Identity escrow and authentication cloud resource access control system and method for multiple tenants
An access control and identity hosting technology, applied in user identity/authority verification, transmission systems, electrical components, etc., can solve the problem of imperfect functions, cloud service providers cannot provide single sign-on services, and cannot solve cross-DNS domain authentication Issues such as identity information transmission, to reduce user management costs and ensure the effect of sharing cloud resources
Inactive Publication Date: 2014-01-22
INST OF INFORMATION ENG CAS
View PDF4 Cites 73 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] The current identity authentication service method (commonly referred to as the traditional single sign-on service method) of a trusted third party in the cloud service mode can no longer meet the needs of users to exchange identity information securely under cross-domain service access. There are mainly the following problems in the traditional single sign-on service: (1) Most of the OAuth protocol is used as the protocol for transmitting user identity authentication information. In addition, the protocol requires all users to be in a user group domain, and cannot provide a secure
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0021] In order to make the purpose, advantages and technical solutions of the present invention clearer, the present invention will be further described in detail below through specific implementation and in conjunction with the accompanying drawings.
[0022] Such as figure 1 , 2, 3, a multi-tenant-oriented identity trusteeship authentication cloud resource access control system of the present invention divides the cloud service provider's cloud service business into user identity authentication and permission part and cloud resource access based on user group level The control part; the licensing business of the user identity authentication licensing part is entrusted to a trusted third party TIdP, and the TIdP is responsible for administering the user information and group information hosted by the tenant, completing the user identity authentication work of the managed user and generating the identity identification Cross-domain security credential service for information...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
The invention provides an identity escrow and authentication cloud resource access control system and an identity escrow and authentication cloud resource access control method for multiple tenants. The system is characterized in that the cloud service business of a cloud service provider is divided into two parts of an identity authentication permission part and a cloud resource access control part, wherein the business of the identity authentication permission part is hosted by a credible third party TIdP of the cloud service, and the TIdP is in charge of governing hosted user information and group information of the tenant, completes the user identity authentication work of a hosting user and generates cross-domain security credential service containing identity recognition information; the cloud resource access control part is responsible for assigning corresponding permission for a group where the user is located, and analyzes the access request of the user and implements an access control decision according to the existing resource access control strategy when the user accesses to the cloud resource, so as to achieve safety access control over the cloud resource.
Description
technical field [0001] The invention belongs to the field of identity trusteeship and access control of information security, and in particular relates to a multi-tenant-oriented identity trusteeship authentication cloud resource access control system and control method. Background technique [0002] With the development of new information technologies such as cloud computing and the Internet of Things, cloud service providers are faced with how to adapt to this new cloud service identity management model, how to reduce the cost of user identity management and maintenance, and how to ensure safe user identity authentication, etc. As a result, a new type of user identity authentication hosting business was born, that is, each cloud service provider delivers the identity authentication work to a trusted third party for cloud services (usually called TIdP, Trusteeship Identity Provider) , so as to reduce the burden of the service provider (Service Provider, SP) on user identity...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more IPC IPC(8): H04L29/06H04L29/08H04L9/32
Inventor 王雅哲王瑜汪洋寇睿明
Owner INST OF INFORMATION ENG CAS
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap