Accessing a cloud-based service platform using enterprise application authentication

Assignee

• Box, Inc. · US

Inventors

• Drew Branden · San Francisco, US
• Daniel Theurer · Mountain View, US
• Aniket Shivajirao Patil · Milpitas, US
• Lev Kantorovskiy · Mountain View, US
• Sean Rose · San Francisco, US
• Rachel Kay Lambert · San Francisco, US
• Timothy Martin Heilig · Palo Alto, US
• Peter Rexer · Redwood City, US
• Rory Arend Paap · Palo Alto, US
• Charles Boyd Burnette · Wake Forest, US
• Vikram Sardesai · San Jose, US
• Dominic Anton Grillo · Mountain View, US
• Wayne Cheng · Taichung, TW
• Lyall Yatsun Chun · San Jose, US
• Steve Hackney · Mountain View, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0807
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems for managing user-level security in a cloud-based service platform. A server in a cloud-based environment is configured to interface with storage devices that store objects that are accessible over a network by two or more users. An enterprise entity is identified using an enterprise identifier associated with the enterprise, and an application service is associated with an application identifier. An application service request comprising a user identifier and the application identifier is received, and authentication is determined based on the combination of the user identifier and a pre-authenticated application identifier. Once the application service request is authenticated, then specific aspects of the service request are authorized. The integrity of the application identifier is confirmed by locating a secure association of the given application identifier to a pre-shared enterprise identifier. Logging, auditing and other functions can be performed at the user level using the user identifier for user-level tracking.