公开(公告)号：US10404689B2

公开(公告)日：2019-09-03

申请号：US15428848

申请日：2017-02-09

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Yi Zeng ,  Yu Huang

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/60 ,  H04L9/32 ,  H04L9/00 ,  G06F21/45 ,  G06F21/62 ,  G06F21/35

Abstract: The description relates to password reset security. One example can receive a login request and a password for a cloud-based user account. The example can also retrieve stored authenticated user information associated with the password. The example can further send a notification of the login request to a contact address associated with the cloud-based user account. The notification can contain at least some of the stored authenticated user information.

公开(公告)号：US10063537B2

公开(公告)日：2018-08-28

申请号：US14970773

申请日：2015-12-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Rajalakshmi Dani

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0823 ,  H04L63/104 ,  H04L63/105 ,  H04L63/126

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.

公开(公告)号：US11038870B2

公开(公告)日：2021-06-15

申请号：US15454836

申请日：2017-03-09

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Joel T. Hendrickson ,  Chang Chuen Kawaguchi

IPC: H04L29/06 ,  G06K7/14 ,  G06K19/10 ,  H04W12/04 ,  H04W12/06 ,  H04W12/30 ,  H04W12/77

Abstract: An input is received from a client device and is indicative of a desire to add a device for secure operations. Artifacts are generated and a quick response (QR) code is generated that represents the artifacts. The QR code is transmitted to the client device where it can be read by the device to be added, so the artifacts can be used in performing the secure operations.

公开(公告)号：US20180063153A1

公开(公告)日：2018-03-01

申请号：US15697109

申请日：2017-09-06

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Anand Menon ,  Guanghui He ,  Jiahui Wang ,  Neil Shipp ,  Nick Voicu ,  Yi Zeng ,  Yu (Kyle) Huang ,  Rajalakshmi Dani ,  David Hetherington ,  Zhaoan Liu ,  Gavin Ackroyd

IPC: H04L29/06 ,  G06F21/30 ,  H04L12/24

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

公开(公告)号：US09762585B2

公开(公告)日：2017-09-12

申请号：US14663082

申请日：2015-03-19

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Rajalakshmi Dani ,  Anand Madhava Menon ,  Paul H. Rich ,  Naveen Madan ,  Vikas Ahuja ,  Siddhartha Mathur ,  Liqiang Zhu

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60

CPC classification number: H04L63/104 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/08 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

公开(公告)号：US20160277411A1

公开(公告)日：2016-09-22

申请号：US14663082

申请日：2015-03-19

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Rajalakshmi Dani ,  Anand Madhava Menon ,  Paul H. Rich ,  Naveen Madan ,  Vikas Ahuja ,  Siddhartha Mathur ,  Liqiang Zhu

IPC: H04L29/06

CPC classification number: H04L63/104 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/08 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract translation: 提供了租户对租户数据访问权限的批准。 为了授权维修人员操作人员访问租户的数据以执行所请求的操作，锁箱确定操作员需要提升以执行请求的操作的安全组角色，计算一组内部管理员和授权的租户管理员 授予临时角色提升，并向管理员发送访问控制请求。 在收到来自内部管理员和租户管理员的访问控制请求的批准后，该锁箱将操作员提升到安全组角色，授予操作者所需的一组权限，以允许操作者执行所请求的动作。 因此，租户可以控制对其数据的访问，并根据其公司流程和合规性需求仔细检查访问请求。

公开(公告)号：US10785211B2

公开(公告)日：2020-09-22

申请号：US15963596

申请日：2018-04-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Jiahui Wang ,  Jingjing Zhong

IPC: H04L29/06 ,  G06F21/33 ,  H04L12/24

Abstract: An approval request for a recurring workflow instance is received, that requests the execution of an instance of a recurring workflow. An authorization token is generated based upon the content of the particular workflow to be executed, the location where the workflow is to be executed, and a time period during which the workflow is to be executed. The authorization token is sent, along with a representation of a workflow to be executed, to a target machine for authorization and execution.

公开(公告)号：US09787690B2

公开(公告)日：2017-10-10

申请号：US14714786

申请日：2015-05-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Anand Menon ,  Guanghui He ,  Jiahui Wang ,  Neil Shipp ,  Nick Voicu ,  Yi Zeng ,  Yu (Kyle) Huang ,  Rajalakshmi Dani ,  David Hetherington ,  Zhaoan Liu ,  Gavin Ackroyd

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/30

CPC classification number: H04L63/105 ,  G06F21/305 ,  H04L41/18 ,  H04L41/28 ,  H04L41/5096 ,  H04L63/083 ,  H04L63/102 ,  H04L63/20

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

公开(公告)号：US20160182525A1

公开(公告)日：2016-06-23

申请号：US14714786

申请日：2015-05-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Anand Menon ,  Guanghui He ,  Jiahui Wang ,  Neil Shipp ,  Nick Voicu ,  Yi Zeng ,  Yu (Kyle) Huang ,  Rajalakshmi Dani ,  David Hetherington ,  Zhaoan Liu ,  Gavin Ackroyd

IPC: H04L29/06

CPC classification number: H04L63/105 ,  G06F21/305 ,  H04L41/18 ,  H04L41/28 ,  H04L41/5096 ,  H04L63/083 ,  H04L63/102 ,  H04L63/20

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract translation: 当用户输入要在目标机器上执行的动作请求（例如所请求的命令）时，管理系统接收该请求并用独立的认证和许可系统进行验证。 验证的命令请求被发送到目标机器。 目标机器上的认证工作者访问目标机器本地的一组策略，以识别可执行所请求的命令的最小特权执行环境。 目标计算机上的身份验证工作程序在目标机器上标识的最低权限执行环境中启动所请求的命令。

公开(公告)号：US20160182487A1

公开(公告)日：2016-06-23

申请号：US14970773

申请日：2015-12-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Liqiang Zhu ,  Rajalakshmi Dani

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0823 ,  H04L63/104 ,  H04L63/105 ,  H04L63/126

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.

Abstract translation: 当用户输入要在目标机器上执行的动作请求（例如所请求的命令）时，管理系统接收该请求并用独立的认证和许可系统进行验证。 认证和许可系统根据请求验证签名并对其进行签名并生成经批准的工作流程包。 批准的工作流程包将发送到目标计算机。