SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS

US 20160099915A1
Filed: 10/07/2014
Published: 04/07/2016
Est. Priority Date: 10/07/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage device having stored thereon computer-executable instructions, that when executed on at least one processor, cause the at least one processor to perform a process comprising:

generating security context data based on a security context provided by a tenant, to be transmitted through a multi-tenant computational environment;

wrapping the security context data with a protection layer that prevents an ability to access the security context data by devices external to a trusted service of the multi-tenant computational environment;

double-wrapping the security context data with a second protection layer that prevents un-authorized tenants of the trusted service from using the security context data; and

transmitting the double-wrapped security context data to the trusted service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data.

Citations

20 Claims

1. A computer-readable storage device having stored thereon computer-executable instructions, that when executed on at least one processor, cause the at least one processor to perform a process comprising:
- generating security context data based on a security context provided by a tenant, to be transmitted through a multi-tenant computational environment;
  
  wrapping the security context data with a protection layer that prevents an ability to access the security context data by devices external to a trusted service of the multi-tenant computational environment;
  
  double-wrapping the security context data with a second protection layer that prevents un-authorized tenants of the trusted service from using the security context data; and
  
  transmitting the double-wrapped security context data to the trusted service.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-readable storage device according to claim 1, the process executed by the at least one processor further comprising:
    - specifying rights for access to data associated with the security context data.
  - 3. The computer-readable storage device according to claim 1, the process executed by the at least one processor further comprising:
    - storing the double-wrapped security context data to a trusted resource of secrets within the trusted service.
  - 4. The computer-readable storage device according to claim 3, when the at least one processor executes the transmitting of the security context data, the security context data transmitted comprises at least one of a token, a certificate, a database connection string, and tenant service account credentials.

5. A computer-implemented method comprising:
- receiving a request to access security context data by a tenant application of a multi-tenant computational environment;
  
  determining whether the tenant application is a component of a trusted service of the multi-tenant computational environment;
  
  in response to determining that the tenant application is the component of the trusted service, determining whether the tenant application is authorized to access the security context data; and
  
  in response to determining that the tenant application is authorized to access the security context data, executing the security context data in a context associated with the security context data.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The method according to claim 5, wherein the executing of the security context data further comprises launching a provisioned service account for the tenant application to execute the security context data, wherein the provisioned service account has restricted privilege as compared to an account of the tenant application.
  - 7. The method according to claim 6, further comprising implementing the trusted service to evaluate the security context data of the tenant application, and restricting the provisioned service account to have only privileges consistent with the context defined in the security context data.
  - 8. The method according to claim 5, further comprising storing the security context data to a trusted source of secrets of the trusted service, wherein the trusted source of secrets is un-accessible by the tenant application.
  - 9. The method according to claim 8, wherein the trusted source of secrets is a trusted platform module.
  - 10. The method according to claim 5, further comprising:
    - creating a secure communication channel between the trusted service and the tenant application, wherein the secure communication channel is launched using a service account of the tenant of the multi-tenant computation environment to enable the trusted component to pass the security context data to the tenant application at run time.
  - 11. The method according to claim 5, further comprising:
    - monitoring intrusion attempts to detect unauthorized access to the security context data.
  - 12. The method according to claim 5, wherein the determining whether the tenant application is authorized to access the security context data further comprises comparing a registration identification of the tenant application and a stored registration identification of the tenant application to determine whether the tenant application is authorized to execute the security context data.
  - 13. The method according to claim 5, wherein the executing of the security context data further comprises unsealing the security context data using a private key before execution.
  - 14. The method according to claim 5, wherein the security context data is at least one of a token, a certificate, and credentials.
  - 15. The method according to claim 8, wherein the tenant application provides indication to the trusted source of secrets that the tenant application is a trusted component of the trusted service.

16. A system, comprising:
- at least one processor; and
  
  a memory operatively connected with the at least one processor, wherein the memory stores thereon computer-executable instructions, that when executed on the at least one processor, cause the at least one processor to perform a process that comprises;
  
  receive security context data at a trusted component of a multi-tenant computational environment,determine whether to unseal a first protection layer of the security context data for a tenant component of the multi-tenant computational environment to access the security context data, wherein the first protection layer prevents an ability to access the security context data by devices and services external to a trusted service of the multi-tenant computational environment, andin response to determining to unseal the first protection layer, determine whether to unseal a second protection layer of the security context data to enable the tenant component to access the security context data, wherein the second protection layer prevents un-authorized tenant components of the trusted service from using the security context data, andin response to determining to unseal the second protection layer, launching a restricted service account for the tenant component to execute the security context data, wherein the restricted service account is restricted to privilege only for processing defined by the security context data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system according to claim 16, wherein the multi-tenant computational environment is a cloud-computing environment.
  - 18. The system according to claim 16, wherein the system accesses a trusted platform module to receive the security context data, and wherein the trusted platform module provides the security context data to the system through a secure communication channel launched after unsealing the first protection layer and the second protection layer.
  - 19. The system according to claim 16, wherein a determination as to whether to unseal the second protection layer further comprises implementing the trusted service to evaluate the security context data of the tenant component.
  - 20. The system according to claim 19, wherein the trusted service compares a registration identification of the tenant component, provided with security context data, and a registration identification of the tenant component, stored by the trusted service, to determine whether the tenant component is authorized to access the security context data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Savelieva, Alexandra, Usman, Mohammad, Eshner, Daniel, Ginige, Nuwan

Granted Patent

US 9,967,319 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 67/10   in which an application is ...

SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links