Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones

US 10,021,143 B2
Filed: 02/03/2016
Issued: 07/10/2018
Est. Priority Date: 11/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method for managing secrets of tenants of a multi-tenant computing environment, comprising:

identifying one or more data security jurisdiction zones containing one or more multi-tenant assets to which secrets policies of the tenants are to be applied;

maintaining, by a service provider computing system, service provider secrets policy data representing one or more data security policies associated with one or more cloud computing environments for the identified one or more data security jurisdiction zones and security requirements associated with the secrets of the tenants within the multi-tenant computing environment;

receiving, by the service provider computing system from a first tenant computing system, first tenant secrets policy data representing a first tenant secrets policy of a first tenant of the multi-tenant computing environment and including data indicating secrets of the first tenant secrets policy;

receiving a request from the first tenant computing system to apply the first tenant secrets policy data to a first multi-tenant asset of the multi-tenant computing environment;

in response to receiving the request, comparing the first tenant secrets policy data with the service provider secrets policy data to determine whether the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data;

further in response to receiving the request, comparing the service provider secrets policy data with the first tenant secrets policy to determine whether the first tenant secrets policy is at least as restrictive as the service provider secrets policy data and further determining whether secrets sharing is allowed between the first tenant and the first multi-tenant asset;

responsive to determining the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data and responsive to determining the first tenant secrets policy is at least as restrictive as the service provider secrets policy data, and responsive to determining secrets sharing is allowed between the first tenant and the first multi-tenant asset, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy data to the first multi-tenant asset;

responsive to determining the secrets of the first tenant secrets policy are not in compliance with the security requirements of the service provider secrets policy data, or responsive to determining the first tenant secrets policy is not at least as restrictive as the service provider secrets policy data, or responsive to determining secrets sharing is not allowed between the first tenant and the first multi-tenant asset, rejecting the request to apply the first tenant secrets policy data to the first multi-tenant asset; and

applying the first tenant secrets policy data to the first multi-tenant asset responsive to determining the request from the first tenant computing system is authorized.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service provider computing environment includes a service provider computing device, which receives tenant secrets policies from tenants. The tenants are tenants of multi-tenant assets of a service provider. One or more data security zones in which the multi-tenant assets are located are identified. A service provider secrets policy includes data security jurisdiction zone secrets policy data for the one or more data security jurisdiction zones. The data security jurisdiction zone secrets policy data is analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The service provider computing environment determines of the tenant secrets policies satisfy the requirements of the service provider secrets policy. If the tenant secrets policies satisfy the requirements of the service provider secrets policy, the service provider computing environment allows the tenant secrets policies to be applied to tenant data or information in the multi-tenant assets.

273 Citations

35 Claims

1. A method for managing secrets of tenants of a multi-tenant computing environment, comprising:
- identifying one or more data security jurisdiction zones containing one or more multi-tenant assets to which secrets policies of the tenants are to be applied;
  
  maintaining, by a service provider computing system, service provider secrets policy data representing one or more data security policies associated with one or more cloud computing environments for the identified one or more data security jurisdiction zones and security requirements associated with the secrets of the tenants within the multi-tenant computing environment;
  
  receiving, by the service provider computing system from a first tenant computing system, first tenant secrets policy data representing a first tenant secrets policy of a first tenant of the multi-tenant computing environment and including data indicating secrets of the first tenant secrets policy;
  
  receiving a request from the first tenant computing system to apply the first tenant secrets policy data to a first multi-tenant asset of the multi-tenant computing environment;
  
  in response to receiving the request, comparing the first tenant secrets policy data with the service provider secrets policy data to determine whether the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data;
  
  further in response to receiving the request, comparing the service provider secrets policy data with the first tenant secrets policy to determine whether the first tenant secrets policy is at least as restrictive as the service provider secrets policy data and further determining whether secrets sharing is allowed between the first tenant and the first multi-tenant asset;
  
  responsive to determining the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data and responsive to determining the first tenant secrets policy is at least as restrictive as the service provider secrets policy data, and responsive to determining secrets sharing is allowed between the first tenant and the first multi-tenant asset, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy data to the first multi-tenant asset;
  
  responsive to determining the secrets of the first tenant secrets policy are not in compliance with the security requirements of the service provider secrets policy data, or responsive to determining the first tenant secrets policy is not at least as restrictive as the service provider secrets policy data, or responsive to determining secrets sharing is not allowed between the first tenant and the first multi-tenant asset, rejecting the request to apply the first tenant secrets policy data to the first multi-tenant asset; and
  
  applying the first tenant secrets policy data to the first multi-tenant asset responsive to determining the request from the first tenant computing system is authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising:
    - receiving, by the service provider computing system, a second tenant secrets policy from a second tenant computing system for a second tenant of the multi-tenant computing environment.
  - 3. The method of claim 2 wherein the receiving the first tenant secrets policy data includes receiving first tenant secrets,wherein the receiving the second tenant secrets policy includes receiving second tenant secrets, the method further comprising:
    - maintaining a first log of one or more of use, copying, deletion, receipt, transfer, transmission, backup, and restoration of the first tenant secrets;
      
      maintaining a second log of one or more of use, copying, deletion, receipt, transfer, transmission, backup, and restoration of the second tenant secrets;
      
      providing the first log to the first tenant computing system, in response to receiving a request for the first log from the first tenant computing system; and
      
      providing the second log to the second tenant computing system, in response to receiving a request for the second log from the second tenant computing system.
  - 4. The method of claim 2, further comprising:
    - maintaining a cross-tenant policy,wherein the cross-tenant policy includes rules and exceptions for enabling the first multi-tenant asset to concurrently use first tenant secrets and second tenant secrets to decrypt encrypted user data,wherein the first multi-tenant asset is shared by the first tenant and the second tenant.
  - 5. The method of claim 2 wherein the first tenant secrets policy includes rules for applying first tenant secrets and the second tenant secrets policy includes rules for applying second tenant secrets, wherein the first tenant secrets and the second tenant secrets include encryption keys,wherein the security requirements of the service provider secrets policy data include a minimum frequency by which the encryption keys are required to be rotated responsive to determining some of the encryption keys are applied by either the first tenant or the second tenant to data stored by the first multi-tenant asset in the multi-tenant computing environment.
  - 6. The method of claim 2 wherein the request is a first request, the method further comprising:
    - receiving a second request from the second tenant computing system to apply the second tenant secrets policy to the first multi-tenant asset in the multi-tenant computing environment;
      
      in response to receiving the second request, comparing the second tenant secrets policy with the security requirements of the service provider secrets policy data; and
      
      responsive to determining the second tenant secrets policy satisfies the security requirements of the service provider secrets policy data, authorizing the second request and applying the second tenant secrets policy to the first multi-tenant asset.
  - 7. The method of claim 2 wherein the first multi-tenant asset includes:
    - an application shared by the first tenant and the second tenant;
      
      a server computing system shared by the first tenant and the second tenant; and
      
      a non-volatile memory device shared by the first tenant and the second tenant.
  - 8. The method of claim 1 wherein the applying the first tenant secrets policy data includes applying, by the service provider computing system, the first tenant secrets policy data to the first multi-tenant asset.
  - 9. The method of claim 1 wherein the applying the first tenant secrets policy data includes applying, by the first tenant computing system, the first tenant secrets policy data to the first multi-tenant asset.
  - 10. The method of claim 1 wherein at least one of the identified one or more data security jurisdiction zones are selected from group of data security jurisdiction zones consisting of:
    - a geographic region data security jurisdiction zone;
      
      a political region data security jurisdiction zone;
      
      a security based data security jurisdiction zone;
      
      a computing environment data security jurisdiction zone; and
      
      a computing sub-environment data security jurisdiction zone within a computing environment data security jurisdiction zone.
  - 11. The method of claim 1 wherein the one or more data security policies for the identified one or more data security jurisdiction zones include data indicating allowed encryption levels within the identified one or more data security jurisdiction zones.
  - 12. The method of claim 1 wherein the one or more data security policies for the identified one or more data security jurisdiction zones include allowed encryption key data including at least one encryption key in compliance with the one or more data security policies for the identified one or more data security jurisdiction zones.
  - 13. The method of claim 1 wherein the first multi-tenant asset is selected from a group of multi-tenant assets consisting of:
    - a virtual machine;
      
      a virtual server;
      
      a database or data store;
      
      an instance in a cloud environment;
      
      a cloud environment access system;
      
      part of a mobile device;
      
      part of a remote sensor;
      
      part of a laptop computing system;
      
      part of a desktop computing system;
      
      part of a point-of-sale computing system;
      
      part of an ATM; and
      
      part of an electronic voting machine computing system.
  - 14. The method of claim 1 wherein the one or more data security policies for the identified one or more data security jurisdiction zones are updated automatically.
  - 15. The method of claim 1 wherein the applying the first tenant secrets policy data includes providing the secrets of the first tenant secrets policy to the first multi-tenant asset.

16. A method for managing secrets of customers of a service provider for a multi-tenant computing environment, comprising:
- identifying one or more data security jurisdiction zones containing one or more multi-tenant assets to which secrets policies of the customers are to be applied;
  
  maintaining, by a service provider computing system, a service provider security policy that includes one or more data secrets policies associated with one or more cloud computing environments for the identified one or more data security jurisdiction zones and security requirements for the customers of a first multi-tenant asset,wherein the first multi-tenant asset is hosted for the customers by the service provider,further wherein the first multi-tenant asset includes at least one of;
  
  an application shared by the customers;
  
  a server computing system shared by the customers;
  
  a virtual machine; and
  
  non-volatile memory device logically divided between at least two of the customers;
  
  receiving a request from a first one of the customers to apply a first customer security policy to a first part of the first multi-tenant asset allocated to the first one of the customers,wherein the first customer security policy includes rules for managing first customer secrets with the first multi-tenant asset in the multi-tenant computing environment and secrets of the first customer security policy;
  
  comparing the first customer security policy associated with the request to the service provider security policy to determine whether the secrets of the first customer security policy are in compliance with the security requirements of the service provider security policy and further determining whether secrets sharing is allowed between the first one of the customers and the first part of the first multi-tenant asset; and
  
  responsive to determining the first customer security policy is at least as restrictive as the service provider security policy and responsive to determining secrets sharing is allowed between the first one of the customers and the first part of the first multi-tenant asset, authorizing the request to enable the first one of the customers to apply the first customer security policy to the first part of the first multi-tenant asset allocated to the first one of the customers.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - receiving, by the service provider computing system, a second request from a second one of the customers for access to the first customer secrets to enable the second one of the customers to execute an operation associated with the first multi-tenant asset;
      
      accessing a cross-tenant security policy maintained by the service provider computing system to determine access rights of the second one of the customers to the first customer secrets; and
      
      authorizing the second request responsive to determining the cross-tenant security policy includes access rights for the second one of the customers to the first customer secrets for the operation associated with the first multi-tenant asset.
  - 18. The method of claim 16 wherein the first customer secrets include one or more passwords, encryption keys, and digital certificates that are required to access data of the first one of the customers within the first multi-tenant asset.
  - 19. The method of claim 16, further comprising:
    - receiving, by the first multi-tenant asset, the first customer secrets and second customer secrets;
      
      managing, with the service provider computing system, the first customer secrets and the second customer secrets received by the first multi-tenant asset;
      
      recording a first log associated with managing the first customer secrets and a second log associated with managing the second customer secrets; and
      
      providing the first log to the first one of the customers and the second log to the second one of the customers.
  - 20. The method of claim 19, wherein the providing the first log and the second log includes hosting a user interface for viewing and retrieving the first log and the second log.

21. A system for managing secrets of tenants of a multi-tenant computing environment, the system comprising:
- one or more processors; and
  
  at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform operations for managing the secrets of the tenants of the multi-tenant computing environment, the operations including;
  
  identifying one or more data security jurisdiction zones containing one or more multi-tenant assets to which secrets policies of the tenants are to be applied;
  
  maintaining, by a service provider computing system, service provider secrets policy data representing one or more data security policies associated with one or more cloud computing environments for the identified one or more data security jurisdiction zones and security requirements associated with the secrets of the tenants within the multi-tenant computing environment;
  
  receiving, by the service provider computing system from a first tenant computing system, first tenant secrets policy data representing a first tenant secrets policy of a first tenant of the multi-tenant computing environment and including data indicating secrets of the first tenant secrets policy;
  
  receiving a request from the first tenant computing system to apply the first tenant secrets policy data to a first multi-tenant asset of a second tenant of the multi-tenant computing environment;
  
  in response to receiving the request, comparing the first tenant secrets policy data with the service provider secrets policy data to determine whether the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data;
  
  further in response to receiving the request, comparing the service provider secrets policy data with the first tenant secrets policy to determine whether the first tenant secrets policy is at least as restrictive as the service provider secrets policy data and further determining whether secrets sharing is allowed between the first tenant and the first multi-tenant asset;
  
  responsive to determining the secrets of the first tenant secrets policy are in compliance with the security requirements of the service provider secrets policy data and responsive to determining the first tenant secrets policy is at least as restrictive as the service provider secrets policy data, and responsive to determining secrets sharing is allowed between the first tenant and the first multi-tenant asset, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy data to the first multi-tenant asset;
  
  responsive to determining the secrets of the first tenant secrets policy are not in compliance with the security requirements of the service provider secrets policy data, or responsive to determining the first tenant secrets policy is not at least as restrictive as the service provider secrets policy data, or responsive to determining secrets sharing is not allowed between the first tenant and the first multi-tenant asset, rejecting the request to apply the first tenant secrets policy data to the first multi-tenant asset; and
  
  applying the first tenant secrets policy data to the first multi-tenant asset responsive to determining the request from the first tenant computing system is authorized.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The system of claim 21 further comprising:
    - receiving, by the service provider computing system, a second tenant secrets policy from a second tenant computing system for the second tenant of the multi-tenant computing environment.
  - 23. The system of claim 22 wherein the receiving the first tenant secrets policy data includes receiving first tenant secrets,wherein the receiving the second tenant secrets policy includes receiving second tenant secrets, the operations further comprising:
    - maintaining a first log of one or more of use, copying, deletion, receipt, transfer, transmission, backup, and restoration of the first tenant secrets;
      
      maintaining a second log of one or more of use, copying, deletion, receipt, transfer, transmission, backup, and restoration of the second tenant secrets;
      
      providing the first log to the first tenant computing system, in response to receiving a request for the first log from the first tenant computing system; and
      
      providing the second log to the second tenant computing system, in response to receiving a request for the second log from the second tenant computing system.
  - 24. The system of claim 22 wherein the operations further comprise:
    - maintaining a cross-tenant service policy that includes rules associated with sharing first tenant secrets with the second tenant computing system, and associated with sharing second tenant secrets with the first tenant computing system.
  - 25. The system of claim 22 wherein the operations further comprise:
    - maintaining a cross-tenant policy,wherein the cross-tenant policy includes rules and exceptions for enabling the first multi-tenant asset to concurrently use first tenant secrets and second tenant secrets to decrypt encrypted user data,wherein the first multi-tenant asset is shared by the first tenant and the second tenant.
  - 26. The system of claim 22 wherein the first tenant secrets policy includes rules for applying first tenant secrets and the second tenant secrets policy includes rules for applying second tenant secrets, wherein the first tenant secrets and the second tenant secrets include encryption keys,wherein the security requirements of the service provider secrets policy data include a minimum frequency by which the encryption keys are required to be rotated responsive to determining some of the encryption keys are applied by either the first tenant or the second tenant to data stored by the first multi-tenant asset in the multi-tenant computing environment.
  - 27. The system of claim 22 wherein the request is a first request, the operations further comprising:
    - receiving a second request from the second tenant computing system to apply the second tenant secrets policy to the first multi-tenant asset in the multi-tenant computing environment;
      
      in response to receiving the second request, comparing the second tenant secrets policy with the security requirements of the service provider secrets policy data; and
      
      responsive to determining the second tenant secrets policy satisfies the security requirements of the service provider secrets policy data, authorizing the second request and applying the second tenant secrets policy to the first multi-tenant asset.
  - 28. The system of claim 22 wherein the first multi-tenant asset includes at least one of:
    - an application shared by the first tenant and the second tenant;
      
      a server computing system shared by the first tenant and the second tenant; and
      
      non-volatile memory device shared by the first tenant and the second tenant.
  - 29. The system of claim 21 wherein the applying the first tenant secrets policy data includes applying, by the service provider computing system, the first tenant secrets policy data to the first multi-tenant asset.
  - 30. The system of claim 21 wherein the applying the first tenant secrets policy data includes applying, by the first tenant computing system, the first tenant secrets policy data to the first multi-tenant asset.

31. A system for managing secrets of customers of a service provider for a multi-tenant computing environment, comprising:
- one or more processors; and
  
  at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform operations for managing the secrets of the customers of the service provider for the multi-tenant computing environment, the operations including;
  
  identifying one or more data security jurisdiction zones containing one or more multi-tenant assets to which secrets policies of the customers are to be applied;
  
  maintaining, by a service provider computing system, a service provider security policy that includes one or more data security policies associated with one or more cloud computing environments for the identified one or more data security jurisdiction zones and security requirements for the customers of a first multi-tenant asset,wherein the first multi-tenant asset is hosted for the customers by the service provider,wherein the first multi-tenant asset includes at least one of;
  
  an application shared by the customers;
  
  a server computing system shared by the customers;
  
  a virtual machine; and
  
  non-volatile memory device logically divided between at least two of the customers;
  
  receiving a request from a first one of the customers to apply a first customer security policy to a first part of the first multi-tenant asset allocated to the first one of the customers,wherein the first customer security policy includes rules for managing first customer secrets with the first multi-tenant asset in the multi-tenant computing environment and secrets of the first customer security policy;
  
  comparing the first customer security policy associated with the request to the service provider security policy to determine whether the secrets of the first customer security policy are in compliance with the security requirements of the service provider security policy and further determining whether secrets sharing is allowed between the first one of the customers and the first part of the first multi-tenant asset; and
  
  responsive to determining the first customer security policy is at least as restrictive as the service provider security policy, authorizing the request to enable the first one of the customers to apply the first customer security policy to the first part of the first multi-tenant asset allocated to the first one of the customers.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The system of claim 31 wherein the operations further comprise:
    - receiving, by the service provider computing system, a second request from a second one of the customers for access to the first customer secrets to enable the second one of the customers to execute an operation associated with the first multi-tenant asset;
      
      accessing a cross-tenant security policy maintained by the service provider computing system to determine access rights of the second one of the customers to the first customer secrets; and
      
      authorizing the second request responsive to determining the cross-tenant security policy includes access rights for the second one of the customers to the first customer secrets for the operation associated with the first multi-tenant asset.
  - 33. The system of claim 31 wherein the first customer secrets include one or more passwords, encryption keys, and digital certificates that are required to access data of the first one of the customers within the first multi-tenant asset.
  - 34. The system of claim 31 wherein the operations further comprise:
    - receiving, by the first multi-tenant asset, the first customer secrets and second customer secrets;
      
      managing, with the service provider computing system, the first customer secrets and the second customer secrets received by the first multi-tenant asset;
      
      recording a first log associated with managing the first customer secrets and a second log associated with managing the second customer secrets; and
      
      providing the first log to the first one of the customers and the second log to the second one of the customers.
  - 35. The system of claim 34, wherein the providing the first log and the second log includes hosting a user interface for viewing and retrieving the first log and the second log.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Cabrera, Luis Felipe, Lietz, M. Shannon
Primary Examiner(s)
NGUYEN, TRONG H

Application Number

US15/014,900
Publication Number

US 20160156671A1
Time in Patent Office

888 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

273 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

273 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links