公开(公告)号：US20240388589A1

公开(公告)日：2024-11-21

申请号：US18319023

申请日：2023-05-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Srinath T. V. SETTY ,  Christoph BERLIN ,  Ulrich HOMANN ,  Michael James ZWILLING

IPC: H04L9/40

Abstract: An entity is enabled to access encrypted resources in response to verifying access criteria of a region-based security policy is met. For example, a resource request to access an encrypted resource is received from an entity. A determination that the encrypted resource is assigned to a first region and is protected by a region-based security policy is made. A proof of a region attribute indicating that the entity possesses the region attribute is received from the entity, the region attribute indicates the entity is associated with the first region. An encrypted version of the region attribute is obtained from a ledger database. The resource request is validated based at least on the encrypted attribute and the proof of the region attribute. A verification is made that an access criteria of the region-based security policy is met. The entity is provided access to the encrypted resource.

公开(公告)号：US20240406002A1

公开(公告)日：2024-12-05

申请号：US18326493

申请日：2023-05-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Christoph BERLIN ,  Michael James ZWILLING

IPC: H04L9/32

Abstract: Data diode systems and methods are disclosed herein for enhancing data security. Encrypted data transmitted from a first node (e.g., an entity coupled to a network) is received. The data transmitted is encrypted with a public key associated with a second node (e.g., the node to which to which the encrypted data is transmitted). The encrypted data is decrypted with a private key associated with the second node to generate decrypted data. A determination is made whether a digital signature in the decrypted data corresponds to a ledger entry mapped to the first node in a first set of ledger entries. The first node is verified to be a trusted entity based on the digital signature having been determined to correspond to the ledger entry. Based on the verification, the transmission of the encrypted data from the first node is determined to be a permissible data transmission.