US 12,438,883 B2
Region-based security policies for cloud resources
Ramarathnam Venkatesan, Redmond, WA (US); Nishanth Chandran, Bangalore (IN); Srinath T. V. Setty, Redmond, WA (US); Christoph Berlin, Bellevue, WA (US); Ulrich Homann, Kirkland, WA (US); and Michael James Zwilling, Bellevue, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on May 17, 2023, as Appl. No. 18/319,023.
Prior Publication US 2024/0388589 A1, Nov. 21, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/107 (2013.01) [H04L 63/102 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor circuit; and
a memory that stores program code that, when executed by the processor circuit, performs operations, the operations comprising:
receiving a resource request from an entity to access an encrypted resource;
determining the encrypted resource is assigned to a first region and is protected by a region-based security policy;
receiving a proof of a region attribute from the entity, the proof indicating the entity possesses the region attribute, the region attribute indicating the entity is associated with the first region;
obtaining an encrypted attribute from a ledger database, the encrypted attribute being an encrypted version of the region attribute;
validating the resource request based at least on the encrypted attribute and the proof of the region attribute;
verifying an access criteria of the region-based security policy is met; and
providing the entity with access to the encrypted resource.