Confining lateral traversal within a computer network

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Jeromy S. Statia · Arlington, US
• Jeffrey R. Bacon · Shrewsbury, US
• Darrin Earl Curtis · Everett, US
• Aaron R. Davis · Seattle, US
• Douglas Anthony Rasler · Sammamish, US
• Elizabeth Anne Phippen · Bothell, US
• Satish Devan · Redmond, US
• Bum Su Jung · Redmond, US
• Daniel Dawson · Bothell, US
• George Ringer · Mercer Island, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2125
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Confining lateral traversal within a network. An authorization request identifies a credential, a protected first resource, and an identifier of a protected second resource for which authorization is requested. A lateral traversal policy associated with the second resource is identified, which constrains access to the second resource to only resources that belong to a subset of resources including the second resource. When it is determined that the credential is configured for access to the second resource, and when it is determined that the first resource belongs to the subset of resources including the second resource, an authorization token is issued, which authorizes the credential to access the second resource via the first resource. Alternatively, when it is determined that the credential is granted access to the second resource, and when it is determined that the first resource is outside of the particular subset of resources, the authorization request is denied.