multiple investment funds and accounts using a common investment process.
Apparao, Vidur; Bandhauer, John; Waterson, Christopher, Process and system for incorporating audit trail information of a media asset into the asset itself.
Apparao, Vidur; Bandhauer, John; Waterson, Christopher, Process and system for locating a media asset based on audit trail information incorporated into the asset itself.
Ehrman,Kenneth S.; Ehrman,Michael L.; Jagid,Jeffrey M.; Pinzon,Joseph M.; Hecker,Yaron; Pimentel,Leonard, System and method for managing remotely and distantly located assets.
Apparao, Vidur; Bandhauer, John; Waterson, Christopher, System for incorporating information about a source and usage of a media asset into the asset itself.
Apparao,Vidur; Bandhauer,John; Waterson,Christopher, System for incorporating information about a source and usage of a media asset into the asset itself.
Arnold, William C.; Beaton, Murray J.; Berg, Daniel C.; Eilam, Tamar; Kalantar, Michael H.; Konstantinou, Alexander V.; Mendel, Gili; Roth, Tova; Sluiman, Harm; Snible, Edward C., System for managing lifecycles for virtual image assets.
Meyerhofer, Mark Joseph; Schmid, James Joseph; Massey, Jerry Steven; Wilson, Bobby Antione; McCulley, Anthony Steven; Sierra, Jaime Alberto; Acharya, Sthitaprajna, Systems and methods to predict a reduction of energy consumption.
Al-Harbi, Saad A.; Al-Salem, Hussain A.; Almadi, Soloman M., Systems, program product and methods for performing a risk assessment workflow process for plant networks and systems.
Balasubramanian, Sivaram; Moldovansky, Anatoly; Harris, Kendal R., Time synchronization, deterministic data delivery and redundancy for cascaded nodes on full duplex ethernet networks.
Cotichini, Christian G.; Jongkind, Yonas, User interface configured to display mechanical fabric and semantic model of a legacy computer application generated, graphical view navigating links between mechanical nodes and semantic nodes based on relevant business rules.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.