CN110892691B - 安全执行平台群集 - Google Patents

安全执行平台群集 Download PDF

Info

Publication number
CN110892691B
CN110892691B CN201880045269.8A CN201880045269A CN110892691B CN 110892691 B CN110892691 B CN 110892691B CN 201880045269 A CN201880045269 A CN 201880045269A CN 110892691 B CN110892691 B CN 110892691B
Authority
CN
China
Prior art keywords
sep
data
key
cluster
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201880045269.8A
Other languages
English (en)
Chinese (zh)
Other versions
CN110892691A (zh
Inventor
D.哈尼克
P.K.塔-什马
Y.温斯伯格
M.赫什科维奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN110892691A publication Critical patent/CN110892691A/zh
Application granted granted Critical
Publication of CN110892691B publication Critical patent/CN110892691B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/154Networked environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/16General purpose computing application
    • G06F2212/163Server or database system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Human Computer Interaction (AREA)
CN201880045269.8A 2017-07-18 2018-07-05 安全执行平台群集 Active CN110892691B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/652,314 2017-07-18
US15/652,314 US10567359B2 (en) 2017-07-18 2017-07-18 Cluster of secure execution platforms
PCT/IB2018/054958 WO2019016641A1 (en) 2017-07-18 2018-07-05 CLUSTER OF SECURE EXECUTION PLATFORMS

Publications (2)

Publication Number Publication Date
CN110892691A CN110892691A (zh) 2020-03-17
CN110892691B true CN110892691B (zh) 2022-07-19

Family

ID=65016362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880045269.8A Active CN110892691B (zh) 2017-07-18 2018-07-05 安全执行平台群集

Country Status (6)

Country Link
US (2) US10567359B2 (https=)
JP (1) JP7015904B2 (https=)
CN (1) CN110892691B (https=)
DE (1) DE112018003077T5 (https=)
GB (1) GB2579490B (https=)
WO (1) WO2019016641A1 (https=)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10567359B2 (en) * 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms
US20190095910A1 (en) * 2017-09-25 2019-03-28 Intel Corporation Secure cryptocurrency exchange
US11025493B2 (en) * 2017-11-14 2021-06-01 Volkan Sevindik Smallcell network deployment, optimization and management based on blockchain technology
WO2019212579A1 (en) 2018-04-30 2019-11-07 Google Llc Managing enclave creation through a uniform enclave interface
WO2019212581A1 (en) 2018-04-30 2019-11-07 Google Llc Secure collaboration between processors and processing accelerators in enclaves
US11509643B2 (en) * 2018-04-30 2022-11-22 Google Llc Enclave interactions
US10904322B2 (en) * 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US11218313B1 (en) * 2018-12-27 2022-01-04 Equinix, Inc. Decentralized verification of devices using distributed ledger technology
US10983789B2 (en) * 2019-01-25 2021-04-20 Allstate Insurance Company Systems and methods for automating and monitoring software development operations
AU2019203861B2 (en) 2019-03-18 2020-07-02 Advanced New Technologies Co., Ltd. System and method for ending view change protocol
US11263067B2 (en) 2019-03-18 2022-03-01 Advanced New Technologies Co., Ltd. System and method for ending view change protocol
CA3058499C (en) * 2019-03-26 2021-10-26 Alibaba Group Holding Limited Program execution and data proof scheme using multiple key pair signatures
KR102194077B1 (ko) 2019-04-26 2020-12-23 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. 신뢰 실행 환경을 위한 분산 키 관리
US11044080B2 (en) * 2019-06-24 2021-06-22 International Business Machines Corporation Cryptographic key orchestration between trusted containers in a multi-node cluster
US11436517B2 (en) 2019-08-26 2022-09-06 Bank Of America Corporation Quantum-tunneling-enabled device case
CN110727731B (zh) 2019-09-05 2021-12-21 创新先进技术有限公司 区块链网络中加入节点的方法和区块链系统
CN110730204B (zh) 2019-09-05 2022-09-02 创新先进技术有限公司 区块链网络中删除节点的方法和区块链系统
US11569989B2 (en) 2019-10-23 2023-01-31 Bank Of America Corporation Blockchain system for hardening quantum computing security
US10997521B1 (en) * 2019-10-23 2021-05-04 Bank Of America Corporation Quantum-resilient computer cluster
US11468356B2 (en) 2019-10-31 2022-10-11 Bank Of America Corporation Matrix-based quantum-resilient server-cluster
US11251946B2 (en) 2019-10-31 2022-02-15 Bank Of America Corporation Quantum key synchronization within a server-cluster
CN111988141B (zh) * 2020-03-18 2022-08-02 支付宝(杭州)信息技术有限公司 共享集群密钥的方法及装置
US11308234B1 (en) 2020-04-02 2022-04-19 Wells Fargo Bank, N.A. Methods for protecting data
US20220391900A1 (en) * 2020-04-23 2022-12-08 NEC Laboratories Europe GmbH Tee-based mining pools for pow-cryptocurrencies
EP3844699B1 (en) 2020-06-08 2026-04-15 Antchain Technology Pte. Ltd. Blockchain-based import custom clearance data processing
EP3844655B1 (en) * 2020-06-08 2023-05-03 Alipay Labs (Singapore) Pte. Ltd. Managing user authorizations for blockchain-based custom clearance services
EP3841491B1 (en) 2020-06-08 2023-08-02 Alipay Labs (Singapore) Pte. Ltd. Blockchain-based smart contract pools
SG11202102583UA (en) 2020-06-08 2021-04-29 Alipay Labs Singapore Pte Ltd Blockchain-based document registration for custom clearance
SG11202102366SA (en) 2020-06-08 2021-04-29 Alipay Labs Singapore Pte Ltd User management of blockchain-based custom clearance service platform
WO2020169124A2 (en) 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Distributed storage of custom clearance data
US11601262B2 (en) * 2020-10-15 2023-03-07 Dell Products L.P. Distributed key management system
US11650800B2 (en) 2020-12-24 2023-05-16 Intel Corporation Attestation of operations by tool chains
CN113065134B (zh) * 2020-12-28 2024-03-12 上海零数众合信息科技有限公司 一种区块链代码和数据安全计算方法
US12021861B2 (en) * 2021-01-04 2024-06-25 Bank Of America Corporation Identity verification through multisystem cooperation
CN115129785B (zh) * 2022-06-29 2026-03-17 蚂蚁区块链科技(上海)有限公司 一种维护区块链数据的方法、装置、电子设备和存储介质
US12443446B2 (en) * 2022-06-30 2025-10-14 Dell Products L.P. Fencing off cluster services based on shared storage access keys
US12182289B2 (en) * 2022-06-30 2024-12-31 Dell Products L.P. Fencing off cluster services based on access keys for shared storage
CN115955303B (zh) * 2022-12-16 2025-07-25 东软集团股份有限公司 可信校验方法、装置、可读存储介质及电子设备
US11899824B1 (en) * 2023-08-09 2024-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
US20250053685A1 (en) * 2023-08-09 2025-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
DE102023131415B3 (de) 2023-11-13 2024-12-19 Bayerische Motoren Werke Aktiengesellschaft Ein Verfahren zur Einbindung einer Hardware-Security-Module Vorrichtung in einem laufenden Client-Server Betrieb und diesbezügliche Vorrichtung und System
GB202400811D0 (en) * 2024-01-22 2024-03-06 Cybernetica As Secure data sharing system and associated methods
JP2025151986A (ja) * 2024-03-28 2025-10-09 株式会社Nttデータグループ 情報処理システム、情報処理方法、及びプログラム

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004159298A (ja) * 2002-07-23 2004-06-03 Matsushita Electric Ind Co Ltd 端末装置、通信方法および通信システム
CN101981889A (zh) * 2008-03-26 2011-02-23 国际商业机器公司 计算机集群系统中的安全通信
CN106682531A (zh) * 2017-01-23 2017-05-17 济南浪潮高新科技投资发展有限公司 一种基于生物信息授权的机密数据加密方法
CN106778326A (zh) * 2016-11-28 2017-05-31 福建升腾资讯有限公司 一种实现移动存储设备保护的方法及系统

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060129627A1 (en) * 1996-11-22 2006-06-15 Mangosoft Corp. Internet-based shared file service with native PC client access and semantics and distributed version control
US7606898B1 (en) 2000-10-24 2009-10-20 Microsoft Corporation System and method for distributed management of shared computers
US7225342B2 (en) * 2002-07-23 2007-05-29 Matsushita Electric Industrial Co., Ltd. Terminal apparatus, communication method, and communication system
US7594262B2 (en) * 2002-09-04 2009-09-22 Secure Computing Corporation System and method for secure group communications
US7444514B2 (en) * 2003-10-15 2008-10-28 International Business Machines Corporation Group key exchanges with failures
WO2008054456A2 (en) 2006-02-22 2008-05-08 Luna Innovations Inc. Hardware-facilitated secure software execution environment
US7818567B2 (en) * 2006-09-27 2010-10-19 Lenovo (Singapore) Pte. Ltd. Method for protecting security accounts manager (SAM) files within windows operating systems
US8230253B2 (en) * 2008-07-21 2012-07-24 International Business Machines Corporation Byzantine fault tolerant dynamic quorum using a trusted platform module
WO2010019916A1 (en) 2008-08-14 2010-02-18 The Trustees Of Princeton University Hardware trust anchors in sp-enabled processors
WO2010140194A1 (ja) 2009-06-05 2010-12-09 富士通株式会社 情報処理システムの管理方法、情報処理システム、記録媒体、管理プログラム
JP2013528872A (ja) 2010-06-02 2013-07-11 ヴイエムウェア インク マルチ・テナント・クラウドにおける顧客仮想計算機の保護
US8904190B2 (en) 2010-10-20 2014-12-02 Advanced Micro Devices, Inc. Method and apparatus including architecture for protecting sensitive code and data
CN102761521B (zh) * 2011-04-26 2016-08-31 上海格尔软件股份有限公司 云安全存储及共享服务平台
US9129283B1 (en) * 2012-01-10 2015-09-08 Intuit Inc. Accessing confidential data securely using a trusted network of mobile devices
US20140052877A1 (en) * 2012-08-16 2014-02-20 Wenbo Mao Method and apparatus for tenant programmable logical network for multi-tenancy cloud datacenters
US9143442B2 (en) * 2012-12-12 2015-09-22 Cisco Technology, Inc. Flexible and scalable virtual network segment pruning
US9747456B2 (en) 2013-03-15 2017-08-29 Microsoft Technology Licensing, Llc Secure query processing over encrypted data
GB2515047B (en) 2013-06-12 2021-02-10 Advanced Risc Mach Ltd Security protection of software libraries in a data processing apparatus
US9245140B2 (en) * 2013-11-15 2016-01-26 Kabushiki Kaisha Toshiba Secure data encryption in shared storage using namespaces
JP6277827B2 (ja) 2014-03-31 2018-02-14 富士通株式会社 情報処理装置、スケール管理方法およびプログラム
US9722945B2 (en) * 2014-03-31 2017-08-01 Microsoft Technology Licensing, Llc Dynamically identifying target capacity when scaling cloud resources
US9613190B2 (en) * 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US9424063B2 (en) * 2014-04-29 2016-08-23 Vmware, Inc. Method and system for generating remediation options within a cluster of host computers that run virtual machines
US11087006B2 (en) * 2014-06-30 2021-08-10 Nicira, Inc. Method and apparatus for encrypting messages based on encryption group association
WO2016004397A1 (en) 2014-07-03 2016-01-07 Huawei Technologies Co., Ltd. System and method for wireless network access protection and security architecture
US9705849B2 (en) 2014-09-30 2017-07-11 Intel Corporation Technologies for distributed detection of security anomalies
US9256467B1 (en) 2014-11-11 2016-02-09 Amazon Technologies, Inc. System for managing and scheduling containers
US10031679B2 (en) * 2014-11-21 2018-07-24 Security First Corp. Gateway for cloud-based secure storage
WO2016178316A1 (ja) 2015-05-07 2016-11-10 日本電気株式会社 計算機調達予測装置、計算機調達予測方法、及び、プログラム
US20160350534A1 (en) * 2015-05-29 2016-12-01 Intel Corporation System, apparatus and method for controlling multiple trusted execution environments in a system
US10387181B2 (en) * 2016-01-12 2019-08-20 International Business Machines Corporation Pre-deployment of particular virtual machines based on performance and due to service popularity and resource cost scores in a cloud environment
US10708067B2 (en) * 2016-06-18 2020-07-07 Intel Corporation Platform attestation and registration for servers
KR101704540B1 (ko) * 2016-08-03 2017-02-09 성결대학교 산학협력단 M2m 환경의 다중 디바이스 데이터 공유를 위한 그룹키 관리 방법
US10437985B2 (en) * 2016-10-01 2019-10-08 Intel Corporation Using a second device to enroll a secure application enclave
US10740455B2 (en) * 2017-05-11 2020-08-11 Microsoft Technology Licensing, Llc Encave pool management
US10567359B2 (en) * 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004159298A (ja) * 2002-07-23 2004-06-03 Matsushita Electric Ind Co Ltd 端末装置、通信方法および通信システム
CN101981889A (zh) * 2008-03-26 2011-02-23 国际商业机器公司 计算机集群系统中的安全通信
CN106778326A (zh) * 2016-11-28 2017-05-31 福建升腾资讯有限公司 一种实现移动存储设备保护的方法及系统
CN106682531A (zh) * 2017-01-23 2017-05-17 济南浪潮高新科技投资发展有限公司 一种基于生物信息授权的机密数据加密方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SecureKeeper: Confidential ZooKeeper using Intel SGX;Stefan Brenner;《the 17th International Middleware Conference》;20161216;第2页第1章,第5-6页第4章 *

Also Published As

Publication number Publication date
GB202001762D0 (en) 2020-03-25
GB2579490A (en) 2020-06-24
WO2019016641A1 (en) 2019-01-24
CN110892691A (zh) 2020-03-17
GB2579490B (en) 2022-03-16
DE112018003077T5 (de) 2020-03-05
JP7015904B2 (ja) 2022-02-03
US20200053067A1 (en) 2020-02-13
US11057361B2 (en) 2021-07-06
US10567359B2 (en) 2020-02-18
US20190026234A1 (en) 2019-01-24
JP2020527791A (ja) 2020-09-10

Similar Documents

Publication Publication Date Title
CN110892691B (zh) 安全执行平台群集
US11604901B2 (en) Systems and methods for using extended hardware security modules
US12010248B2 (en) Systems and methods for providing authentication to a plurality of devices
US9805206B2 (en) Systems and methods for containerized data security
US11036869B2 (en) Data security with a security module
US10211977B1 (en) Secure management of information using a security module
US9529733B1 (en) Systems and methods for securely accessing encrypted data stores
US12450385B2 (en) Integration of identity access management infrastructure with zero-knowledge services
US20250021982A1 (en) Digital ecosystem with de-centralized secure transactions and edge ai technology to enable privacy preserved zero-id transactions
KR20250088522A (ko) 보안 디지털 네트워크 환경을 구축하기 위한 시스템들 및 방법들
Ajith et al. A brief study on cloud security
Lakhe Practical Hadoop Security
Dhondge Lifecycle IoT Security for Engineers
Salehi et al. Cloud computing security challenges and its potential solution
Dahshan Data security in cloud storage services
US20140297333A1 (en) User-mediator mediating transfer of electronic content
Mudgal et al. ‘International journal of engineering sciences & research technology enhancing data security using encryption and splitting technique over multi-cloud environment
Hussain et al. Survey on security and privacy of cloud computing paradigm: Challenges and mitigation methods
Viegas et al. IT security technical controls
Waizenegger Data security in multi-tenant environments in the cloud
Parziale et al. Maximizing security with LinuxONE
Bhavanam Security Challenges In Healthcare Cloud Apis: A Systematic Review
Wilson Towards Enhancing Security in Cloud Storage Environments
Balamurugan et al. Data security and cryptography in cloud environment
Molamoganyi Security enhancement in healthcare cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant