Security model for network information service

US 10,162,952 B2
Filed: 12/19/2017
Issued: 12/25/2018
Est. Priority Date: 07/06/2012
Status: Active Grant

First Claim

Patent Images

1. A computer program product for providing an information service to a tenant, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to:

initiate processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects with information in a security map provided by a remote tenant;

determine that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region;

send a message to the tenant requesting the security code;

compare a response from the tenant with the security code in the security map; and

allow the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining.

44 Citations

20 Claims

1. A computer program product for providing an information service to a tenant, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to:
- initiate processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects with information in a security map provided by a remote tenant;
  
  determine that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region;
  
  send a message to the tenant requesting the security code;
  
  compare a response from the tenant with the security code in the security map; and
  
  allow the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer program product of claim 1, wherein the determining that the processing of the plurality of objects is authorized by the tenant comprises determining that the at least one of the plurality of objects is identified in the security map.
  - 3. The computer program product of claim 1, wherein the determining that the processing of the plurality of objects is authorized by the tenant comprises determining that the security map includes an association between the at least one of the plurality of objects and the credential of the user.
  - 4. The computer program product of claim 1, wherein the plurality of objects is hosted by the tenant that provided the dynamically varying credential to the user.
  - 5. The computer program product of claim 1, wherein the determining that the processing of the plurality of objects is authorized by the tenant is performed at more than one step of an instruction cycle.
  - 6. The computer program product of claim 1, wherein the initiating processing of an object comprises initiating an instruction cycle by the processing unit comprising a fetch, a decode, and an execute.
  - 7. The computer program product of claim 1, wherein invoking the initiating processing of an object includes compiling the object into a machine language.

8. A computer-implemented method for providing an information service to a tenant comprising:
- accessing, by a security processor, a security map of a remote tenant stored in a computer readable memory;
  
  receiving, by the security processor, authorization by the tenant for access to the security map by a user;
  
  sending, by the security processor, a message to the tenant requesting a security code;
  
  comparing, by the security processor, a response received from the tenant with the security code in the security map;
  
  determining, by the security processor, that the security map includes an association between an object and the security code; and
  
  determining, by the security processor, whether the security map includes an association between an object and a geographic region.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The method of claim 8, further comprising determining, by the security processor, that the object is identified in the security map.
  - 10. The method of claim 8, further comprising determining, by the security processor, whether the security map includes an association between an object and a credential of the user.
  - 11. The method of claim 8, further comprising determining, by the security processor, that processing of the object is authorized by the tenant based on the security map.
  - 12. The method of claim 11, further comprising determining, by the security processor, that the processing of the object is authorized by the tenant at more than one step of an instruction cycle.
  - 13. The method of claim 8, wherein the security processor and the computer-readable memory are located at a hardware layer.
  - 14. The method of claim 8, further comprising:
    - receiving, by the security processor, the security map from the tenant via the external communication interface; and
      
      storing, by the security processor, the security map in the computer-readable memory.
  - 15. The method of claim 14, wherein the security map associates an object of the tenant with a credential of the user.
  - 16. The method of claim 15, wherein the credentials of the user dynamically vary and are provided by the tenant, and the security code dynamically varies and corresponds to a part of an object.
  - 17. The method of claim 16, further comprising:
    - determining, by the security processor, whether a response received from the tenant matches the security code in the security map; and
      
      halting, by the security processor, execution of the object.
  - 18. The method of claim 8, wherein the steps of claim 8 are at least one of created, maintained, deployed and supported by a service provider.
  - 19. The method of claim 8, wherein the steps of claim 8 are provided by a service provider on a subscription, advertising, and/or fee basis.

20. A system for providing an information service to a tenant, comprising:
- a CPU, a computer readable memory and a computer readable storage medium associated with the computing device;
  
  program instructions to provide access to one or more objects stored within a library by receiving dynamically varying security codes corresponding to the one or more objects;
  
  program instructions to determine that a processing of the one or more objects is authorized by a remote owner of the one or more objects based on a security map provided by the remote owner by determining that the security map includes an association between the one or more objects and the security codes and an association between the one or more objects and a geographic region;
  
  program instructions to send a message to the remote owner requesting the security codes; and
  
  program instructions to compare a response from the remote owner to the security codes in the security map;
  
  wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jain, Bhushan P., Patil, Sandeep R., Ramanathan, Sri, Sivakumar, Gandhi, Trevathan, Matthew B., Wijayakumaran, Wijayaratnam
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/846,901
Publication Number

US 20180107812A1
Time in Patent Office

371 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31 User authentication

Security model for network information service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security model for network information service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links