公开(公告)号：US11582217B2

公开(公告)日：2023-02-14

申请号：US17344857

申请日：2021-06-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/71 ,  G06F21/53 ,  H04L9/40 ,  G06F9/46 ,  G06F9/455 ,  H04L12/22

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.

公开(公告)号：US11038866B2

公开(公告)日：2021-06-15

申请号：US16234211

申请日：2018-12-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/31 ,  G06F21/45 ,  H04L29/06 ,  G06F9/46 ,  G06F9/455 ,  G06F21/53

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided in association with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Moreover, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls from accessing the tenant's virtual network.