US 12,008,126 B2
Asynchronous supervision for sovereign cloud platforms
Brian Scott Waters, Renton, WA (US); Martin Peter Check, Redmond, WA (US); Matthew Paul Erickson, Duvall, WA (US); Tyler S Wiegers, Redmond, WA (US); Christopher Glenn Maynard, Issaquah, WA (US); Siddhartha Rana, Bothell, WA (US); and Dominic Mario Rael, Seattle, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Sep. 24, 2021, as Appl. No. 17/448,849.
Prior Publication US 2023/0093882 A1, Mar. 30, 2023
Int. Cl. G06F 21/62 (2013.01); G06Q 50/26 (2012.01)
CPC G06F 21/6218 (2013.01) [G06Q 50/26 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer system comprising:
one or more processors configured to execute a secure sovereign manager that controls remote execution of commands on a sovereign cloud computing platform, wherein the secure sovereign manager is configured to:
create an escorted session for an unqualified user for invoking commands on the sovereign cloud computing platform, wherein the unqualified user does not have sovereign-trusted credentials that define qualifications required for accessing the sovereign cloud computing platform, and wherein the escorted session is asynchronously supervised by a qualified user that has sovereign-trusted credentials;
receive a command from the unqualified user in the escorted session;
process the received command using a compliance analyzer to programmatically determine whether to present the received command for review by the qualified user supervising the escorted session wherein:
the compliance analyzer includes a curated list of forbidden commands; and
to programmatically determine whether to present the received command for review by the qualified user supervising the escorted session, the compliance analyzer is configured at least to determine whether the received command is included in the curated list of forbidden commands; and
based at least in part on a determination of whether to present the received command for review:
(a) determine that the received command will not be presented for review by the qualified user supervising the escorted session, prevent invocation of the received command, and send an error message to the unqualified user; or
(b) asynchronously present the received command to the qualified user,
receive an indication of approval or denial of invocation of the received command from the qualified user, and
(b1) based on at least receiving an indication of approval, invoke the received command on the sovereign cloud computing platform; or
(b2) based on at least receiving an indication of denial, prevent invocation of the received command and send an error message to the unqualified user.