Secure processing in multi-tenant cloud infrastructure
First Claim
1. A method performed in cloud infrastructure of an information processing system, the method comprising the steps of:
- receiving a processing job from a tenant;
obtaining a first key specific to the tenant;
determining a second key utilizing information supplied by the tenant; and
encrypting one or more results of the processing job utilizing a combination of the first key and the second key;
wherein at least a portion of the second key is determined by at least one application that is run on at least one virtual machine of the cloud infrastructure in conjunction with performance of the processing job; and
wherein the second key is at least partially hidden within said at least one application.
9 Assignments
0 Petitions
Accused Products
Abstract
Cloud infrastructure of an information processing system comprises one or more processing devices implementing a plurality of virtual machines. The cloud infrastructure is configured to receive a processing job from a tenant, to obtain a first key specific to the tenant, to determine a second key utilizing information supplied by the tenant, and to encrypt one or more results of the processing job utilizing a combination of the first key and the second key. At least a portion of the second key is determined by at least one application that is run on at least one virtual machine of the cloud infrastructure in conjunction with performance of the processing job. The encrypted results of the processing job may be stored in a virtual memory of the cloud infrastructure and transmitted to the tenant.
-
Citations
21 Claims
-
1. A method performed in cloud infrastructure of an information processing system, the method comprising the steps of:
-
receiving a processing job from a tenant; obtaining a first key specific to the tenant; determining a second key utilizing information supplied by the tenant; and encrypting one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one virtual machine of the cloud infrastructure in conjunction with performance of the processing job; and wherein the second key is at least partially hidden within said at least one application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13)
-
-
9. A method performed in cloud infrastructure of an information processing system, the method comprising the steps of:
-
receiving a processing job from a tenant; obtaining a first key specific to the tenant; determining a second key utilizing information supplied by the tenant; and encrypting one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one virtual machine of the cloud infrastructure in conjunction with performance of the processing job; wherein the processing job comprises running a plurality of applications on respective virtual machines of the cloud infrastructure; and wherein portions of the second key are hidden in respective ones of the applications. - View Dependent Claims (10, 11)
-
-
12. A method performed in cloud infrastructure of an information processing system, the method comprising the steps of:
-
receiving a processing job from a tenant; obtaining a first key specific to the tenant; determining a second key utilizing information supplied by the tenant; and encrypting one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one virtual machine of the cloud infrastructure in conjunction with performance of the processing job; and wherein the application determines the second key utilizing an application plug-in that is provided by the tenant to the cloud infrastructure in encrypted form using the first key. - View Dependent Claims (20, 21)
-
-
14. An apparatus comprising:
-
cloud infrastructure comprising one or more processing devices implementing a plurality of virtual machines, a given such processing device comprising a processor coupled to a memory; the cloud infrastructure being configured to receive a processing job from a tenant, to obtain a first key specific to the tenant, to determine a second key utilizing information supplied by the tenant, and to encrypt one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one of the virtual machines of the cloud infrastructure in conjunction with performance of the processing job; and wherein the second key is at least partially hidden within said at least one application. - View Dependent Claims (15, 19)
-
-
16. An apparatus comprising:
-
cloud infrastructure comprising one or more processing devices implementing a plurality of virtual machines, a given such processing device comprising a processor coupled to a memory; the cloud infrastructure being configured to receive a processing job from a tenant, to obtain a first key specific to the tenant, to determine a second key utilizing information supplied by the tenant, and to encrypt one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one of the virtual machines of the cloud infrastructure in conjunction with performance of the processing job; and wherein the processing job comprises running a plurality of applications on respective virtual machines of the cloud infrastructure, and wherein portions of the second key are hidden in respective ones of the applications. - View Dependent Claims (17)
-
-
18. An apparatus comprising:
-
cloud infrastructure comprising one or more processing devices implementing a plurality of virtual machines, a given such processing device comprising a processor coupled to a memory; the cloud infrastructure being configured to receive a processing job from a tenant, to obtain a first key specific to the tenant, to determine a second key utilizing information supplied by the tenant, and to encrypt one or more results of the processing job utilizing a combination of the first key and the second key; wherein at least a portion of the second key is determined by at least one application that is run on at least one of the virtual machines of the cloud infrastructure in conjunction with performance of the processing job; and wherein the application determines the second key utilizing an application plug-in that is provided by the tenant to the cloud infrastructure in encrypted form using the first key.
-
Specification