CN112054899A - Container mirror image encryption management method based on encryption machine - Google Patents
Container mirror image encryption management method based on encryption machine Download PDFInfo
- Publication number
- CN112054899A CN112054899A CN202010882683.3A CN202010882683A CN112054899A CN 112054899 A CN112054899 A CN 112054899A CN 202010882683 A CN202010882683 A CN 202010882683A CN 112054899 A CN112054899 A CN 112054899A
- Authority
- CN
- China
- Prior art keywords
- encryption
- mirror image
- encrypted
- encryption machine
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention relates to a container mirror image encryption management method based on an encryption machine, which comprises the following steps: generating an unencrypted mirror image, calling an encryption machine interface, sending mirror image data to an encryption machine, symmetrically encrypting the mirror image data in the encryption machine, adding an identifier and a newly added tag after encryption, and recording an ID of the encryption machine by a newly added field under the tag; checking whether fields of each image layer in the OCI image file have encryption marks, if not, indicating that the image layer is not encrypted, and directly running, if so, indicating that the image layer is in an encryption state and needs to be decrypted, and docker requesting an encryptor interface to judge whether the ID in the OCI image file is consistent with the encryptor ID provided by the encryptor interface, and if so, indicating that the current encryptor and the encryptor of the encryption image layer are the same encryptor and can perform decryption operation on the encryptor; and if the comparison result is inconsistent, the current encryption machine is not the same encryption machine as the encryption machine for encrypting the mirror image.
Description
Technical Field
The invention relates to an encryption technology, in particular to a container mirror image encryption management method based on an encryption machine.
Background
The mirror image is a special file system which runs on the container and can provide configuration files of programs, libraries, resources and the like required by the container. With the popularization of private warehouse technology, more and more enterprises begin to build their own private warehouses. The enterprise application takes the mirror image as a storage carrier and provides services to the outside through container operation. Once a hacker enters the enterprise management system through a leak, the mirror image is damaged, and the external service of the enterprise is disturbed, so that the irreparable loss is caused to the operation of the enterprise. Therefore, enterprises need to secure images. The scene that this patent was aimed at is all having the interaction between different nodes of enterprise and server mirror image warehouse. The use authority of the mirror image is attached to each node, and only the mirror image uploaded by the node has management and use authority. Therefore, in order to ensure the use safety of the image, the encrypted storage management of the image is required.
At present, Kubernetes community supports Node Key Model mirror image encryption method. And (4) putting the secret key under a path specified by the Kubernetes working node, encrypting the mirror image by using a public key, and uploading the mirror image to a mirror image warehouse. When the mirror image is used, the container runtime is called by the Kubelet to pull the encrypted mirror image, and the mirror image is decrypted by using a private key and then used.
The Node Key Model scheme supported by the Kubernetes community cannot realize a mechanism of one user and one secret. Namely, when different administrators log in the network under the worker node, the encryption mirror image can be operated, which is very unfavorable for mirror image security, and we should ensure that the encryption mirror image can be operated only by specific administrators. And the key is stored in the worker node, once the node is attacked, the key is leaked, and the image security is threatened.
Disclosure of Invention
The invention relates to a container mirror image encryption management method based on an encryptor, which is used for solving the problems in the prior art.
The invention relates to a container mirror image encryption management method based on an encryption machine, which comprises the following steps: generating an unencrypted mirror image, calling an encryption machine interface, sending mirror image data to an encryption machine, symmetrically encrypting the mirror image data in the encryption machine, returning the data to a server after encryption, storing the data in an external memory, adding an identifier after encryption so as to distinguish whether the mirror image is encrypted excessively, adding a label after encryption, and adding a field below the label to record an ID of the encryption machine; pushing the encrypted mirror image to a remote warehouse for storage; pulling down the encrypted mirror image from the warehouse to the local; creating a container and loading a mirror image, judging the mirror image, and judging whether the loaded mirror image needs to be decrypted or not; firstly, checking whether fields of each image layer in an OCI image file have encryption marks, if not, indicating that the image layer is not encrypted, and directly running, if so, indicating that the image layer is in an encryption state and needs to be decrypted, and docker requesting an encryptor interface to judge whether an ID in the OCI image file is consistent with an encryptor ID provided by the encryptor interface, and if so, indicating that the current encryptor and the encryptor of the encryption image layer are the same encryptor and can perform decryption operation on the encryptor; and if the comparison result is inconsistent, the current encryption machine is not the same encryption machine as the encryption machine for encrypting the image, and the image cannot be decrypted.
According to an embodiment of the encryption management method for the container image based on the encryption machine, based on the docker container management engine, the encrypted image is an image file based on an OCI format.
According to an embodiment of the container mirror image encryption management method based on the encryption machine, encryption and decryption algorithms are integrated in a docker command, mirror images are encrypted in a layered mode through an SM1 cryptographic algorithm, and an encryption instruction is sent to the encryption machine by adding an encryption parameter after the docker built command.
According to an embodiment of the container image encryption management method based on the encryption machine, a decryption algorithm is integrated in a docker run command, and whether the image is encrypted or not is checked before the container is instantiated.
According to an embodiment of the encryption management method for the container image based on the encryption machine, when a docker service is started, encryption machine configuration needs to be loaded, wherein the encryption machine configuration comprises an encryption machine IP and a port number, so that a program can access the encryption machine, the configuration is written in an/etc/docker/daemon json file, a field in daemon json before modification is 'registry-mirrors', fields 'securmebachineIP' and 'securmebachinePort' added below an original field are added, an encrypted file is modified in mirror image index json file, a 'mediaType' field is modified, and an 'indicators' label is added below a layer.
According to an embodiment of the container image encryption management method based on the encryption machine of the invention, wherein, the image mirror is generated through the docker build command, when the docker build command is called, adding parameter encryption after the command, executing encryption and compilation when the docker program compiles the image, otherwise, not encrypting the image by compilation, firstly generating the image which is not encrypted, then calling the interface of the encryption machine, sending the image data to the encryption machine, symmetrically encrypting the mirror image data by SM1 cryptographic algorithm in the encryption machine, returning the data to the server and storing in the external memory, after encryption, an "encrypted" identifier is added after the "mediaType" field so as to distinguish whether the mirror image is encrypted, adding an 'options' label under the layer after encryption, adding a 'secureID' field under the label, recording the ID of the encryption machine, aiming at recording the ID of the encryption machine when decrypting, and comparing whether the current encryption machine and the encryption machine for encrypting the mirror image are the same encryption machine or not through 'secureID'.
According to an embodiment of the encryption management method for the container mirror image based on the encryption machine, after an OCI mirror image file is encrypted, an encrypted mark is added at the tail of a media type field to identify that the mirror image layer is encrypted, a basis is provided for subsequently judging whether the mirror image file needs to be decrypted, and finally an indexing label is added to record a secureID encryption machine identifier.
According to an embodiment of the container mirror image encryption management method based on the encryption machine, a docker push command is used for pushing an encrypted mirror image to a remote warehouse for storage; the encrypted image is pulled down from the repository to local using the docker pull abc command.
According to an embodiment of the container mirror image encryption management method based on the encryption machine, when a user executes a docker run command, whether an encryption identifier 'encrypted' exists in a 'mediType' field of each mirror image layer in an OCI mirror image file is checked, if the 'encrypted' identifier does not exist, the mirror image layer is indicated to be not encrypted and is to be directly operated, and when the 'encrypted' field exists in the 'mediType' field of the mirror image layer, the mirror image layer is in an encrypted state and needs to be decrypted; docker will determine whether to connect the encryptor; the docker requests the encryption machine interface to judge whether the 'secureID' in the OCI image file is consistent with the encryption machine ID provided by the encryption machine interface.
According to an embodiment of the container mirror image encryption management method based on the encryption machine of the invention, wherein, the comparison result is consistent, the docker transmits the encrypted mirror image to the encryption machine, the encryption machine decrypts the mirror image in layers, if the 'secureID' is tampered, and the current judgment match is consistent, the mirror image is transmitted to the encryption machine, the key used in the encryption machine is different from the key used by the mirror image encryption, the mirror image cannot be decrypted after being transmitted to the encryption machine, the encryption machine reports an error notification, after the decryption, the digest value of the 'digest' field in the OCI mirror image configuration file in the encryption machine is changed, the 'digest' field is encrypted by using the private key of the encryption machine, the 'digest' field 'under the' identities 'label' and the 'mediaType' field remove 'encrypted' identification, after the decryption is completed, the docker receives the field returned by the encryption machine and decrypts the 'digest' by using the public key of the encryption machine, the SHA256 algorithm is performed on the mirror image layers one by one, comparing the obtained digest value with the decrypted secure digest, if no error exists, the decryption process of the mirror image is not tampered, and after no error exists, instantiating the mirror image returned from the encryption machine by the docker, and keeping the local mirror image in an encrypted state.
The invention provides an image encryption storage method based on an encryptor, which starts from the full life cycle of an image, compiles and encrypts the image, stores the encrypted image in an image warehouse, and decrypts the image when the image is used. The invention aims to solve the problem of security management of enterprise mirror images, and the mirror images are encrypted by using the encryption machine through different nodes, so that the mirror image management is specially used by a specially-assigned person.
Drawings
FIG. 1 is a block diagram of the present invention;
fig. 2 is a flow chart of the operation of the system according to the invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
The invention is based on a docker container management engine, and the encrypted mirror image is a mirror image file based on an OCI format. The encryption and decryption algorithms are integrated into the docker command. According to the scheme, the SM1 national cryptographic algorithm is adopted to encrypt the mirror image in a layered mode, and an encryption instruction is sent to the encryption machine by increasing an encrypt parameter after a docker build command. The decryption algorithm is integrated into the docker run command and checks if the mirror is encrypted before instantiation of the container. When the docker service is opened, the configuration of the encryption machine, including the IP and port number of the encryption machine, needs to be loaded so that the program can access the encryption machine. The configuration is written in a/etc/docker/daemon. Json modifies the fields in daemon. json to "registration-mirrors", adding the fields "securmebachineip" and "securmebachineport" below the original field. In addition, after encryption, in an index of a mirror image, json file, a "mediaType" field is modified, and an "indexes" tag is added below a layer.
Json file before modification:
FIG. 1 is a structural diagram of the present invention. As shown in fig. 1, the full-lifecycle docker image encryption management method provided by the present invention, from image compilation, mainly includes the following steps:
the docker build command generates an image. Since the images are stored hierarchically, the encryption module is called to encrypt different image layers at this time. When a docker build command is called, a parameter-encrypt is added after the command, encryption and compilation are executed when the docker program compiles the image, otherwise, the image is not encrypted by the compilation. Firstly, generating an unencrypted mirror image, calling an encryption machine interface, sending mirror image data to an encryption machine, and symmetrically encrypting the mirror image data in the encryption machine through an SM1 cryptographic algorithm. After encryption, the data is returned to the server and stored in the external memory. After encryption, an "encrypted" identifier is added after the "mediaType" field to distinguish whether the image is encrypted. The digest field will change and the digest string content will change. The method comprises the steps of adding an 'authorization' label under an encrypted layer, adding a 'secureID' field under the label, and recording the ID of the encryption machine, so that whether the current encryption machine and the encryption machine for image encryption are the same encryption machine or not can be compared through the 'secureID' during decryption. After encryption, the function of the image file is not transformed, and is still a storage image, but the storage mode of the image data is changed from the original plaintext to the ciphertext storage, and the corresponding 'digest' field is changed. Examples are shown below:
before encrypting an OCI image file:
after the OCI image file is encrypted, an encrypted mark is added at the tail of the 'mediaType' field to mark that the image layer is encrypted, and a basis is provided for subsequently judging whether the image file needs to be decrypted. And finally, an 'options' label is added, and a 'secureID' encryption machine identifier is recorded, so that the encryption machines can be compared conveniently during decryption. After encryption as follows:
and (4) related commands: v1.
2) And pushing the encrypted mirror image to a remote warehouse for storage by using a docker push command.
And (4) related commands: docker push abc: v1
The encrypted image is pulled down from the repository to local using the docker pull abc command.
And (4) related commands: docker pull abc: v1
3) The docker run command creates a container and loads the mirror. Here, the image is judged whether the loaded image needs to be decrypted or not. Fig. 2 is a flow chart of the operation of the system according to the invention, as shown in fig. 2.
Firstly, when a user executes a docker run command, the run command firstly checks whether an encryption identifier 'encrypted' exists in a 'mediType' field of each mirror image layer in an OCI (optical storage interface) mirror image file, and if the encryption identifier 'encrypted' does not exist, the mirror image layer is indicated to be not encrypted and to be directly operated. When the "encrypted" field exists in the "mediaType" field of the image layer, the image layer is in an encrypted state and needs to be decrypted. And secondly, the docker judges whether to connect the encryption equipment or not. And thirdly, the docker requests the encryption machine interface to judge whether the 'secureID' in the OCI image file is consistent with the encryption machine ID provided by the encryption machine interface.
There are two types of results returned here:
and returning: the comparison results are consistent. The current encryption machine and the encryption machine of the encryption mirror layer are the same encryption machine and can be decrypted. And the docker transmits the encrypted mirror image to the encryption machine, and the encryption machine performs layered decryption on the mirror image. If the current judgment match is consistent after the 'secureiD' is tampered, the mirror image can be transmitted into the encryption machine, but the key used in the encryption machine is different from the key used in the encryption of the mirror image, so the mirror image cannot be decrypted after being transmitted into the encryption machine, and the encryption machine notifies an error. After decryption, the digest value of the "digest" field in the OCI image configuration file in the encryptor is changed, the "digest" field is encrypted by using the private key of the encryptor and is stored in the "secureDigest" field under the "indications" label. The "mediaType" field is removed from the "encrypted" flag. After decryption is completed, the docker receives a field returned by the encryption machine, decrypts the 'secureDigest' by using the public key of the encryption machine, performs the digest algorithm on the image layers one by using the SHA256 algorithm, compares the obtained digest value with the decrypted 'secureDigest', and if no error exists, the image decryption process is not tampered. And after the verification is correct, the docker instantiates the mirror image returned from the encryption machine. The native image remains in an encrypted state.
And returning: the results of the comparison were inconsistent. It is shown that the current encryptor is not the same encryptor as the encryptor encrypting the image, and therefore the image cannot be decrypted. The return message "current match is not consistent", and the decryption process terminates.
And (4) related commands: mirror image docker run-name abc-d abc latest
The invention ensures a 'one-family one-secret' system through the encryption machine. And carrying out encryption and decryption management throughout the whole life cycle of the mirror image, and encrypting the mirror image from the start of mirror image compilation. And uploading to the image warehouse to store the image in an encrypted state. And when the docker instantiates the image, the encryption state of the image is not changed. The mirror image encryption adopts an encryption machine to encrypt, and a secret key and an encryption algorithm are integrated in safety hardware, so that the safety of the secret key is ensured. Only the owner of the mirror image can encrypt and decrypt the mirror image, and the safety of the mirror image is ensured.
Compared with the prior art, the scheme adopts the encryption machine to encrypt and decrypt the mirror image, adopts hardware encryption, and is safer compared with software encryption. The mirror image is stored in the mirror image warehouse after being encrypted, so that the problem of encryption management of the mirror image by an enterprise is solved, only the mirror image creation node is authorized to operate and use the mirror image, and the privacy and the safety of data are guaranteed.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A container mirror image encryption management method based on an encryption machine is characterized by comprising the following steps:
generating an unencrypted mirror image, calling an encryption machine interface, sending mirror image data to an encryption machine, symmetrically encrypting the mirror image data in the encryption machine, returning the data to a server after encryption, storing the data in an external memory, adding an identifier after encryption so as to distinguish whether the mirror image is encrypted excessively, adding a label after encryption, and adding a field below the label to record an ID of the encryption machine;
pushing the encrypted mirror image to a remote warehouse for storage;
pulling down the encrypted mirror image from the warehouse to the local;
creating a container and loading a mirror image, judging the mirror image, and judging whether the loaded mirror image needs to be decrypted or not;
firstly, checking whether fields of each image layer in an OCI image file have encryption marks, if not, indicating that the image layer is not encrypted, and directly running, if so, indicating that the image layer is in an encryption state and needs to be decrypted, and docker requesting an encryptor interface to judge whether an ID in the OCI image file is consistent with an encryptor ID provided by the encryptor interface, and if so, indicating that the current encryptor and the encryptor of the encryption image layer are the same encryptor and can perform decryption operation on the encryptor; and if the comparison result is inconsistent, the current encryption machine is not the same encryption machine as the encryption machine for encrypting the image, and the image cannot be decrypted.
2. The encryption management method for the container image based on the encryption machine as claimed in claim 1, wherein the encrypted image is an image file based on OCI format based on the docker container management engine.
3. The encryption management method for the container mirror image based on the encryption machine as claimed in claim 1, characterized in that the encryption and decryption algorithms are integrated in the docker command, the mirror image is hierarchically encrypted by using the SM1 cryptographic algorithm, and the encryption instruction is sent to the encryption machine by adding an encryption parameter after the docker built command.
4. The encryption management method for container images based on an encryption machine according to claim 1, characterized in that a decryption algorithm is integrated in a docker run command, and whether the images are encrypted or not is checked before the container is instantiated.
5. The encryption management method for container images based on encryption equipment as claimed in claim 1, wherein when the docker service is opened, the encryption equipment configuration, including the encryption equipment IP and port number, is loaded so that the program can access the encryption equipment, the configuration is written in the/etc/docker/daemon json file, the field in daemon json before modification is "registry-mirrors", the fields "securmemachien IP" and "securmemachien port" added below the original field are added, and the encrypted file is subjected to modification in mirror index.
6. The encryption management method for container images based on an encryption machine as claimed in claim 1, wherein image images are generated by a docker build command, when the docker build command is called, a parameter-encrypt is added after the command, when the docker program compiles the images, encryption compilation is performed, otherwise the images are not encrypted, firstly, unencrypted images are generated, then, an encryption machine interface is called, image data are sent to the encryption machine, symmetric encryption is performed on the image data by SM1 national encryption algorithm in the encryption machine, after encryption, the data are returned to a server and stored in an external memory, after encryption, an "encrypted" identifier is added after a "media type" field so as to distinguish whether the images are encrypted, an "options" label is newly added under an encrypted layer, and a "secureID" field is newly added under the label, so as to record the ID of the encryption machine when decrypting, and comparing whether the current encryption machine and the encryption machine for encrypting the mirror image are the same encryption machine or not through 'secureID'.
7. The encryption management method for the container mirror image based on the encryption machine as claimed in claim 1, wherein after the OCI mirror image file is encrypted, an "encrypted" mark is added at the end of a "media type" field to identify that the mirror image layer is encrypted, a basis is provided for subsequently judging whether the mirror image file needs to be decrypted, and finally an "indications" tag is added to record an "secureID" encryption machine identification.
8. The encryption management method for the container image based on the encryption machine according to claim 1, wherein a docker push command is used to push the encrypted image to a remote warehouse for storage; the encrypted image is pulled down from the repository to local using the docker pull abc command.
9. The encryption management method for the container mirror image based on the encryption machine as claimed in claim 6, wherein when the user executes the docker run command, it is first checked whether the "mediType" field of each mirror image layer in the OCI mirror image file has the encryption identifier "encrypted", if there is no "encrypted" identifier, it indicates that the mirror image layer is not encrypted and will be directly run, and when there is the "encrypted" field in the "mediType" field of the mirror image layer, the mirror image layer is in the encrypted state and needs to be decrypted; docker will determine whether to connect the encryptor; the docker requests the encryption machine interface to judge whether the 'secureID' in the OCI image file is consistent with the encryption machine ID provided by the encryption machine interface.
10. The encryption management method for the container mirror image based on the encryption machine as claimed in claim 9, wherein the comparison result is consistent, the docker transmits the encrypted mirror image to the encryption machine, the encryption machine decrypts the mirror image hierarchically, if the "secureID" is tampered, and the current judgment match is consistent, the mirror image is transmitted to the encryption machine, the key used in the encryption machine is different from the key used in the mirror image encryption, the mirror image cannot be decrypted after being transmitted to the encryption machine, the encryption machine reports an error notification, after the decryption, the digest value of the "digest" field in the OCI mirror image configuration file in the encryption machine changes, the "digest" field is encrypted by using the private key of the encryption machine, the encrypted digest is stored in the "securiedigest" field under the "associations" label, the "mediatetype" field "encrypted" is removed, after the decryption is completed, the docker receives the field returned by the encryption machine, the public key of the encryption machine is used to decrypt the "securied digest" and the SHA256 algorithm is used to perform the mirror image layer one-by one algorithm, comparing the obtained digest value with the decrypted secure digest, if no error exists, the decryption process of the mirror image is not tampered, and after no error exists, instantiating the mirror image returned from the encryption machine by the docker, and keeping the local mirror image in an encrypted state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010882683.3A CN112054899A (en) | 2020-08-28 | 2020-08-28 | Container mirror image encryption management method based on encryption machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010882683.3A CN112054899A (en) | 2020-08-28 | 2020-08-28 | Container mirror image encryption management method based on encryption machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112054899A true CN112054899A (en) | 2020-12-08 |
Family
ID=73607910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010882683.3A Pending CN112054899A (en) | 2020-08-28 | 2020-08-28 | Container mirror image encryption management method based on encryption machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112054899A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112817615A (en) * | 2021-02-24 | 2021-05-18 | 共达地创新技术(深圳)有限公司 | File processing method, device, system and storage medium |
| CN112905223A (en) * | 2021-04-09 | 2021-06-04 | 竞技世界(北京)网络技术有限公司 | Method, device and equipment for generating upgrade package |
| CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
| CN114978672A (en) * | 2022-05-19 | 2022-08-30 | 银河麒麟软件(长沙)有限公司 | Docker mirror image encryption and arrangement method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5953419A (en) * | 1996-05-06 | 1999-09-14 | Symantec Corporation | Cryptographic file labeling system for supporting secured access by multiple users |
| CN103916363A (en) * | 2012-12-30 | 2014-07-09 | 航天信息股份有限公司 | Communication security management method and system for encryption machine |
| CN110362427A (en) * | 2019-06-26 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of processing method of image file, system, BMC and readable storage medium storing program for executing |
| CN110830571A (en) * | 2019-11-05 | 2020-02-21 | 许继集团有限公司 | Business data backup and extraction method and computer readable medium |
| CN110955901A (en) * | 2019-10-12 | 2020-04-03 | 烽火通信科技股份有限公司 | Storage method and server for virtual machine image file of cloud computing platform |
-
2020
- 2020-08-28 CN CN202010882683.3A patent/CN112054899A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5953419A (en) * | 1996-05-06 | 1999-09-14 | Symantec Corporation | Cryptographic file labeling system for supporting secured access by multiple users |
| CN103916363A (en) * | 2012-12-30 | 2014-07-09 | 航天信息股份有限公司 | Communication security management method and system for encryption machine |
| CN110362427A (en) * | 2019-06-26 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of processing method of image file, system, BMC and readable storage medium storing program for executing |
| CN110955901A (en) * | 2019-10-12 | 2020-04-03 | 烽火通信科技股份有限公司 | Storage method and server for virtual machine image file of cloud computing platform |
| CN110830571A (en) * | 2019-11-05 | 2020-02-21 | 许继集团有限公司 | Business data backup and extraction method and computer readable medium |
Non-Patent Citations (1)
| Title |
|---|
| 许丽婷 等: "基于Docker技术的分层式数据安全性防护系统", 信息化研究, no. 01 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112817615A (en) * | 2021-02-24 | 2021-05-18 | 共达地创新技术(深圳)有限公司 | File processing method, device, system and storage medium |
| CN112817615B (en) * | 2021-02-24 | 2023-12-26 | 共达地创新技术(深圳)有限公司 | File processing method, device, system and storage medium |
| CN112905223A (en) * | 2021-04-09 | 2021-06-04 | 竞技世界(北京)网络技术有限公司 | Method, device and equipment for generating upgrade package |
| CN112905223B (en) * | 2021-04-09 | 2024-03-19 | 竞技世界(北京)网络技术有限公司 | Upgrade package generation method, device and equipment |
| CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
| CN114978672A (en) * | 2022-05-19 | 2022-08-30 | 银河麒麟软件(长沙)有限公司 | Docker mirror image encryption and arrangement method and system |
| CN114978672B (en) * | 2022-05-19 | 2024-03-26 | 银河麒麟软件(长沙)有限公司 | Docker mirror image encryption and arrangement method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112054899A (en) | Container mirror image encryption management method based on encryption machine | |
| EP3710974B1 (en) | Method and arrangement for detecting digital content tampering | |
| EP3937046A1 (en) | Trusted startup methods and apparatuses of dedicated blockchain node device | |
| US8213620B1 (en) | Method for managing cryptographic information | |
| JP4993733B2 (en) | Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device | |
| CN111914269A (en) | Data security sharing method and system under block chain and cloud storage environment | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| EP3780483A1 (en) | Cryptographic operation method, method for creating work key, and cryptographic service platform and device | |
| US20220114249A1 (en) | Systems and methods for secure and fast machine learning inference in a trusted execution environment | |
| CN108270739B (en) | Method and device for managing encryption information | |
| CN106603484A (en) | Virtual key method and apparatus using the same, background system, and user terminal | |
| CA3176858A1 (en) | Data processing method and system | |
| US11755499B2 (en) | Locally-stored remote block data integrity | |
| CN104349135A (en) | Surveillance server, method of processing data of surveillance server, and surveillance system | |
| CN107995147B (en) | Metadata encryption and decryption method and system based on distributed file system | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN103858127B (en) | Method, system and mediation server for deleting information in order to maintain security level | |
| JP6318305B2 (en) | How to manage subscriptions on the provisioning server | |
| CN114884661A (en) | Hybrid security service password system and implementation method thereof | |
| CN114741706A (en) | Virtual disk file encryption method, device and equipment | |
| CN109240804B (en) | Method and device for managing disk resources of virtual machine | |
| WO2023169409A1 (en) | Model invoking method and apparatus, and storage medium | |
| CN117390655B (en) | Data encryption method and system based on database | |
| CN112910834B (en) | Data sharing method, device, system, equipment and medium | |
| CN113037770B (en) | Industrial control data safety system and method based on storage virtualization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |