Dual Mutual Strong Multi-Factor Authentication Gateway for Cloud Delivery
Publication Date: 2016-Aug-17
The IP.com Prior Art Database
Disclosed is the capability to have mutual strong multi-factor authentication for securing system level access in a public cloud environment that is lightweight in operation.
Page 01 of 3
Dual Mutual Strong Multi -
A method or system is needed to enable operations on a secured public cloud delivery pod without having to recur to enforcing strict userid/password management for all users. Managing and monitoring the users' compliance to the password policy is time consuming and labor intensive.
To relieve administration staff, the novel process places responsibility on the users to manage a self-aging mechanism for continued group membership.
The novel approach is reminiscent of airport security in the USA. An external control point validates the possession of an ephemeral token issued by group (e.g., passenger, companions, etc.) before entering an easily controlled space, to arrive at an internal control point where specific validation of individualized authorization and authentication can take place (e.g., match name in ID to name in boarding pass). This differential group/individual validation scheme is effective. Even medieval castle builders added barbicans -- a fortified outpost or gateway, such as an outer defense to a city or castle, or any tower situated over a gate or bridge that was used for defensive purposes -- to edification projects.
As ancient and well known this technique is, no equivalent in cloud operations has been found as disclosed art using Secure Shell (SSH) terminal emulation operations, much less as a productized appliance, or feature thereof.
Disclosed is an arrangement of known arts and parts to achieve mutual strong authentication using multi-factor techniques to secure delivery pods in public clouds. This particular arrangement achieves a strong control point with minimal ongoing support requirements.
Two bastions hosts are utilized to step through a network control point, with mutual strong authentication at each step in combination with different authentication and authorization paradigms. Each authentication mechanism is strong/mutual two-factor, and each authorization mechanism is controlled by different parties.
The core novelty is in t...