US 12,294,615 B2
Using a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol
Or Moran, Rishon LeZion (IL); Vladimir Perelman, Rishon LeZion (IL); and Meital Ben David, Tel Aviv (IL)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jun. 22, 2022, as Appl. No. 17/847,117.
Prior Publication US 2023/0421608 A1, Dec. 28, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/083 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system to use a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol, the system comprising:
a memory;
a processing system coupled to the memory, the processing system configured to execute a driver; and
the driver configured to:
receive a request,
the request requesting creation of the network connection between the system and a target network resource,
the network connection conforming to a communication protocol that is configured to provide shared access to network resources;
authenticate a requesting entity associated with the request by associating the network connection, which is yet to be created, with the requestor identity in lieu of comparing a credential of the requesting entity to a reference credential, wherein the requestor identity identifies the requesting entity, wherein authentication of the requesting entity by associating the network connection with the requestor identity is performed by associating the request with the requestor identity and further by associating the network connection with the request;
determine whether the requesting entity is authorized to access the target network resource based at least on a permission that is indicated by the security policy;
based at least on the permission indicating that the requesting entity is authorized to access the target network resource, create the network connection between the system and the target network resource;
receive a second request,
the second request requesting creation of a second network connection between the system and a second target network resource,
the second network connection conforming to the communication protocol that is configured to provide shared access to network resources;
associate the second network connection with the requestor identity, which identifies the requesting entity associated with the second request, by associating the second request with the requestor identity and further by associating the second network connection with the second request;
determine whether the requesting entity is authorized to access the second target network resource based at least on a second permission that is indicated by the security policy; and
based at least on the second permission indicating that the requesting entity is not authorized to access the second target network resource, create the second network connection between the system and another network resource in lieu of the second target network resource.