Technologies for cross-device shared web resource cache
US-2020073905-A1 · Mar 5, 2020 · US
Cache service for providing access to secrets in containerized cloud-computing environment
US12210464B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12210464-B2 |
| Application number | US-202218276427-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 8, 2022 |
| Priority date | Feb 8, 2021 |
| Publication date | Jan 28, 2025 |
| Grant date | Jan 28, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications than the one or more absolute stores are to the applications. The cache service may aggregate secrets associated with multiple entities in a single cache storage. The cache service may support isolation between secrets such that secrets of a first entity are isolated from secrets of a second entity. The cache service may enforce granulated access controls such that it can apply different access controls to secrets of a first entity than to secrets of a second entity.
First claim
Opening claim text (preview).
What is claimed is: 1. A cloud-computing system, the cloud-computing system comprising: a first absolute store containing first secrets associated with a first service, wherein the first absolute store enforces a first set of access controls on the first secrets and wherein the first set of access controls authorize the first service to access the first secrets; a second absolute store containing second secrets associated with a second service, wherein the second absolute store enforces a second set of access controls on the second secrets, wherein the second absolute store is separate from the first absolute store, and wherein the second set of access controls authorize the second service to access the second secrets but do not authorize the first service to access the second secrets; a cache storage containing copies of the first secrets and the second secrets; and a first cluster of two or more servers, the first cluster comprising: a first container comprising the first service, wherein the first container is an isolated environment in the first cluster for running the first service; a second container comprising the second service, wherein the second container is an isolated environment in the first cluster for running the second service; and a cache service, wherein the cache service comprises instructions stored in memory that, when executed by one or more processors, cause the cache service to: receive, from the first service, a first call for the first secrets; receive, from the second service, a second call for the second secrets; authenticate the first call based on the first set of access controls; authenticate the second call based on the second set of access controls; retrieve, in response to authenticating the first call, the first secrets from the cache storage, wherein the first container is more proximate to the cache storage than to the first absolute store; and retrieve, in response to authenticating the second call, the second secrets from the cache storage, wherein the second container is more proximate to the cache storage than to the second absolute store. 2. The system of claim 1 , wherein the first cluster comprises the cache storage. 3. The system of claim 1 , wherein the first service is associated with a first tenant and the second service is associated with a second tenant different from the first tenant. 4. The system of claim 1 , wherein the first service and the second service are associated with a same tenant. 5. The system of claim 1 , wherein the cache service further comprises a cache expiration policy, wherein the cache expiration policy determines when entries in the cache storage expire and wherein the cache expiration policy is based on the first set of access controls and the second set of access controls. 6. The system of claim 1 , wherein the first cluster further comprises a third container comprising a second instance of the first service and wherein the instructions stored in memory, when executed by the one or more processors, further cause the cache service to: receive, from the second instance of the first service, a third call for the first secrets; authenticate the third call based on the first set of access controls; and retrieve, in response to authenticating the third call, the first secrets from the cache storage. 7. The system of claim 6 , wherein the cloud-computing system further comprises a second instance of the cache service and the cache service and the second instance of the cache service engage in peer-to-peer communication. 8. The system of claim 1 , further comprising: a second cache storage containing copies of the first secrets; a second cluster comprising: a fourth container comprising a third instance of the first service; and a second cache service, wherein the second cache service comprises instructions stored in memory that, when executed by one or more processors, cause the cache service to: receive, from the third instance of the first service, a fourth call for the first secrets; authenticate the fourth call based on the first set of access controls; and retrieve, in response to authenticating the fourth call, the first secrets from the second cache storage, wherein the fourth container is more proximate to the second cache storage than to the first absolute store. 9. The system of claim 1 , wherein the instructions stored in the memory that, when executed by the one or more processors, further cause the cache service to: receive, from the second service, a fifth call for the first secrets; determine, based on the fifth call and the first set of access controls, that the second service is not authorized to access the first secrets; and reject the fifth call for the first secrets. 10. The system of claim 2 , wherein the first service is associated with a first tenant and the second service is associated with a second tenant different from the first tenant. 11. The system of claim 2 , wherein the first service and the second service are associated with a same tenant. 12. The system of claim 2 , wherein the cache service further comprises a cache expiration policy, wherein the cache expiration policy determines when entries in the cache storage expire and wherein the cache expiration policy is based on the first set of access controls and the second set of access controls. 13. A cloud-computing system, the cloud-computing system comprising: a first absolute store containing first secrets, wherein the first absolute store enforces a first set of access controls on the first secrets and the first set of access controls authorize a first service to access the first secrets; a first cluster of two or more nodes having a first geographic location, the first cluster comprising: a first cache storage containing copies of the first secrets; and a first container comprising: a first instance of the first service; and a first cache service, wherein the first cache service comprises first instructions stored in memory that, when executed by one or more processors, cause the first cache service to: receive, from the first instance of the first service, a first call for the first secrets; authenticate the first call based on the first set of access controls; and retrieve, in response to authenticating the first call, the first secrets from the first cache storage, wherein the first container is more proximate to the first cache storage than to the first absolute store; and a second cluster of two or more nodes having a second geographic location different from the first geographic location, the second cluster comprising: a second cache storage containing copies of the first secrets; and a second container comprising: a second instance of the first service; and a second cache service, wherein the second cache service comprises second instructions stored in memory that, when executed by one or more processors, cause the second cache service to: receive, from the second instance of the first service, a second call for the first secrets; authenticate the second call based on the first set of access controls; and retrieve, in response to authenticating the second call, the first secrets from the second cache storage, wherein the second container is more proximate to the second cache storage than to the first absolute store. 14. The system of claim 13 further comprising: a second absolute store containing second secrets, wherein the second absolute store enforces a second set of access controls on the second secrets, wherein the second absolute store is separate from the first absolute store, and wherein the seco
Assignees
Inventors
Classifications
Program or device authentication · CPC title
in semiconductor storage media, e.g. directly-addressable memories · CPC title
Intermediate processing functionally located close to the data consumer application, e.g. in same machine, in same home or in same sub-network · CPC title
Proxies · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12210464B2 cover?
- A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications th…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc, Microsoft Tech Licesning Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/128. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 28 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).