公开(公告)号：US20230093731A1

公开(公告)日：2023-03-23

申请号：US18070059

申请日：2022-11-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anuj DHAWAN ,  Brijesh Bhupendra DESAI ,  Kameshwar JAYARAMAN ,  Ayla KOL ,  Amit A. BAPAT ,  Qi CAO ,  Steven Jay LIEBERMAN ,  Ganesh PANDEY ,  Parul MANEK

IPC: G06F21/62 ,  G06F21/60

Abstract: Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a system of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the system of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The system of the service provider validates the DEP. The system of the service provider stores the DEP based on the validation.

公开(公告)号：US20220245268A1

公开(公告)日：2022-08-04

申请号：US17166752

申请日：2021-02-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anuj Dhawan ,  Brijesh Bhupendra DESAI ,  Kameshwar JAYARAMAN ,  Ayla KOL ,  Amit A. BAPAT ,  Qi CAO ,  Steven Jay LIEBERMAN ,  Ganesh PANDEY ,  Parul MANEK

IPC: G06F21/62 ,  G06F21/60

Abstract: Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a system of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the system of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The system of the service provider validates the DEP. The system of the service provider stores the DEP based on the validation.

公开(公告)号：US20210029142A1

公开(公告)日：2021-01-28

申请号：US16523799

申请日：2019-07-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yoganand RAJASEKARAN ,  Raquibur RAHMAN ,  Ayla KOL ,  Philip Ross MOYER ,  Brijesh Bhupendra DESAI ,  Zijun HAO ,  Mainul MIZAN ,  Kameshwar JAYARAMAN ,  Benjamin DU ,  Ganesh PANDEY ,  Parul MANEK

IPC: H04L29/06 ,  G06F9/54 ,  G06N20/00

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that receives requests to investigate an incident. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The control message processing system performs investigation tasks within the workspace. A secure log generation system captures information corresponding to the tasks and generates an event record based on the captured information.

公开(公告)号：US20230161895A1

公开(公告)日：2023-05-25

申请号：US18152343

申请日：2023-01-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Daniel John CARROLL, JR. ,  Kameshwar JAYARAMAN ,  Stuart KWAN ,  Kartik Tirunelveli KANAKASABESAN ,  Shefali GULATI ,  Charles Glenn JEFFRIES ,  Ganesh PANDEY ,  Roberto Carlos TABOADA ,  Parul MANEK ,  Steven Mark SILVERBERG

IPC: G06F21/62 ,  G06F9/451 ,  G06F9/50 ,  G06F21/31 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F9/451 ,  G06F9/5072 ,  G06F21/31 ,  G06F21/602 ,  G06F2221/2141

Abstract: Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.

公开(公告)号：US20210029128A1

公开(公告)日：2021-01-28

申请号：US16523795

申请日：2019-07-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yoganand RAJASEKARAN ,  Raquibur RAHMAN ,  Ayla KOL ,  Philip Ross MOYER ,  Brijesh Bhupendra DESAI ,  Zijun HAO ,  Mainul MIZAN ,  Kameshwar JAYARAMAN ,  Benjamin DU ,  Ganesh PANDEY ,  Parul MANEK

IPC: H04L29/06

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that is a user-facing system and receives requests to prepare for an incident investigation. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The request processing system does not access the workspace and the control message processing system is not available for external access by a user. Data and functionality are ingested into the workspace. The control message processing system performs investigation preparation tasks within the workspace. The results of the investigation tasks are surfaced for user access.

公开(公告)号：US20230205572A1

公开(公告)日：2023-06-29

申请号：US18179601

申请日：2023-03-07

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yoganand RAJASEKARAN ,  Raquibur RAHMAN ,  Ayla KOL ,  Philip Ross MOYER ,  Brijesh Bhupendra DESAI ,  Zijun HAO ,  Mainul MIZAN ,  Kameshwar JAYARAMAN ,  Benjamin DU ,  PARUL MANEK ,  GANESH PANDEY

IPC: G06F9/455 ,  G06N20/00 ,  G06F11/34

CPC classification number: G06F9/45558 ,  G06N20/00 ,  G06F11/3476 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that receives requests to investigate an incident. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. An investigation pack, which includes investigative resources used in the investigation, is identified and the workspace is pre-configured with the identified investigation pack. The control message processing system performs investigation tasks within the workspace using the investigation pack.

公开(公告)号：US20210216622A1

公开(公告)日：2021-07-15

申请号：US17220204

申请日：2021-04-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kameshwar JAYARAMAN ,  Nicholas Elliot CLAUNCH ,  Priyanshu Kumar JHA ,  Shankaranand ARUNACHALAM

IPC: G06F21/45 ,  G06F21/34 ,  H04L29/06 ,  H04L9/08

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.