Implementing a separation of duties for container security

Assignee

• International Business Machines Corporation · US

Inventors

• Cecilia Carranza Lewis · San Jose, US
• Wayne Erwin Rhoten · معلمی نژاد, US
• Eric D. Rossman · Wappingers Falls, US
• Mark A. Nelson · Oronoco, US
• John C. Dayka · New Paltz, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.