Patent Grant
12034726
Embodiments of the invention relate to the field of network communications, and more specifically, to using a proxy server configured to use tenant control headers to manage access requests for resources.
IT administrators are concerned with maintaining high security, performance, and reliability of their customer network (e.g., a corporate network). To prevent the loss of sensitive or confidential data from the corporate network, IT administrators can allow users to access applications using corporate accounts, while blocking access to the application using personal accounts.
A networked system includes a proxy server configured to proxy requests and responses between client devices and cloud-based servers. The proxy server stores customer access policies that are applicable to resources requested by the client devices. When the proxy server receives a request, the proxy server determines a tenant identifier from the customer access policy, inserts a tenant control header with the tenant identifier in the request, and sends the modified request to the cloud-based server. The cloud-based server can then compare the tenant identifier in the tenant control header to a tenant identifier in the body of the request. In response to receiving a response from the cloud-based server indicating a rejection of the request, the proxy server transmits the request again to the cloud-based server but without the tenant control header. The proxy server then logs the request as an access request using a non-permitted tenant identifier.
The invention may best be understood by referring to the following description and accompanying drawings that are used to illustrate embodiments of the invention. In the drawings:
A proxy server sits between user devices and the internet and intercepts any network traffic from the user devices. For example, a proxy server receives requests (e.g., HTTP requests) from the user devices that are transmitted by the proxy server on the user's behalf. The proxy server can then relay responses to the requests back to the user devices. Some cloud-based services facilitate a tenant control feature that allows a proxy server to prevent access to a resource if a known tenant (e.g., a customer-defined domain) is not used. To use this feature, the proxy server inserts a tenant control header into the request specifying the tenant that is to be allowed to access the requested resource. The cloud-based service will reject any requests that are not associated with the tenant indicated in the tenant control header. For example, the cloud-based service will block a request that includes account credentials with the domain “example.com” when a tenant identified in the tenant control header is “company.com.”
However, blocking all requests with credentials that do not match the tenant identified in the tenant control header can be over-inclusive and result in a poor user experience. The embodiments described herein provide mechanisms for enforcing customer access policies in a manner that allows the proxy server to distinguish requests that include credentials for tenants allowed to access the requested resource from requests that do not.
In one embodiment, a proxy server receives a request from a user to access a resource hosted by a cloud-based server. The proxy server can insert a tenant control header into the request that specifies a tenant identifier (e.g., a domain name, directory identifier, etc.) that indicates a tenant that is permitted to access the resource. The proxy server then transmits the request with the inserted tenant control header to the cloud-based server. The cloud-based server can then compare the tenant identifier in the tenant control header to a tenant identifier in the body of the request. When they do not match, the cloud-based server rejects the request, and, conversely, when they do match, the cloud-based server accepts the request. In response to receiving a response from the cloud-based server indicating a rejection of the request, the proxy server transmits the request again to the cloud-based server but without the tenant control header. The proxy server then logs the request as an access request using a non-permitted tenant identifier.
Embodiments of the invention provide many technical advantages, in addition to addressing the deficiencies of previous solutions. For example, improvements to the security of resources can be realized by using the tenant control header to differentiate between requests that use account credentials with a permitted tenant identifier from requests that use account credentials without a permitted tenant identifier.
Examples of client device 105 include computing devices (e.g., laptops, desktops, workstations, smartphones, palm tops, mobile phones, tablets, gaming systems, set top boxes, wearable devices, internet-of-things (IoT) devices, electronic devices, etc.) that are capable of transmitting and/or receiving network traffic. In some embodiments, client device 105 executes a client network application 110 that is capable of transmitting and/or receiving network traffic. For example, client network applications 110 may be a web browser or other application that can access network resources (e.g., web pages, images, word processing documents, PDF files, movie files, music files, or other computer files).
In one embodiment, proxy server 120 is an intermediary device configured to receive requests to access and/or modify resources hosted by the cloud-based server 130, and further receives responses to such requests from the cloud-based server 130. For example, web traffic (e.g., HTTP requests/responses, HTTPS requests/responses, SPDY requests/responses, HTTP/2 requests, responses, etc.) for domains handled by cloud-based server 130 may be received at proxy server 120.
In some embodiments, the proxy server 120 includes a tenant control module 122 and a plurality of databases, including a customer access policies database 124 and an access logs database 126. The customer access policies database 124 stores access policies provided by a customer associated with a resource. The customer access policies database 124 can receive the access policies from a customer device 107, either directly or via the configuration server 140. The access logs database 126 stores access log data associated with requests to access resources hosted by the cloud-based server. In one embodiment, the access log data for a request indicates whether the request was received with account credentials associated with a permitted or a non-permitted tenant (e.g., domain).
In some embodiments, the tenant control module 122 is configured to generate tenant control headers that can be inserted or appended to requests received by the proxy server 120. The tenant control module 122 can generate the tenant control header based on customer access policies that allow a customer to define who can access a resource. The tenant control header can include a tenant identifier. Example tenant identifiers can include a domain (e.g., “example.com”) or a directory identifier value that identifies a tenant. The insertion of the tenant control header into the request can result in the granting of access to the resource if the request includes credentials for a tenant matching a tenant identifier in the tenant control header. Conversely, access to the resource can be denied if the request includes credentials for a tenant that does not match a tenant identifier in the tenant control header.
Examples of cloud-based server 130 includes computing devices that may serve and/or generate network resources (e.g., web pages, images, word processing documents, PDF files, movie files, music files, or other computer files). Cloud-based server 130 may also be an edge server to the server that serves and/or generates network resources. Although not illustrated in
Examples of customer device 107 include computing devices (e.g., laptops, desktops, workstations, smartphones, palm tops, mobile phones, tablets, gaming systems, set top boxes, wearable devices, internet-of-things (IoT) devices, electronic devices, etc.) that are capable of managing resources associated with the customer, including through the creation of customer access policies for such resources. In one embodiment, the configuration server 140 receives configuration data from the customer device 107. In one embodiment, the configuration server 140 allows a user of the customer device 107 to provide the configuration data to configure settings and parameters for access policies that apply to resources hosted by the cloud-based server 130.
At operation 2.1, client device 105 makes a request to access a resource that is received at proxy server 120. For example, the request can be made by a client network application (e.g., client network application 110) operating on the client device 105. The request can be generated in response to a user selecting a link or URL (e.g., in a browser application). For example, proxy server 120 receives an HTTP “GET” request to access a resource hosted by cloud-based server 130. In one embodiment, the requested resource is a web page (e.g., an HTML page) located at, e.g., www.example.com/index.html. The request may include a request for an action to be performed on the resource. The request may include credentials for accessing the resource, including a user name, an email address, etc.
At operation 2.2, the proxy server 120 modifies the request by inserting a tenant control header. In some embodiments, the proxy server includes a tenant control module 122 that is configured to generate the tenant control header that is inserted into, or appended to, the request from the client device 105. In one embodiment, the tenant control module 122 accesses a customer access policies database 124 using an identifier of the resource requested (e.g., an application name, etc.) to retrieve associated policies defined by a customer.
In some embodiments, a customer access policy for a resource may indicate that permitted requests should include a specific tenant identifier. An example tenant identifier is a domain associated with the customer. For example, when a customer access policy for a resource indicates that credentials in the request should include the tenant identifier “company.com,” the tenant control module 122 generates a tenant control header that includes the domain “company.com.”
At operation 2.3, after modifying the request to include the tenant control header, the proxy server 120 sends the modified request to the cloud-based server 130 hosting the resource. The cloud-based server 130 is configured to decrypt the request and identify account credentials in the request. For example, the cloud-based server 130 identifies a username or email address in the request. The cloud-based server 130 is further configured to extract the tenant identifier from the tenant control header. The cloud-based server 130 then compares the domain of the account credentials with the domain indicated by the tenant identifier from the tenant control header.
At operation 2.4, when the domain of the account credentials and the domain indicated by the tenant identifier from the tenant control header do not match, the cloud-based server 130 determines that the account credentials in the request are not permitted access to the resource. For example, if the tenant identifier from the tenant control header indicates that credentials with the domain “company.com” are permitted and the account credentials in request have the domain “email.com,” the cloud-based server rejects the request.
At operation 2.5, in response to determining that the domain in the account credentials do not match the domain from the tenant control header, the cloud-based server 130 sends a response indicating the rejection of the request to the proxy server 120. In some embodiments, the response can include an HTTP status response, such as a “4xx client error” response indicating that the request cannot be fulfilled. Example responses can include a “401 Unauthorized” or a “403 Forbidden” HTTP client error code.
In some embodiments, the response from the cloud-based server 130 can be a webpage. In such embodiments, the proxy server 120 can be configured to analyze the content of the webpage to determine whether the request failed. For example, the proxy server 120 can identify keywords or phrases from the content of the webpage (e.g., an error code).
In some embodiments, the proxy server 120 can fingerprint known success responses, e.g., via status codes, keywords/phrases, expected redirects, etc. In such embodiments, when the proxy server 120 receives the response from the cloud-based server 130, the proxy server 120 can compare the response to the fingerprinted known success responses. When the response from the cloud-based server 130 differs from the known success responses, the proxy server 120 can identify the response as indicating that the request failed.
At operation 2.6, the proxy server 120 removes the tenant control header from the modified request. Upon receipt of the rejection response, the proxy server 120 recognizes the rejection of the request with the tenant control header as indicating that the request included credentials with a domain other than a permitted domain. Instead of blocking, or dropping, the request, however, the proxy server 120 is configured to remove the tenant control header from the modified request. In some embodiments, the proxy server 120 can retrieve the original request that was stored without the tenant control header (e.g., from storage).
In another embodiment, the proxy server 120 can generate a failure notification message and transmit the failure notification message back to the client device 105 that initiated the request to access the resource (in operation 2.1). In such embodiments, the failure notification message can be an indication to the client device to retransmit the request to access the resource to the proxy server 120.
In some embodiments, the failure notification message include a rate-limit status code (e.g., “429 Too Many Requests.”) or include a “retry-after” HTTP header. In some embodiments, the proxy server 120 can return a client-specific response. For example, the response back to the client device 105 can include a 429 error code or a retry-after HTTP header based on client support. In some embodiments, the proxy server 120 can fingerprint and identify the client device 105 to determine which method(s) are supported by the client device 105. In situations where the client device 105 does not support either a rate-limit status code or a “retry-after” HTTP header, the proxy server 120 can retransmit the request on behalf of the client device 105 (e.g., by retrieving a stored copy of the original request).
At operation 2.7, after retrieving the original request, receiving a retransmitted request, or modifying the request to remove the tenant control header, the proxy server 120 resends the request, or forwards as-is the retransmitted request, without the tenant control header to the cloud-based server 130.
At operation 2.8, the proxy server 120 logs the request received from the client device 105 as using a non-permitted tenant identifier. The rejection of the modified request with the tenant control header is an indication that the initial request from the client device 105 did not have account credentials matching the tenant identifier indicated in the tenant control header. In embodiments, the proxy server 120 can generate and store the log entry in a database (e.g., access logs database 126) prior to, simultaneously with, or subsequent to sending the request without the tenant control header to the cloud-based server 130.
At operation 2.9, the cloud-based server 130 decrypts the received request without the tenant control header and accepts the request to access the resource. At operation 2.10, in response to accepting the request to access the resource, the cloud-based server 130 sends a response with the requested resource to the proxy server 120. For example, the cloud-based server 130 can retrieve the requested resource and/or grant access to the requested resource. The cloud-based server 130 can then generate a response with the resource and send the response to the proxy server 120. At operation 2.11, the proxy server 120 can send the response with the resource to the client device 105.
At operation 3.1, client device 105 makes a request to access a resource that is received at proxy server 120. For example, the request can be made by a client network application (e.g., client network application 110) operating on the client device 105. The request can be generated in response to a user selecting a link or URL (e.g., in a browser application). For example, proxy server 120 receives an HTTP “GET” request to access a resource hosted by cloud-based server 130. In one embodiment, the requested resource is a web page (e.g., an HTML page) located at, e.g., www.example.com/index.html. The request may include a request for an action to be performed on the resource. The request may include credentials for accessing the resource, including a user name, an email address, etc.
At operation 3.2, the proxy server 120 modifies the request by inserting a tenant control header. In some embodiments, the proxy server includes a tenant control module 122 that is configured to generate the tenant control header that is inserted into, or appended to, the request from the client device 105. In one embodiment, the tenant control module 122 accesses a customer access policies database 124 using an identifier of the resource requested (e.g., an application name, etc.) to retrieve associated policies defined by a customer.
In some embodiments, a customer access policy for a resource may indicate that permitted requests should include a specific tenant identifier. An example tenant identifier is a domain associated with the customer. For example, when a customer access policy for a resource indicates that credentials in the request should include the tenant identifier “company.com,” the tenant control module 122 generates a tenant control header that includes the domain “company.com.”
At operation 3.3, after modifying the request to include the tenant control header, the proxy server 120 sends the modified request to the cloud-based server 130 hosting the resource. The cloud-based server 130 is configured to decrypt the request and identify account credentials in the request. For example, the cloud-based server 130 identifies a username or email address in the request. The cloud-based server 130 is further configured to extract the tenant identifier from the tenant control header. The cloud-based server 130 then compares the domain of the account credentials with the domain indicated by the tenant identifier from the tenant control header.
At operation 3.4, when the domain of the account credentials and the domain indicated by the tenant identifier from the tenant control header match, the cloud-based server 130 determines that the account credentials in the request are permitted access to the resource. For example, if the tenant identifier from the tenant control header indicates that credentials with the domain “company.com” are permitted and the account credentials in request have the domain “company.com,” the cloud-based server accepts or approves the request for the resource.
At operation 3.5, in response to determining that the domain in the account credentials matches the domain from the tenant control header, the cloud-based server 130 sends a response with the requested resource to the proxy server 120. For example, the cloud-based server 130 can retrieve the requested resource and/or grant access to the requested resource. The cloud-based server 130 can then generate a response with the resource and send the response to the proxy server 120.
At operation 3.6, the proxy server 120 logs the access request received from the client device 105 as using a permitted tenant identifier. The acceptance of the modified request with the tenant control header, as shown by the cloud-based server 130 sending the response with the resource, is an indication that the initial request from the client device 105 used account credentials matching the tenant identifier indicated in the tenant control header. In embodiments, the proxy server 120 can generate and store the log entry in a database (e.g., access logs database 126) prior to, simultaneously with, or subsequent to sending the response with the resource to the client device. At operation 3.7, the proxy server 120 can send the response with the resource to the client device 105.
In operation 405, a proxy server receives a first request from a first user to access a resource hosted by a cloud-based server. For example, the request can be made by the first user using a client network application operating on a client device. The request can be generated in response to a user selecting a link or URL (e.g., in a browser application). For example, the proxy server can receive an HTTP “GET” request to access a resource hosted by the cloud-based server. In one embodiment, the requested resource is a web page (e.g., an HTML page) located at, e.g., www.example.com/index.html. The request may include a request for an action to be performed on the resource. The request may include user credentials for accessing the resource, including a user name, an email address, etc.
In operation 410, the proxy server inserts a first tenant control header into the first request, the first tenant control header specifying a tenant identifier, the tenant identifier indicating a tenant permitted to access the resource. In some embodiments, the proxy server accesses a customer access policies database to retrieve a customer access policy associated with the resource. The proxy server then identifies a tenant identifier from the customer access policy. In one embodiment, the tenant identifier identifies a tenant that is permitted to access the resource. In such embodiments, the tenant identifier can be a domain (e.g., “example.com”) or a directory identifier value. For example, the tenant identifier can be a domain associated with an organization or corporate system indicating that account credentials with the domain of the organization are allowed to access the resource. The proxy server generates the first tenant control header with the tenant identifier. The proxy server then inserts or appends the tenant control header to the first request.
In operation 415, the proxy server transmits the first request with the inserted first tenant control header to the cloud-based server. The cloud-based server is configured to decrypt the first request. The cloud-based server can extract or identify account credentials from the first request and compare the account credentials to the tenant identifier in the tenant control header of the first request. The cloud-based server may then accept or reject the first request based on the comparison. When the tenant identifier indicated by the account credentials in the first request does not match the tenant identifier in the tenant control header, the cloud-based server may reject the request.
In operation 420, the proxy server receives a first response indicating a rejection of the first request with the inserted first tenant control header. The rejection by the cloud-based server can be an indication to the proxy server that the first request used account credentials that did not match the tenant identifier from the customer access policy associated with the resource. This can be an indication that the account credentials were from a personal account (e.g., “email.com”) instead of from the tenant indicated by the tenant identifier (e.g., “company.com”).
In some embodiments, the rejection is indicated by the inclusion of an HTTP client error code in the first response. Examples of HTTP client error codes can include a “401 Unauthorized” or a “403 Forbidden” HTTP client error code. In other embodiments, the response from the cloud-based server can be a webpage. In such embodiments, the proxy server can be configured to analyze the content of the webpage to determine whether the request failed. For example, the proxy server can identify keywords or phrases from the content of the webpage (e.g., an error code) to determine whether the first request failed. In some embodiments, the proxy server can fingerprint known success responses, e.g., via status codes, keywords/phrases, expected redirects, etc. In such embodiments, the response can be compared with fingerprinted known success responses. When the response from the cloud-based server differs from the known success responses, the proxy server can identify the response as indicating that the request failed.
The failure notification message can include a rate-limit status code (e.g., “429 Too Many Requests.”) or include a “retry-after” HTTP header. In some embodiments, the proxy server 120 can return a client-specific response. For example, the response back to the client device 105 can include a 429 error code or a retry-after HTTP header based on client support. In some embodiments, the proxy server 120 can fingerprint and identify the client device 105 to determine which method(s) are supported by the client device 105. In situations where the client device 105 does not support either a rate-limit status code or a “retry-after” HTTP header, the proxy server 120 can retransmit the request on behalf of the client device 105 (e.g., by retrieving a stored copy of the original request).
In operation 425, the proxy server, responsive to receiving the first response, transmits the first request again to the cloud-based server but without the first tenant control header. In one embodiment, the proxy server removes the tenant control header that was inserted in the first request in operation 415. In other embodiments, the proxy server retrieves an original copy of the first request for retransmission to the cloud-based server. In other embodiments, where the proxy server does not store a copy of the first request, the proxy server sends a failure notification to the client device that initiated the first request. In some embodiments, the failure notification message includes a rate-limit status code (e.g., “429 Too Many Requests.”) or include a “retry-after” HTTP header. In some embodiments, the proxy server can fingerprint and identify the client device to determine which method(s) are supported by the client device, and then configure a failure notification message accordingly. For example, the failure notification message can be configured to include the rate-limit status code or the “retry-after” HTTP header based on the capabilities of the client device. In such embodiments, the client device can retransmit the request to the proxy server, and the proxy server can retransmit the request to the cloud-based server. Where the client device does not support either a rate-limit status code or a “retry-after” HTTP header, the proxy server can retransmit the request on behalf of the client device (e.g., by retrieving a stored copy of the original request).
In operation 430, the proxy server logs the first request as an access request using a non-permitted tenant identifier. In response to receiving the rejection of the first request with the tenant control header, the proxy server can log the first request as being from an unsanctioned account.
In one embodiment, when the tenant identifier indicated by the account credentials in a request (e.g., a second request) matches the tenant identifier in the tenant control header inserted or appended to the second request, the cloud-based server may accept the request. In such embodiments, responsive to accepting the request, the cloud-based server can send a second response to the proxy server. The second response can include the requested resource and can be proxied to a requesting client device via the proxy server. In such embodiments, the proxy server further logs the second request in an access logs database as a request that used a permitted tenant identifier.
The data processing system 500 also includes one or more network interfaces 540 (e.g., a wired and/or wireless interfaces) that allows the data processing system 500 to transmit data and receive data from other computing devices, typically across one or more networks (e.g., Local Area Networks (LANs), the Internet, etc.). The data processing system 500 may also include one or more input or output (“I/O”) components 550 such as a mouse, keypad, keyboard, a touch panel or a multi-touch input panel, camera, frame grabber, optical scanner, an audio input/output subsystem (which may include a microphone and/or a speaker), other known I/O devices or a combination of such I/O devices.
Additional components, not shown, may also be part of the data processing system 500, and, in certain embodiments, fewer components than that shown in
Thus, an electronic device (e.g., a computer or a mobile client device) includes hardware and software, such as a set of one or more processors coupled to one or more machine-readable storage media to store code for execution on the set of processors and/or to store data. For instance, an electronic device may include non-volatile memory containing the code since the non-volatile memory can persist the code even when the electronic device is turned off, and while the electronic device is turned on that part of the code that is to be executed by the processor(s) of that electronic device is copied from the slower non-volatile memory into volatile memory (e.g., dynamic random access memory (DRAM), static random access memory (SRAM)) of that electronic device. Typical electronic devices also include a set or one or more physical network interface(s) to establish network connections (to transmit and/or receive code and/or data using propagating signals) with other electronic devices. One or more parts of an embodiment of the invention may be implemented using different combinations of software, firmware, and/or hardware.
The techniques shown in the figures can be implemented using code and data stored and executed on one or more computing devices (e.g., client devices, servers, etc.). Such computing devices store and communicate (internally and/or with other computing devices over a network) code and data using machine-readable media, such as machine-readable storage media (e.g., magnetic disks; optical disks; random access memory; read only memory; flash memory devices; phase-change memory) and machine-readable communication media (e.g., electrical, optical, acoustical or other form of propagated signals—such as carrier waves, infrared signals, digital signals, etc.). In addition, such computing devices typically include a set of one or more processors coupled to one or more other components, such as one or more storage devices, user input/output devices (e.g., a keyboard, a touchscreen, and/or a display), and network connections. The coupling of the set of processors and other components is typically through one or more busses and bridges (also termed as bus controllers). The storage device and signals carrying the network traffic respectively represent one or more machine-readable storage media and machine-readable communication media. Thus, the storage device of a given computing device typically stores code and/or data for execution on the set of one or more processors of that computing device. Of course, one or more parts of an embodiment of the invention may be implemented using different combinations of software, firmware, and/or hardware.
In the preceding description, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known circuits, structures and techniques have not been shown in detail in order not to obscure the understanding of this description. Those of ordinary skill in the art, with the included descriptions, will be able to implement appropriate functionality without undue experimentation.
References in the specification to “one embodiment,” “an embodiment,” “an example embodiment,” etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
In the preceding description and the claims, the terms “coupled” and “connected,” along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. “Coupled” is used to indicate that two or more elements, which may or may not be in direct physical or electrical contact with each other, co-operate or interact with each other. “Connected” is used to indicate the establishment of communication between two or more elements that are coupled with each other.
While the flow diagrams in the figures show a particular order of operations performed by certain embodiments of the invention, it should be understood that such order is exemplary (e.g., alternative embodiments may perform the operations in a different order, combine certain operations, overlap certain operations, etc.).
While the invention has been described in terms of several embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described, can be practiced with modification and alteration within the spirit and scope of the appended claims. The description is thus to be regarded as illustrative instead of limiting.
| Number | Name | Date | Kind |
|---|---|---|---|
| 8156246 | Short | Apr 2012 | B2 |
| 8266269 | Short | Sep 2012 | B2 |
| 9038108 | McCausland | May 2015 | B2 |
| 9038151 | Chua | May 2015 | B1 |
| 9229800 | Jain | Jan 2016 | B2 |
| 9471775 | Wagner | Oct 2016 | B1 |
| 9509776 | Chou | Nov 2016 | B2 |
| 9514327 | Ford | Dec 2016 | B2 |
| 9553860 | Meyer | Jan 2017 | B2 |
| 9774495 | Okita | Sep 2017 | B1 |
| 9858559 | Raleigh | Jan 2018 | B2 |
| 9880933 | Gupta | Jan 2018 | B1 |
| 9900317 | Cantrill | Feb 2018 | B2 |
| 9961011 | Mordani | May 2018 | B2 |
| 10057775 | Raleigh | Aug 2018 | B2 |
| 10165447 | Raleigh | Dec 2018 | B2 |
| 10205701 | Voss | Feb 2019 | B1 |
| 10305861 | Moysi | May 2019 | B2 |
| 10333959 | Katrekar | Jun 2019 | B2 |
| 10348767 | Lee | Jul 2019 | B1 |
| 10367748 | Short | Jul 2019 | B2 |
| 10425386 | Wardell | Sep 2019 | B2 |
| 10425443 | Ronen | Sep 2019 | B2 |
| 10630771 | Garza | Apr 2020 | B1 |
| 10708379 | Gupta | Jul 2020 | B1 |
| 10728342 | Lieberman | Jul 2020 | B1 |
| 10749943 | Feiguine | Aug 2020 | B1 |
| 10776441 | Echeverria | Sep 2020 | B1 |
| 10798100 | Chu | Oct 2020 | B1 |
| 10868836 | Yancey | Dec 2020 | B1 |
| 10909088 | Colrain | Feb 2021 | B2 |
| 11146569 | Brooker | Oct 2021 | B1 |
| 11153190 | Mahajan | Oct 2021 | B1 |
| 11184403 | Wu | Nov 2021 | B1 |
| 11196551 | Weldemariam | Dec 2021 | B2 |
| 11269808 | Yuan | Mar 2022 | B1 |
| 11269939 | Sammer | Mar 2022 | B1 |
| 11271972 | Ravi | Mar 2022 | B1 |
| 11271973 | Ravi | Mar 2022 | B1 |
| 11303647 | Wu | Apr 2022 | B1 |
| 11334388 | Jakobsson | May 2022 | B2 |
| 11372654 | Battle | Jun 2022 | B1 |
| 11381537 | Freed | Jul 2022 | B1 |
| 11416628 | Miller | Aug 2022 | B2 |
| 11423111 | Vaishnavi | Aug 2022 | B2 |
| 11431697 | Parekh | Aug 2022 | B2 |
| 11502908 | Singh | Nov 2022 | B1 |
| 11593270 | Brooker | Feb 2023 | B1 |
| 11611497 | Manikanta | Mar 2023 | B1 |
| 11632360 | Tan | Apr 2023 | B1 |
| 11726846 | Bhatia | Aug 2023 | B2 |
| 11736585 | Perng | Aug 2023 | B2 |
| 11792284 | Nanduri | Oct 2023 | B1 |
| 11816073 | Chakrabarti | Nov 2023 | B1 |
| 11831516 | Li | Nov 2023 | B2 |
| 11895192 | Mehta | Feb 2024 | B1 |
| 11909750 | Morris | Feb 2024 | B1 |
| 20030065805 | Barnes, Jr. | Apr 2003 | A1 |
| 20030163692 | Kleinsteiber | Aug 2003 | A1 |
| 20030163727 | Hammons | Aug 2003 | A1 |
| 20090037492 | Baitalmal | Feb 2009 | A1 |
| 20100103837 | Jungck | Apr 2010 | A1 |
| 20100198730 | Ahmed | Aug 2010 | A1 |
| 20100250497 | Redlich | Sep 2010 | A1 |
| 20100333116 | Prahlad | Dec 2010 | A1 |
| 20110225506 | Casalaina | Sep 2011 | A1 |
| 20130058346 | Sridharan | Mar 2013 | A1 |
| 20130204849 | Chacko | Aug 2013 | A1 |
| 20130322446 | Biswas | Dec 2013 | A1 |
| 20140020068 | Desai | Jan 2014 | A1 |
| 20140068705 | Chambers | Mar 2014 | A1 |
| 20140108474 | David | Apr 2014 | A1 |
| 20140181285 | Stevens | Jun 2014 | A1 |
| 20140189069 | Gero | Jul 2014 | A1 |
| 20140192804 | Ghanwani | Jul 2014 | A1 |
| 20150081863 | Garg | Mar 2015 | A1 |
| 20150163206 | McCarthy | Jun 2015 | A1 |
| 20150195178 | Bhattacharya | Jul 2015 | A1 |
| 20150207758 | Mordani | Jul 2015 | A1 |
| 20150229645 | Keith | Aug 2015 | A1 |
| 20150310188 | Ford | Oct 2015 | A1 |
| 20150365370 | Gvildys | Dec 2015 | A1 |
| 20150373097 | Konkus | Dec 2015 | A1 |
| 20160092339 | Straub | Mar 2016 | A1 |
| 20160127454 | Maheshwari | May 2016 | A1 |
| 20170006135 | Siebel | Jan 2017 | A1 |
| 20170012872 | Chao | Jan 2017 | A1 |
| 20170041296 | Ford | Feb 2017 | A1 |
| 20170048319 | Straub | Feb 2017 | A1 |
| 20170078248 | Bian | Mar 2017 | A1 |
| 20170126549 | Paramasivam | May 2017 | A1 |
| 20170195217 | Parasmal | Jul 2017 | A1 |
| 20170195237 | Parasmal | Jul 2017 | A1 |
| 20170331791 | Wardell | Nov 2017 | A1 |
| 20170331832 | Lander | Nov 2017 | A1 |
| 20170339148 | Syomichev | Nov 2017 | A1 |
| 20170339247 | Tiwari | Nov 2017 | A1 |
| 20170364702 | Goldfarb | Dec 2017 | A1 |
| 20180041598 | Vats | Feb 2018 | A1 |
| 20180063089 | Moysi | Mar 2018 | A1 |
| 20180063143 | Wilson | Mar 2018 | A1 |
| 20180077144 | Gangawane | Mar 2018 | A1 |
| 20180081983 | Carru | Mar 2018 | A1 |
| 20180083915 | Medam | Mar 2018 | A1 |
| 20180083944 | Vats | Mar 2018 | A1 |
| 20180083977 | Murugesan | Mar 2018 | A1 |
| 20180109498 | Singh | Apr 2018 | A1 |
| 20180159856 | Gujarathi | Jun 2018 | A1 |
| 20180176301 | Rosier | Jun 2018 | A1 |
| 20180288063 | Koottayi | Oct 2018 | A1 |
| 20180322136 | Carpentier | Nov 2018 | A1 |
| 20180367363 | Jaeger | Dec 2018 | A1 |
| 20180367396 | Kompella | Dec 2018 | A1 |
| 20180367541 | Ponnuswamy | Dec 2018 | A1 |
| 20180375828 | Rawat | Dec 2018 | A1 |
| 20190058709 | Kempf | Feb 2019 | A1 |
| 20190075438 | Kuo | Mar 2019 | A1 |
| 20190095491 | Bhattacharjee | Mar 2019 | A1 |
| 20190098106 | Mungel | Mar 2019 | A1 |
| 20190102162 | Pitre | Apr 2019 | A1 |
| 20190103991 | Cidon | Apr 2019 | A1 |
| 20190103993 | Cidon | Apr 2019 | A1 |
| 20190104035 | Cidon | Apr 2019 | A1 |
| 20190104111 | Cidon | Apr 2019 | A1 |
| 20190104413 | Cidon | Apr 2019 | A1 |
| 20190116153 | Deverakonda Venkata | Apr 2019 | A1 |
| 20190138638 | Pal | May 2019 | A1 |
| 20190147092 | Pal | May 2019 | A1 |
| 20190158605 | Markuze | May 2019 | A1 |
| 20190182213 | Saavedra | Jun 2019 | A1 |
| 20190268421 | Markuze | Aug 2019 | A1 |
| 20190306010 | Medam | Oct 2019 | A1 |
| 20190306111 | Tang | Oct 2019 | A1 |
| 20190306138 | Carru | Oct 2019 | A1 |
| 20190312857 | Lander | Oct 2019 | A1 |
| 20190318122 | Hockey | Oct 2019 | A1 |
| 20190349426 | Smith | Nov 2019 | A1 |
| 20190373083 | Nucci | Dec 2019 | A1 |
| 20200007583 | Dixit | Jan 2020 | A1 |
| 20200014763 | Boon | Jan 2020 | A1 |
| 20200053129 | Neystadt | Feb 2020 | A1 |
| 20200097583 | Fanghaenel | Mar 2020 | A1 |
| 20200133955 | Padmanabhan | Apr 2020 | A1 |
| 20200137065 | Tubbs | Apr 2020 | A1 |
| 20200186501 | Neystadt | Jun 2020 | A1 |
| 20200201935 | Filipovic | Jun 2020 | A1 |
| 20200204551 | Singh | Jun 2020 | A1 |
| 20200236187 | Tal | Jul 2020 | A1 |
| 20200250295 | Padmanabhan | Aug 2020 | A1 |
| 20200250683 | Padmanabhan | Aug 2020 | A1 |
| 20200252404 | Padmanabhan | Aug 2020 | A1 |
| 20200252406 | Padmanabhan | Aug 2020 | A1 |
| 20200257700 | Xu | Aug 2020 | A1 |
| 20200272670 | Vaishnavi | Aug 2020 | A1 |
| 20200274782 | Balaiah | Aug 2020 | A1 |
| 20200304502 | Jafari | Sep 2020 | A1 |
| 20200336484 | Mahajan | Oct 2020 | A1 |
| 20200344233 | Lai | Oct 2020 | A1 |
| 20200374106 | Padmanabhan | Nov 2020 | A1 |
| 20200394332 | Jakobsson | Dec 2020 | A1 |
| 20200403994 | Bitterfeld | Dec 2020 | A1 |
| 20200404059 | Feiguine | Dec 2020 | A1 |
| 20210067461 | Cidon | Mar 2021 | A1 |
| 20210067468 | Cidon | Mar 2021 | A1 |
| 20210075815 | dos Santos Silva | Mar 2021 | A1 |
| 20210081947 | Hockey | Mar 2021 | A1 |
| 20210105275 | Bansal | Apr 2021 | A1 |
| 20210168142 | Foxhoven | Jun 2021 | A1 |
| 20210176326 | Carley | Jun 2021 | A1 |
| 20210182423 | Padmanabhan | Jun 2021 | A1 |
| 20210234860 | Bansal | Jul 2021 | A1 |
| 20210286861 | Churchill | Sep 2021 | A1 |
| 20210306436 | Magerramov | Sep 2021 | A1 |
| 20210336934 | Deshmukh | Oct 2021 | A1 |
| 20210367944 | Gupta | Nov 2021 | A1 |
| 20210377210 | Singh | Dec 2021 | A1 |
| 20210409336 | Talur | Dec 2021 | A1 |
| 20220019367 | Freilich | Jan 2022 | A1 |
| 20220027431 | Zheng | Jan 2022 | A1 |
| 20220029929 | Jain | Jan 2022 | A1 |
| 20220094741 | Kothandaraman | Mar 2022 | A1 |
| 20220141192 | Silveira | May 2022 | A1 |
| 20220141308 | Saha | May 2022 | A1 |
| 20220174491 | Cristache | Jun 2022 | A1 |
| 20220210063 | Brar | Jun 2022 | A1 |
| 20220224703 | Devarajan | Jul 2022 | A1 |
| 20220247657 | Kamath | Aug 2022 | A1 |
| 20220266451 | Cristache | Aug 2022 | A1 |
| 20220286494 | Zheng | Sep 2022 | A1 |
| 20220321566 | Coyle | Oct 2022 | A1 |
| 20220321567 | Klosterman | Oct 2022 | A1 |
| 20220341217 | Cristache | Oct 2022 | A1 |
| 20220353339 | Singh | Nov 2022 | A1 |
| 20220385656 | Gujarathi | Dec 2022 | A1 |
| 20220393943 | Pangeni | Dec 2022 | A1 |
| 20230015603 | Smith | Jan 2023 | A1 |
| 20230019448 | Deshmukh | Jan 2023 | A1 |
| 20230020330 | Schwerin | Jan 2023 | A1 |
| 20230031855 | Busbee | Feb 2023 | A1 |
| 20230075355 | Twigg | Mar 2023 | A1 |
| 20230079238 | Cristache | Mar 2023 | A1 |
| 20230112401 | Cristache | Apr 2023 | A1 |
| 20230169529 | Mukhitov | Jun 2023 | A1 |
| 20230186870 | Cristache | Jun 2023 | A1 |
| 20230206329 | Cella | Jun 2023 | A1 |
| 20230208943 | VanAntwerp | Jun 2023 | A1 |
| 20230231884 | Deshmukh | Jul 2023 | A1 |
| 20230239234 | Zohar | Jul 2023 | A1 |
| 20230247003 | Chanak | Aug 2023 | A1 |
| 20230262030 | Bansal | Aug 2023 | A1 |
| 20230269137 | Fehring | Aug 2023 | A1 |
| 20230281527 | Cella | Sep 2023 | A1 |
| 20230319054 | Hendrey | Oct 2023 | A1 |
| 20230328086 | Kapoor | Oct 2023 | A1 |
| 20240080329 | Reed | Mar 2024 | A1 |
| Entry |
|---|
| Cao et al “LogStore: A Cloud-Native and Multi-Tenant Log Database,” Industrial Track Paper, SIGMOD'21, Jun. 20-25, 2021, Virtual Event, China, pp. 2464-2476 (Year: 2021). |
| Koponen et al “Network Virtualization in Multi-Tenant Datacenters,” 11th USENIX Symposium on Networked Systems Design and Implementation, pp. 203-216, (Year: 2014). |
| Chen et al “Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing,” Tsinghua Science and Technology, pp. 82-94 (Year: 2014). |
| Factor et al “Secure Logical Isolation for Multi-Tenancy in Cloud Storage,” IEEE, pp. 1-5 (Year: 2013). |
| Sadeh et al “SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments,” IEEE, pp. 213-218, (Year: 2013). |
