| CPC G06F 21/6218 (2013.01) [G06F 9/445 (2013.01); G06F 21/62 (2013.01); H04L 9/0861 (2013.01); H04L 63/08 (2013.01)] | 20 Claims |
|
1. A method comprising:
instantiating a first application service associated with a first attribute label and a second application service associated with a second attribute label in a cloud environment;
generating a first key based on the first attribute label and a second key based on the second attribute label;
associating a first data store with the first application service by encrypting the first data store with the first key, wherein the first application service is configured to access first data stored in the first data store through the first key based on the first attribute label;
associating a second data store with the second application service by encrypting the second data store with the second key, wherein the second application service is configured to access second data stored in the second data store through the second key based on the second attribute label;
receiving from a client an application service request that calls for execution of the first and second application services, said application service request including access credentials for the first data store but lacking access credentials for the second data store; and
filling, based on the first attribute label, the application service request for the first application service from the client by providing the first application service access to the first data store through the first key and the second data store through the second key while refraining from providing the client access to the second data store.
|