TWI805514B - Traceability system and its method - Google Patents

Traceability system and its method Download PDF

Info

Publication number
TWI805514B
TWI805514B TW111140032A TW111140032A TWI805514B TW I805514 B TWI805514 B TW I805514B TW 111140032 A TW111140032 A TW 111140032A TW 111140032 A TW111140032 A TW 111140032A TW I805514 B TWI805514 B TW I805514B
Authority
TW
Taiwan
Prior art keywords
container image
server
file
image file
container
Prior art date
Application number
TW111140032A
Other languages
Chinese (zh)
Other versions
TW202418128A (en
Inventor
陳信宏
陳芳志
Original Assignee
台灣大哥大股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台灣大哥大股份有限公司 filed Critical 台灣大哥大股份有限公司
Priority to TW111140032A priority Critical patent/TWI805514B/en
Application granted granted Critical
Publication of TWI805514B publication Critical patent/TWI805514B/en
Publication of TW202418128A publication Critical patent/TW202418128A/en

Links

Images

Landscapes

  • Diaphragms For Electromechanical Transducers (AREA)
  • Preparation Of Compounds By Using Micro-Organisms (AREA)

Abstract

溯源系統,包含:一第一容器映像檔註冊儲存庫;以及一伺服器,存取該第一容器映像檔註冊儲存庫,並通訊連接一第二容器映像檔註冊儲存庫;其中該伺服器自該第二容器映像檔註冊儲存庫接收一第一容器映像檔,該伺服器對該第一容器映像檔執行一安全性檢查,以產生一安全確認資料;其中該伺服器基於該第一容器映像檔與該安全確認資料,以產生一第二容器映像檔,該伺服器並將該第二容器映像檔儲存至該第一容器映像檔註冊儲存庫;其中該第二容器映像檔包含該第一容器映像檔以及一第一隱碼圖像檔,該第一隱碼圖像檔包含一第一字串資料。The traceability system includes: a first container image registration repository; and a server that accesses the first container image registration repository and communicates with a second container image registry; wherein the server is from The second container image registry receives a first container image, and the server performs a security check on the first container image to generate a security confirmation; wherein the server is based on the first container image file and the security confirmation data to generate a second container image, the server stores the second container image in the first container image registry; wherein the second container image includes the first A container image file and a first hidden code image file, the first hidden code image file includes a first character string data.

Description

溯源系統及其方法Traceability system and its method

本發明係關於一種溯源系統及其方法,特別係關於一種可確保系統內部所儲存及/或使用的容器映像檔(image,或稱container image file)皆為已符合資安要求之容器映像檔的溯源系統及其方法。The present invention relates to a traceability system and method thereof, in particular to a method that can ensure that all container image files (or called container image files) stored and/or used in the system are container image files that have met information security requirements. Traceability system and its method.

藉由傳統的容器映像檔技術,使用者可自不同的容器映像檔註冊儲存庫(registry)下載所需的容器映像檔,並依需求修改或調整容器映像檔的內容。然而,對企業而言,若無法確保其內部各員工所下載的每一個容器映像檔皆為安全可靠的容器映像檔,則對於企業的資訊安全將有可能造成極大的損害。有鑑於此,將需要一種可確保系統內部所儲存及/或使用的容器映像檔皆為已符合資安要求之容器映像檔的溯源系統及其方法。With traditional container image technology, users can download the required container image from different container image registries, and modify or adjust the content of the container image as required. However, for an enterprise, if it cannot ensure that each container image file downloaded by its internal employees is a safe and reliable container image file, it may cause great damage to the information security of the enterprise. In view of this, there is a need for a traceability system and method for ensuring that all container image files stored and/or used in the system are container image files that have met information security requirements.

為了解決上述問題,本發明之一構想在於提供一種可確保系統內部所儲存及/或使用的容器映像檔皆為已符合資安要求之容器映像檔的溯源系統及其方法。。In order to solve the above problems, one idea of the present invention is to provide a traceability system and method that can ensure that all container images stored and/or used in the system are container images that meet information security requirements. .

基於前揭構想,本發明提供一種溯源系統,包含:一第一容器映像檔註冊儲存庫;以及一伺服器,存取該第一容器映像檔註冊儲存庫,並通訊連接一第二容器映像檔註冊儲存庫;其中該伺服器自該第二容器映像檔註冊儲存庫接收一第一容器映像檔,該伺服器對該第一容器映像檔執行一安全性檢查,以產生一安全確認資料;其中該伺服器基於該第一容器映像檔與該安全確認資料,以產生一第二容器映像檔,該伺服器並將該第二容器映像檔儲存至該第一容器映像檔註冊儲存庫;其中該第二容器映像檔包含該第一容器映像檔以及一第一隱碼圖像檔,該第一隱碼圖像檔包含一第一字串資料。Based on the idea disclosed above, the present invention provides a traceability system, including: a first container image registry repository; and a server, accessing the first container image registry repository and communicating with a second container image repository a registry repository; wherein the server receives a first container image from the second container image registry, the server performs a security check on the first container image to generate a security confirmation; wherein The server generates a second container image based on the first container image and the security confirmation data, and the server stores the second container image in the first container image registry; wherein the server The second container image file includes the first container image file and a first hidden code image file, and the first hidden code image file includes a first string data.

於本發明之一較佳實施例中,該伺服器將該第一容器映像檔轉換成一第一容器映像原碼檔;其中該伺服器使該第一容器映像原碼檔包含該第一隱碼圖像檔,並將該第一容器映像原碼檔連同該第一隱碼圖像檔,轉換成該第二容器映像檔。In a preferred embodiment of the present invention, the server converts the first container image file into a first container image source file; wherein the server makes the first container image source file include the first hidden code image file, and convert the first container image source code file together with the first hidden code image file into the second container image file.

於本發明之一較佳實施例中,該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該伺服器基於該路徑紀錄資料,以使該第一隱碼圖像檔關聯於該第一容器映像原碼檔中的該特定路徑。In a preferred embodiment of the present invention, the first container image registry stores a path record data, the path record data indicates a specific path; wherein the server makes the first container image file based on the path record data A hidden image file is associated with the specific path in the first container image source code file.

於本發明之一較佳實施例中,該伺服器接收一驗證指令,該伺服器基於該驗證指令,以將該第二容器映像檔轉換成一第二容器映像原碼檔;其中該伺服器自該第二容器映像原碼檔獲得該第一隱碼圖像檔,並自該第一隱碼圖像檔獲得該第一字串資料;其中該伺服器基於該第一字串資料符合一安全性字串資料,而產生一第一驗證成功資料。In a preferred embodiment of the present invention, the server receives a verification command, and based on the verification command, the server converts the second container image file into a second container image source code file; wherein the server automatically The second container image source file obtains the first encrypted image file, and obtains the first string data from the first encrypted image file; wherein the server complies with a security based on the first string data character string data, and generate a first authentication success data.

於本發明之一較佳實施例中,該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該伺服器係基於該路徑紀錄資料,以自該第二容器映像原碼檔中的該特定路徑,獲得該第一隱碼圖像檔。In a preferred embodiment of the present invention, the first container image registry store stores a path log data indicating a specific path; wherein the server is based on the path log data, from the The specific path in the second container image source code file obtains the first hidden code image file.

於本發明之一較佳實施例中,該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該溯源系統進一步包含:一計算機裝置,存取該第一容器映像檔註冊儲存庫,並通訊連接該伺服器,該計算機裝置傳送一第三容器映像檔至該伺服器;其中該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔,且該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the first container image registry stores a path record data, and the path record data indicates a specific path; wherein the traceability system further includes: a computer device, accessing the The first container image file is registered with the repository and communicated with the server, and the computer device sends a third container image file to the server; wherein the server converts the third container image file into a third container image source code file, and the server determines whether to store the third container image in the first container image registry based on the source file of the third container image and the path record data.

於本發明之一較佳實施例中,該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料;其中該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server obtains a second encrypted image file from the specific path of the third container image source code file, and obtains from the second encrypted image file A second string data; wherein the server stores the third container image file in the first container image registry repository based on the second string data matching a security string data.

於本發明之一較佳實施例中,該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server decides not to store the third container image based on the fact that the specific path in the third container image source file does not have a second hidden image file Register the repository with the first container image.

於本發明之一較佳實施例中,該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料;其中該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server obtains a second encrypted image file from the specific path of the third container image source code file, and obtains from the second encrypted image file A second string data; wherein the server decides not to store the third container image file in the first container image registry repository because the second string data does not match a security string data.

根據本發明之目的,再提供一種溯源系統,包含:一第一容器映像檔註冊儲存庫,儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;一伺服器,存取該第一容器映像檔註冊儲存庫;以及一計算機裝置,存取該第一容器映像檔註冊儲存庫,並通訊連接該伺服器,該計算機裝置傳送一第三容器映像檔至該伺服器;其中該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔,且該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。According to the purpose of the present invention, a traceability system is further provided, comprising: a first container image file registration repository storing a path record data indicating a specific path; a server accessing the first container an image file registry; and a computer device accessing the first container image registry and communicatively connected to the server, the computer device sending a third container image to the server; wherein the server will The third container image is converted into a third container image source file, and the server determines whether to store the third container image file in the first container image based on the third container image source file and the path record data. Container image registry repository.

於本發明之一較佳實施例中,該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料;其中該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server obtains a second encrypted image file from the specific path of the third container image source code file, and obtains from the second encrypted image file A second string data; wherein the server stores the third container image file in the first container image registry repository based on the second string data matching a security string data.

於本發明之一較佳實施例中,該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server decides not to store the third container image based on the fact that the specific path in the third container image source file does not have a second hidden image file Register the repository with the first container image.

於本發明之一較佳實施例中,該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料;其中該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the server obtains a second encrypted image file from the specific path of the third container image source code file, and obtains from the second encrypted image file A second string data; wherein the server decides not to store the third container image file in the first container image registry repository because the second string data does not match a security string data.

根據本發明之目的,再提供一種溯源方法,應用於一溯源系統,該溯源系統包含一第一容器映像檔註冊儲存庫以及一伺服器,該伺服器存取該第一容器映像檔註冊儲存庫,且該伺服器通訊連接一第二容器映像檔註冊儲存庫;該溯源方法包含以下步驟:由該伺服器自該第二容器映像檔註冊儲存庫接收一第一容器映像檔;由該伺服器對該第一容器映像檔執行一安全性檢查,以產生一安全確認資料;由該伺服器基於該第一容器映像檔與該安全確認資料,以產生一第二容器映像檔;以及由該伺服器將該第二容器映像檔儲存至該第一容器映像檔註冊儲存庫;其中該第二容器映像檔包含該第一容器映像檔以及一第一隱碼圖像檔,該第一隱碼圖像檔包含一第一字串資料。According to the purpose of the present invention, a traceability method is further provided, which is applied to a traceability system, the traceability system includes a first container image file registration repository and a server, and the server accesses the first container image file registration repository , and the server is connected to a second container image registry; the trace method includes the following steps: the server receives a first container image from the second container image registry; the server performing a security check on the first container image to generate a security confirmation; generating a second container image by the server based on the first container image and the security confirmation; and by the server The device stores the second container image file into the first container image file registration repository; wherein the second container image file includes the first container image file and a first hidden code image file, the first hidden code image file The image file contains a first string of data.

於本發明之一較佳實施例中,溯源方法該進一步包含以下步驟:由該伺服器將該第一容器映像檔轉換成一第一容器映像原碼檔;由該伺服器使該第一容器映像原碼檔包含該第一隱碼圖像檔,以及由該伺服器將該第一容器映像原碼檔連同該第一隱碼圖像檔,轉換成該第二容器映像檔。In a preferred embodiment of the present invention, the traceability method further includes the following steps: converting the first container image file into a first container image original code file by the server; making the first container image file by the server The original code file includes the first hidden code image file, and the server converts the first container image original code file together with the first hidden code image file into the second container image file.

於本發明之一較佳實施例中,該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該溯源方法進一步包含以下步驟:由該伺服器基於該路徑紀錄資料,以使該第一隱碼圖像檔關聯於該第一容器映像原碼檔中的該特定路徑。In a preferred embodiment of the present invention, the first container image file registry stores a path record data, and the path record data indicates a specific path; wherein the source tracing method further includes the following steps: the server based on The path records data so that the first hidden image file is associated with the specific path in the first container image source code file.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器接收一驗證指令,該伺服器基於該驗證指令,以將該第二容器映像檔轉換成一第二容器映像原碼檔;由該伺服器自該第二容器映像原碼檔獲得該第一隱碼圖像檔,並自該第一隱碼圖像檔獲得該第一字串資料;以及由該伺服器基於該第一字串資料符合一安全性字串資料,而產生一第一驗證成功資料。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server receives a verification instruction, and the server converts the second container image file into a second container based on the verification instruction an image source file; the server obtains the first encrypted image file from the second container image original file, and obtains the first string data from the first encrypted image file; and the server The device generates first authentication success information based on the first string data conforming to a security string data.

於本發明之一較佳實施例中,該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該伺服器係基於該路徑紀錄資料,以自該第二容器映像原碼檔中的該特定路徑,獲得該第一隱碼圖像檔。In a preferred embodiment of the present invention, the first container image registry store stores a path log data indicating a specific path; wherein the server is based on the path log data, from the The specific path in the second container image source code file obtains the first hidden code image file.

於本發明之一較佳實施例中,該溯源系統包含一計算機裝置,該計算機裝置存取該第一容器映像檔註冊儲存庫,且該計算機裝置通訊連接該伺服器;其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;其中該溯源方法進一步包含以下步驟:由該計算機裝置傳送一第三容器映像檔至該伺服器;由該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔;以及由該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability system includes a computer device, the computer device accesses the first container image registration repository, and the computer device is connected to the server in communication; wherein the first container image The file registration repository stores a path record data, and the path record data indicates a specific path; wherein the traceability method further includes the following steps: sending a third container image file to the server by the computer device; The third container image is converted into a third container image source file; and the server determines whether to store the third container image file in the first container image based on the third container image source file and the path record data A container image registry repository.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔;由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及由該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server obtains a second hidden code image file from the specific path of the third container image original code file; The server obtains a second string data from the second encrypted image file; and based on the second string data matching a security string data, the server stores the third container image file in The first container image registry repository.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server does not have a second hidden code image file based on the specific path in the third container image original code file, and It is determined not to store the third container image in the first container image registry.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔;由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及由該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server obtains a second hidden code image file from the specific path of the third container image original code file; The server obtains a second string data from the second encrypted image file; and the server determines not to image the third container based on the second string data not matching a security string data files are stored in the first container image registry repository.

根據本發明之目的,再提供一種溯源方法,應用於一溯源系統,該溯源系統包含一第一容器映像檔註冊儲存庫、一伺服器以及一計算機裝置,該伺服器存取該第一容器映像檔註冊儲存庫,該計算機裝置存取該第一容器映像檔註冊儲存庫,且該計算機裝置通訊連接該伺服器;其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;該溯源方法包含以下步驟:由該計算機裝置傳送一第三容器映像檔至該伺服器;由該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔;以及由該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。According to the purpose of the present invention, a traceability method is further provided, which is applied to a traceability system, and the traceability system includes a first container image file registration repository, a server and a computer device, and the server accesses the first container image A file registry repository, the computer device accesses the first container image registry repository, and the computer device is communicatively connected to the server; wherein the first container image registry repository stores a path record data, the path record data Indicating a specific path; the tracing method includes the following steps: sending a third container image file to the server from the computer device; converting the third container image file into a third container image source code file by the server; And the server determines whether to store the third container image in the first container image registry based on the third container image source code file and the path record data.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔;由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及由該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server obtains a second hidden code image file from the specific path of the third container image original code file; The server obtains a second string data from the second encrypted image file; and based on the second string data matching a security string data, the server stores the third container image file in The first container image registry repository.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server does not have a second hidden code image file based on the specific path in the third container image original code file, and It is determined not to store the third container image in the first container image registry.

於本發明之一較佳實施例中,該溯源方法該進一步包含以下步驟:由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔;由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及由該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。In a preferred embodiment of the present invention, the traceability method further includes the following steps: the server obtains a second hidden code image file from the specific path of the third container image original code file; The server obtains a second string data from the second encrypted image file; and the server determines not to image the third container based on the second string data not matching a security string data files are stored in the first container image registry repository.

本發明前述各方面及其它方面依據下述的非限制性具體實施例詳細說明以及參照附隨的圖式將更趨於明瞭。The foregoing and other aspects of the invention will become more apparent from the following detailed description of non-limiting specific examples and with reference to the accompanying drawings.

請參閱第一圖,其例示說明了根據本發明溯源系統一具體實施例的系統架構圖。如第一圖所示實施例,溯源系統100包含第一容器映像檔註冊儲存庫110(容器映像檔註冊儲存庫可稱為registry)以及伺服器120。伺服器120可存取第一容器映像檔註冊儲存庫110,且伺服器120通訊連接第二容器映像檔註冊儲存庫910。在一具體實施例中,溯源系統100進一步包含計算機裝置130,計算機裝置130可存取第一容器映像檔註冊儲存庫110,且計算機裝置130通訊連接伺服器120。在一具體實施例中,本發明之溯源系統100包含一或多個處理器,且溯源系統100係以硬體與軟體協同運作的方式實施第一容器映像檔註冊儲存庫110及/或伺服器120及/或計算機裝置130。例如伺服器120能以硬體與軟體協同運作的方式傳送、接收以及處理各種資料、檔案或指令,計算機裝置130能以硬體與軟體協同運作的方式傳送、接收以及處理各種資料、檔案或指令,而第一容器映像檔註冊儲存庫110能以硬體與軟體協同運作的方式傳送、接收以及儲存各種資料、檔案或指令。在不同具體實施例中,計算機裝置130可為伺服器、電腦、筆電、行動裝置等,但不以此為限。應了解,根據需求,計算機裝置130亦可為伺服器120。Please refer to the first figure, which illustrates a system architecture diagram of a specific embodiment of the traceability system according to the present invention. In the embodiment shown in the first figure, the traceability system 100 includes a first container image registry repository 110 (the container image registry repository may be called a registry) and a server 120 . The server 120 can access the first container image registry 110 , and the server 120 is communicatively connected to the second container image registry 910 . In a specific embodiment, the traceability system 100 further includes a computer device 130 , the computer device 130 can access the first container image file registration repository 110 , and the computer device 130 is connected to the server 120 in communication. In a specific embodiment, the traceability system 100 of the present invention includes one or more processors, and the traceability system 100 implements the first container image file registration repository 110 and/or the server in a cooperative manner of hardware and software 120 and/or computer device 130. For example, the server 120 can transmit, receive and process various data, files or instructions in a manner of cooperative operation of hardware and software, and the computer device 130 can transmit, receive and process various data, files or instructions in a manner of cooperative operation of hardware and software. , and the first container image registry repository 110 can transmit, receive and store various data, files or instructions in a cooperative manner of hardware and software. In different specific embodiments, the computer device 130 can be a server, a computer, a laptop, a mobile device, etc., but is not limited thereto. It should be understood that, according to requirements, the computer device 130 can also be the server 120 .

在第一圖所示實施例中,伺服器120可自第二容器映像檔註冊儲存庫910接收第一容器映像檔(容器映像檔可稱為image,或可稱為container image file),伺服器120可對第一容器映像檔執行安全性檢查,以產生安全確認資料,該安全確認資料關聯於第一容器映像檔。較佳地,安全確認資料指示出第一容器映像檔符合資訊安全之需求。伺服器120可基於第一容器映像檔與安全確認資料,以產生第二容器映像檔,伺服器120並可將第二容器映像檔儲存至第一容器映像檔註冊儲存庫110。其中,第二容器映像檔包含第一容器映像檔以及一第一隱碼圖像檔,第一隱碼圖像檔包含一第一字串資料。較佳地,第一字串資料指示出第二容器映像檔符合資訊安全之需求。在完成前述流程後,儲存於第一容器映像檔註冊儲存庫110的第二容器映像檔即可由使用者進行下載及/或使用(例如使用者可藉由計算機裝置130以至第一容器映像檔註冊儲存庫110擷取並使用第二容器映像檔,或例如使用者可藉由伺服器120以至第一容器映像檔註冊儲存庫110擷取並使用第二容器映像檔)。In the embodiment shown in the first figure, the server 120 may receive the first container image file (the container image file may be called image or container image file) from the second container image file registration repository 910, and the server 120 may 120 may perform a security check on the first container image file to generate security confirmation data associated with the first container image file. Preferably, the security confirmation data indicates that the first container image file complies with information security requirements. The server 120 can generate a second container image based on the first container image and the security confirmation data, and the server 120 can store the second container image in the first container image registry 110 . Wherein, the second container image file includes the first container image file and a first hidden code image file, and the first hidden code image file includes a first string data. Preferably, the first string data indicates that the second container image file complies with information security requirements. After completing the aforementioned process, the second container image file stored in the first container image file registration repository 110 can be downloaded and/or used by the user (for example, the user can use the computer device 130 to register the first container image file The repository 110 retrieves and uses the second container image, or for example, the user can retrieve and use the second container image through the server 120 and register the repository 110 with the first container image).

應了解,溯源系統100可根據需求,而由其伺服器120使用原碼掃描技術(或使用其它可用於確認是否符合資訊安全之技術),以對第一容器映像檔執行安全性檢查。在一具體實施例中,當伺服器120執行安全性檢查時,若伺服器120可確認第一容器映像檔係自符合資訊安全之官方網站所下載,或者若伺服器120可確認第一容器映像檔的下載來源為符合資訊安全之第三方網站,且該第三方網站提供具保證性的官方原碼,則伺服器120將對應產生安全確認資料。It should be understood that the traceability system 100 can use the source code scanning technology (or use other technologies that can be used to confirm compliance with information security) by its server 120 to perform security checks on the first container image file according to requirements. In a specific embodiment, when the server 120 performs the security check, if the server 120 can confirm that the first container image file is downloaded from an official website that complies with information security, or if the server 120 can confirm that the first container image If the download source of the file is a third-party website that complies with information security, and the third-party website provides a guaranteed official source code, the server 120 will correspondingly generate security confirmation data.

應了解,當伺服器120對特定容器映像檔執行安全性檢查時,若發現該特定容器映像檔不符合資訊安全之需求,則伺服器120不會針對該特定容器映像檔產生安全確認資料,亦不會將該特定容器映像檔儲存至第一容器映像檔註冊儲存庫110。如此,即可確保儲存在第一容器映像檔註冊儲存庫110中的容器映像檔皆可通過安全性檢查且符合資訊安全之需求。在一具體實施例中,當伺服器120對特定容器映像檔執行安全性檢查時,若發現該特定容器映像檔不符合資訊安全之需求,則伺服器120將針對該特定容器映像檔產生警示資料,伺服器120並基於該特定容器映像檔以及該警示資料,而決定不將該特定容器映像檔儲存至第一容器映像檔註冊儲存庫110。其中,警示資料關聯於該特定容器映像檔,且警示資料指示出該特定容器映像檔不符合資訊安全之需求。It should be understood that when the server 120 performs a security check on a specific container image file, if it is found that the specific container image file does not meet the requirements for information security, the server 120 will not generate security confirmation data for the specific container image file, and also The specific container image is not stored in the first container image registry 110 . In this way, it can be ensured that the container image files stored in the first container image file registration repository 110 can pass the security check and meet the requirements of information security. In a specific embodiment, when the server 120 performs a security check on a specific container image file, if it is found that the specific container image file does not meet the requirements of information security, the server 120 will generate warning data for the specific container image file , the server 120 determines not to store the specific container image in the first container image registry 110 based on the specific container image and the warning data. Wherein, the warning data is associated with the specific container image file, and the warning data indicates that the specific container image file does not meet the requirements of information security.

在一具體實施例中,在伺服器120對第一容器映像檔執行安全性檢查以產生安全確認資料後,伺服器120可將第一容器映像檔轉換成第一容器映像原碼檔(容器映像原碼檔可稱為docker file)。接著,伺服器120可使第一容器映像原碼檔包含第一隱碼圖像檔,伺服器120並可將第一容器映像原碼檔連同第一隱碼圖像檔,轉換成第二容器映像檔。如此,第二容器映像檔即包含了第一容器映像檔以及第一隱碼圖像檔。較佳地,第一容器映像檔註冊儲存庫110儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑。伺服器120可基於路徑紀錄資料,以使第一隱碼圖像檔關聯於第一容器映像原碼檔中的特定路徑。具體而言,伺服器120可基於路徑紀錄資料,以使第一隱碼圖像檔被包含在(或稱儲存在)第一容器映像原碼檔中的特定路徑。In a specific embodiment, after the server 120 performs a security check on the first container image to generate security confirmation data, the server 120 may convert the first container image into a first container image source file (container image The original code file can be called a docker file). Then, the server 120 can make the first container image original code file include the first hidden code image file, and the server 120 can convert the first container image original code file together with the first hidden code image file into a second container image file. In this way, the second container image file includes the first container image file and the first hidden code image file. Preferably, the first container image registry repository 110 stores a path record data indicating a specific path. The server 120 can record data based on the path, so that the first encrypted image file is associated with a specific path in the first container image source code file. Specifically, the server 120 may record data based on the path, so that the first hidden code image file is contained (or stored) in a specific path in the first container image source code file.

在一具體實施例中,伺服器120接收一驗證指令,伺服器120可基於驗證指令,以將第二容器映像檔轉換成一第二容器映像原碼檔。而後,伺服器120可自第二容器映像原碼檔獲得第一隱碼圖像檔,並自第一隱碼圖像檔獲得第一字串資料。伺服器120並可接著基於第一字串資料符合一安全性字串資料,而產生一第一驗證成功資料。較佳地,伺服器120可每隔一特定時間長度即接收驗證指令(亦即,伺服器120每隔一特定時間長度即會驗證第一容器映像檔註冊儲存庫110中的各個容器映像檔是否可通過安全性檢查且符合資訊安全之需求)。較佳地,伺服器120可於一特定時間點接收驗證指令(亦即,伺服器120在一特定時間點即會驗證第一容器映像檔註冊儲存庫110中的各個容器映像檔是否可通過安全性檢查且符合資訊安全之需求)。較佳地,第一容器映像檔註冊儲存庫110儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑。伺服器120可基於路徑紀錄資料,以自第二容器映像原碼檔中的特定路徑處,獲得第一隱碼圖像檔。在一具體實施例中,所述第一字串資料符合一安全性字串資料,係指第一字串資料所指示出(或所記載)的字串內容等於安全性字串資料所指示出(或所記載)的字串內容。在一具體實施例中,所述第一字串資料符合一安全性字串資料,係指第一字串資料所指示出(或所記載)的字串內容匹配於安全性字串資料所指示出(或所記載)的字串內容。較佳地, 安全性字串資料的內容可依需求而設置。In a specific embodiment, the server 120 receives a verification instruction, and the server 120 can convert the second container image file into a second container image original code file based on the verification instruction. Then, the server 120 can obtain the first hidden code image file from the second container image original code file, and obtain the first string data from the first hidden code image file. The server 120 can then generate a first verification success data based on the first string data conforming to a security string data. Preferably, the server 120 may receive verification instructions at intervals of a specific time length (that is, the server 120 will verify whether each container image file in the first container image registration repository 110 is Can pass the security inspection and meet the requirements of information security). Preferably, the server 120 can receive the verification instruction at a specific point in time (that is, the server 120 will verify at a specific point in time whether each container image file in the first container image file registration repository 110 can pass the security security checks and meet the requirements of information security). Preferably, the first container image registry repository 110 stores a path record data indicating a specific path. The server 120 can obtain the first hidden code image file from a specific path in the second container image source code file based on the path record data. In a specific embodiment, the first string data conforms to a security string data, which means that the content of the string indicated (or recorded) by the first string data is equal to that indicated by the security string data (or recorded) string content. In a specific embodiment, the first string data conforms to a security string data, which means that the content of the string indicated (or recorded) in the first string data matches the content indicated by the security string data output (or recorded) string content. Preferably, the content of the security string data can be set according to requirements.

在一具體實施例中,第一容器映像檔註冊儲存庫110儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。溯源系統100進一步包含計算機裝置130,計算機裝置130可傳送第三容器映像檔至伺服器120。伺服器120可將第三容器映像檔轉換成一第三容器映像原碼檔,且伺服器120可基於第三容器映像原碼檔與該路徑紀錄資料,以決定是否將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110。較佳地,伺服器120可自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔,伺服器120並可自第二隱碼圖像檔獲得一第二字串資料。其中,若第二字串資料符合安全性字串資料,則伺服器120基於第二字串資料符合安全性字串資料,而將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110。但若第二字串資料不符合安全性字串資料,則伺服器120基於第二字串資料不符合安全性字串資料,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110。較佳地,伺服器120可基於第三容器映像原碼檔中的特定路徑不具有第二隱碼圖像檔,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110。In a specific embodiment, the first container image registry repository 110 stores path record data, and the path record data indicates a specific path. The traceability system 100 further includes a computer device 130 , and the computer device 130 can transmit the third container image file to the server 120 . The server 120 can convert the third container image file into a third container image source code file, and the server 120 can determine whether to store the third container image file in the third container image file based on the third container image source code file and the path record data The first container image is registered with the repository 110 . Preferably, the server 120 can obtain the second hidden code image file from the specific path of the third container image original code file, and the server 120 can also obtain a second string data from the second hidden code image file . Wherein, if the second string data conforms to the security string data, the server 120 stores the third container image file in the first container image file registration repository 110 based on the second string data conforming to the security string data . However, if the second string data does not match the security string data, the server 120 decides not to store the third container image file in the first container image file registry based on the second string data not meeting the security string data Repository 110. Preferably, the server 120 may decide not to store the third container image in the first container image registry 110 based on the fact that the specific path in the source code file of the third container image does not have the second hidden image file. .

藉由此種方式,當使用者透過計算機裝置130以試圖將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110時,伺服器120即可藉由第三容器映像檔中是否包含第二隱碼圖像檔,以及第二隱碼圖像檔中的第二字串資料是否符合安全性字串資料,以判斷是否可將第三容器映像檔儲存至第一容器映像檔註冊儲存庫110。如此,即可確保第一容器映像檔註冊儲存庫110中所儲存的容器映像檔皆可通過安全性檢查且符合資訊安全之需求。較佳地,在溯源系統100中,使用者僅能下載並使用儲存在第一容器映像檔註冊儲存庫110中的容器映像檔。若使用者於他處另行下載外部容器映像檔,則該外部容器映像檔將無法儲存至第一容器映像檔註冊儲存庫110中。如此,即可確保使用者在溯源系統100所使用的容器映像檔皆可通過安全性檢查且符合資訊安全之需求。In this way, when the user tries to store the third container image in the first container image registry 110 through the computer device 130, the server 120 can determine whether the third container image contains the third container image. Two hidden code image files, and whether the second string data in the second hidden code image file conforms to the security string data, so as to determine whether the third container image file can be stored in the first container image file registration repository 110. In this way, it can be ensured that all the container images stored in the first container image registration repository 110 can pass the security check and meet the requirements of information security. Preferably, in the traceability system 100 , the user can only download and use the container image files stored in the first container image file registration repository 110 . If the user downloads the external container image elsewhere, the external container image cannot be stored in the first container image registration repository 110 . In this way, it can be ensured that the container image files used by the user in the traceability system 100 can pass the security check and meet the requirements of information security.

請參閱第二圖,其例示說明了根據本發明溯源系統一具體實施例的系統架構圖。如第二圖所示實施例,溯源系統200包含第一容器映像檔註冊儲存庫210(容器映像檔註冊儲存庫可稱為registry)、伺服器220以及計算機裝置230。伺服器220可存取第一容器映像檔註冊儲存庫210,計算機裝置230可存取第一容器映像檔註冊儲存庫210,且計算機裝置230通訊連接伺服器220。在一具體實施例中,本發明之溯源系統200包含一或多個處理器,且溯源系統200係以硬體與軟體協同運作的方式實施第一容器映像檔註冊儲存庫210及/或伺服器220及/或計算機裝置230。例如伺服器220能以硬體與軟體協同運作的方式傳送、接收以及處理各種資料、檔案或指令,計算機裝置230能以硬體與軟體協同運作的方式傳送、接收以及處理各種資料、檔案或指令,而第一容器映像檔註冊儲存庫210能以硬體與軟體協同運作的方式傳送、接收以及儲存各種資料、檔案或指令。在不同具體實施例中,計算機裝置230可為伺服器、電腦、筆電、行動裝置等,但不以此為限。應了解,根據需求,計算機裝置230亦可為伺服器220。Please refer to the second figure, which illustrates a system architecture diagram of a specific embodiment of the traceability system according to the present invention. In the embodiment shown in the second figure, the traceability system 200 includes a first container image registry 210 (the container image registry may be called a registry), a server 220 and a computer device 230 . The server 220 can access the first container image registry repository 210 , the computer device 230 can access the first container image registry repository 210 , and the computer device 230 is connected to the server 220 in communication. In a specific embodiment, the traceability system 200 of the present invention includes one or more processors, and the traceability system 200 implements the first container image file registration repository 210 and/or the server in a cooperative manner of hardware and software 220 and/or computer device 230. For example, the server 220 can transmit, receive and process various data, files or instructions in a cooperative manner of hardware and software, and the computer device 230 can transmit, receive and process various data, files or instructions in a cooperative manner of hardware and software. , and the first container image registry repository 210 can transmit, receive and store various data, files or instructions in a cooperative manner of hardware and software. In different specific embodiments, the computer device 230 can be a server, a computer, a laptop, a mobile device, etc., but not limited thereto. It should be understood that, according to requirements, the computer device 230 can also be the server 220 .

在第二圖所示實施例中,第一容器映像檔註冊儲存庫210儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。計算機裝置230可傳送第三容器映像檔至伺服器220,伺服器220可將第三容器映像檔轉換成第三容器映像原碼檔,且伺服器220可基於第三容器映像原碼檔與路徑紀錄資料,以決定是否將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210。較佳地,伺服器220可自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔,伺服器220並可自第二隱碼圖像檔獲得一第二字串資料。其中,若第二字串資料符合安全性字串資料,則伺服器220基於第二字串資料符合安全性字串資料,而將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210。但若第二字串資料不符合安全性字串資料,則伺服器220基於第二字串資料不符合安全性字串資料,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210。較佳地,伺服器220可基於第三容器映像原碼檔中的特定路徑不具有第二隱碼圖像檔,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210。In the embodiment shown in the second figure, the first container image registry repository 210 stores path record data, and the path record data indicates a specific path. The computer device 230 may transmit the third container image to the server 220, the server 220 may convert the third container image into a third container image source file, and the server 220 may base the third container image source file and path Record data to determine whether to store the third container image in the first container image registry 210 . Preferably, the server 220 can obtain the second hidden code image file from the specific path of the third container image original code file, and the server 220 can also obtain a second string data from the second hidden code image file . Wherein, if the second string data matches the security string data, the server 220 stores the third container image file in the first container image file registration repository 210 based on the second string data matching the security string data . However, if the second string data does not conform to the security string data, the server 220 decides not to store the third container image file in the first container image file registry based on the second string data not conforming to the security string data repository 210 . Preferably, the server 220 may decide not to store the third container image in the first container image registry 210 based on the fact that the specific path in the source code file of the third container image does not have the second hidden image file. .

藉由此種方式,當使用者透過計算機裝置230以試圖將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210時,伺服器220即可藉由第三容器映像檔中是否包含第二隱碼圖像檔,以及第二隱碼圖像檔中的第二字串資料是否符合安全性字串資料,以判斷是否可將第三容器映像檔儲存至第一容器映像檔註冊儲存庫210。如此,即可確保第一容器映像檔註冊儲存庫210中所儲存的容器映像檔皆可通過安全性檢查且符合資訊安全之需求。較佳地,在溯源系統200中,使用者僅能下載並使用儲存在第一容器映像檔註冊儲存庫210中的容器映像檔。若使用者於他處另行下載外部容器映像檔,則該外部容器映像檔將無法儲存至第一容器映像檔註冊儲存庫210中。如此,即可確保使用者在溯源系統200所使用的容器映像檔皆可通過安全性檢查且符合資訊安全之需求。In this way, when the user tries to store the third container image in the first container image registry 210 through the computer device 230, the server 220 can determine whether the third container image contains the third container image. Two hidden code image files, and whether the second string data in the second hidden code image file conforms to the security string data, so as to determine whether the third container image file can be stored in the first container image file registration repository 210. In this way, it can be ensured that all the container images stored in the first container image registration repository 210 can pass the security check and meet the requirements of information security. Preferably, in the traceability system 200 , the user can only download and use the container image files stored in the first container image file registration repository 210 . If the user downloads the external container image elsewhere, the external container image cannot be stored in the first container image registration repository 210 . In this way, it can be ensured that the container image files used by the user in the traceability system 200 can pass the security check and meet the requirements of information security.

請參閱第三圖,其例示說明了根據本發明溯源系統一具體實施例的流程圖。如第三圖所示實施例,溯源方法300可應用於一溯源系統,溯源系統包含第一容器映像檔註冊儲存庫以及伺服器,伺服器存取第一容器映像檔註冊儲存庫,且伺服器通訊連接一第二容器映像檔註冊儲存庫。溯源方法300開始於步驟310,由伺服器自第二容器映像檔註冊儲存庫接收第一容器映像檔。接著,執行步驟320,由伺服器對第一容器映像檔執行安全性檢查,以產生安全確認資料。接著,執行步驟330,由伺服器基於第一容器映像檔與安全確認資料,以產生第二容器映像檔。接著,執行步驟340,由伺服器將第二容器映像檔儲存至第一容器映像檔註冊儲存庫。其中,第二容器映像檔包含第一容器映像檔以及第一隱碼圖像檔,第一隱碼圖像檔包含第一字串資料。在一具體實施例中,溯源方法300進一步包含以下步驟,藉以產生第二容器映像檔:由伺服器將第一容器映像檔轉換成第一容器映像原碼檔;由伺服器使第一容器映像原碼檔包含第一隱碼圖像檔,以及由伺服器將第一容器映像原碼檔連同第一隱碼圖像檔,轉換成第二容器映像檔。Please refer to the third figure, which illustrates a flow chart of a specific embodiment of the traceability system according to the present invention. As in the embodiment shown in the third figure, the traceability method 300 can be applied to a traceability system, the traceability system includes a first container image file registration repository and a server, the server accesses the first container image file registration repository, and the server A second container image registry repository is communicatively connected. The traceability method 300 starts at step 310 , the server receives the first container image file from the second container image file registration repository. Next, step 320 is executed, and the server performs a security check on the first container image file to generate security confirmation data. Next, step 330 is executed, and the server generates a second container image file based on the first container image file and the security confirmation data. Next, step 340 is executed, and the server stores the second container image file into the first container image file registration repository. Wherein, the second container image file includes the first container image file and the first hidden code image file, and the first hidden code image file includes the first string data. In a specific embodiment, the traceability method 300 further includes the following steps to generate the second container image file: converting the first container image file into the original code file of the first container image file by the server; making the first container image file by the server The original code file includes the first hidden code image file, and the server converts the first container image original code file and the first hidden code image file into a second container image file.

在一具體實施例中,第一容器映像檔註冊儲存庫儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。溯源方法300進一步包含以下步驟:由伺服器基於路徑紀錄資料,以使第一隱碼圖像檔關聯於第一容器映像原碼檔中的特定路徑。在一具體實施例中,溯源方法300進一步包含以下步驟:由伺服器接收驗證指令;由伺服器基於驗證指令,以將第二容器映像檔轉換成第二容器映像原碼檔;由伺服器自第二容器映像原碼檔獲得第一隱碼圖像檔,並自第一隱碼圖像檔獲得第一字串資料;以及由伺服器基於第一字串資料符合安全性字串資料,而產生第一驗證成功資料。在一具體實施例中,第一容器映像檔註冊儲存庫儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。其中,伺服器係基於路徑紀錄資料,以自第二容器映像原碼檔中的特定路徑,獲得第一隱碼圖像檔。In one embodiment, the first container image registry stores path record data, and the path record data indicates a specific path. The traceability method 300 further includes the following steps: the server records data based on the path, so that the first hidden image file is associated with a specific path in the first container image source file. In a specific embodiment, the traceability method 300 further includes the following steps: the server receives a verification instruction; the server converts the second container image file into a second container image original code file based on the verification instruction; the server automatically The second container image source file obtains the first encrypted image file, and obtains the first string data from the first encrypted image file; and the server matches the security string data based on the first string data, and Generate first verification success information. In one embodiment, the first container image registry stores path record data, and the path record data indicates a specific path. Wherein, the server obtains the first hidden code image file from a specific path in the second container image original code file based on the path record data.

在一具體實施例中,溯源系統包含計算機裝置,計算機裝置存取第一容器映像檔註冊儲存庫,且計算機裝置通訊連接伺服器。第一容器映像檔註冊儲存庫儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。溯源方法300進一步包含以下步驟:由計算機裝置傳送第三容器映像檔至伺服器;由伺服器將第三容器映像檔轉換成第三容器映像原碼檔;以及由伺服器基於第三容器映像原碼檔與路徑紀錄資料,以決定是否將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。In a specific embodiment, the traceability system includes a computer device, the computer device accesses the first container image file registration repository, and the computer device communicates with the server. The first container image registry stores path record data, and the path record data indicates a specific path. The traceability method 300 further includes the following steps: sending the third container image file to the server by the computer device; converting the third container image file into a third container image source file by the server; The code file and path record data are used to determine whether to store the third container image file in the first container image file registration repository.

在一具體實施例中,溯源方法300進一步包含以下步驟:由伺服器自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔;由伺服器自第二隱碼圖像檔獲得第二字串資料;以及由伺服器基於第二字串資料符合安全性字串資料,而將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。在一具體實施例中,溯源方法300進一步包含以下步驟:由伺服器基於第三容器映像原碼檔中的特定路徑不具有第二隱碼圖像檔,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。在一具體實施例中,溯源方法300進一步包含以下步驟:由伺服器自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔;由伺服器自第二隱碼圖像檔獲得第二字串資料;以及由伺服器基於第二字串資料不符合安全性字串資料,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。In a specific embodiment, the traceability method 300 further includes the following steps: the server obtains the second hidden code image file from the specific path of the third container image original code file; the server obtains the second hidden code image file from the second hidden code image file The file obtains the second string data; and based on the second string data conforming to the security string data, the server stores the third container image file into the first container image file registration repository. In a specific embodiment, the traceability method 300 further includes the following steps: the server decides not to store the third container image file based on the fact that the specific path in the original code file of the third container image file does not have the second hidden code image file Register the repository with the first container image. In a specific embodiment, the traceability method 300 further includes the following steps: the server obtains the second hidden code image file from the specific path of the third container image original code file; the server obtains the second hidden code image file from the second hidden code image file The file obtains the second string data; and the server decides not to store the third container image file in the first container image registry repository based on the fact that the second string data does not conform to the security string data.

請參閱第四圖,其例示說明了根據本發明溯源系統一具體實施例的流程圖。如第四圖所示實施例,溯源方法400可應用於一溯源系統,溯源系統包含第一容器映像檔註冊儲存庫、伺服器以及計算機裝置,伺服器存取第一容器映像檔註冊儲存庫,計算機裝置存取第一容器映像檔註冊儲存庫,且計算機裝置通訊連接伺服器。其中,第一容器映像檔註冊儲存庫儲存路徑紀錄資料,路徑紀錄資料指示出特定路徑。溯源方法400開始於步驟410,由計算機裝置傳送第三容器映像檔至伺服器。接著,執行步驟420,由伺服器將第三容器映像檔轉換成第三容器映像原碼檔。接著,執行步驟430,由伺服器基於第三容器映像原碼檔與路徑紀錄資料,以決定是否將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。Please refer to the fourth figure, which illustrates a flow chart of a specific embodiment of the traceability system according to the present invention. As shown in the embodiment shown in the fourth figure, the traceability method 400 can be applied to a traceability system. The traceability system includes a first container image registration repository, a server, and a computer device. The server accesses the first container image registration repository, The computer device accesses the first container image file registration repository, and the computer device communicates with the server. Wherein, the first container image registration repository stores path record data, and the path record data indicates a specific path. The traceability method 400 starts at step 410, the computer device sends the third container image file to the server. Next, step 420 is executed, and the server converts the third container image file into a third container image original code file. Next, step 430 is executed, and the server determines whether to store the third container image in the first container image registry based on the source code file of the third container image and the path record data.

在一具體實施例中,溯源方法400進一步包含以下步驟:由伺服器自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔;由伺服器自第二隱碼圖像檔獲得第二字串資料;以及由伺服器基於第二字串資料符合安全性字串資料,而將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。在一具體實施例中,溯源方法400進一步包含以下步驟:由伺服器基於第三容器映像原碼檔中的特定路徑不具有第二隱碼圖像檔,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。在一具體實施例中,溯源方法400進一步包含以下步驟:由伺服器自第三容器映像原碼檔的特定路徑中,獲得第二隱碼圖像檔;由伺服器自第二隱碼圖像檔獲得第二字串資料;以及由伺服器基於第二字串資料不符合安全性字串資料,而決定不將第三容器映像檔儲存至第一容器映像檔註冊儲存庫。In a specific embodiment, the traceability method 400 further includes the following steps: the server obtains the second hidden code image file from the specific path of the third container image original code file; the server obtains the second hidden code image file from the second hidden code image file The file obtains the second string data; and based on the second string data conforming to the security string data, the server stores the third container image file into the first container image file registration repository. In a specific embodiment, the traceability method 400 further includes the following steps: the server decides not to store the third container image file based on the fact that the specific path in the original code file of the third container image file does not have the second hidden code image file Register the repository with the first container image. In a specific embodiment, the traceability method 400 further includes the following steps: the server obtains the second hidden code image file from the specific path of the third container image original code file; the server obtains the second hidden code image file from the second hidden code image file The file obtains the second string data; and the server decides not to store the third container image file in the first container image registry repository based on the fact that the second string data does not conform to the security string data.

至此,本發明之溯源系統及其方法已經由上述說明及圖式加以說明。然應了解,本發明的各個具體實施例僅是做為說明之用,在不脫離本發明申請專利範圍與精神下可進行各種改變,且均應包含於本發明之專利範圍中。因此,本說明書所描述的各具體實施例並非用以限制本發明,本發明之真實範圍與精神揭示於以下申請專利範圍。So far, the traceability system and method of the present invention have been described by the above description and drawings. However, it should be understood that the various specific embodiments of the present invention are only used for illustration, and various changes can be made without departing from the scope and spirit of the patent application of the present invention, and all should be included in the patent scope of the present invention. Therefore, the specific embodiments described in this specification are not intended to limit the present invention, and the true scope and spirit of the present invention are disclosed in the following claims.

100:溯源系統 110:第一容器映像檔註冊儲存庫 120:伺服器 130:計算機裝置 200:溯源系統 210:第一容器映像檔註冊儲存庫 220:伺服器 230:計算機裝置 300:溯源方法 310~340:步驟 400:溯源方法 410~430:步驟 910:第二容器映像檔註冊儲存庫100: Traceability system 110:First container image registry repository 120: server 130:Computer device 200: Traceability system 210: First container image registry repository 220: server 230: Computer device 300: Traceability method 310~340: Steps 400: Traceability method 410~430: Steps 910: Second container image registration repository

第一圖為本發明溯源系統一具體實施例的系統架構圖。The first figure is a system architecture diagram of a specific embodiment of the traceability system of the present invention.

第二圖為本發明溯源系統一具體實施例的系統架構圖。The second figure is a system architecture diagram of a specific embodiment of the traceability system of the present invention.

第三圖為本發明溯源方法一具體實施例的流程圖。The third figure is a flowchart of a specific embodiment of the source tracing method of the present invention.

第四圖為本發明溯源方法一具體實施例的流程圖。The fourth figure is a flow chart of a specific embodiment of the traceability method of the present invention.

none

100:溯源系統 100: Traceability system

110:第一容器映像檔註冊儲存庫 110:First container image registry repository

120:伺服器 120: server

130:計算機裝置 130:Computer device

910:第二容器映像檔註冊儲存庫 910: Second container image registration repository

Claims (26)

一種溯源系統,包含: 一第一容器映像檔註冊儲存庫;以及 一伺服器,存取該第一容器映像檔註冊儲存庫,並通訊連接一第二容器映像檔註冊儲存庫; 其中該伺服器自該第二容器映像檔註冊儲存庫接收一第一容器映像檔,該伺服器對該第一容器映像檔執行一安全性檢查,以產生一安全確認資料; 其中該伺服器基於該第一容器映像檔與該安全確認資料,以產生一第二容器映像檔,該伺服器並將該第二容器映像檔儲存至該第一容器映像檔註冊儲存庫; 其中該第二容器映像檔包含該第一容器映像檔以及一第一隱碼圖像檔,該第一隱碼圖像檔包含一第一字串資料。 A traceability system, including: a first container image registry repository; and a server accessing the first container image registry and communicating with a second container image registry; wherein the server receives a first container image from the second container image registry, the server performs a security check on the first container image to generate a security confirmation; wherein the server generates a second container image based on the first container image and the security confirmation data, and the server stores the second container image in the first container image registry; Wherein the second container image file includes the first container image file and a first hidden code image file, and the first hidden code image file includes a first string data. 如請求項1之溯源系統,其中該伺服器將該第一容器映像檔轉換成一第一容器映像原碼檔; 其中該伺服器使該第一容器映像原碼檔包含該第一隱碼圖像檔,並將該第一容器映像原碼檔連同該第一隱碼圖像檔,轉換成該第二容器映像檔。 The traceability system according to claim 1, wherein the server converts the first container image file into a first container image original code file; Wherein the server makes the first container image original code file include the first encrypted image file, and converts the first container image original code file together with the first encrypted image file into the second container image files. 如請求項2之溯源系統,其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該伺服器基於該路徑紀錄資料,以使該第一隱碼圖像檔關聯於該第一容器映像原碼檔中的該特定路徑。 As in the traceability system of claim 2, wherein the first container image file registry stores a path record data, and the path record data indicates a specific path; Wherein the server records data based on the path so that the first hidden code image file is associated with the specific path in the first container image source code file. 如請求項2之溯源系統,其中該伺服器接收一驗證指令,該伺服器基於該驗證指令,以將該第二容器映像檔轉換成一第二容器映像原碼檔; 其中該伺服器自該第二容器映像原碼檔獲得該第一隱碼圖像檔,並自該第一隱碼圖像檔獲得該第一字串資料; 其中該伺服器基於該第一字串資料符合一安全性字串資料,而產生一第一驗證成功資料。 The traceability system of claim 2, wherein the server receives a verification instruction, and the server converts the second container image file into a second container image source code file based on the verification instruction; Wherein the server obtains the first encrypted image file from the second container image source file, and obtains the first string data from the first encrypted image file; Wherein the server generates a first verification success data based on the first character string data conforming to a security character string data. 如請求項4之溯源系統,其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該伺服器係基於該路徑紀錄資料,以自該第二容器映像原碼檔中的該特定路徑,獲得該第一隱碼圖像檔。 As the traceability system of claim 4, wherein the first container image file registry stores a path record data, and the path record data indicates a specific path; Wherein the server obtains the first hidden code image file from the specific path in the second container image source code file based on the path record data. 如請求項1之溯源系統,其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該溯源系統進一步包含: 一計算機裝置,存取該第一容器映像檔註冊儲存庫,並通訊連接該伺服器,該計算機裝置傳送一第三容器映像檔至該伺服器; 其中該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔,且該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 As the traceability system of claim 1, wherein the first container image file registry stores a path record data, and the path record data indicates a specific path; The traceability system further includes: a computer device, accessing the first container image registry repository and communicating with the server, the computer device sending a third container image to the server; Wherein the server converts the third container image file into a third container image source code file, and the server determines whether to use the third container image file based on the third container image source code file and the path record data Save to the first container image registry repository. 如請求項6之溯源系統, 其中該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料; 其中該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 The traceability system according to claim 6, wherein the server obtains a second hidden code image file from the specific path of the third container image original code file, and obtains a first hidden code image file from the second hidden code image file two string data; Wherein the server stores the third container image file in the first container image registry repository based on the second string data conforming to a security string data. 如請求項6之溯源系統,其中該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。The traceability system according to claim 6, wherein the server decides not to store the third container image file in the third container image file based on the fact that the specific path in the third container image source file does not have a second hidden code image file A first container image registry repository. 如請求項6之溯源系統,其中該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料; 其中該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 The traceability system according to claim 6, wherein the server obtains a second hidden code image file from the specific path of the third container image original code file, and obtains a first hidden code image file from the second hidden code image file two string data; Wherein the server decides not to store the third container image file in the first container image registry repository based on the fact that the second string data does not match a security string data. 一種溯源系統,包含: 一第一容器映像檔註冊儲存庫,儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 一伺服器,存取該第一容器映像檔註冊儲存庫;以及 一計算機裝置,存取該第一容器映像檔註冊儲存庫,並通訊連接該伺服器,該計算機裝置傳送一第三容器映像檔至該伺服器; 其中該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔,且該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 A traceability system, including: a first container image registry repository storing a path log data indicating a specific path; a server accessing the first container image registry; and a computer device, accessing the first container image registry repository and communicating with the server, the computer device sending a third container image to the server; Wherein the server converts the third container image file into a third container image source code file, and the server determines whether to use the third container image file based on the third container image source code file and the path record data Save to the first container image registry repository. 如請求項10之溯源系統,其中該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料; 其中該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 The traceability system according to claim 10, wherein the server obtains a second hidden code image file from the specific path of the third container image source code file, and obtains a first hidden code image file from the second hidden code image file two string data; Wherein the server stores the third container image file in the first container image registry repository based on the second string data conforming to a security string data. 如請求項10之溯源系統,其中該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。The traceability system according to claim 10, wherein the server decides not to store the third container image file in the third container image file based on the fact that the specific path in the third container image source file does not have a second hidden code image file A first container image registry repository. 如請求項10之溯源系統,其中該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔,並自該第二隱碼圖像檔獲得一第二字串資料; 其中該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 The traceability system according to claim 10, wherein the server obtains a second hidden code image file from the specific path of the third container image source code file, and obtains a first hidden code image file from the second hidden code image file two string data; Wherein the server decides not to store the third container image file in the first container image registry repository based on the fact that the second string data does not match a security string data. 一種溯源方法,應用於一溯源系統,該溯源系統包含一第一容器映像檔註冊儲存庫以及一伺服器,該伺服器存取該第一容器映像檔註冊儲存庫,且該伺服器通訊連接一第二容器映像檔註冊儲存庫;該溯源方法包含以下步驟: 由該伺服器自該第二容器映像檔註冊儲存庫接收一第一容器映像檔; 由該伺服器對該第一容器映像檔執行一安全性檢查,以產生一安全確認資料; 由該伺服器基於該第一容器映像檔與該安全確認資料,以產生一第二容器映像檔;以及 由該伺服器將該第二容器映像檔儲存至該第一容器映像檔註冊儲存庫; 其中該第二容器映像檔包含該第一容器映像檔以及一第一隱碼圖像檔,該第一隱碼圖像檔包含一第一字串資料。 A traceability method, applied to a traceability system, the traceability system includes a first container image file registry repository and a server, the server accesses the first container image file registry repository, and the server communicates with a The second container image file registration repository; the traceability method includes the following steps: receiving, by the server, a first container image from the second container image registry; performing a security check on the first container image by the server to generate a security confirmation; generating a second container image by the server based on the first container image and the security confirmation data; and storing, by the server, the second container image in the first container image registry; Wherein the second container image file includes the first container image file and a first hidden code image file, and the first hidden code image file includes a first string data. 如請求項14之溯源方法,進一步包含以下步驟: 由該伺服器將該第一容器映像檔轉換成一第一容器映像原碼檔; 由該伺服器使該第一容器映像原碼檔包含該第一隱碼圖像檔,以及 由該伺服器將該第一容器映像原碼檔連同該第一隱碼圖像檔,轉換成該第二容器映像檔。 For example, the traceability method of claim item 14 further includes the following steps: converting the first container image file into a first container image source file by the server; causing the first container image source file to include the first cryptographic image file by the server, and The server converts the first container image source code file together with the first hidden code image file into the second container image file. 如請求項15之溯源方法,其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該溯源方法進一步包含以下步驟:由該伺服器基於該路徑紀錄資料,以使該第一隱碼圖像檔關聯於該第一容器映像原碼檔中的該特定路徑。 As the traceability method of claim 15, wherein the first container image registry stores a path record data, and the path record data indicates a specific path; Wherein the traceability method further includes the following steps: the server records data based on the path, so that the first hidden code image file is associated with the specific path in the first container image original code file. 如請求項15之溯源方法,進一步包含以下步驟: 由該伺服器接收一驗證指令,該伺服器基於該驗證指令,以將該第二容器映像檔轉換成一第二容器映像原碼檔; 由該伺服器自該第二容器映像原碼檔獲得該第一隱碼圖像檔,並自該第一隱碼圖像檔獲得該第一字串資料;以及 由該伺服器基於該第一字串資料符合一安全性字串資料,而產生一第一驗證成功資料。 For example, the traceability method of claim item 15 further includes the following steps: receiving a verification instruction from the server, based on the verification instruction, the server converts the second container image file into a second container image source code file; Obtaining the first encrypted image file from the second container image source file by the server, and obtaining the first string data from the first encrypted image file; and The server generates first verification success data based on the first character string data conforming to a security character string data. 如請求項17之溯源方法,其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該伺服器係基於該路徑紀錄資料,以自該第二容器映像原碼檔中的該特定路徑,獲得該第一隱碼圖像檔。 As the traceability method of claim 17, wherein the first container image file registry stores a path record data, and the path record data indicates a specific path; Wherein the server obtains the first hidden code image file from the specific path in the second container image source code file based on the path record data. 如請求項14之溯源方法,其中該溯源系統包含一計算機裝置,該計算機裝置存取該第一容器映像檔註冊儲存庫,且該計算機裝置通訊連接該伺服器; 其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑; 其中該溯源方法進一步包含以下步驟: 由該計算機裝置傳送一第三容器映像檔至該伺服器; 由該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔;以及 由該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 The traceability method of claim 14, wherein the traceability system includes a computer device, the computer device accesses the first container image file registration repository, and the computer device is connected to the server through communication; Wherein the first container image file registry stores a path record data, and the path record data indicates a specific path; Wherein the traceability method further includes the following steps: sending a third container image file from the computer device to the server; converting, by the server, the third container image into a third container image source file; and The server determines whether to store the third container image in the first container image registry based on the third container image source code file and the path record data. 如請求項19之溯源方法,進一步包含以下步驟: 由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔; 由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及 由該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 For example, the traceability method of claim item 19 further includes the following steps: obtaining a second hidden code image file from the specific path of the third container image source code file by the server; obtaining a second string data from the second encrypted image file by the server; and The server stores the third container image file in the first container image registry repository based on the second string data matching a security string data. 如請求項19之溯源方法,進一步包含以下步驟:由該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。The source tracing method of claim 19 further includes the following steps: the server determines not to use the third container based on the fact that the specific path in the original image file of the third container does not have a second hidden code image file The image is stored in the first container image registry. 如請求項19之溯源方法,進一步包含以下步驟: 由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔; 由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及 由該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 For example, the traceability method of claim item 19 further includes the following steps: obtaining a second hidden code image file from the specific path of the third container image source code file by the server; obtaining a second string data from the second encrypted image file by the server; and The server determines not to store the third container image in the first container image registry based on the fact that the second string data does not match a security string data. 一種溯源方法,應用於一溯源系統,該溯源系統包含一第一容器映像檔註冊儲存庫、一伺服器以及一計算機裝置,該伺服器存取該第一容器映像檔註冊儲存庫,該計算機裝置存取該第一容器映像檔註冊儲存庫,且該計算機裝置通訊連接該伺服器;其中該第一容器映像檔註冊儲存庫儲存一路徑紀錄資料,該路徑紀錄資料指示出一特定路徑;該溯源方法包含以下步驟: 由該計算機裝置傳送一第三容器映像檔至該伺服器; 由該伺服器將該第三容器映像檔轉換成一第三容器映像原碼檔;以及 由該伺服器基於該第三容器映像原碼檔與該路徑紀錄資料,以決定是否將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 A traceability method, applied to a traceability system, the traceability system includes a first container image file registration repository, a server and a computer device, the server accesses the first container image file registration repository, the computer device accessing the first container image registration repository, and the computer device is connected to the server in communication; wherein the first container image registration repository stores a path record data, and the path record data indicates a specific path; the traceability The method includes the following steps: sending a third container image file from the computer device to the server; converting, by the server, the third container image into a third container image source file; and The server determines whether to store the third container image in the first container image registry based on the third container image source code file and the path record data. 如請求項23之溯源方法,進一步包含以下步驟: 由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔; 由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及 由該伺服器基於該第二字串資料符合一安全性字串資料,而將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 For example, the traceability method of claim item 23 further includes the following steps: obtaining a second hidden code image file from the specific path of the third container image source code file by the server; obtaining a second string data from the second encrypted image file by the server; and The server stores the third container image file in the first container image registry repository based on the second string data matching a security string data. 如請求項23之溯源方法,進一步包含以下步驟:由該伺服器基於該第三容器映像原碼檔中的該特定路徑不具有一第二隱碼圖像檔,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。The source tracing method of claim 23 further includes the following steps: the server determines not to use the third container based on the fact that the specific path in the original image file of the third container does not have a second hidden code image file The image is stored in the first container image registry. 如請求項23之溯源方法,進一步包含以下步驟: 由該伺服器自該第三容器映像原碼檔的該特定路徑中,獲得一第二隱碼圖像檔; 由該伺服器自該第二隱碼圖像檔獲得一第二字串資料;以及 由該伺服器基於該第二字串資料不符合一安全性字串資料,而決定不將該第三容器映像檔儲存至該第一容器映像檔註冊儲存庫。 For example, the traceability method of claim item 23 further includes the following steps: obtaining a second hidden code image file from the specific path of the third container image source code file by the server; obtaining a second string data from the second encrypted image file by the server; and The server determines not to store the third container image in the first container image registry based on the fact that the second string data does not match a security string data.
TW111140032A 2022-10-21 2022-10-21 Traceability system and its method TWI805514B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111140032A TWI805514B (en) 2022-10-21 2022-10-21 Traceability system and its method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111140032A TWI805514B (en) 2022-10-21 2022-10-21 Traceability system and its method

Publications (2)

Publication Number Publication Date
TWI805514B true TWI805514B (en) 2023-06-11
TW202418128A TW202418128A (en) 2024-05-01

Family

ID=87803046

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111140032A TWI805514B (en) 2022-10-21 2022-10-21 Traceability system and its method

Country Status (1)

Country Link
TW (1) TWI805514B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210208916A1 (en) * 2020-01-03 2021-07-08 International Business Machines Corporation Images deployment system across multiple architectures
TWI733490B (en) * 2020-06-11 2021-07-11 中華電信股份有限公司 System for detecting image file security and method thereof
US20220108023A1 (en) * 2020-10-06 2022-04-07 Foundation Of Soongsil University-Industry Cooperation Docker image vulnerability inspection device and method for performing docker file analysis

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210208916A1 (en) * 2020-01-03 2021-07-08 International Business Machines Corporation Images deployment system across multiple architectures
TWI733490B (en) * 2020-06-11 2021-07-11 中華電信股份有限公司 System for detecting image file security and method thereof
US20220108023A1 (en) * 2020-10-06 2022-04-07 Foundation Of Soongsil University-Industry Cooperation Docker image vulnerability inspection device and method for performing docker file analysis

Similar Documents

Publication Publication Date Title
US11107088B2 (en) Open registry for internet of things
US7770165B2 (en) Providing firmware updates to portable media devices
WO2020155767A1 (en) Mobile terminal-based passwordless login method and apparatus, device, and storage medium
TWI640889B (en) Method and device for identity verification using human biological characteristics
KR101948721B1 (en) Method and apparatus for examining forgery of file by using file hash value
WO2016091034A1 (en) Method and device for providing application channel packet
US20110093503A1 (en) Computer Hardware Identity Tracking Using Characteristic Parameter-Derived Data
EP2312483A2 (en) Authentication of computing and communications hardware
CN107483509A (en) A kind of auth method, server and readable storage medium storing program for executing
US20060227378A1 (en) Data storage device, data storage method, and program thereof
JP2016533595A (en) Client download and installation method and apparatus
CN105141427A (en) Login authentication method, device and system based on voiceprint recognition
WO2018001065A1 (en) Method, device and system for managing application
US11176224B2 (en) Security tool
WO2018121266A1 (en) Method and device for obtaining application and terminal device
US20130254546A1 (en) Methods for Identifying the Guarantor of an Application
CN105993156A (en) Server access authentication method and device
CN101496022B (en) Method for providing protected access of corresponding program
WO2017215650A1 (en) Automatic login method and device for micro-game client, program, and medium
TWI805514B (en) Traceability system and its method
US20160004850A1 (en) Secure download from internet marketplace
US11586657B1 (en) Virtual secure rooms
CN111723369A (en) File management method, equipment and medium of FTP server
CN110874225B (en) Data verification method and device, embedded equipment and storage medium
CN108173824B (en) Data service platform and access method, device and storage medium thereof