Invention Grant
- Patent Title: Controlling access to cloud resources in data using cloud-enabled data tagging and a dynamic access control policy engine
-
Application No.: US16660275Application Date: 2019-10-22
-
Publication No.: US11580239B2Publication Date: 2023-02-14
- Inventor: Daniel John Carroll, Jr. , Kameshwar Jayaraman , Stuart Kwan , Kartik Tirunelveli Kanakasabesan , Shefali Gulati , Charles Glenn Jeffries , Ganesh Pandey , Roberto Carlos Taboada , Parul Manek , Steven Mark Silverberg
- Applicant: Microsoft Technology Licensing, LLC
- Applicant Address: US WA Redmond
- Assignee: Microsoft Technology Licensing, LLC
- Current Assignee: Microsoft Technology Licensing, LLC
- Current Assignee Address: US WA Redmond
- Agency: Kelly, Holt & Christenson, PLLC
- Agent Christopher J. Volkmann
- Main IPC: H04L9/00
- IPC: H04L9/00 ; G06F21/62 ; G06F9/451 ; G06F9/50 ; G06F21/31 ; G06F21/60
Abstract:
Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.
Public/Granted literature
Information query
