Security model for network information service
First Claim
1. A computer program product for providing an information service to a tenant, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to:
- initiate processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects with information in a security map provided by a remote tenant;
determine that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region;
send a message to the tenant requesting the security code;
compare a response from the tenant with the security code in the security map; and
allow the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining.
44 Citations
20 Claims
-
1. A computer program product for providing an information service to a tenant, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to:
-
initiate processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects with information in a security map provided by a remote tenant; determine that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region; send a message to the tenant requesting the security code; compare a response from the tenant with the security code in the security map; and allow the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for providing an information service to a tenant comprising:
-
accessing, by a security processor, a security map of a remote tenant stored in a computer readable memory; receiving, by the security processor, authorization by the tenant for access to the security map by a user; sending, by the security processor, a message to the tenant requesting a security code; comparing, by the security processor, a response received from the tenant with the security code in the security map; determining, by the security processor, that the security map includes an association between an object and the security code; and determining, by the security processor, whether the security map includes an association between an object and a geographic region. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for providing an information service to a tenant, comprising:
-
a CPU, a computer readable memory and a computer readable storage medium associated with the computing device; program instructions to provide access to one or more objects stored within a library by receiving dynamically varying security codes corresponding to the one or more objects; program instructions to determine that a processing of the one or more objects is authorized by a remote owner of the one or more objects based on a security map provided by the remote owner by determining that the security map includes an association between the one or more objects and the security codes and an association between the one or more objects and a geographic region; program instructions to send a message to the remote owner requesting the security codes; and program instructions to compare a response from the remote owner to the security codes in the security map; wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory.
-
Specification