| 发明名称 |
Multitenant-aware protection service |
| 摘要 |
Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis. |
| 申请公布号 |
US9015493(B2) |
申请公布日期 |
2015.04.21 |
| 申请号 |
US201012883414 |
申请日期 |
2010.09.16 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Hu Jason Xiaodong;Hitchcock Daniel W.;Kostal Gregory |
| 分类号 |
G06F21/00;H04L29/06;G06F21/60 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Churna Timothy;Fashokun Sade;Minas Micky |
| 主权项 |
1. A method of implementing a data protection service, the method comprising:
receiving a request for data from a first tenant from among a plurality of tenants managed by a single data protection service, wherein a tenant is defined as an entity among a plurality of entities, and where a single data protection service provides data protection services to all tenants in the plurality of tenants, wherein, for each tenant in the plurality of tenants, the data protection service maintains a unique security root of trust comprising a unique client certificate and associated unique public and private cryptographic key pair, wherein each of the public and private cryptographic keys in the key pair are unique and specific to the each tenant; identifying a first encryption key stored at a data store used to decrypt the first tenant's data at the data store, wherein the first encryption key is specific to the first tenant and cannot be used to decrypt any other tenants' data at the data store from among the plurality of tenants, but rather wherein each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis; decrypting data identified in the request for data using the first encryption key that is specific to the first tenant; and sending the data to the first tenant. |
| 地址 |
Redmond WA US |
