公开(公告)号：US20160065555A1

公开(公告)日：2016-03-03

申请号：US14838212

申请日：2015-08-27

Applicant: Box, Inc.

Inventor： Drew Barrett Branden ,  Daniel Theurer ,  Aniket Shivajirao Patil ,  Lev Kantorovskiy ,  Sean Andrew Rose ,  Rachel Kay Lambert ,  TimothyTimothy Martin Heilig ,  Peter Otto Rexer ,  Rory Arend Paap ,  Charles Boyd Burnette ,  Vikram Sudhir Sardesai ,  Dominic Anton Grillo ,  Wayne Cheng ,  Lyall Yatsun Chun ,  Steven Brett Hackney

IPC: H04L29/06

CPC classification number: H04L63/0807

Abstract: Systems for managing user-level security in a cloud-based service platform. A server in a cloud-based environment is configured to interface with storage devices that store objects that are accessible over a network by two or more users. An enterprise entity is identified using an enterprise identifier associated with the enterprise, and an application service is associated with an application identifier. An application service request comprising a user identifier and the application identifier is received, and authentication is determined based on the combination of the user identifier and a pre-authenticated application identifier. Once the application service request is authenticated, then specific aspects of the service request are authorized. The integrity of the application identifier is confirmed by locating a secure association of the given application identifier to a pre-shared enterprise identifier. Logging, auditing and other functions can be performed at the user level using the user identifier for user-level tracking.

Abstract translation: 用于在基于云的服务平台中管理用户级安全性的系统。 基于云的环境中的服务器被配置为与存储可由两个或多个用户通过网络访问的对象的存储设备进行接口。 使用与企业相关联的企业标识符来识别企业实体，并且应用服务与应用标识符相关联。 接收包括用户标识符和应用标识符的应用服务请求，并且基于用户标识符和预认证的应用标识符的组合来确定认证。 一旦应用服务请求被认证，那么授权服务请求的特定方面。 通过将给定应用标识符的安全关联定位到预共享企业标识符来确认应用标识符的完整性。 可以使用用户级别跟踪的用户标识符在用户级别执行日志记录，审核和其他功能。