WO2021107758A1 - System and method for data synchronization and cloud collaboration in multi-tenants hybrid environment - Google Patents

System and method for data synchronization and cloud collaboration in multi-tenants hybrid environment Download PDF

Info

Publication number
WO2021107758A1
WO2021107758A1 PCT/MY2020/050115 MY2020050115W WO2021107758A1 WO 2021107758 A1 WO2021107758 A1 WO 2021107758A1 MY 2020050115 W MY2020050115 W MY 2020050115W WO 2021107758 A1 WO2021107758 A1 WO 2021107758A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
ott
application server
tenant
tenants
Prior art date
Application number
PCT/MY2020/050115
Other languages
French (fr)
Inventor
Chee Kiam LEE
Badrul Affandy AHMAD LATFI
Mohamad Hilmi MOHAMAD BAKHARI
Sefat MANI HAGH
Mohd Fadhly MOHAMMAD
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2021107758A1 publication Critical patent/WO2021107758A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • This invention relates to cloud computing and more particularly to a system and method for data synchronization and cloud collaboration in multi-tenants hybrid environment of cloud computing.
  • the cloud can be defined as a virtualized server which can be reconfigured dynamically to be scaled as needed to allow for optimum resource utilization.
  • the virtualized server is normally positioned in a different location other than the company’s premise and can be remotely accessible via internet browser or online applications using various mobile devices.
  • Combination of the cloud and the on-premise servers in a hybrid cloud environment further enables flexible data transfer between servers from both separate environments to further increase efficiency in hosting, storing, managing and processing data.
  • the servers from both separate environments communicate via an encrypted connection to provide a safe data transfer in a secured environment.
  • the hybrid cloud environment also allows multi-tenants subscription via a network such as a wireless area network (WAN) to connect a number of authorized tenants with both environments to share computing resources and to synchronize data between the on-premise servers and the cloud.
  • WAN wireless area network
  • current hybrid cloud environment suffers a few drawbacks in providing a smooth data synchronization and cloud collaboration. For example, certain data such as system metadata and tenant’s collaboration data may not be available if the on-premise servers are disconnected from WAN.
  • the cloud computing environment can be operated by a third-party cloud service provider such as in public cloud
  • a third-party cloud service provider such as in public cloud
  • a related prior art of a patent application US 2013/0014023 A1 discloses systems and methods for providing collaboration sessions in a workspace on a cloud-based content management system.
  • discussion workspaces are provided to link with a workspace or folder that contains work items wherein collaborators with permissions can participate in the discussion workspaces to start a topic of online discussion and leave comments for other collaborators of the workspace.
  • the present invention relates to a system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment
  • a system (100) for data synchronisation and cloud collaboration comprising an application server (10) for handling data synchronisation, between tenants and at least one backend business applications and databases, and a tenant subscribing to the application server (10) for data synchronisation and cloud collaboration, comprises at least one combination of a collaborative agent (20) and a client (30), a client (30) and a combination thereof.
  • the application server (10) further comprises a one-time token, OTT generator (15) for generating an OTT upon receiving request from a user, and the application server (10) performing verification onto a signed OTT, wherein the application server (10) allowing the data synchronisation and cloud collaboration if the OTT is verified, and rejecting the data synchronisation and cloud collaboration if the OTT is not verified.
  • OTT generator for generating an OTT upon receiving request from a user
  • the application server (10) performing verification onto a signed OTT, wherein the application server (10) allowing the data synchronisation and cloud collaboration if the OTT is verified, and rejecting the data synchronisation and cloud collaboration if the OTT is not verified.
  • the data comprises applications, system metadata, collaborated tenant metadata and tenant data, and dependent data of the tenant metadata and dependent data of the tenant data.
  • the collaborative agent (20) is configured to encrypt the collaborated tenant metadata and tenant data with the signed OTT.
  • the application server (10) performs verification onto the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data.
  • the OTT is generated with an expiry date.
  • the application server (10) further performs checking onto validity of the expiry date of the OTT and performs at least one of the following: allows the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejects the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejects the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
  • the present invention also relates to a method of data synchronisation and cloud collaboration in multi-tenants hybrid environment, comprising steps of: downloading data from an application server (10) to tenants; and uploading data from the tenants to the application server (10).
  • the steps of uploading data from the tenants to the application server (10) for collaborated tenant metadata and tenant data comprising steps of: generating a one-time token, OTT, by an OTT generator (15) at the application server (10) upon receiving request from user; signing the OTT by the user and sending the OTT to a collaborative agent (20); encrypting, by the collaborative agent (20), the collaborated tenant metadata and tenant data with the OTT signed by the user; verifying, by the application server (10), onto the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data to determine permission for data synchronisation and cloud collaboration to the application server (10).
  • the step of generating the OTT comprises of generating an expiry date along with the OTT.
  • the step of verifying onto the signed OTT comprises of checking validity of the OTT based on the expiry date.
  • the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) further comprises at least one of the following: allowing the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejecting the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejecting the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
  • Figure 1 is a diagram illustrating a block diagram of system architecture for data synchronization and collaboration in multi-tenant hybrid environment of cloud computing in accordance to the present invention.
  • Figure 2 is a diagram illustrating an exemplary embodiment of a hybrid cloud environment supporting both on-premise and cloud computing architecture for multi-tenants in accordance to the present invention.
  • Figure 3 is a flow chart illustrating step of downloading data for application from an application server to tenants at on-premise in accordance to the present invention.
  • Figure 4 is a flow chart illustrating step of downloading data from the application server to the tenants at the on-premise in accordance to the present invention.
  • Figure 5 is a flow chart illustrating step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server in accordance to the present invention.
  • the present invention relates to a hybrid cloud environment which supports both on-premise and cloud environments, particularly relates to the hybrid cloud environment involving multi-tenants.
  • a one-time token generator is adopted at the cloud in the present invention to generate a one-time token (OTT) upon request from user, wherein the OTT is only valid for one session for uploading data to the cloud.
  • OTT one-time token
  • the present invention provides asymmetric encryption along with said OTT signed by the requesting user.
  • the cloud then performs verification onto the signed OTT which is essentially to be valid within a time frame to determine genuineness of the data to allow for applications deployment, data synchronisation and cloud collaboration.
  • the on-premise herein refers to servers located on a company’s premise.
  • the data maybe referred to tenant metadata and tenant data including their dependency data i.e. dependent tenant metadata and dependent tenant data.
  • the system metadata refers to data that is required to run the applications which are not specific to any tenant or shared among the tenants, for example country list, Geographic Information System (GIS) data, Domain Standards (ICD10, LOINC), etc.
  • the tenant metadata and tenant data are else refers to metadata and data that belongs to a specific tenant such as transaction data for example billing category and product information.
  • the tenant metadata and tenant data also further includes collaborated tenant metadata and collaborated tenant data.
  • the present invention discloses a system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment.
  • the system (100) comprises an application server (10) having authenticated subscribers as tenants, wherein each tenant communicating with the application server (10) for data synchronisation and cloud collaboration.
  • the tenant in the present invention may refer to at least a client (30).
  • the tenant may also refer to a combination of a collaborative agent (20) and a client (30), wherein the client (30) performs the data synchronisation and cloud collaboration via the collaborative agent (20).
  • the application server (10), the collaborative agent (20) and the client (30) are coupled via a network.
  • communications between the application server (10) and the tenants can be achieved via an open network, preferably but not limited to the Internet, a private network for example an intranet or extranet, or other networks such as local area network (LAN), wireless area network (WAN), wireless local area network (WLAN), or any combination thereof.
  • LAN local area network
  • WAN wireless area network
  • WLAN wireless local area network
  • the application server (10) is a cloud-based server deployed at a data centre for handling applications operations between users and backend business applications or databases.
  • the application server (10) comprises a secured sync client (11) to receive incoming data from the tenants, an application core (12) containing application business logic and a first key store (13) to store public trust certificates of the tenants and private key of application server (10).
  • the application server (10) also comprises a publisher server (14) to push applications and data to all authenticated subscribers.
  • the application server (10) further comprises a one-time token (OTT) generator (15) to generate a passphrase or an OTT that is valid for only one session upon request from the user.
  • OTT one-time token
  • a data path dependency finder (16) in the application server (10) to resolve data dependency chain wherein data may have dependency on another data and said data may further depend on other data.
  • data is referred to the tenant metadata and tenant data
  • data dependency is referred to the dependent data of the tenant metadata and dependent data of the tenant data.
  • the application server (10) only generates the OTT upon receiving request from the user.
  • the user is required to request the OTT to upload data to the application server (10) and the OTT is generated with an expiry date, such that the OTT is only valid prior to the expiry date.
  • the application server (10) then performs verification onto the signed OTT and checking onto validity of the expiry date of the OTT.
  • the application server (10) performs at least one of the following, wherein the application server (10) allows the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; the application server (10) rejects the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; or the application server (10) rejects the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
  • the application server (10) needs to sign the applications or the system metadata including any dependent data in order for the tenants to download data from the application server (10). Consequently, the data signed by the application server (10) is verified by the tenant at the on-premise using the public key of the application server (10). If the data is verified to be genuine, the application server (10) deploys the corresponding applications or merges the system metadata including any dependent data with the existing system metadata at the tenant subsequently.
  • the collaborative agent (20) of the present invention is preferably deployed at a premise of each tenant for handling applications operations between the user and backend business applications or databases.
  • the collaborative agent (20) comprises a collaborative agent core (21) which contains business logic, a second key store (22) to store public trust certificate of the application server (10) and private key of the collaborative agent (20), and a data path dependency finder (23) to resolve the data dependency chain.
  • the collaborative agent (20) further comprises a secured sync server (24) to send outgoing data for data synchronization to the client (30) and to the application server (10).
  • the collaborative agent (20) also comprises a subscriber client (25) to subscribe to the application channel and collaborated data channel(s).
  • the collaborative agent (20) can be utilized by multiple individual users i.e. the clients (30) or shared among collaborators i.e. other tenants for collaborating data.
  • the collaborative agent (20) may be configured to allow the users to access or collaborate data so that each user can review and edit the data through user own devices.
  • the collaborative agent (20) is further configured to encrypt the collaborated tenant metadata and collaborated tenant data along with the OTT signed by the requesting user to ensure that only genuine data is synchronized securely.
  • the client (30) of the present invention is deployed at a remote site for the user to perform data creation.
  • the client (30) can be of device including mobile or portable devices as well as non-portable devices such as a server desktop or a computer that is able to establish a connection, via wired, wireless or cellular connections with another device or server.
  • the client (30) comprising a client core (31) which contains client business logic and a third key store (32) to store public trust certificates for the collaborative agent (20) and the application server (10) as well as private key of the client (30).
  • the tenant may be a standalone tenant, wherein the standalone tenant is referred to a standalone tenant at the application server (10) or a standalone tenant at the on-premise.
  • the tenant may be a plurality of collaborated tenants.
  • the plurality of collaborated tenants is preferably refers to a plurality of collaborated tenants from a same on-premise subscribing to the application server (10) or a plurality of collaborated tenants from different premises subscribing to the application server (10).
  • multi-tenants in the present invention comprises a plurality of the standalone tenants, a plurality of collaborated tenants or a combination thereof.
  • FIG 2 illustrates an example architecture of the multi-tenants hybrid environment in accordance to the present invention, wherein said environment comprises a plurality of tenants subscribing to the application server (10).
  • the tenants comprises of two standalone tenants wherein a first standalone tenant is the client (20A) directly subscribing to the application server (10) and another standalone tenant is the client (20B) resides at the on-premise and subscribing to the application server (10) via the collaborative agent (30B).
  • the tenants further comprises of a plurality of collaborated tenants directly subscribing to the application server (10) illustrated as two collaborated clients (20C) in Figure 2, wherein both collaborated clients (20C) are residing at a same on-premise.
  • a first collaborated tenant is the client (20D) directly subscribing to the application server (10) and a second collaborated tenant is the client (20E) resides at the on-premise subscribing to the application server (10) via the collaborative agent (30E), wherein these collaborated tenants are collaborating with each other.
  • FIG. 2 Another example of the collaborated tenants illustrated in Figure 2 is a plurality of collaborated clients (20F, 20G) reside at different on-premises and said collaborated clients (20F, 20G) subscribing to the application server (10) via their respective collaborative agents (30F, 30G).
  • the present invention also relates to a method for data synchronisation and collaboration in multi-tenants hybrid environment comprising steps of downloading data from the application server (10) to tenants; and uploading data from the tenants to the application server (10).
  • the steps of downloading data from the application server (10) to tenants further comprising steps of downloading data for application and downloading data for system metadata, from the application server (10) to the tenants.
  • Figure 3 is a flow chart of data synchronisation for the step of downloading data for the application from the application server (10) to the tenants at the on-premise.
  • Said step comprises signing (201 ) the application core (12) by the application server (10) using the private key of the application server (10) from the first key store (13).
  • the application server (10) then retrieves (202) the authenticated subscribers of the application server (10) and pushes (203) the application core (12) via the publisher server (14) to the tenants.
  • the authenticated subscribers refers to the tenants subscribing to the application server (10) as shown in Figure 2.
  • each client (30) at the premise of each tenant receives the application core (12) from the application server (10) (204).
  • each collaborative agent (20) at the premise of each tenant receives the application core (12) via their respective subscriber client (25).
  • the client (30) or the collaborative agent (20) then verifies genuineness of the application core (12) using the public key of the application server (10) from the third key store (32) or the second key store (22) accordingly (205). If the application core (12) is genuine, the client (30) or the collaborative agent (20) deploys the application to the client core (31 ) or the collaborative agent core (21 ) respectively (206), and if the application core (12) is not genuine, the client (30) or the collaborative agent (20) subsequently rejects to download the application from the application server (10) (207).
  • FIG 4 is a flow chart illustrating the step of downloading data for the system metadata from the application server (10) to the tenants at the on-premise.
  • Said step comprises the application server (10) finding the dependent system metadata (211) via the data path dependency finder (16).
  • the application server (10) further signing the system metadata and the dependent system metadata (212) using the private key of the application server (10) from the first key store (13).
  • the application server (10) subsequently retrieving the authenticated subscribers (213) and pushing the system metadata and the dependent system metadata via the publisher server (14) to each tenant (214). Consequently, each client (30) at the premise of each tenant receives the system metadata from the application server (10) (215).
  • each collaborative agent (20) at the premise of each tenant receives the system metadata via their respective subscriber client (25).
  • the client (30) or the collaborative agent (20) then verifies genuineness of the system metadata using the public key of the application server (10) from the third key store (32) or the second key store (22) accordingly (216). If the system metadata is genuine, the client (30) or the collaborative agent (20) allow the system metadata and the dependent system metadata (217), and if the system metadata is not genuine, the client (30) or the collaborative agent (20) subsequently rejects the system metadata and the dependent system metadata subsequently (218).
  • Figure 5 illustrates the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10), wherein said steps are only performed once the application server (10) has authenticated the user. Said steps are commenced by the user requesting the one-time session passphrase or the OTT (301) from the application server (10) for uploading data to the application server (10).
  • the application server (10) Upon receiving the request (320), the application server (10) generates the OTT with an associating expiry date (321) by using the OTT generator (15).
  • the requesting user then signing the OTT (302) and sending the signed OTT (303) to the tenants at the on-premise i.e. client (30) or the collaborative agent (20).
  • the collaborative agents (20) For the clients (30) performing data synchronisation and cloud collaboration via the collaborative agents (20), upon receiving the signed-OTT (311), the collaborative agents (20) finds the collaborated tenant metadata (312), and subsequently finds dependent tenant metadata (313) via the data path dependency finder (23). The collaborative agent (20) also finds the collaborated tenant data (314) and dependent tenant data (315) via the data path dependency finder (23). For the sake of brevity, the collaborated tenant metadata and tenant data, including the dependent tenant metadata and tenant data herein is referred as data.
  • the collaborative agent (20) encrypts the data with the signed-OTT (316) using the public key of the application server (10) from the second key store (22) and sends the encrypted data (317) to the application server (10) via the secured sync server (24).
  • the application server (10) further receives the encrypted data (322) via the secured sync client (11) from the tenant, i.e. either from the client (30) or the collaborative agent (20).
  • the application server (10) then decrypts the encrypted data (323) using the private key of the application server (10) from the first key store (13).
  • the application server (10) subsequently verifies the decrypted data (324) using the public key of the client (30) or public key of the collaborative agent (20), and checks the validity of the signed-OTT based on the expiry date. If the OTT is verified and valid before the expiry date, the application server (10) allowing the data synchronisation and cloud collaboration (325) at database of the application server (10). Otherwise, if the OTT is not verified or if the OTT is verified but not valid due to the expiry date, the application server (10) rejects the data synchronisation and cloud collaboration (326) consequently.
  • the data synchronization follows the step of downloading data for system metadata from the application server (10) to the tenants in Figure 4, wherein the system metadata is referred to tenant metadata and tenant data.
  • the data synchronization follows the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) in Figure 3.
  • the data synchronization follows the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) in Figure 3.
  • the present invention utilizes a push technology instead of a pull technology to distribute application to the authenticated subscribers whereby the data are biased to flow in one direction i.e. from the application server (10) to the tenants.
  • the collaborative agent (20) and the client (30) at the on-premise are not allowed to initiate any request to the application server (10) unless being verified.
  • the data also needs to be verified as genuine in addition to the encryption method to further ensure that involving party is genuine.
  • the application server (10) does not simply trust the collaborative agent (20) to upload the collaborated tenant metadata and tenant data. Only authenticated tenants having data with the valid signed-OTT issued by application server (10) are allowed to upload data and being allowed at the application server (10).
  • the combination of the push technology and the OTT further helps the application server (10) to reduce load, as the application server (10) only needs to serve the subscriber’s requests. Flence, preventing and reducing Denial of Service (DoS) attack to the application server (10). Additionally, this is also to ensure all subscribers would always have the latest application core with security vulnerability patches and further increase the whole system security level.
  • DoS Denial of Service
  • the term “plurality,” as used herein, is defined as two or more than two.
  • the term “another,” as used herein, is defined as at least a second or more.
  • the terms “including” and/or “having,” as used herein, are defined as comprising (i.e., open language).

Abstract

The present invention relates to a system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment comprising an application server (10) for handling data synchronisation, and a tenant subscribing to the application server (10) for data synchronisation and cloud collaboration. The application server (10) further comprises a one-time token, OTT generator (15) for generating an OTT upon receiving request from a user; and the application server (10) performs verification onto a signed OTT. The present invention also provides a method of data synchronisation and cloud collaboration in multi-tenants hybrid environment, comprising steps of downloading data from an application server (10) to tenants; and uploading data from the tenants to the application server (10) as well as uploading collaborated tenant metadata and tenant data from the tenants to the application server (10).

Description

SYSTEM AND METHOD FOR DATA SYNCHRONIZATION AND CLOUD COLLABORATION IN MULTI-TENANTS HYBRID ENVIRONMENT
FIELD OF INVENTION
This invention relates to cloud computing and more particularly to a system and method for data synchronization and cloud collaboration in multi-tenants hybrid environment of cloud computing.
BACKGROUND OF THE INVENTION
In conventional data management, clients used to connect to multiple servers located at a company’s premise known as on-premise servers for storing, managing and processing data. However, sharing data and applications among the multiple servers at the company’s premise are troublesome due to clients need to connect to each of the server separately when more than one server is involved.
Thereafter, the conventional data management has evolved to cloud computing environment by using remote resources, namely the cloud, to allow their tenant to run software and services over the Internet instead of only locally on the company’s premise. The cloud can be defined as a virtualized server which can be reconfigured dynamically to be scaled as needed to allow for optimum resource utilization. The virtualized server is normally positioned in a different location other than the company’s premise and can be remotely accessible via internet browser or online applications using various mobile devices.
Combination of the cloud and the on-premise servers in a hybrid cloud environment further enables flexible data transfer between servers from both separate environments to further increase efficiency in hosting, storing, managing and processing data. In the hybrid cloud environment, the servers from both separate environments communicate via an encrypted connection to provide a safe data transfer in a secured environment. The hybrid cloud environment also allows multi-tenants subscription via a network such as a wireless area network (WAN) to connect a number of authorized tenants with both environments to share computing resources and to synchronize data between the on-premise servers and the cloud. However, current hybrid cloud environment suffers a few drawbacks in providing a smooth data synchronization and cloud collaboration. For example, certain data such as system metadata and tenant’s collaboration data may not be available if the on-premise servers are disconnected from WAN. Another inevitable challenge is caused by authentication and authorization during data synchronization between the multi-tenants and servers from both environments. More particularly, machine to machine authentication between the cloud and the on-premise servers requires a particular surveillance system or policy to avoid losing a machine private key since some of the on-premise servers do not possess security level comparable to an established security at the cloud.
Since the cloud computing environment can be operated by a third-party cloud service provider such as in public cloud, there is also a concern at an international level related to compliance of the public cloud involving multi-tenants to some country regulatory or policy requirements. For example, if a particular country views that another country’s policy does not provide adequate privacy protection, it will affect data transfers between these two countries via the public cloud. Due to this, some national governments have imposed local privacy legislation encompassing policies that prohibit the use of the public cloud, even though, the public cloud is by far the most commonly used in the cloud computing environment and the hybrid cloud environment.
A related prior art of a patent application US 2013/0014023 A1 (Ό23 A1) discloses systems and methods for providing collaboration sessions in a workspace on a cloud-based content management system. In Ό23 A1 , discussion workspaces are provided to link with a workspace or folder that contains work items wherein collaborators with permissions can participate in the discussion workspaces to start a topic of online discussion and leave comments for other collaborators of the workspace.
Another prior art of patent US 9,135,462 B2 (‘462 B2) discloses systems and methods for providing a collaborative file sharing and storage system that facilitates encryption methods and recovery methods in order to respond to any security breach. According to ‘462 B2, a cloud-based collaboration platform is used to synchronize a workspace or folder stored at a server with folders on a computer of one or more collaborators while employing some encryption techniques.
The prior arts however do not sufficiently addressed an arbitrary data synchronization and collaboration in a hybrid cloud environment involving multi-tenants. Customers of the hybrid cloud environment are highly dependent on how effectively the cloud and the on-premise servers communicate and share data via a dedicated connection. Consequently, there exists a need to overcome the key challenges in the current hybrid cloud environment involving multi-tenants in order to create a consistent environment in terms of data management and security.
SUMMARY OF INVENTION
The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.
It is an objective of the present invention to provide a system and method for data synchronization and collaboration in multi-tenant hybrid environment of cloud computing.
It is another objective of the present invention to provide a system and method for securing and encrypting data hosted in the cloud to be accessed from on-premises or vice versa.
The present invention relates to a system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment comprising an application server (10) for handling data synchronisation, between tenants and at least one backend business applications and databases, and a tenant subscribing to the application server (10) for data synchronisation and cloud collaboration, comprises at least one combination of a collaborative agent (20) and a client (30), a client (30) and a combination thereof. The application server (10) further comprises a one-time token, OTT generator (15) for generating an OTT upon receiving request from a user, and the application server (10) performing verification onto a signed OTT, wherein the application server (10) allowing the data synchronisation and cloud collaboration if the OTT is verified, and rejecting the data synchronisation and cloud collaboration if the OTT is not verified.
In a preferred embodiment of the present invention, the data comprises applications, system metadata, collaborated tenant metadata and tenant data, and dependent data of the tenant metadata and dependent data of the tenant data.
In a preferred embodiment of the present invention, the collaborative agent (20) is configured to encrypt the collaborated tenant metadata and tenant data with the signed OTT.
In a preferred embodiment of the present invention, the application server (10) performs verification onto the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data.
In a preferred embodiment of the present invention, the OTT is generated with an expiry date.
In a preferred embodiment of the present invention, the application server (10) further performs checking onto validity of the expiry date of the OTT and performs at least one of the following: allows the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejects the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejects the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
The present invention also relates to a method of data synchronisation and cloud collaboration in multi-tenants hybrid environment, comprising steps of: downloading data from an application server (10) to tenants; and uploading data from the tenants to the application server (10). The steps of uploading data from the tenants to the application server (10) for collaborated tenant metadata and tenant data comprising steps of: generating a one-time token, OTT, by an OTT generator (15) at the application server (10) upon receiving request from user; signing the OTT by the user and sending the OTT to a collaborative agent (20); encrypting, by the collaborative agent (20), the collaborated tenant metadata and tenant data with the OTT signed by the user; verifying, by the application server (10), onto the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data to determine permission for data synchronisation and cloud collaboration to the application server (10).
In a preferred embodiment of the present invention, the step of generating the OTT comprises of generating an expiry date along with the OTT.
In a preferred embodiment of the present invention, the step of verifying onto the signed OTT comprises of checking validity of the OTT based on the expiry date.
In a preferred embodiment of the present invention, the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) further comprises at least one of the following: allowing the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejecting the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejecting the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
BRIEF DESCRIPTION OF THE DRAWINGS
The features of the invention will be more readily understood and appreciated from the following detailed description when read in conjunction with the accompanying drawings of the preferred embodiment of the present invention.
Figure 1 is a diagram illustrating a block diagram of system architecture for data synchronization and collaboration in multi-tenant hybrid environment of cloud computing in accordance to the present invention. Figure 2 is a diagram illustrating an exemplary embodiment of a hybrid cloud environment supporting both on-premise and cloud computing architecture for multi-tenants in accordance to the present invention.
Figure 3 is a flow chart illustrating step of downloading data for application from an application server to tenants at on-premise in accordance to the present invention.
Figure 4 is a flow chart illustrating step of downloading data from the application server to the tenants at the on-premise in accordance to the present invention.
Figure 5 is a flow chart illustrating step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server in accordance to the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENT
The above mentioned features and objectives of this invention will become more apparent and better understood by reference to the following detailed description. It should be understood that the detailed description made known below is not intended to be exhaustive or limit the invention to the precise disclosed form, as the invention may assume various alternative forms. On the contrary, the detailed description covers all the relevant modifications and alterations made to the present invention, unless the claims expressly state otherwise.
The present invention relates to a hybrid cloud environment which supports both on-premise and cloud environments, particularly relates to the hybrid cloud environment involving multi-tenants. A one-time token generator is adopted at the cloud in the present invention to generate a one-time token (OTT) upon request from user, wherein the OTT is only valid for one session for uploading data to the cloud. To avoid arbitrary data synchronization to the cloud, the present invention provides asymmetric encryption along with said OTT signed by the requesting user. The cloud then performs verification onto the signed OTT which is essentially to be valid within a time frame to determine genuineness of the data to allow for applications deployment, data synchronisation and cloud collaboration.
In the preferred embodiment of the present invention, the on-premise herein refers to servers located on a company’s premise. The data maybe referred to tenant metadata and tenant data including their dependency data i.e. dependent tenant metadata and dependent tenant data. In the preferred embodiment, the system metadata refers to data that is required to run the applications which are not specific to any tenant or shared among the tenants, for example country list, Geographic Information System (GIS) data, Domain Standards (ICD10, LOINC), etc. The tenant metadata and tenant data are else refers to metadata and data that belongs to a specific tenant such as transaction data for example billing category and product information. The tenant metadata and tenant data also further includes collaborated tenant metadata and collaborated tenant data.
Reference is now made to Figure 1 wherein the present invention discloses a system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment. The system (100) comprises an application server (10) having authenticated subscribers as tenants, wherein each tenant communicating with the application server (10) for data synchronisation and cloud collaboration. The tenant in the present invention may refer to at least a client (30). The tenant may also refer to a combination of a collaborative agent (20) and a client (30), wherein the client (30) performs the data synchronisation and cloud collaboration via the collaborative agent (20).
The application server (10), the collaborative agent (20) and the client (30) are coupled via a network. In particular, communications between the application server (10) and the tenants can be achieved via an open network, preferably but not limited to the Internet, a private network for example an intranet or extranet, or other networks such as local area network (LAN), wireless area network (WAN), wireless local area network (WLAN), or any combination thereof.
In the preferred embodiment, the application server (10) is a cloud-based server deployed at a data centre for handling applications operations between users and backend business applications or databases. The application server (10) comprises a secured sync client (11) to receive incoming data from the tenants, an application core (12) containing application business logic and a first key store (13) to store public trust certificates of the tenants and private key of application server (10). The application server (10) also comprises a publisher server (14) to push applications and data to all authenticated subscribers. The application server (10) further comprises a one-time token (OTT) generator (15) to generate a passphrase or an OTT that is valid for only one session upon request from the user. There is also provided a data path dependency finder (16) in the application server (10) to resolve data dependency chain wherein data may have dependency on another data and said data may further depend on other data. For example, the data is referred to the tenant metadata and tenant data, while the data dependency is referred to the dependent data of the tenant metadata and dependent data of the tenant data.
In a preferred embodiment, the application server (10) only generates the OTT upon receiving request from the user. The user is required to request the OTT to upload data to the application server (10) and the OTT is generated with an expiry date, such that the OTT is only valid prior to the expiry date. The application server (10) then performs verification onto the signed OTT and checking onto validity of the expiry date of the OTT. In consequent to the verification, the application server (10) performs at least one of the following, wherein the application server (10) allows the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; the application server (10) rejects the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; or the application server (10) rejects the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
In the preferred embodiment, the application server (10) needs to sign the applications or the system metadata including any dependent data in order for the tenants to download data from the application server (10). Consequently, the data signed by the application server (10) is verified by the tenant at the on-premise using the public key of the application server (10). If the data is verified to be genuine, the application server (10) deploys the corresponding applications or merges the system metadata including any dependent data with the existing system metadata at the tenant subsequently. The collaborative agent (20) of the present invention is preferably deployed at a premise of each tenant for handling applications operations between the user and backend business applications or databases. The collaborative agent (20) comprises a collaborative agent core (21) which contains business logic, a second key store (22) to store public trust certificate of the application server (10) and private key of the collaborative agent (20), and a data path dependency finder (23) to resolve the data dependency chain. The collaborative agent (20) further comprises a secured sync server (24) to send outgoing data for data synchronization to the client (30) and to the application server (10). The collaborative agent (20) also comprises a subscriber client (25) to subscribe to the application channel and collaborated data channel(s).
In the preferred embodiment, the collaborative agent (20) can be utilized by multiple individual users i.e. the clients (30) or shared among collaborators i.e. other tenants for collaborating data. The collaborative agent (20) may be configured to allow the users to access or collaborate data so that each user can review and edit the data through user own devices. The collaborative agent (20) is further configured to encrypt the collaborated tenant metadata and collaborated tenant data along with the OTT signed by the requesting user to ensure that only genuine data is synchronized securely.
The client (30) of the present invention is deployed at a remote site for the user to perform data creation. The client (30) can be of device including mobile or portable devices as well as non-portable devices such as a server desktop or a computer that is able to establish a connection, via wired, wireless or cellular connections with another device or server. The client (30) comprising a client core (31) which contains client business logic and a third key store (32) to store public trust certificates for the collaborative agent (20) and the application server (10) as well as private key of the client (30).
In one embodiment, the tenant may be a standalone tenant, wherein the standalone tenant is referred to a standalone tenant at the application server (10) or a standalone tenant at the on-premise. In another embodiment, the tenant may be a plurality of collaborated tenants. The plurality of collaborated tenants is preferably refers to a plurality of collaborated tenants from a same on-premise subscribing to the application server (10) or a plurality of collaborated tenants from different premises subscribing to the application server (10). Further, in another embodiment, multi-tenants in the present invention comprises a plurality of the standalone tenants, a plurality of collaborated tenants or a combination thereof.
Figure 2 illustrates an example architecture of the multi-tenants hybrid environment in accordance to the present invention, wherein said environment comprises a plurality of tenants subscribing to the application server (10). The tenants comprises of two standalone tenants wherein a first standalone tenant is the client (20A) directly subscribing to the application server (10) and another standalone tenant is the client (20B) resides at the on-premise and subscribing to the application server (10) via the collaborative agent (30B).
The tenants further comprises of a plurality of collaborated tenants directly subscribing to the application server (10) illustrated as two collaborated clients (20C) in Figure 2, wherein both collaborated clients (20C) are residing at a same on-premise. There is also provided an example of two collaborated tenants from two different environments i.e. the on-premise and the cloud environment. A first collaborated tenant is the client (20D) directly subscribing to the application server (10) and a second collaborated tenant is the client (20E) resides at the on-premise subscribing to the application server (10) via the collaborative agent (30E), wherein these collaborated tenants are collaborating with each other. Another example of the collaborated tenants illustrated in Figure 2 is a plurality of collaborated clients (20F, 20G) reside at different on-premises and said collaborated clients (20F, 20G) subscribing to the application server (10) via their respective collaborative agents (30F, 30G).
The present invention also relates to a method for data synchronisation and collaboration in multi-tenants hybrid environment comprising steps of downloading data from the application server (10) to tenants; and uploading data from the tenants to the application server (10). The steps of downloading data from the application server (10) to tenants further comprising steps of downloading data for application and downloading data for system metadata, from the application server (10) to the tenants. Figure 3 is a flow chart of data synchronisation for the step of downloading data for the application from the application server (10) to the tenants at the on-premise. Said step comprises signing (201 ) the application core (12) by the application server (10) using the private key of the application server (10) from the first key store (13). The application server (10) then retrieves (202) the authenticated subscribers of the application server (10) and pushes (203) the application core (12) via the publisher server (14) to the tenants. In the present embodiment, the authenticated subscribers refers to the tenants subscribing to the application server (10) as shown in Figure 2.
Consequently, each client (30) at the premise of each tenant receives the application core (12) from the application server (10) (204). In another preferred embodiment, for the client (30) that performs the data synchronisation and cloud collaboration via the collaborative agent (20), each collaborative agent (20) at the premise of each tenant receives the application core (12) via their respective subscriber client (25).
The client (30) or the collaborative agent (20) then verifies genuineness of the application core (12) using the public key of the application server (10) from the third key store (32) or the second key store (22) accordingly (205). If the application core (12) is genuine, the client (30) or the collaborative agent (20) deploys the application to the client core (31 ) or the collaborative agent core (21 ) respectively (206), and if the application core (12) is not genuine, the client (30) or the collaborative agent (20) subsequently rejects to download the application from the application server (10) (207).
Figure 4 is a flow chart illustrating the step of downloading data for the system metadata from the application server (10) to the tenants at the on-premise. Said step comprises the application server (10) finding the dependent system metadata (211) via the data path dependency finder (16). The application server (10) further signing the system metadata and the dependent system metadata (212) using the private key of the application server (10) from the first key store (13). The application server (10) subsequently retrieving the authenticated subscribers (213) and pushing the system metadata and the dependent system metadata via the publisher server (14) to each tenant (214). Consequently, each client (30) at the premise of each tenant receives the system metadata from the application server (10) (215). In another preferred embodiment, for the client (30) that performs the data synchronisation and cloud collaboration via the collaborative agent (20), each collaborative agent (20) at the premise of each tenant receives the system metadata via their respective subscriber client (25).
The client (30) or the collaborative agent (20) then verifies genuineness of the system metadata using the public key of the application server (10) from the third key store (32) or the second key store (22) accordingly (216). If the system metadata is genuine, the client (30) or the collaborative agent (20) allow the system metadata and the dependent system metadata (217), and if the system metadata is not genuine, the client (30) or the collaborative agent (20) subsequently rejects the system metadata and the dependent system metadata subsequently (218).
Figure 5 illustrates the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10), wherein said steps are only performed once the application server (10) has authenticated the user. Said steps are commenced by the user requesting the one-time session passphrase or the OTT (301) from the application server (10) for uploading data to the application server (10). Upon receiving the request (320), the application server (10) generates the OTT with an associating expiry date (321) by using the OTT generator (15). The requesting user then signing the OTT (302) and sending the signed OTT (303) to the tenants at the on-premise i.e. client (30) or the collaborative agent (20).
For the clients (30) performing data synchronisation and cloud collaboration via the collaborative agents (20), upon receiving the signed-OTT (311), the collaborative agents (20) finds the collaborated tenant metadata (312), and subsequently finds dependent tenant metadata (313) via the data path dependency finder (23). The collaborative agent (20) also finds the collaborated tenant data (314) and dependent tenant data (315) via the data path dependency finder (23). For the sake of brevity, the collaborated tenant metadata and tenant data, including the dependent tenant metadata and tenant data herein is referred as data. The collaborative agent (20) encrypts the data with the signed-OTT (316) using the public key of the application server (10) from the second key store (22) and sends the encrypted data (317) to the application server (10) via the secured sync server (24).
The application server (10) further receives the encrypted data (322) via the secured sync client (11) from the tenant, i.e. either from the client (30) or the collaborative agent (20). The application server (10) then decrypts the encrypted data (323) using the private key of the application server (10) from the first key store (13). The application server (10) subsequently verifies the decrypted data (324) using the public key of the client (30) or public key of the collaborative agent (20), and checks the validity of the signed-OTT based on the expiry date. If the OTT is verified and valid before the expiry date, the application server (10) allowing the data synchronisation and cloud collaboration (325) at database of the application server (10). Otherwise, if the OTT is not verified or if the OTT is verified but not valid due to the expiry date, the application server (10) rejects the data synchronisation and cloud collaboration (326) consequently.
With reference to Figure 2, further embodiments of the data synchronization cloud collaboration for collaborated tenants are described herein.
For two collaborated tenants residing at the same premise and directly subscribing to the application server (10) illustrated as the collaborated clients (20C), it should be appreciated that the data synchronization between both collaborated clients (20C) follows normal database replication. Therefore, data are copied from a database of one collaborated client (20C) to a database of another collaborated client (20C) so that both collaborated clients (20C) can share a same level of information. Therefore users are able to quickly access relevant data without interfering with the work of others.
In another exemplary embodiment with reference to Figure 2, for data collaboration from the client (20D) directly subscribing to the application server (10) to the client (20E) subscribing to the application server (10) via the collaborative agent (30E), the data synchronization follows the step of downloading data for system metadata from the application server (10) to the tenants in Figure 4, wherein the system metadata is referred to tenant metadata and tenant data. On the contrary, for data collaboration from the client (20E) subscribing to the application server (10) via the collaborative agent (30E) to the client (20D) directly subscribing to the application server (10), the data synchronization follows the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) in Figure 3.
In another exemplary embodiment, for data collaboration from the collaborated clients (20F,20G) reside at different on-premises subscribing to the application server (10) via the collaborative agents (30F,30G) or vice versa, the data synchronization follows the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) in Figure 3. Followed by the step of downloading data for system metadata from the application server (10) to the tenants in Figure 4, wherein the system metadata is referred to tenant metadata and tenant data.
It should be appreciated by the person skilled in the art that the present invention utilizes a push technology instead of a pull technology to distribute application to the authenticated subscribers whereby the data are biased to flow in one direction i.e. from the application server (10) to the tenants. The collaborative agent (20) and the client (30) at the on-premise are not allowed to initiate any request to the application server (10) unless being verified. The data also needs to be verified as genuine in addition to the encryption method to further ensure that involving party is genuine.
Therefore, the application server (10) does not simply trust the collaborative agent (20) to upload the collaborated tenant metadata and tenant data. Only authenticated tenants having data with the valid signed-OTT issued by application server (10) are allowed to upload data and being allowed at the application server (10). The combination of the push technology and the OTT further helps the application server (10) to reduce load, as the application server (10) only needs to serve the subscriber’s requests. Flence, preventing and reducing Denial of Service (DoS) attack to the application server (10). Additionally, this is also to ensure all subscribers would always have the latest application core with security vulnerability patches and further increase the whole system security level. The terms “a” and “an,” as used herein, are defined as one or more than one. The term “plurality,” as used herein, is defined as two or more than two. The term “another,” as used herein, is defined as at least a second or more. The terms “including” and/or “having,” as used herein, are defined as comprising (i.e., open language).
While this invention has been particularly shown and described with reference to the exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention as defined by the appended claims.

Claims

1. A system (100) for data synchronisation and cloud collaboration in multi-tenants hybrid environment comprising: an application server (10) for handling data synchronisation, between tenants and at least one backend business applications and databases; and a tenant subscribing to the application server (10) for data synchronisation and cloud collaboration, comprises at least one combination of a collaborative agent (20) and a client (30), a client (30) and a combination thereof, characterized in that, the application server (10) further comprises a one-time token, OTT generator (15) for generating an OTT upon receiving request from a user; and the application server (10) performs verification onto a signed OTT, wherein the application server (10) allows the data synchronisation and cloud collaboration if the OTT is verified, and rejects the data synchronisation and cloud collaboration if the OTT is not verified.
2. The system (100) according to claim 1 , wherein the data comprises applications, system metadata, collaborated tenant metadata and tenant data, and dependent data of the tenant metadata and dependent data of the tenant data.
3. The system (100) according to claim 2, wherein the collaborated tenant metadata and tenant data is encrypted with the signed OTT by the collaborative agent (20).
4. The system (100) according to claim 3, wherein the application server (10) performs verification onto the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data.
5. The system (100) according to claim 1 , wherein the OTT is generated with an expiry date.
6. The system (100) according to claim 5, wherein the application server (10) further performs checking onto validity of the expiry date of the OTT and performs at least one of the following: allows the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejects the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejects the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
7. A method of data synchronisation and cloud collaboration in multi-tenants hybrid environment, comprising steps of: downloading data from an application server (10) to tenants; and uploading data from the tenants to the application server (10), characterized by, uploading data from the tenants to the application server (10) for collaborated tenant metadata and tenant data comprising steps of: generating a one-time token, OTT, by an OTT generator (15) at the application server (10) upon receiving request from user; signing the OTT by the user and sending the OTT to a collaborative agent (20); encrypting, by the collaborative agent (20), the collaborated tenant metadata and tenant data with the OTT signed by the user; verifying, by the application server (10), to the signed OTT upon decrypting the encrypted collaborated tenant metadata and tenant data to determine permission for data synchronisation and cloud collaboration to the application server (10).
8. The method (200) according to claim 7, wherein the step of generating the OTT comprises of generating an expiry date along with the OTT.
9. The method (200) according to claim 8, wherein the step of verifying to the signed OTT comprises of checking validity of the OTT based on the expiry date.
10. The method (200) according to claim 7, wherein the step of uploading data for collaborated tenant metadata and tenant data from the tenants to the application server (10) further comprises at least one of the following: allowing the data synchronisation and cloud collaboration if the OTT is verified and valid before the expiry date; rejecting the data synchronisation and cloud collaboration if the OTT is verified but not valid due to the expiry date; and rejecting the data synchronisation and cloud collaboration if the OTT is not verified and not valid due to the expiry date.
PCT/MY2020/050115 2019-11-29 2020-10-21 System and method for data synchronization and cloud collaboration in multi-tenants hybrid environment WO2021107758A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2019007065 2019-11-29
MYPI2019007065 2019-11-29

Publications (1)

Publication Number Publication Date
WO2021107758A1 true WO2021107758A1 (en) 2021-06-03

Family

ID=76130709

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2020/050115 WO2021107758A1 (en) 2019-11-29 2020-10-21 System and method for data synchronization and cloud collaboration in multi-tenants hybrid environment

Country Status (1)

Country Link
WO (1) WO2021107758A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160065555A1 (en) * 2014-08-29 2016-03-03 Box, Inc. Accessing a cloud-based service platform using enterprise application authentication
US20170223093A1 (en) * 2016-01-29 2017-08-03 Docusign, Inc. Cloud-based coordination of customer premise service appliances
US20170289116A1 (en) * 2013-07-03 2017-10-05 Sailpoint Technologies, Inc. System and method for securing authentication information in a networked environment
US20190007409A1 (en) * 2017-06-30 2019-01-03 Open Text Corporation Hybrid authentication systems and methods
US20190327223A1 (en) * 2018-04-23 2019-10-24 Oracle International Corporation Data exchange during multi factor authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170289116A1 (en) * 2013-07-03 2017-10-05 Sailpoint Technologies, Inc. System and method for securing authentication information in a networked environment
US20160065555A1 (en) * 2014-08-29 2016-03-03 Box, Inc. Accessing a cloud-based service platform using enterprise application authentication
US20170223093A1 (en) * 2016-01-29 2017-08-03 Docusign, Inc. Cloud-based coordination of customer premise service appliances
US20190007409A1 (en) * 2017-06-30 2019-01-03 Open Text Corporation Hybrid authentication systems and methods
US20190327223A1 (en) * 2018-04-23 2019-10-24 Oracle International Corporation Data exchange during multi factor authentication

Similar Documents

Publication Publication Date Title
US11606352B2 (en) Time-based one time password (TOTP) for network authentication
US9923877B2 (en) External indexing and search for a secure cloud collaboration system
US10243742B2 (en) Method and system for accessing a device by a user
US8275984B2 (en) TLS key and CGI session ID pairing
US11457018B1 (en) Federated messaging
KR101985179B1 (en) Blockchain based id as a service
US20120284786A1 (en) System and method for providing access credentials
US20090290715A1 (en) Security architecture for peer-to-peer storage system
US20180006823A1 (en) Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms
US11349659B2 (en) Transmitting an encrypted communication to a user in a second secure communication network
US9100390B1 (en) Method and system for enrolling and authenticating computing devices for data usage accounting
US10791196B2 (en) Directory lookup for federated messaging with a user from a different secure communication network
US20210209236A1 (en) Multi-phase digital content protection
CN111698203A (en) Cloud data encryption method
US11368442B2 (en) Receiving an encrypted communication from a user in a second secure communication network
WO2021107758A1 (en) System and method for data synchronization and cloud collaboration in multi-tenants hybrid environment
US11611541B2 (en) Secure method to replicate on-premise secrets in a cloud environment
Pranata et al. A distributed secure mechanism for resource protection in a digital ecosystem environment
US11804969B2 (en) Establishing trust between two devices for secure peer-to-peer communication
CN114915494B (en) Anonymous authentication method, system, equipment and storage medium
Sklavos et al. AAA and mobile networks: Security aspects and architectural efficiency
CN116886352A (en) Authentication and authorization method and system for digital intelligent products
PUTTA et al. Online-Storage Records Auditing and Secure Source Part Deduplication
Dias Identity Management for Hyper-Linked Entities in reTHINK
Rawat et al. Cloud Security Requirements

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20892595

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20892595

Country of ref document: EP

Kind code of ref document: A1