Security model for network information service
First Claim
Patent Images
1. A method, comprising:
- initiating processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects in a processing unit of a hardware layer with information in a security map provided by a tenant;
determining that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region;
sending a message to the tenant requesting the security code;
comparing a response from the tenant with the security code in the security map; and
allowing the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing information security in a network environment are disclosed. The method includes initiating processing, invoked by a user, of at least one of a plurality of objects in a processing unit of a hardware layer, wherein the plurality of objects is hosted for a tenant. The method further includes determining that the processing of the at least one of the plurality of objects by the processing unit is authorized by the tenant based on a security map provided by the tenant and accessible by the processing unit within the hardware layer. The method further includes allowing the processing of the object based on a result of the determining.
44 Citations
20 Claims
-
1. A method, comprising:
-
initiating processing of an object, invoked by a user having a dynamically varying credential, by a security processor comparing instructions of a plurality of objects in a processing unit of a hardware layer with information in a security map provided by a tenant; determining that the processing of the plurality of objects is authorized by the tenant based on the security map by determining the security map includes an association between at least one of the plurality of objects and a security code and an association between the object and a geographic region; sending a message to the tenant requesting the security code; comparing a response from the tenant with the security code in the security map; and allowing the processing of the object based on results of the determining that the processing of the plurality of objects is authorized by the tenant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing an information service to a tenant comprising:
-
a security processor comprising an external communication interface; and a computer-readable memory storing a security map of a tenant and accessible by the security processor, wherein the security processor is configured to; access the security map; receive authorization by the tenant for access to the security map by a user; send a message to the tenant requesting a security code via the external communication interface; compare a response received from the tenant with the security code in the security map; determine that the security map includes an association between an object and the security code; and determine whether the security map includes an association between an object and a geographic region. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a computer readable storage medium having readable program code embodied in the storage medium, the computer program product being operable to:
-
provide access to one or more objects stored within a library by receiving dynamically varying security codes corresponding to the one or more objects, at a hardware layer; determine that a processing of the one or more objects is authorized by an owner of the one or more objects based on a security map provided by the owner by determining that the security map includes an association between the one or more objects and the security codes and an association between the one or more objects and a geographic region; sending a message to the owner requesting the security codes; and comparing a response from the owner to the security codes in the security map.
-
Specification