BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT

US 20130047230A1
Filed: 08/17/2011
Published: 02/21/2013
Est. Priority Date: 08/17/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for building data security in a networked computing environment, comprising:

partitioning a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;

receiving a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;

creating a trusted compartment for the customer responsive to an authentication of the cryptographic key;

receiving a data request from the customer and validating the data request using a sensitivity index;

processing the data request using a buffer pool frame and the private partition corresponding to the customer; and

creating an entry in a log corresponding to the customer pursuant to the processing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, embodiments of the present invention provide an approach for providing a multi-tenant/customer partition group separator and securer in a shared cloud infrastructure (e.g., as an extension to DB2®, Label-Based Access Control (LBAC), and/or an independent tool). Among other things, embodiments of the present invention provide cloud administrators with an easy to use customizable, configurable security constraint builder/tool with a built-in multi-tenant/customer enabled security model. Moreover, embodiments of the present invention enable cloud administrators to set up, configure, and manage tenants/customers and their private shards with their own security constraints. The output of this tool greatly eases the time to create an invisible (e.g., software) wall of separation for multiple tenants/customers in a shared cloud infrastructure.

75 Citations

View as Search Results

22 Claims

1. A computer-implemented method for building data security in a networked computing environment, comprising:
- partitioning a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;
  
  receiving a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;
  
  creating a trusted compartment for the customer responsive to an authentication of the cryptographic key;
  
  receiving a data request from the customer and validating the data request using a sensitivity index;
  
  processing the data request using a buffer pool frame and the private partition corresponding to the customer; and
  
  creating an entry in a log corresponding to the customer pursuant to the processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, the networked computing environment comprising a cloud computing environment.
  - 3. The computer-implemented method of claim 1, further comprising configuring the sensitivity index for the customer.
  - 4. The computer-implemented method of claim 1, the validating comprising:
    - routing the data request to a securer; and
      
      validating the data request using the securer.
  - 5. The computer-implemented method of claim 1, further comprising storing the data request in a compartment cache associated with the trusted compartment.
  - 6. The computer-implemented method of claim 1, the logging comprising:
    - writing a log buffer frame pursuant to the processing; and
      
      encrypting the log buffer frame using the cryptographic key.
  - 7. The computer-implemented method of claim 1, further comprising writing data associated with the data request to the partition.

8. A system for building data security in a networked computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;
  
  receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;
  
  create a trusted compartment for the customer responsive to an authentication of the cryptographic key;
  
  receive a data request from the customer and validating the data request using a sensitivity index;
  
  process the data request using a buffer pool frame and the private partition corresponding to the customer; and
  
  create an entry in a log corresponding to the customer pursuant to the processing.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the networked computing environment comprising a cloud computing environment.
  - 10. The system of claim 8, the memory medium further comprising instructions for causing the system to configure the sensitivity index for the customer.
  - 11. The system of claim 8, the memory medium further comprising instructions for causing the system to:
    - route the data request to a securer; and
      
      validate the data request using the securer.
  - 12. The system of claim 8, the memory medium further comprising instructions for causing the system to store the data request in a compartment cache associated with the trusted compartment.
  - 13. The system of claim 8, the memory medium further comprising instructions for causing the system to:
    - write a log buffer frame pursuant to the processing; and
      
      encrypt the log buffer frame using the cryptographic key.
  - 14. The system of claim 8, the memory medium further comprising instructions for causing the system to write data associated with the data request to the partition.

15. A computer program product for building data security in a networked computing environment, the computer program product comprising a computer readable storage media, and program instructions stored on the computer readable storage media, to:
- partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;
  
  receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;
  
  create a trusted compartment for the customer responsive to an authentication of the cryptographic key;
  
  receive a data request from the customer and validating the data request using a sensitivity index;
  
  process the data request using a buffer pool frame and the private partition corresponding to the customer; and
  
  create an entry in a log corresponding to the customer pursuant to the processing.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15, the networked computing environment comprising a cloud computing environment.
  - 17. The computer program product of claim 15, the computer readable storage media further comprising instructions to configure the sensitivity index for the customer.
  - 18. The computer program product of claim 15, the computer readable storage media further comprising instructions to:
    - route the data request to a securer; and
      
      validate the data request using the securer.
  - 19. The computer program product of claim 15, the computer readable storage media further comprising instructions to store the data request in a compartment cache associated with the trusted compartment.
  - 20. The computer program product of claim 15, the computer readable storage media further comprising instructions to:
    - write a log buffer frame pursuant to the processing; and
      
      encrypt the log buffer frame using the cryptographic key.
  - 21. The computer program product of claim 15, the computer readable storage media further comprising instructions to write data associated with the data request to the partition.

22. A method for deploying a system for building data security in a networked computing environment:
- providing a computer infrastructure being operable to;
  
  partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;
  
  receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;
  
  create a trusted compartment for the customer responsive to an authentication of the cryptographic key;
  
  receive a data request from the customer and validating the data request using a sensitivity index;
  
  process the data request using a buffer pool frame and the private partition corresponding to the customer; and
  
  create an entry in a log corresponding to the customer pursuant to the processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Viswanathan, Ram, Krishnan, Narayanan, Neelamegam, Kishorekumar, Rajan, Vibhaw P.

Granted Patent

US 8,782,762 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/645   using a third party

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links