KR102355480B1 - 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법 - Google Patents

멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법 Download PDF

Info

Publication number
KR102355480B1
KR102355480B1 KR1020177002052A KR20177002052A KR102355480B1 KR 102355480 B1 KR102355480 B1 KR 102355480B1 KR 1020177002052 A KR1020177002052 A KR 1020177002052A KR 20177002052 A KR20177002052 A KR 20177002052A KR 102355480 B1 KR102355480 B1 KR 102355480B1
Authority
KR
South Korea
Prior art keywords
partition
resources
identity domain
tenant
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020177002052A
Other languages
English (en)
Korean (ko)
Other versions
KR20170024014A (ko
Inventor
윌 홉킨스
크래이그 페레즈
데이비드 가이
피터 보워
주안 리
제프 탄칠
크리쉬나 스리람마드헤시칸
Original Assignee
오라클 인터내셔날 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 오라클 인터내셔날 코포레이션 filed Critical 오라클 인터내셔날 코포레이션
Publication of KR20170024014A publication Critical patent/KR20170024014A/ko
Application granted granted Critical
Publication of KR102355480B1 publication Critical patent/KR102355480B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • G06F16/278Data partitioning, e.g. horizontal or vertical partitioning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
KR1020177002052A 2014-06-23 2015-06-23 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법 Active KR102355480B1 (ko)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201462016058P 2014-06-23 2014-06-23
US62/016,058 2014-06-23
US201462054912P 2014-09-24 2014-09-24
US62/054,912 2014-09-24
PCT/US2015/037270 WO2015200379A1 (en) 2014-06-23 2015-06-23 System and method for supporting security in a multitenant application server environment

Publications (2)

Publication Number Publication Date
KR20170024014A KR20170024014A (ko) 2017-03-06
KR102355480B1 true KR102355480B1 (ko) 2022-01-26

Family

ID=53610997

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020177002052A Active KR102355480B1 (ko) 2014-06-23 2015-06-23 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법

Country Status (6)

Country Link
US (2) US9578009B2 (enExample)
EP (1) EP3158494B1 (enExample)
JP (1) JP6510568B2 (enExample)
KR (1) KR102355480B1 (enExample)
CN (1) CN106462717B (enExample)
WO (1) WO2015200379A1 (enExample)

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102271265B1 (ko) 2014-01-21 2021-07-01 오라클 인터내셔날 코포레이션 어플리케이션 서버, 클라우드 또는 다른 환경에서 멀티 테넌시를 지원하기 위한 시스템 및 방법
US10474998B2 (en) 2014-01-21 2019-11-12 Oracle International Corporation System and method for messaging in a multitenant application server environment
US10103946B2 (en) 2014-01-21 2018-10-16 Oracle International Corporation System and method for JMS integration in a multitenant application server environment
US10187454B2 (en) 2014-01-21 2019-01-22 Oracle International Corporation System and method for dynamic clustered JMS in an application server environment
US10476938B2 (en) 2014-01-21 2019-11-12 Oracle International Corporation System and method for multitenancy store in a multitenant application server environment
US10873627B2 (en) 2014-06-23 2020-12-22 Oracle International Corporation System and method for supporting use of an in-memory data grid with a multitenant application server environment
KR102355480B1 (ko) 2014-06-23 2022-01-26 오라클 인터내셔날 코포레이션 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법
US10027550B2 (en) 2014-06-23 2018-07-17 Oracle International Corporation System and method for multitenant-aware console for use in a multitenant application server environment
US11477278B2 (en) 2014-06-24 2022-10-18 Oracle International Corporation System and method for supporting partitions in a multitenant application server environment
US10348565B2 (en) 2014-09-25 2019-07-09 Oracle International Corporation System and method for rule-based elasticity in a multitenant application server environment
US10467061B2 (en) 2014-09-25 2019-11-05 Oracle International Corporation System and method for resource overriding in a multitenant application server environment
US10382537B2 (en) 2014-09-25 2019-08-13 Oracle International Corporation System and method for use of a global runtime in a multitenant application server environment
US10469401B2 (en) 2014-09-25 2019-11-05 Oracle International Corporation System and method for supporting lifecycle plugins in a multitenant application server environment
US10050903B2 (en) 2014-09-26 2018-08-14 Oracle International Corporation System and method for multi-tenancy enablement of enterprise JAVA (TM) applications using resource proxies and application tenancy context
US10091135B2 (en) 2014-09-26 2018-10-02 Oracle International Corporation System and method for multi-tenancy enablement of enterprise java applications using resource proxies and application tenancy context
EP3198426B1 (en) * 2014-09-26 2023-08-30 Oracle International Corporation System and method for transaction recovery in a multitenant application server environment
US11057272B2 (en) 2014-09-26 2021-07-06 Oracle International Corporation System and method for transactions in a multitenant application server environment
JP2016085641A (ja) * 2014-10-27 2016-05-19 キヤノン株式会社 権限移譲システム、権限移譲システムにて実行される方法、およびそのプログラム
US10250512B2 (en) 2015-01-21 2019-04-02 Oracle International Corporation System and method for traffic director support in a multitenant application server environment
US9667657B2 (en) * 2015-08-04 2017-05-30 AO Kaspersky Lab System and method of utilizing a dedicated computer security service
US10079693B2 (en) * 2015-12-28 2018-09-18 Netapp, Inc. Storage cluster management proxy
CN107153565B (zh) * 2016-03-03 2020-06-16 华为技术有限公司 配置资源的方法及其网络设备
US10404702B1 (en) * 2016-03-30 2019-09-03 EMC IP Holding Company LLC System and method for tenant network identity-based authentication and authorization for administrative access in a protection storage system
CN107204978B (zh) * 2017-05-24 2019-10-15 北京邮电大学 一种基于多租户云环境的访问控制方法及装置
US20190068572A1 (en) * 2017-08-22 2019-02-28 Salesforce.Com, Inc. Customizable secondary verification in a multi-tenant system
US11075799B2 (en) 2017-08-24 2021-07-27 Oracle International Corporation System and method for provisioning in a multi-tenant application server environment
CN109670312A (zh) 2017-10-13 2019-04-23 华为技术有限公司 安全控制方法及计算机系统
US10430606B1 (en) 2018-04-30 2019-10-01 Aras Corporation System and method for implementing domain based access control on queries of a self-describing data system
CN108848104B (zh) * 2018-07-02 2021-06-01 北京阿尔山金融科技有限公司 信息管理方法及装置
CN109587151A (zh) * 2018-12-13 2019-04-05 泰康保险集团股份有限公司 访问控制方法、装置、设备及计算机可读存储介质
US11165764B2 (en) * 2019-05-09 2021-11-02 Open Text Sa Ulc Data isolation and two-factor access control
CN110188573B (zh) * 2019-05-27 2024-06-04 深圳前海微众银行股份有限公司 分区授权方法、装置、设备及计算机可读存储介质
US11595378B2 (en) * 2019-06-03 2023-02-28 Zuora, Inc. Systems and methods for providing authentication in a microservice system
US11675927B2 (en) * 2019-11-13 2023-06-13 Open Text Sa Ulc System and method for external users in groups of a multitenant system
CN110855714B (zh) * 2019-11-29 2021-09-14 广州鲁邦通物联网科技有限公司 一种多租户设备的安全连接方法和系统
FR3105471B1 (fr) * 2019-12-19 2022-02-04 Amadeus Une plateforme de réservation informatique distribuée pour stocker et gérer des enregistrements de données partagés
US12225010B2 (en) 2020-03-31 2025-02-11 Atlassian Pty Ltd. Access controls for a dedicated database system storing user-generated content input to a multitenant service of a collaborative work environment
CN111541654A (zh) * 2020-04-08 2020-08-14 曙光信息产业(北京)有限公司 基于多租户云管平台的用户管理方法、装置和计算机设备
CN111488599A (zh) * 2020-04-09 2020-08-04 北京思特奇信息技术股份有限公司 基于附加组使用的赋权方法、装置、电子设备及存储介质
JP7559358B2 (ja) * 2020-05-28 2024-10-02 株式会社リコー サービス提供システム、情報処理システム、利用権限割当方法
US11574068B2 (en) * 2020-06-08 2023-02-07 Open Text Sa Ulc Methods and systems for tenancy in a multitenant environment
US11445021B2 (en) 2020-12-22 2022-09-13 Salesforce.Com, Inc. Sharing objects across namespaces in a container-orchestration system
US20230085994A1 (en) * 2021-09-17 2023-03-23 Intel Corporation Logical resource partitioning via realm isolation
US12149537B2 (en) * 2022-01-12 2024-11-19 VMware LLC Resource access control in cloud environments
US12050708B2 (en) * 2022-03-11 2024-07-30 Oracle International Corporation Cardinal method for hierarchical phased secure access to system entities in isolated multi-tenant database for autonomous cloud environments
CN117201046A (zh) * 2022-05-30 2023-12-08 华为技术有限公司 认证方法及通信装置
US12052146B2 (en) 2022-12-05 2024-07-30 Bank Of America Corporation Machine learning-based multitenant server application dependency mapping system
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager
US20250330469A1 (en) * 2024-04-17 2025-10-23 Red Hat, Inc. Remote login resource access control using a container

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007891A1 (en) 2011-06-29 2013-01-03 Canon Kabushiki Kaisha Server system, control method, and storage medium for securely executing access to data of a tenant
US20140013325A1 (en) 2012-07-09 2014-01-09 Ca, Inc. Managing virtual machines using owner digital signatures
WO2014022323A1 (en) 2012-07-30 2014-02-06 Microsoft Corporation Security and data isolation for tenants in a business data system
US20140075565A1 (en) 2012-09-07 2014-03-13 Oracle International Corporation Multi-tenancy identity management system

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9197417B2 (en) * 2009-04-24 2015-11-24 Microsoft Technology Licensing, Llc Hosted application sandbox model
US8949939B2 (en) * 2010-10-13 2015-02-03 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system
US8793286B2 (en) * 2010-12-09 2014-07-29 International Business Machines Corporation Hierarchical multi-tenancy management of system resources in resource groups
US8819801B2 (en) * 2011-10-31 2014-08-26 Microsoft Corporation Secure machine enrollment in multi-tenant subscription environment
US9069979B2 (en) * 2012-09-07 2015-06-30 Oracle International Corporation LDAP-based multi-tenant in-cloud identity management system
US9794337B2 (en) * 2012-10-30 2017-10-17 International Business Machines Corporation Balancing storage node utilization of a dispersed storage network
CN103810444B (zh) * 2012-11-15 2018-08-07 南京中兴软件有限责任公司 一种云计算平台中多租户应用隔离的方法和系统
KR102355480B1 (ko) 2014-06-23 2022-01-26 오라클 인터내셔날 코포레이션 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007891A1 (en) 2011-06-29 2013-01-03 Canon Kabushiki Kaisha Server system, control method, and storage medium for securely executing access to data of a tenant
US20140013325A1 (en) 2012-07-09 2014-01-09 Ca, Inc. Managing virtual machines using owner digital signatures
WO2014022323A1 (en) 2012-07-30 2014-02-06 Microsoft Corporation Security and data isolation for tenants in a business data system
US20140075565A1 (en) 2012-09-07 2014-03-13 Oracle International Corporation Multi-tenancy identity management system

Also Published As

Publication number Publication date
JP2017526048A (ja) 2017-09-07
CN106462717A (zh) 2017-02-22
EP3158494B1 (en) 2020-04-08
EP3158494A1 (en) 2017-04-26
US9578009B2 (en) 2017-02-21
US10097589B2 (en) 2018-10-09
JP6510568B2 (ja) 2019-05-08
US20170126742A1 (en) 2017-05-04
WO2015200379A1 (en) 2015-12-30
CN106462717B (zh) 2019-06-14
US20150373004A1 (en) 2015-12-24
KR20170024014A (ko) 2017-03-06

Similar Documents

Publication Publication Date Title
KR102355480B1 (ko) 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법
US10027716B2 (en) System and method for supporting web services in a multitenant application server environment
US11552956B2 (en) Secure resource authorization for external identities using remote principal objects
US11888856B2 (en) Secure resource authorization for external identities using remote principal objects
CA2968248C (en) Identity infrastructure as a service
US9524308B2 (en) System and method for providing pluggable security in an enterprise crawl and search framework environment
US9058471B2 (en) Authorization system for heterogeneous enterprise environments
US10193754B2 (en) System and method for supporting connectors in a multitenant application server environment
US10051043B2 (en) System and method for JMX support in a multitenant application server environment
US20090205018A1 (en) Method and system for the specification and enforcement of arbitrary attribute-based access control policies
US20090276840A1 (en) Unified access control system and method for composed services in a distributed environment
JP2017520861A (ja) マルチテナントアプリケーションサーバ環境でネームスペースをサポートするためのシステムおよび方法

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

P22-X000 Classification modified

St.27 status event code: A-2-2-P10-P22-nap-X000

P22-X000 Classification modified

St.27 status event code: A-2-2-P10-P22-nap-X000

P22-X000 Classification modified

St.27 status event code: A-2-2-P10-P22-nap-X000

R18-X000 Changes to party contact information recorded

St.27 status event code: A-3-3-R10-R18-oth-X000

A201 Request for examination
PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

D13-X000 Search requested

St.27 status event code: A-1-2-D10-D13-srh-X000

D14-X000 Search report completed

St.27 status event code: A-1-2-D10-D14-srh-X000

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

T11-X000 Administrative time limit extension requested

St.27 status event code: U-3-3-T10-T11-oth-X000

E13-X000 Pre-grant limitation requested

St.27 status event code: A-2-3-E10-E13-lim-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

P22-X000 Classification modified

St.27 status event code: A-2-2-P10-P22-nap-X000

PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

P22-X000 Classification modified

St.27 status event code: A-4-4-P10-P22-nap-X000

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 5