Connecting and retrieving security tokens based on context

US 10,084,785 B2
Filed: 04/22/2016
Issued: 09/25/2018
Est. Priority Date: 12/13/2015
Status: Active Grant

First Claim

Patent Images

1. A system for accessing resources by a user across a plurality of distributed computing networks, the system comprising:

a first cloud system implemented using a hardware processor; and

a memory storing instructions for execution by the hardware processor, wherein the hardware processor is configured by the instructions to;

host a first resource having a first extension and a second extension,wherein the first cloud system comprises a first identity system and a first API layer used by the first resource and the first extension; and

wherein the second extension is loaded from a second cloud system different and separate from the first cloud system having a second identity system and second API layer and the user is simultaneously connected to both of the first and the second cloud systems, andstore a plurality of security tokens associated with the user, the plurality of security tokens allowing the user to access extensions of resources from a plurality of cloud systems through the security tokens and associated API layers, wherein each of the plurality of security tokens corresponding to the user is a key chain for the user and is indicative of an association between one or more cloud systems which the user has subscribed such that the first cloud system loads security tokens from the second identity system to allow the second extension to communicate using the second API layer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application may be configured with two or more cloud contexts and one or more identity Systems. Using this information, the application has the ability to identify the remote cloud environment that a particular subsystem needs to interact with. The application communicates with the appropriate identity system to retrieve tokens dynamically for targeting that remote cloud.

18 Citations

20 Claims

1. A system for accessing resources by a user across a plurality of distributed computing networks, the system comprising:
- a first cloud system implemented using a hardware processor; and
  
  a memory storing instructions for execution by the hardware processor, wherein the hardware processor is configured by the instructions to;
  
  host a first resource having a first extension and a second extension,wherein the first cloud system comprises a first identity system and a first API layer used by the first resource and the first extension; and
  
  wherein the second extension is loaded from a second cloud system different and separate from the first cloud system having a second identity system and second API layer and the user is simultaneously connected to both of the first and the second cloud systems, andstore a plurality of security tokens associated with the user, the plurality of security tokens allowing the user to access extensions of resources from a plurality of cloud systems through the security tokens and associated API layers, wherein each of the plurality of security tokens corresponding to the user is a key chain for the user and is indicative of an association between one or more cloud systems which the user has subscribed such that the first cloud system loads security tokens from the second identity system to allow the second extension to communicate using the second API layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the resource is a website.
  - 3. The system of claim 1, wherein the first cloud is a public cloud and the second cloud is a private cloud.
  - 4. The system of claim 1, wherein the first cloud is a private cloud and the second cloud is a public cloud.
  - 5. The system of claim 1, wherein a user may be connected to both the first and second clouds simultaneously from the same browser in the same session.
  - 6. The system of claim 1, wherein an application on the first cloud fetches security tokens from an authentication system of the second cloud on behalf of a current user.
  - 7. The system of claim 1, wherein the first cloud system maintains a chain of security tokens for a user, and wherein each security token in the chain for the user and is indicative of an association between one or more distributed computing networks which the user has subscribed.
  - 8. The system of claim 7, wherein the security tokens are issued to the UI components of first cloud based upon an associated remote cloud.
  - 9. The system of claim 1, further comprising:
    - a browser, wherein content from a website hosted on the first cloud and content from a website hosted on the second cloud is rendered in the same inline frame in the browser.

10. A method for accessing resources by a user across a plurality of distributed computing networks, comprising:
- providing a resource on a first computing network, the resource comprising a first extension associated with a first identity system and a first API layer in the first computing network and a second extension associated with a second identity system and a second API layer in a different remote computing network and the user is simultaneously connected to both of the first and the second computing networks, wherein the first identify system is hosted on the first computing network and the second identity system is hosted on the remote computing network;
  
  loading one or more first security tokens from the first identity system to allow a user on the first computing network to access the first extension; and
  
  loading one or more second security tokens from the remote computing network to allow the user on the first computing network to access the second extension using the second API layer, wherein storing a plurality of security tokens associated with the user, the plurality of security tokens allowing the user to access extensions of the resources from a plurality of computing networks through the security tokens via associated API layers, wherein each of the plurality of security tokens corresponding to the user is a key chain for the user and is indicative of an association between one or more computing networks which the user has subscribed.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising:
    - identifying the user on the first computing network; and
      
      retrieving security tokens from the remote computing network based upon the user'"'"'s identity.
  - 12. The method of claim 10, wherein the second identity system is an authentication system.
  - 13. The method of claim 10, wherein the user access both the first extension and the second extension on the resource.
  - 14. The method of claim 10, wherein the resource is a website and the extensions correspond to windows displayed on the website.
  - 15. The method of claim 10, wherein one of the first computing network and the remote computing network is a private cloud service and the other computing network is a public cloud service.

16. A system for accessing resources by a user across a plurality of distributed computing networks, the system comprising:
- a first distributed computing network implemented using a hardware processor; and
  
  a memory storing instructions for execution by the hardware processor, wherein the hardware processor is configured by the instructions to;
  
  host a resource having a first extension, wherein the resource and the first extension make use of a first identity system and a first API layer in the first distributed computing network,and wherein the resource comprises a second extension loaded from a second distributed computing network having a second identity system and a second API layer in the second distributed computing network different and separate from the first distributed computing network and the user is simultaneously connected to both of the first and the second distributed computing networks;
  
  and wherein the hardware processor of the first distributed computing network loads security tokens from the second identity system to allow users to access the second extension of the resource using the second API layer; and
  
  store a plurality of security tokens associated with the user, the plurality of security tokens allowing the user to access extensions of the resources from a plurality of distributed computing networks through the security tokens and associated API layers, wherein each of the plurality of security tokens corresponding to the user is a key chain for the user and is indicative of an association between one or more distributed computing networks which the user has subscribed.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprisingthe resource having one or more additional extensions loaded from one or more additional distributed computing networks each having its own identity system and API layer, wherein the first cloud system loads security tokens from the identity systems on the one or more additional distributed computing network to allow users to access the one or more additional extensions.
  - 18. The system of claim 17, wherein the distributed computing networks include both one or more public cloud service and one or more private cloud service.
  - 19. The system of claim 16, wherein a user may be connected to both the first and second distributed computing networks simultaneously from the same resource in the same session.
  - 20. The system of claim 16, wherein an application on the first distributed computing network fetches security tokens from an authentication system of the second distributed computing network on behalf of a current user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Tsurbeleu, Pavel, Natarajan, Shriram, Pogrebinsky, Vladimir
Primary Examiner(s)
Chai, Longbit

Application Number

US15/135,673
Publication Number

US 20170171211A1
Time in Patent Office

886 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/41   where a single sign-on prov...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

Connecting and retrieving security tokens based on context

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Connecting and retrieving security tokens based on context

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links