Tenant based signature validation

US 10,524,122 B2
Filed: 01/23/2017
Issued: 12/31/2019
Est. Priority Date: 01/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a server in a distributed network, the method comprising:

receiving, from a first client, a first request comprising a first signing certificate of a first user of a first message;

in response to the first request, identifying, from a plurality of tenants, a first tenant that relates to the first signing certificate;

after identifying the first tenant, accessing a first tenant certificate collection from a first tenant store that ison the distributed network; and

logically separate from the first tenant and the first server;

upon receiving access to the first tenant store, loading, from the first tenant store, the first tenant certificate collection as a first tenant virtual store; and

with the first tenant virtual store, validating the first signing certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.

23 Citations

20 Claims

1. A computer-implemented method performed by a server in a distributed network, the method comprising:
- receiving, from a first client, a first request comprising a first signing certificate of a first user of a first message;
  
  in response to the first request, identifying, from a plurality of tenants, a first tenant that relates to the first signing certificate;
  
  after identifying the first tenant, accessing a first tenant certificate collection from a first tenant store that ison the distributed network; and
  
  logically separate from the first tenant and the first server;
  
  upon receiving access to the first tenant store, loading, from the first tenant store, the first tenant certificate collection as a first tenant virtual store; and
  
  with the first tenant virtual store, validating the first signing certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein validating the first signing certificate further comprises:
    - determining that the first signing certificate is valid; and
      
      sending validation, of the first signing certificate, to the first client.
  - 3. The method of claim 1, wherein validating the first signing certificate further comprises:
    - determining that the first signing certificate is invalid; and
      
      sending notice, to the first client, that the first signing certificate is invalid.
  - 4. The method of claim 1, further comprising:
    - receiving a second request comprising a second signing certificate of a second message;
      
      in response to the second request, identifying a second tenant that relates to the second signing certificate;
      
      after identifying the second tenant, accessing a second tenant certificate collection from a second private tenant store on the distributed network;
      
      upon receiving access to the second private tenant store, loading the second tenant certificate collection as a second tenant virtual store; and
      
      with the second tenant virtual store, validating the second signing certificate.
  - 5. The method of claim 4, wherein validating the second signing certificate further comprises:
    - determining that the second signing certificate is invalid; and
      
      sending notice, to the second client, that the second signing certificate is invalid.
  - 6. The method of claim 4, wherein validating the second signing certificate further comprises:
    - determining that the second signing certificate is valid; and
      
      sending validation, of the second signing certificate, to the second client.
  - 7. The method of claim 4, wherein the first tenant virtual store and the second tenant virtual store are loaded at the same time.
  - 8. The method of claim 4, wherein the first server receives the first request and the second request at the same time.
  - 9. The method of claim 4, wherein the first server deletes the first tenant virtual store upon an occurrence of a condition, and wherein the condition occurs when the first server receives the second request.
  - 10. The method of claim 1, wherein the first server deletes the first tenant virtual store upon an occurrence of a condition, and wherein the condition is use of a received virtual store.
  - 11. The method of claim 1, wherein the first server deletes the first tenant virtual store upon an occurrence of a condition, and wherein the condition is a predetermined amount of time.
  - 12. The method of claim 1, further comprising:
    - receiving, from a third client, a third request compromising a third signing certificate of a third message of a third user;
      
      in response to the third request, identifying a third tenant that relates to the third signing certificate;
      
      after identifying the third tenant, accessing a third tenant certificate collection from a third private tenant store on the distributed network;
      
      upon receiving access to the third tenant store, loading, form the third private tenant store, the third tenant certificate collection as a third tenant virtual store; and
      
      with the third tenant virtual store, validating the third signing certificate.
  - 13. The method of claim 1, wherein the first client comprises at least one of:
    - a mobile telephone;
      
      a smart phone;
      
      a tablet;
      
      a smart watch;
      
      a wearable computer;
      
      a personal computer;
      
      a desktop computer; and
      
      /ora laptop computer.
  - 14. The method of claim 1, wherein the first server deletes the first tenant virtual store upon an occurrence of a condition, and wherein the condition is reaching a predetermined amount of storage capacity on the first server.
  - 15. The method of claim 1, wherein the first tenant store on the distributed network receives a set of certificates from a first tenant administrator to form the first tenant certificate collection.

16. A system comprising:
- a distributed network for data exchange with a client;
  
  a computing device comprising;
  
  a processor;
  
  a memory for storing computer executable instructions that, when executed by the at processor, is operative to;
  
  receive, from a first client, a first request compromising a first signing certificate of a first user of a first message;
  
  in response to the first request, identify, from a plurality of tenants, a first tenant that relates to the first signing certificate;
  
  after identifying the first tenant, request access to a first tenant certificate collection stored in a first private tenant store, wherein the first private tenant store is logically separate from the first tenant, and wherein the first private tenant store is accessed on a distribute network;
  
  upon receiving access to the first private tenant store, load, from the first private tenant store, the first tenant certificate collection as a first tenant virtual store; and
  
  with the first tenant virtual store, validate the first signing certificate,wherein the first tenant virtual store is deleted after occurrence of;
  
  validation of the first signing certificate,invalidation of the first signing certificate,receiving a second request to validate a second signing certificate,reaching a predetermined data storage capacity, ora predetermined amount of time.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the processor is further operative to:
    - determine that the first signing certificate is valid; and
      
      send validation, of the first signing certificate, to the first client.
  - 18. The system of claim 16, wherein the processor is further operative to:
    - receive the second request comprising the second signing certificate of a second message;
      
      in response to the second request, identify a second tenant that relates to the second signing certificate;
      
      after identifying the second tenant, request access to a second tenant certificate collection stored in a second private tenant store;
      
      upon receiving access to the second private tenant store, load the second tenant certificate collection as a second tenant virtual store;
      
      with the second tenant virtual store, validate the second signing certificate;
      
      receive, from a third client, a third request comprising a third signing certificate of a third message, wherein, in response to receiving the third request, the second tenant virtual store is deleted;
      
      in response to the third request, identify a third tenant that relates to the third signing certificate;
      
      after identifying the third tenant, request access to a third tenant certificate collection stored in a third private tenant store;
      
      upon receiving access to the third tenant store, load, from the third private tenant store, the third tenant certificate collection as a third tenant virtual store; and
      
      with the third tenant virtual store, validate the third signing certificate.
  - 19. The system of claim 18, wherein the first private tenant store, the second private tenant store, and the third private tenant store are logically isolated on the distributed network.

20. A computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a computing system are operative to:
- receive, from a first client, a first request comprising a first signing certificate from a first user of a first message;
  
  in response to the first request, identify, from a plurality of tenants, a first tenant that relates to the first signing certificate;
  
  after identifying the first tenant, request access to a first tenant certificate collection stored in a first tenant store through a distributed network, wherein the first tenant store is logically separate from the first client;
  
  upon receiving access to the first tenant store, read the first tenant certificate collection on the first tenant store;
  
  after reading the first tenant certificate collection, load the first tenant certificate collection as a first tenant virtual store; and
  
  with the first tenant virtual store, validate the first signing certificate,in response to validating the first signing certificate, delete the first tenant virtual store;
  
  receive a second request comprising a second signing certificate from a second user of a second message;
  
  in response to the second request, identify the second tenant that relates to the second signing certificate;
  
  after identifying the second tenant, request access to a second tenant certificate collection on a second tenant store;
  
  upon receiving access to the second tenant certificate collection, read the second tenant certificate collection;
  
  after reading the second tenant certificate collection, load the second tenant certificate collection as a second tenant virtual store;
  
  with the second tenant virtual store, validate the second signing certificate; and
  
  in response to validating the second signing certificate, delete the second tenant virtual store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sharif, Tariq, Wang, Yamin, Chen, Jinghua
Primary Examiner(s)
Song, Hee K

Application Number

US15/412,886
Publication Number

US 20180213398A1
Time in Patent Office

1,072 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04W 12/069   using certificates or pre-s...

Tenant based signature validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tenant based signature validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links