Secure cross-tenancy federation in software-as-a-service system
US8978122B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 29, 2013 |
| Grant date | Mar 10, 2015 |
| Priority date | — |
| Expiry date | Jun 14, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0815
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In a software-as-a-service system, a federated relationship is established between a first tenant subsystem (host) and a user account on a second tenant subsystem (guest), the federated relationship including visibility controls in the host specifying resources made accessible to an authorized user of the user account. When a guest user accesses the host, an authentication is performed that includes requesting and receiving from the guest a security assertion that the user has been authenticated by the guest as the authorized user. Each tenant subsystem includes mechanisms for authenticating its own users for access control; the cross-tenancy authentication extends this operation to make and accept authentication assertions from other tenants. A second risk-based authentication may be performed for additional confidence, typically based on comparing circumstances for the present access to circumstances for past accesses.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.