Tenant based signature validation

US 9,565,198 B2
Filed: 09/19/2014
Issued: 02/07/2017
Est. Priority Date: 01/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method for validating a custom signature, the method comprising:

receiving, at a first server in a distributed network, a first request from a first client to validate a first signing certificate of a first user of a first message received by the first client wherein the first user sent the first message, and wherein the first signing certificate is from the first user of a first tenant;

identifying, by the first server, the first tenant that relates to the first signing certificate from a plurality of tenants in response to the first request;

accessing over the network, by the first server, a first tenant certificate collection from a first private tenant store on the distributed network after identifying the first tenant, wherein the first private tenant store is separate from the first tenant and the first server;

loading, on the first server, the first tenant certificate collection from the first private tenant store as a first tenant virtual store upon receiving access to the first private tenant store; and

performing validation of the first signing certificate using the first tenant virtual store by;

identifying the first user of the first tenant;

identifying certificate requirements for the identified first user listed within the first tenant certificate collection on the first tenant virtual store; and

determining if the first signing certificate meets the certificate requirements of the first user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.

Citations

18 Claims

1. A method for validating a custom signature, the method comprising:
- receiving, at a first server in a distributed network, a first request from a first client to validate a first signing certificate of a first user of a first message received by the first client wherein the first user sent the first message, and wherein the first signing certificate is from the first user of a first tenant;
  
  identifying, by the first server, the first tenant that relates to the first signing certificate from a plurality of tenants in response to the first request;
  
  accessing over the network, by the first server, a first tenant certificate collection from a first private tenant store on the distributed network after identifying the first tenant, wherein the first private tenant store is separate from the first tenant and the first server;
  
  loading, on the first server, the first tenant certificate collection from the first private tenant store as a first tenant virtual store upon receiving access to the first private tenant store; and
  
  performing validation of the first signing certificate using the first tenant virtual store by;
  
  identifying the first user of the first tenant;
  
  identifying certificate requirements for the identified first user listed within the first tenant certificate collection on the first tenant virtual store; and
  
  determining if the first signing certificate meets the certificate requirements of the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the performing validation of the first signing certificate using the first tenant virtual store further comprises:
    - determining that the first signing certificate is valid; and
      
      sending validation of the first signing certificate to the first client.
  - 3. The method of claim 1, wherein the performing validation of the first signing certificate using the first tenant virtual store further comprises:
    - determining that the first signing certificate is invalid; and
      
      sending notice to the first client that the first signing certificate is invalid.
  - 4. The method of claim 1, further comprising:
    - receiving, at the first server in the distributed network, a second request from a second client to validate a second signing certificate of a second message received by the second client;
      
      identifying a second tenant that relates to the second signing certificate from the plurality of tenants in response to the second request;
      
      accessing a second tenant certificate collection from a second private tenant store on the distributed network after identifying the second tenant;
      
      loading, on the first server, the second tenant certificate collection as a second tenant virtual store; and
      
      performing validation of the second signing certificate using the second tenant virtual store.
  - 5. The method of claim 4, wherein the performing validation of the second signing certificate using the second tenant virtual store further comprises:
    - determining that the second signing certificate is invalid; and
      
      sending notice to the second client that the second signing certificate is invalid.
  - 6. The method of claim 4, wherein the performing validation of the second signing certificate using the second tenant virtual store further comprises:
    - determining that the second signing certificate is valid; and
      
      sending validation of the second signing certificate to the second client.
  - 7. The method of claim 4, wherein the first tenant virtual store and the second tenant virtual store are loaded on the first server at the same time.
  - 8. The method of claim 4, wherein the first server receives the first request to validate the first signing certificate from the first client and the second request to validate the second signing certificate from the second client at the same time.
  - 9. The method of claim 4, wherein the first tenant virtual store is deleted when the first server receives the second request to validate the second signing certificate from the second client.
  - 10. The method of claim 1, wherein the method is performed in accordance with s/mime protocol.
  - 11. The method of claim 1, further comprising:
    - receiving, at a second server on the distributed network, a third request from a third client to validate a third signing certificate of a third message received by the third client;
      
      identifying, by the second server, a third tenant that relates to the third signing certificate from the plurality of tenants in response to the third request;
      
      accessing, by the second server, a third tenant certificate collection from a third private tenant store on the distributed network after identifying the first tenant;
      
      loading, on the second server, the third tenant certificate collection as a third tenant virtual store; and
      
      performing validation of the third signing certificate using the third tenant virtual store.
  - 12. The method of claim 1, wherein the first client comprises at least one of:
    - a mobile telephone;
      
      a smart phone;
      
      a tablet;
      
      a smart watch;
      
      a wearable computer;
      
      a personal computer;
      
      a desktop computer; and
      
      a laptop computer.
  - 13. The method of claim 1, wherein the distributed network communicates with the first client for providing data to at least one of:
    - an email application;
      
      a social networking application;
      
      a collaboration application;
      
      an enterprise management application;
      
      a messaging application;
      
      a word processing application;
      
      a spreadsheet application;
      
      a database application;
      
      a presentation application;
      
      a contacts application; and
      
      a calendaring application.
  - 14. The method of claim 1, wherein the first private tenant store on the distributed network receives a set of certificates from a first tenant administrator to form the first tenant certificate collection.

15. A system comprising:
- a distributed network of servers for data exchange with a client executed at least in part by a computing device, the computing device comprising;
  
  at least one processor;
  
  a memory for containing computer-executable instructions, which when executed by the at least one processor, cause a server to perform a method comprising;
  
  receiving a first request from a first client to validate a first signing certificate of a first user of a first message received by the first client, wherein the first user sent the first message, and wherein the first signing certificate is from the first user of a first tenant;
  
  identifying the first tenant that relates to the first signing certificate from a plurality of tenants in response to the first request;
  
  requesting access to a first tenant certificate collection stored in a first private tenant store after identifying the first tenant, where the first private tenant store is separate from the first tenant and the first client and is accessed via a network;
  
  loading the first tenant certificate collection upon receiving access to the first private tenant store; and
  
  performing validation of the first signing certificate using the first tenant certificate collection by;
  
  identifying the first user of the first tenant;
  
  identifying certificate requirements for the identified first user listed within the first tenant certificate collection on a first tenant virtual store; and
  
  determining if the first signing certificate meets the certificate requirements of the first user.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the method further comprises:
    - receiving a second request from the first client to validate a second signing certificate of a second message received by the first client;
      
      identifying a second tenant that relates to the second signing certificate from the plurality of tenants in response to the second request;
      
      requesting access to a second tenant certificate collection stored in a second private tenant store after identifying the second tenant;
      
      loading the second tenant certificate collection;
      
      performing validation of the second signing certificate using the second tenant certificate collection;
      
      receiving a third request from a second client to validate a third signing certificate of a third message received by the second client;
      
      identifying a third tenant that relates to the third signing certificate from the plurality of tenants in response to the third request;
      
      requesting access to a third tenant certificate collection stored in a third private tenant store in after identifying the third tenant;
      
      loading the third tenant certificate collection; and
      
      performing validation of the third signing certificate using the third tenant certificate collection.
  - 17. The system of claim 16, wherein the first private tenant store, the second private tenant store, and the third private tenant store are separately stored and isolated from each other on the distributed network of servers.

18. A computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a computing system in a distributed network, cause the computing system to perform a method comprising:
- receiving a first request from a first client to validate a first signing certificate from a first user of a first message received by the first client, wherein the first user sent the first message, and wherein the first signing certificate is from the first user of a first tenant;
  
  identifying the first tenant that relates to the first signing certificate from a plurality of tenants;
  
  requesting access to a first tenant certificate collection stored in a first private tenant store through a network after identifying the first tenant, wherein the first private tenant store is separate from the first client;
  
  reading the first tenant certificate collection on the first private tenant store upon gaining access to the first private tenant store;
  
  loading the first tenant certificate collection as a first tenant virtual store; and
  
  determining that the first signing certificate is valid using the first tenant virtual store by;
  
  identifying the first user of the first tenant;
  
  identifying certificate requirements for the identified first user listed within the first tenant certificate collection on the first tenant virtual store; and
  
  determining if the first signing certificate meets the certificate requirements of the first user;
  
  receiving a second request from a second client to validate a second signing certificate from a second user of a second message received by the second client wherein the second user sent the second message, and wherein the second signing certificate is from the second user of a second tenant;
  
  identifying the second tenant that relates to the second signing certificate from the plurality of tenants;
  
  requesting access through the network to a second tenant certificate collection on a second private tenant store after identifying the second tenant, wherein the second private tenant store is separate from the second client;
  
  reading the second tenant certificate collection on the second private tenant store upon receiving access to the second private tenant store;
  
  loading the second tenant certificate collection as a second tenant virtual store; and
  
  determining that the second signing certificate is valid using the second tenant virtual store by;
  
  identifying the second user of the second tenant;
  
  identifying certificate requirements for the identified second user listed within the second tenant certificate collection on the second tenant virtual store; and
  
  determining if the second signing certificate meets the certificate requirements of the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sharif, Tariq, Wang, Yamin, Chen, Jinghua
Primary Examiner(s)
Okeke, Izunna
Assistant Examiner(s)
SONG, HEE K

Application Number

US14/491,051
Publication Number

US 20150222643A1
Time in Patent Office

872 Days
Field of Search

713/150, 713/153, 726 5- 7, 726/28
US Class Current

1/1
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/123 received data contents, e.g...

Tenant based signature validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Tenant based signature validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links