公开(公告)号：US20230093731A1

公开(公告)日：2023-03-23

申请号：US18070059

申请日：2022-11-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anuj DHAWAN ,  Brijesh Bhupendra DESAI ,  Kameshwar JAYARAMAN ,  Ayla KOL ,  Amit A. BAPAT ,  Qi CAO ,  Steven Jay LIEBERMAN ,  Ganesh PANDEY ,  Parul MANEK

IPC: G06F21/62 ,  G06F21/60

Abstract: Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a system of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the system of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The system of the service provider validates the DEP. The system of the service provider stores the DEP based on the validation.

公开(公告)号：US20220245268A1

公开(公告)日：2022-08-04

申请号：US17166752

申请日：2021-02-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anuj Dhawan ,  Brijesh Bhupendra DESAI ,  Kameshwar JAYARAMAN ,  Ayla KOL ,  Amit A. BAPAT ,  Qi CAO ,  Steven Jay LIEBERMAN ,  Ganesh PANDEY ,  Parul MANEK

IPC: G06F21/62 ,  G06F21/60

Abstract: Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a system of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the system of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The system of the service provider validates the DEP. The system of the service provider stores the DEP based on the validation.

公开(公告)号：US20220278991A1

公开(公告)日：2022-09-01

申请号：US17749761

申请日：2022-05-20

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anshul DUBE ,  Parul MANEK ,  Steven Mark SILVERBERG ,  Shankaranand ARUNACHALAM ,  Jason Craig NELSON ,  Andrew Burke RYAN ,  Robert A. LOWE ,  Ganesh PANDEY

IPC: H04L9/40

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

公开(公告)号：US20210029142A1

公开(公告)日：2021-01-28

申请号：US16523799

申请日：2019-07-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yoganand RAJASEKARAN ,  Raquibur RAHMAN ,  Ayla KOL ,  Philip Ross MOYER ,  Brijesh Bhupendra DESAI ,  Zijun HAO ,  Mainul MIZAN ,  Kameshwar JAYARAMAN ,  Benjamin DU ,  Ganesh PANDEY ,  Parul MANEK

IPC: H04L29/06 ,  G06F9/54 ,  G06N20/00

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that receives requests to investigate an incident. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The control message processing system performs investigation tasks within the workspace. A secure log generation system captures information corresponding to the tasks and generates an event record based on the captured information.

公开(公告)号：US20230161895A1

公开(公告)日：2023-05-25

申请号：US18152343

申请日：2023-01-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Daniel John CARROLL, JR. ,  Kameshwar JAYARAMAN ,  Stuart KWAN ,  Kartik Tirunelveli KANAKASABESAN ,  Shefali GULATI ,  Charles Glenn JEFFRIES ,  Ganesh PANDEY ,  Roberto Carlos TABOADA ,  Parul MANEK ,  Steven Mark SILVERBERG

IPC: G06F21/62 ,  G06F9/451 ,  G06F9/50 ,  G06F21/31 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F9/451 ,  G06F9/5072 ,  G06F21/31 ,  G06F21/602 ,  G06F2221/2141

Abstract: Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.

公开(公告)号：US20210234864A1

公开(公告)日：2021-07-29

申请号：US16773526

申请日：2020-01-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anshul DUBE ,  Parul MANEK ,  Steven Mark SILVERBERG ,  Shankaranand ARUNACHALAM ,  Jason Craig NELSON ,  Andrew Burke RYAN ,  Robert A. LOWE ,  Ganesh PANDEY

IPC: H04L29/06

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

公开(公告)号：US20210029128A1

公开(公告)日：2021-01-28

申请号：US16523795

申请日：2019-07-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yoganand RAJASEKARAN ,  Raquibur RAHMAN ,  Ayla KOL ,  Philip Ross MOYER ,  Brijesh Bhupendra DESAI ,  Zijun HAO ,  Mainul MIZAN ,  Kameshwar JAYARAMAN ,  Benjamin DU ,  Ganesh PANDEY ,  Parul MANEK

IPC: H04L29/06

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that is a user-facing system and receives requests to prepare for an incident investigation. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The request processing system does not access the workspace and the control message processing system is not available for external access by a user. Data and functionality are ingested into the workspace. The control message processing system performs investigation preparation tasks within the workspace. The results of the investigation tasks are surfaced for user access.