×

Secure isolation of tenant resources in a multi-tenant storage system using a security gateway

  • US 9,411,973 B2
  • Filed: 05/02/2013
  • Issued: 08/09/2016
  • Est. Priority Date: 05/02/2013
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of handling a client request in a hierarchical multi-tenant data storage system, the method comprising:

  • processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant;

    extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request;

    extracting authentication signatures or credentials that correspond to a level in the hierarchy;

    for a first level in the hierarchy, spawning a dedicated subtenant authenticator;

    for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator, wherein the dedicated subtenant authenticator is privileged to validate credentials for a subtenant at only the first level; and

    receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×