Security and permission architecture in a multi-tenant computing system

A computing system and multi-tenant technology, applied in computer security devices, computing, transmission systems, etc., can solve problems such as aggravated security problems

Active Publication Date: 2017-08-29
MICROSOFT TECH LICENSING LLC
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Security concerns can be exacerbated when service pr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security and permission architecture in a multi-tenant computing system
  • Security and permission architecture in a multi-tenant computing system
  • Security and permission architecture in a multi-tenant computing system

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0137] Example 1 is a licensed computing system comprising:

[0138] a signature verification engine that receives a signed user access request that identifies a user and requests access to a target resource on a target machine in a remote multi-tenant capacity system to execute a workflow on the target resource, and is from Received by the remote multi-tenant management system, the signature verification engine verifies the first signature on the user access request as belonging to the multi-tenant management system;

[0139] A collection of user access accounts;

[0140] A role-based access control system that accesses user access accounts and verifies that users are authorized to perform workflows; and

[0141] A capability token service, based at least in part on the signature verification engine verifying the first signature and the role-based access control system verifying that the user is authorized to execute the workflow, generates an output package based on the use...

example 2

[0142] Example 2 is the licensed computing system of any or all of the previous examples, wherein the user access request is also signed by a remote client system corresponding to the user, and wherein the signature verification system verifies the second signature as belonging to the remote client system.

example 3

[0143] Example 3 is the permissioned computing system of any or all of the previous examples, wherein the capability token service further comprises:

[0144] A signing component signs the workflow with the service component signing certificate in response to the signature verification engine verifying the first signature and the second signature and the role-based access control system verifying that the user is authorized to execute the workflow.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.

Description

Background technique [0001] Computer systems are currently in widespread use. Some such computer systems are deployed in multi-tenant environments, where a multi-tenant service provides services to multiple different tenants. Each tenant can correspond to a separate organization. [0002] The level of service provided by a multi-tenant system can vary widely. For example, they can range from Infrastructure as a Service (IaaS), where items of the infrastructure are managed by the service provider and everything else is managed by individual tenants, to Software as a Service (SaaS), where even applications are also run and managed by the service provider). [0003] Such systems can present difficulties with regard to security. Every organization that a service provider serves expects the service provider to have sufficient access to the organization's data so that the service provider can provide adequate services. However, the organization also wishes to provide security s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/30
CPCG06F21/305H04L63/102H04L63/105H04L63/104H04L63/126H04L63/0823H04L63/083
Inventor L·朱R·达尼
Owner MICROSOFT TECH LICENSING LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap