Quorum-based access management
First Claim
1. A computer-implemented method, comprising:
- receiving a request for access to one or more resources in a multi-tenant environment, the request including a first digital signature for a requestor;
determining, by an access manager, that at least one quorum rule applies to the request, the at least one quorum rule specifying at least a number of digital signatures needed for the access to be granted;
determining one or more potential signatories each capable of providing one of the digital signatures for the request;
determining a period of time, specified by the at least one quorum rule, over which the at least one quorum rule must be satisfied for the access to be granted in response to the request;
sending a notification to each of the potential signatories, the notification including at least information about the access, the requestor, and the period of time;
receiving, from one or more of the potential signatories, one or more calls associated with the request, each call of the one or more calls digitally signed by a respective signatory of the potential signatories;
determining, by the access manager, that the one or more calls together with the first request satisfied the at least one quorum rule within the period of time;
forwarding information for the request to an authorization manager; and
granting the access to the one or more resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.
24 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
receiving a request for access to one or more resources in a multi-tenant environment, the request including a first digital signature for a requestor; determining, by an access manager, that at least one quorum rule applies to the request, the at least one quorum rule specifying at least a number of digital signatures needed for the access to be granted; determining one or more potential signatories each capable of providing one of the digital signatures for the request; determining a period of time, specified by the at least one quorum rule, over which the at least one quorum rule must be satisfied for the access to be granted in response to the request; sending a notification to each of the potential signatories, the notification including at least information about the access, the requestor, and the period of time; receiving, from one or more of the potential signatories, one or more calls associated with the request, each call of the one or more calls digitally signed by a respective signatory of the potential signatories; determining, by the access manager, that the one or more calls together with the first request satisfied the at least one quorum rule within the period of time; forwarding information for the request to an authorization manager; and granting the access to the one or more resources. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method, comprising:
-
receiving a plurality of requests related to a task to be performed in an electronic environment to an application programming interface (API) associated with an access manager, the task requiring access to one or more computing resources in the electronic environment, and the access manager configured to temporarily store information for the plurality of requests over the specified period of time; determining that a quorum rule applies to the access, based at least in part on the task associated with the plurality of requests, the quorum rule specifying a number of digital signatures to be received within a specified period of time to obtain the access, the number of digital signatures requiring at least two digital signatures; determining, by the access manager, that the plurality of requests were received within the specified period of time and include at least the number of digital signatures to satisfy the quorum rule for the task; and providing the access for performing the task in the electronic environment. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to; receive a plurality of requests related to a task to be performed in an electronic environment to an application programming interface (API) associated with an access manager, the task requiring access to one or more computing resources in the electronic environment, and the access manager configured to temporarily store information for the plurality of requests over the specified period of time; determine that a quorum rule applies to the access, based at least in part on the task associated with the plurality of requests, the quorum rule specifying a number of digital signatures to be received within a specified period of time to obtain the access, the number of digital signatures requiring at least two digital signatures; determine, by the access manager, that the plurality of requests were received within the specified period of time and include at least the number of digital signatures;
to satisfy the quorum rule for the task; andprovide the access for performing the task in the electronic environment. - View Dependent Claims (16, 17, 18, 19)
-
Specification