Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Identity escrow and authentication cloud resource access control system and method for multiple tenants

An access control and identity hosting technology, applied in user identity/authority verification, transmission systems, electrical components, etc., can solve the problem of imperfect functions, cloud service providers cannot provide single sign-on services, and cannot solve cross-DNS domain authentication Issues such as identity information transmission, to reduce user management costs and ensure the effect of sharing cloud resources

Inactive Publication Date: 2014-01-22
INST OF INFORMATION ENG CAS
View PDF4 Cites 73 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current identity authentication service method (commonly referred to as the traditional single sign-on service method) of a trusted third party in the cloud service mode can no longer meet the needs of users to exchange identity information securely under cross-domain service access. There are mainly the following problems in the traditional single sign-on service: (1) Most of the OAuth protocol is used as the protocol for transmitting user identity authentication information. In addition, the protocol requires all users to be in a user group domain, and cannot provide a secure and relatively isolated single sign-on service for cloud service providers; (2) Use cookies to maintain user login authentication status The single sign-on service implemented cannot solve the problem of authentication identity information transfer across DNS domains, that is, the login status stored in the cookie cannot be transferred from one domain to another
[0004] At the same time, the current identity authentication service method cannot control the service provider SP's access to its cloud resources, and cannot individually revoke the access to a certain SP without affecting all SPs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Identity escrow and authentication cloud resource access control system and method for multiple tenants
  • Identity escrow and authentication cloud resource access control system and method for multiple tenants
  • Identity escrow and authentication cloud resource access control system and method for multiple tenants

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In order to make the purpose, advantages and technical solutions of the present invention clearer, the present invention will be further described in detail below through specific implementation and in conjunction with the accompanying drawings.

[0022] Such as figure 1 , 2, 3, a multi-tenant-oriented identity trusteeship authentication cloud resource access control system of the present invention divides the cloud service provider's cloud service business into user identity authentication and permission part and cloud resource access based on user group level The control part; the licensing business of the user identity authentication licensing part is entrusted to a trusted third party TIdP, and the TIdP is responsible for administering the user information and group information hosted by the tenant, completing the user identity authentication work of the managed user and generating the identity identification Cross-domain security credential service for information...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an identity escrow and authentication cloud resource access control system and an identity escrow and authentication cloud resource access control method for multiple tenants. The system is characterized in that the cloud service business of a cloud service provider is divided into two parts of an identity authentication permission part and a cloud resource access control part, wherein the business of the identity authentication permission part is hosted by a credible third party TIdP of the cloud service, and the TIdP is in charge of governing hosted user information and group information of the tenant, completes the user identity authentication work of a hosting user and generates cross-domain security credential service containing identity recognition information; the cloud resource access control part is responsible for assigning corresponding permission for a group where the user is located, and analyzes the access request of the user and implements an access control decision according to the existing resource access control strategy when the user accesses to the cloud resource, so as to achieve safety access control over the cloud resource.

Description

technical field [0001] The invention belongs to the field of identity trusteeship and access control of information security, and in particular relates to a multi-tenant-oriented identity trusteeship authentication cloud resource access control system and control method. Background technique [0002] With the development of new information technologies such as cloud computing and the Internet of Things, cloud service providers are faced with how to adapt to this new cloud service identity management model, how to reduce the cost of user identity management and maintenance, and how to ensure safe user identity authentication, etc. As a result, a new type of user identity authentication hosting business was born, that is, each cloud service provider delivers the identity authentication work to a trusted third party for cloud services (usually called TIdP, Trusteeship Identity Provider) , so as to reduce the burden of the service provider (Service Provider, SP) on user identity...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L9/32
Inventor 王雅哲王瑜汪洋寇睿明
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com