News Column

Patent Issued for Building Data Security in a Networked Computing Environment

July 29, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- According to news reporting originating from Alexandria, Virginia, by VerticalNews journalists, a patent by the inventors Krishnan, Narayanan (Chennai, IN); Neelamegam, Kishorekumar (Chennai, IN); Rajan, Vibhaw P. (Chennai, IN); Viswanathan, Ram (Plano, TX), filed on August 17, 2011, was published online on July 15, 2014.

The assignee for this patent, patent number 8782762, is International Business Machines Corporation (Armonk, NY).

Reporters obtained the following quote from the background information supplied by the inventors: "The networked computing environment (e.g., cloud computing environment) is an enhancement to the predecessor grid environment, whereby multiple grids and other computation resources may be further enhanced by one or more additional abstraction layers (e.g., a cloud layer), thus making disparate devices appear to an end-consumer as a single pool of seamless resources. These resources may include such things as physical or logical computing engines, servers and devices, device memory, storage devices, among others.

"In traditional shared cloud data infrastructures, tools for separation of multi-tenant/customer data are at a single tenant/customer focus level where access controls for table rows are on a user basis. Moreover, the control of associated column(s) to hide or show data is determined on a per policy basis. As such, there is a gap in identifying multi-tenant/customer needs, capabilities to define them, and to insert different constraints into various private shard/partition groups in an automated fashion. Still yet, it is difficult to set up a manual separation of multi-tenant/customer data in a shared infrastructure with per tenant/customer or partition group specific security constraint. A highly skilled Database Administrator (DBA) will be needed to set up such separation across various cloud infrastructures repetitively. Such an approach can be both costly and inefficient."

In addition to obtaining background information on this patent, VerticalNews editors also obtained the inventors' summary information for this patent: "In general, embodiments of the present invention provide an approach for providing a multi-tenant/customer partition group separator and securer in a shared cloud infrastructure (e.g., as an extension to DB2.RTM., Label-Based Access Control (LBAC), and/or an independent tool). Among other things, embodiments of the present invention provide cloud administrators with an easy to use customizable, configurable security constraint builder/tool with a built-in multi-tenant/customer enabled security model. Moreover, embodiments of the present invention enable cloud administrators to set up, configure, and manage tenants/customers and their private shards with their own security constraints. The output of this tool greatly eases the time to create an invisible (e.g., software) wall of separation for multiple tenants/customers in a shared cloud infrastructure.

"A first aspect of the present invention provides a computer-implemented method for building data security in a networked computing environment, comprising: partitioning a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receiving a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; creating a trusted compartment for the customer responsive to an authentication of the cryptographic key; receiving a data request from the customer and validating the data request using a sensitivity index; processing the data request using a buffer pool frame and the private partition corresponding to the customer; and creating an entry in a log corresponding to the customer pursuant to the processing.

"A second aspect of the present invention provides a system for building data security in a networked computing environment, comprising: a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to: partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing.

"A third aspect of the present invention provides a computer program product for building data security in a networked computing environment, the computer program product comprising a computer readable storage media, and program instructions stored on the computer readable storage media, to: partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing.

"A fourth aspect of the present invention provides a method for deploying a system for building data security in a networked computing environment: providing a computer infrastructure being operable to: partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing."

For more information, see this patent: Krishnan, Narayanan; Neelamegam, Kishorekumar; Rajan, Vibhaw P.; Viswanathan, Ram. Building Data Security in a Networked Computing Environment. U.S. Patent Number 8782762, filed August 17, 2011, and published online on July 15, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=8782762.PN.&OS=PN/8782762RS=PN/8782762

Keywords for this news article include: Information Technology, Information and Data Security, International Business Machines Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters