Security Layer and Methods for Protecting Tenant Data in a Cloud-Mediated Computing Network
First Claim
1. A system for protecting data managed in a cloud-computing network from malicious data operations comprising:
- an Internet-connected server; and
software executing on the server from a non-transitory physical medium, the software providing;
a first function adapted for generating one or more security tokens that validate one or more computing operations to be performed on the data;
a second function adapted for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens;
a third function adapted for brokering two-party signature of the one or more tokens; and
a fourth function adapted for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.
101 Citations
17 Claims
-
1. A system for protecting data managed in a cloud-computing network from malicious data operations comprising:
-
an Internet-connected server; and software executing on the server from a non-transitory physical medium, the software providing; a first function adapted for generating one or more security tokens that validate one or more computing operations to be performed on the data; a second function adapted for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens; a third function adapted for brokering two-party signature of the one or more tokens; and a fourth function adapted for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for securing against internal malicious operations against data stored on a cloud-computing network comprising the steps:
-
(a) generating one or more security tokens that validate one or more computing operations permitted on the data, the operations listed in a pre-negotiated service level agreement between a tenant and service provider of the cloud computing network; (b) generating hashes for the one or more security tokens, the hashes validating the integrity of each token relevant to the operation or operations that each token permits; (c) signing the one or more tokens using encryption keys privately held by the tenant and the service provider; (d) upon request, activating one or more of the tokens to initiate one or more computing operations permitted on the data. - View Dependent Claims (14, 15, 16)
-
-
17-20. -20. (canceled)
Specification