CN108140098B - 建立容器之间的信任 - Google Patents

建立容器之间的信任 Download PDF

Info

Publication number
CN108140098B
CN108140098B CN201680059130.XA CN201680059130A CN108140098B CN 108140098 B CN108140098 B CN 108140098B CN 201680059130 A CN201680059130 A CN 201680059130A CN 108140098 B CN108140098 B CN 108140098B
Authority
CN
China
Prior art keywords
application
containerized application
access server
keystore
containerized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680059130.XA
Other languages
English (en)
Chinese (zh)
Other versions
CN108140098A (zh
Inventor
M·阿米尔
A·U·瑞曼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oracle International Corp filed Critical Oracle International Corp
Publication of CN108140098A publication Critical patent/CN108140098A/zh
Application granted granted Critical
Publication of CN108140098B publication Critical patent/CN108140098B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
CN201680059130.XA 2015-10-23 2016-09-16 建立容器之间的信任 Active CN108140098B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201562245534P 2015-10-23 2015-10-23
US62/245,534 2015-10-23
US15/267,044 2016-09-15
US15/267,044 US10467421B2 (en) 2015-10-23 2016-09-15 Establishing trust between containers
PCT/US2016/052139 WO2017069879A1 (en) 2015-10-23 2016-09-16 Establishing trust between containers

Publications (2)

Publication Number Publication Date
CN108140098A CN108140098A (zh) 2018-06-08
CN108140098B true CN108140098B (zh) 2022-04-05

Family

ID=57047316

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680059130.XA Active CN108140098B (zh) 2015-10-23 2016-09-16 建立容器之间的信任

Country Status (5)

Country Link
US (1) US10467421B2 (enExample)
EP (1) EP3365830B1 (enExample)
JP (1) JP6887421B2 (enExample)
CN (1) CN108140098B (enExample)
WO (1) WO2017069879A1 (enExample)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9729520B2 (en) * 2014-05-05 2017-08-08 Citrix Systems, Inc. Facilitating communication between mobile applications
US11424931B2 (en) * 2016-01-27 2022-08-23 Blackberry Limited Trusted execution environment
US10382428B2 (en) * 2016-09-21 2019-08-13 Mastercard International Incorporated Systems and methods for providing single sign-on authentication services
US10666443B2 (en) * 2016-10-18 2020-05-26 Red Hat, Inc. Continued verification and monitoring of application code in containerized execution environment
KR101807806B1 (ko) * 2017-05-02 2017-12-11 나무기술 주식회사 클라우드 플랫폼에서 어플리케이션을 컨테이너화하는 방법
US11062299B2 (en) 2017-10-24 2021-07-13 BBPOS Limited System and method for indicating entry of personal identification number
US20190141125A1 (en) * 2017-11-03 2019-05-09 Bank Of America Corporation Cross application access provisioning system
CN108234215B (zh) * 2018-01-12 2019-12-31 平安科技(深圳)有限公司 一种网关的创建方法、装置、计算机设备及存储介质
CN119356698B (zh) 2018-05-09 2025-07-01 斯追普公司 终端硬件配置系统
US11689521B2 (en) * 2018-06-22 2023-06-27 Verizon Patent And Licensing Inc. Native single sign-on (SSO) for mobile applications
CN109347735B (zh) * 2018-08-10 2020-12-22 中国工程物理研究院计算机应用研究所 一种基于应用集成插件的安全数据交换方法
US11323431B2 (en) * 2019-01-31 2022-05-03 Citrix Systems, Inc. Secure sign-on using personal authentication tag
US12175305B2 (en) * 2019-10-17 2024-12-24 Jpmorgan Chase Bank, N.A. Systems and methods for deterministically linking mobile applications
CN110909371B (zh) * 2019-11-21 2022-04-15 广东美的厨房电器制造有限公司 一种数据加密方法、电子设备及介质
JP7455601B2 (ja) * 2020-02-05 2024-03-26 キヤノン株式会社 情報処理装置とその制御方法、及びプログラム
WO2021177954A1 (en) * 2020-03-04 2021-09-10 Hewlett-Packard Development Company, L.P. One-time-use secret bootstrapping in container-orchestrated environments
WO2021232347A1 (en) * 2020-05-21 2021-11-25 Citrix Systems, Inc. Cross device single sign-on
CN113505007A (zh) * 2021-07-12 2021-10-15 北京鲸鲮信息系统技术有限公司 基于Linux系统的协议栈数据传输方法、计算机设备和存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1906886A (zh) * 2004-01-08 2007-01-31 国际商业机器公司 在计算机系统之间建立用于传递消息的安全上下文

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070130462A1 (en) * 2005-12-06 2007-06-07 Law Eric C W Asynchronous encryption for secured electronic communications
US8468356B2 (en) * 2008-06-30 2013-06-18 Intel Corporation Software copy protection via protected execution of applications
US9485254B2 (en) * 2009-02-03 2016-11-01 Inbay Technologies Inc. Method and system for authenticating a security device
US20110270763A1 (en) * 2010-04-30 2011-11-03 Tobsc Inc. Methods and apparatus for a financial document clearinghouse and secure delivery network
US8713589B2 (en) * 2010-12-23 2014-04-29 Microsoft Corporation Registration and network access control
US9473485B2 (en) * 2011-03-21 2016-10-18 Blue Cedar Networks, Inc. Secure single sign-on for a group of wrapped applications on a computing device and runtime credential sharing
US9374356B2 (en) * 2011-09-29 2016-06-21 Oracle International Corporation Mobile oauth service
EP2909777B1 (en) 2012-10-19 2018-03-07 McAfee, LLC Data loss prevention for mobile computing devices
US8856517B2 (en) * 2012-11-27 2014-10-07 Oracle International Corporation Access management system using trusted partner tokens
US8595810B1 (en) * 2013-01-13 2013-11-26 Mourad Ben Ayed Method for automatically updating application access security
US20140245025A1 (en) * 2013-02-22 2014-08-28 Spideroak Inc. System and method for storing data securely
US9129112B2 (en) * 2013-03-15 2015-09-08 Oracle International Corporation Methods, systems and machine-readable media for providing security services
KR20150017844A (ko) 2013-08-08 2015-02-23 삼성전자주식회사 페이지 구성 방법 및 이를 지원하는 전자 장치
CN103763315B (zh) * 2014-01-14 2016-12-07 北京航空航天大学 一种应用于移动设备云存储的可信数据存取控制方法
US20160191645A1 (en) * 2014-12-30 2016-06-30 Citrix Systems, Inc. Containerizing Web Applications for Managed Execution
EP3702946B1 (en) * 2014-12-31 2021-10-20 Citrix Systems Inc. Shared secret vault for applications with single sign on
US9668136B2 (en) * 2015-09-25 2017-05-30 Citrix Systems, Inc. Using derived credentials for enrollment with enterprise mobile device management services

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1906886A (zh) * 2004-01-08 2007-01-31 国际商业机器公司 在计算机系统之间建立用于传递消息的安全上下文

Also Published As

Publication number Publication date
US20170116424A1 (en) 2017-04-27
EP3365830B1 (en) 2021-10-20
JP2019501431A (ja) 2019-01-17
US10467421B2 (en) 2019-11-05
JP6887421B2 (ja) 2021-06-16
WO2017069879A1 (en) 2017-04-27
EP3365830A1 (en) 2018-08-29
CN108140098A (zh) 2018-06-08

Similar Documents

Publication Publication Date Title
CN108140098B (zh) 建立容器之间的信任
US10805383B2 (en) Access management in a data storage system
US11244061B2 (en) Data encryption service
US11019103B2 (en) Managing security agents in a distributed environment
US10142327B2 (en) Rule based device enrollment
US10462142B2 (en) Techniques for implementing a data storage device as a security device for managing access to resources
US11750590B2 (en) Single sign-on (SSO) user techniques using client side encryption and decryption
CN113918914A (zh) 用于访问管理的无密码认证
JP2018533141A (ja) エンドユーザによって起動されるアクセスサーバ真正性チェック
CN112732827A (zh) 利用运行时访问确定来安全地共享区块链中的被选字段
CN113728603A (zh) 经由不可提取的不对称密钥的浏览器登录会话

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant