CONTROLLING APPLICATION ACCESS TO SENSITIVE DATA

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Arash Vahidnia of Bellevue WA (US)

Vasundhara Puttagunta of Hyderabad (IN)

Rajalakshmi Dani of Redmond WA (US)

Anand Madhava Menon of Redmond WA (US)

Neha Arora of Newcastle WA (US)

Himani Arora of Hyderabad (IN)

Richa Sehgal of Bengaluru (IN)

Rufino Louie Mayor, Jr. of Snohomish WA (US)

Sanjoyan Mustafi of Redmond WA (US)

Himanshu Jindal of Gurugram (IN)

Sumit Kumar Chauhan of Hyderabad (IN)

Caleb Geoffrey Baker of Seattle WA (US)

Nikhil Reddy Boreddy of Bellevue WA (US)

Shuvam Singha Roy of Kolkata (IN)

CONTROLLING APPLICATION ACCESS TO SENSITIVE DATA - A simplified explanation of the abstract

This abstract first appeared for US patent application 17835050 titled 'CONTROLLING APPLICATION ACCESS TO SENSITIVE DATA

Simplified Explanation

The abstract describes a patent application that focuses on controlling access to resources in a computing environment by applications. Here are the key points:

• The technology provides fine-grained access control to resources in a computing environment.
• It determines the compliance status of an application based on access control policy compliance criteria.
• It ascertains the authorization status of a request based on the authorization credential and requirement of the resource.
• The response to the request is based on both the compliance status and the authorization status.
• Access control can also be based on the beneficiary of the request.
• The compliance classifier dynamically updates the compliance status when compliance criteria or attributes change.
• An identity service access control architecture uses a compliance attribute to improve efficiency.
• Applications can be grouped based on resource sensitivity labels.

Potential applications of this technology:

• Cloud computing platforms can use this technology to control access to resources by different applications.
• Enterprises can implement this technology to ensure secure access to sensitive data and resources.
• Government agencies can utilize this technology to enforce access control policies for classified information.

Problems solved by this technology:

• Provides a fine-grained access control mechanism, allowing organizations to have more control over who can access their resources.
• Reduces the risk of unauthorized access by dynamically updating compliance status based on changes in compliance criteria or attributes.
• Improves efficiency by utilizing a compliance attribute in the identity service access control architecture.

Benefits of this technology:

• Enhanced security by providing fine-grained access control to resources.
• Improved compliance management by dynamically updating compliance status.
• Increased efficiency through the use of a compliance attribute in the access control architecture.

Original Abstract Submitted

Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of the request based on an authorization credential of the request and an authorization requirement of the resource, and responds to the request based on the compliance status and also based on the authorization status, thereby providing fine-grained access control. Access may also be controlled based on a request's beneficiary. An access request response may allow access, deny access, or ask for additional authorization. A compliance classifier reduces risk by dynamically updating compliance status after compliance criteria changes or attribute changes. An identity service access control architecture uses a compliance attribute to improve efficiency. Applications may be access control grouped according to resource sensitivity labels.