Patent Issued for Systems and methods related to executing transactions in a hybrid cloud environment (USPTO 11151551): Aetna Inc.
2021 NOV 08 (NewsRx) -- By a
The patent’s assignee for patent number 11151551 is
News editors obtained the following quote from the background information supplied by the inventors: “Cloud-based applications or services are deployed for a variety of tasks. In some implementations, service providers manage servers that run services or rent network resources from cloud service providers to run the services. An organizations may utilize a private cloud that is restricted to be used internally among the organization’s clients, or an organization may utilize a public cloud that exposes services to external clients through a wide area network (WAN), such as the Internet. Further, an organization may have “on-premise” data center that is not “in the cloud,” i.e., accessible via internal connections.
“Although relying on public cloud providers is popular for development teams looking to reduce dependence on the internal infrastructure teams, nothing requires cloud services to be hosted in such public environments. Public cloud and private cloud have often been discussed as a choice between alternatives. The reality is that for complex enterprises it is not an “either or” decision; instead, the need is to seamlessly blend services from any hosting model: public cloud, private cloud, on-premise, Software as a Service (SaaS), and any other model of interest. This blending of service types is referred to a “hybrid cloud environment.”
“As the breadth of services available through public clouds and/or private clouds increases and hybrid cloud environments become more common, organizations are able to provide access to various diverse services to build applications with a large amount of functionality. The applications can call services within various data centers in the hybrid cloud environment, e.g., private cloud data centers or public cloud data centers, to perform various tasks. The availability of these services makes deploying new applications easier because developers are not required to write code for performing tasks already handled by existing services.
“However, utilizing services via a hybrid cloud architecture can be challenging. Accordingly, there remains a need in the art for a better hybrid cloud architecture.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “One embodiment provides a hybrid cloud control plane for managing workloads in a hybrid cloud. The hybrid cloud control plane includes: a processor configured to: provide access to a first service from a first service provider; and provide access to a second service from a second service provider. The first service corresponds to a first capability for the hybrid cloud from the first service provider, the second service corresponds to a second capability for the hybrid cloud from the second service provider, each of the first service provider and the second service provider comprises a public cloud service provider, a private cloud service provider, or an on-premise service provider, and the first capability is different than the second capability.
“Another embodiment provides a method and computer-readable storage medium for performing a transaction in a hybrid cloud system. The method includes: receiving, by an application programming interface (API) gateway associated with a first service provider, a transaction request from a consumer application; calling, by the API gateway, a first application programming interface (API) associated with a first service corresponding to the transaction request, wherein the first API is deployed to the first service provider by an API management platform based on instruction from a hybrid cloud control plane (HCCP); receiving, by the API gateway, a first response from the first service; and sending, by the API gateway, a transaction result to the consumer application based on the first response from the first service.
“Yet another embodiment provides a hybrid cloud system comprising one or more Global ID APIs (application programming interfaces) and an API gateway connected to a data center. The one or more Global ID APIs are configured to: receive authentication information from a client device executing a consumer application; authenticate the client device based on the authentication information; in response to authenticating the client device, map the authentication information to a global identity for the client device; and transmit one or more session tokens to the consumer application that include the global identity. The API gateway is configured to: receive a transaction request from the consumer application via a trusted network connection, wherein the transaction request includes the one or more session tokens; interact with the one or more Global ID APIs to map the global identity in the one or more session tokens to a local identity for the client device for use at the data center; and transmit a transaction response to the consumer application via the trusted network connection based on executing one or more services at the data center using the local identity of the client device.
“Still another embodiment provides a method for authenticating a client device of a consumer application. The method includes: receiving, by one or more Global ID APIs (application programming interfaces), authentication information from the client device of the consumer application; authenticating, by the one or more Global ID APIs, the client device based on the authentication information; mapping, by the one or more Global ID APIs, the authentication information to a global identity for the client device; and transmitting, by the one or more Global ID APIs, one or more session tokens to the consumer application that include the global identity, wherein the one or more session tokens are used to perform one or more transaction requests with one or more service providers via a trusted network.
“Another embodiment provides a method for performing a transaction in a hybrid cloud system. The method includes: receiving, by an API (application programming interface) gateway associated with a service provider, a transaction request from a consumer application via a trusted network connection, wherein the transaction request includes a session token assigned to the transaction request by one or more Global ID APIs, wherein the session token includes a global identifier for a client device of the consumer application; interacting with one or more Global ID APIs to obtain a local identifier for the client device corresponding to the global identifier included in the session token, wherein the local identifier for the client device is used for transactions with a data center connected to the API gateway; causing, by the API gateway, a transaction to be performed by a service of the data center based on the local identity of the client device; and transmitting, by the API gateway, a transaction response from the service to the consumer application.”
The claims supplied by the inventors are:
“1. A hybrid cloud system comprising: one or more Global ID APIs (application programming interfaces); and an API gateway connected to a data center, wherein the one or more Global ID APIs are configured to: receive authentication information from a client device executing a consumer application; authenticate the client device based on the authentication information; in response to authenticating the client device, map the authentication information to a global identity for the client device; and transmit one or more session tokens to the consumer application that include the global identity; and wherein the API gateway is configured to: receive a transaction request from the consumer application via a trusted network connection, wherein the transaction request includes the one or more session tokens; interact with the one or more Global ID APIs to map the global identity in the one or more session tokens to a local identity for the client device for use at the data center; and transmit a transaction response to the consumer application via the trusted network connection based on executing one or more services at the data center using the local identity of the client device.
“2. The system of claim 1, wherein the data center is one of a plurality of data centers that include at least one data center hosted by a branded organization and at least one other data center hosted by a third-party organization.
“3. The system of claim 1, wherein the API gateway includes at least one API deployed by an API management platform.
“4. The system of claim 1, wherein the global identity provides an identity of the client device and permissions of the client device across one or more data centers.
“5. The system of claim 1, wherein the one or more Global ID APIs include: an identity management API configured to map global identities of at least one of client devices or consumer applications to a local identities for at least one of client devices or consumer applications.
“6. The system of claim 1, further comprising: an API portal that enables user devices to provide credentials for authentication and allows authenticated user devices to view products and/or services available to consumer applications.
“7. A method for authenticating a client device of a consumer application, the method comprising: receiving, by one or more Global ID APIs (application programming interfaces), authentication information from the client device of the consumer application; authenticating, by the one or more Global ID APIs, the client device based on the authentication information; mapping, by the one or more Global ID APIs, the authentication information to a global identity for the client device; and transmitting, by the one or more Global ID APIs, one or more session tokens to the consumer application that include the global identity, wherein the one or more session tokens are used to perform one or more transaction requests with one or more service providers via a trusted network.
“8. The method of claim 7, wherein the one or more service providers comprise a public cloud service provider, a private cloud service provider, or an on-premise service provider.
“9. The method of claim 7, wherein the global identity provides an identity of the client device and permissions of the client device across one or more data centers.
“10. A method for performing a transaction in a hybrid cloud system, the method comprising: receiving, by an API (application programming interface) gateway associated with a service provider, a transaction request from a consumer application via a trusted network connection, wherein the transaction request includes a session token assigned to the transaction request by one or more Global ID APIs, wherein the session token includes a global identifier for a client device of the consumer application; interacting with one or more Global ID APIs to obtain a local identifier for the client device corresponding to the global identifier included in the session token, wherein the local identifier for the client device is used for transactions with a data center connected to the API gateway; causing, by the API gateway, a transaction to be performed by a service of the data center based on the local identity of the client device; and transmitting, by the API gateway, a transaction response from the service to the consumer application.
“11. The method of claim 10, wherein the data center includes a public cloud service provider, a private cloud service provider, or an on-premise service provider.
“12. The method of claim 10, further comprising: calling, by the API gateway, a first API associated with a first service corresponding to the transaction request, wherein the first API is deployed to the first service provider by an API management platform based on instruction from a hybrid cloud control plane (HCCP); receiving, by the API gateway, a first response from the first service; and transmitting, by the API gateway, the transaction response to the consumer application based on the first response from the first service.
“13. The method of claim 12, further comprising: forwarding, by the API gateway, the transaction request to the HCCP, which causes the HCCP to initiate a second transaction with a second service provided by a second service provider via a second API deployed API management platform to the second service provider.
“14. The method of claim 13, wherein the HCCP is configured to determine that the second service provider is a trusted service provider on a trusted network before initiating the second transaction.
“15. The method of claim 13, wherein the HCCP is configured to interact with a data store via an event interface to access data corresponding to the transaction request.
“16. The method of claim 12, further comprising: verifying that a device executing the first service is a trusted device.
“17. The method of claim 12, further comprising: verifying that a location of a device executing the first service is a trusted location; and verifying that the device executing the first service is within a trusted membership period.
“18. The method of claim 12, further comprising: verifying that an owner of a device executing the first service is a trusted owner.
“19. The method of claim 12, further comprising: verifying that the first service meets security control requirements.
“20. The method of claim 19, wherein the security control requirements correspond to regulatory compliance requirements.”
For additional information on this patent, see: Bachmann, Robert. Systems and methods related to executing transactions in a hybrid cloud environment.
(Our reports deliver fact-based news of research and discoveries from around the world.)
New Risk Management Study Findings Recently Were Reported by Researchers at Catholic University of the Sacred Heart (Crowded Out: Heterogeneity In Risk Attitudes Among Poor Households In the Us): Risk Management
Patent Issued for Card-shaped data carrier with natural materials, method and device for the production thereof (USPTO 11148459): Giesecke+devrient Mobile Security GmbH
Advisor News
- Regulator group aims for reinsurance asset testing guideline by June
- Bessent confirmed as Treasury secretary
Former hedge fund guru to oversee Trump's tax cuts, deregulation and trade changes
- Jackson National study: vast underestimate of health care, LTC costs for retirement
- EDITORIAL: Home insurance, tax increases harm county’s housing options
- Nationwide Financial Services President John Carter to retire at year end
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Peter Daniel: Government mandates are driving up healthcare costs in NC
- NC bill would limit insurers' prior authorizations
- Plan to tax employer-provided insurance would harm lower-income Hoosiers
- 'Floridians need to pay attention.' Are we prepared for federal cuts to our health care?
- New New York state tax credit for small businesses introduced
More Health/Employee Benefits NewsLife Insurance News
- Legals for January, 31 2025
- Automatic Shelf Registration Statement (Form S-3ASR)
- Best’s Special Report: Impairments in US Life/Health Insurance Industry Jump to 10 in 2023
- AM Best Maintains Under Review With Developing Implications Status for Credit Ratings of Solidarity Bahrain B.S.C.
- AM Best Maintains Under Review With Developing Implications Status for Credit Ratings of First Insurance Company
More Life Insurance News