A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.
S. Sathyadevan, P Rangan, V., and Dr. Krishnashree Achuthan, “Security Layer and Methods for Protecting Tenant Data in a Cloud-Mediated Computing Network”, U.S. Patent PCT/US2013/0579522014.