US 11,949,681 B2
Authentication and authorization for cloud file system
Qingda Lu, Bellevue, WA (US); Junpu Chen, Redmond, WA (US); Qinghua Ye, Sammamish, WA (US); Lei Wang, Hangzhou (CN); Zhiyong Lin, Hangzhou (CN); Liping Bao, Sammamish, WA (US); Jiesheng Wu, Redmond, WA (US); Li Xu, Hangzhou (CN); Xiaohui Pei, Hangzhou (CN); Feng Zhang, Shanghai (CN); and Leilei Tian, Hangzhou (CN)
Assigned to Alibaba Group Holding Limited, George Town (KY)
Appl. No. 17/284,340
Filed by Alibaba Group Holding Limited, Grand Cayman (KY)
PCT Filed Oct. 10, 2018, PCT No. PCT/CN2018/109647
§ 371(c)(1), (2) Date Apr. 9, 2021,
PCT Pub. No. WO2020/073230, PCT Pub. Date Apr. 16, 2020.
Prior Publication US 2021/0377273 A1, Dec. 2, 2021
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/102 (2013.01) [H04L 63/083 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method in a file system server comprising:
receiving a connection request from a file system client, the connection request being a request for a connection to a file system;
sending an identification request for identification authentication of the file system client to a control system;
receiving a response to the identification request from the control system;
determining whether the connection to the file system is allowed based on the response;
establishing the connection to the file system upon determining that the connection to the file system is allowed;
receiving an attempt to access the file system from the file system client by a sub-user;
authenticating the sub-user;
issuing a security token including a globally unique sub-user identifier of the sub-user; and
using the security token to determine access rights of the sub-user to the file system for a subsequent request by the sub-user, wherein the connection request is a transmission control protocol (TCP) connection request, the TCP connection request being a request for a TCP connection to the file system.