CN113986448A - Container deployment method and device - Google Patents

Container deployment method and device Download PDF

Info

Publication number
CN113986448A
CN113986448A CN202111057615.4A CN202111057615A CN113986448A CN 113986448 A CN113986448 A CN 113986448A CN 202111057615 A CN202111057615 A CN 202111057615A CN 113986448 A CN113986448 A CN 113986448A
Authority
CN
China
Prior art keywords
user
key
target
configuration file
sensitive information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111057615.4A
Other languages
Chinese (zh)
Inventor
郭勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Big Data Technologies Co Ltd
Original Assignee
New H3C Big Data Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Big Data Technologies Co Ltd filed Critical New H3C Big Data Technologies Co Ltd
Priority to CN202111057615.4A priority Critical patent/CN113986448A/en
Publication of CN113986448A publication Critical patent/CN113986448A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to the field of key management and application technologies, and in particular, to a container deployment method and apparatus. The method is applied to a k8s cluster, and comprises the following steps: distributing a corresponding key for each accessed user; when a target user is detected to deploy a target container, calling a target key corresponding to the target user to encrypt sensitive information needing to be encrypted in a first configuration file for operating the target container, and obtaining a second configuration file containing the encrypted sensitive information; sending the second configuration file to the target container to enable the target container to run based on the second configuration file.

Description

Container deployment method and device
Technical Field
The present application relates to the field of key management and application technologies, and in particular, to a container deployment method and apparatus.
Background
The k8s is used as a container application editing tool pushed by the cncf, all resource objects in the cluster managed by the k8s are scheduled and managed by the k8s, the functions of automatic deployment, service expansion, service rolling upgrade and the like of container services can be realized, and the container application editing tool has the characteristics of good expansibility, stability and the like. In the container deployment process of the k8s cluster, in order to manage sensitive information of users and applications, a processing mode that Secret objects are used as the sensitive information is adopted, and the method is mainly suitable for storing the sensitive information, such as passwords, token keys, ssh keys and the like, and storing the information in the Secret, so that users can directly refer to the Secret objects in resources.
However, the system and the user can both create secret and use each other, that is, a secret object created by one user can be obtained and used by other users, the encryption mode of secret is encoded by using base64, other users can decode the original data by using base64, and the data security is not high.
Disclosure of Invention
The application provides a container deployment method and device, which are used for solving the problems that sensitive information in the prior art cannot be isolated by users and is low in security.
In a first aspect, an embodiment of the present application provides a container deployment method, which is applied to a k8s cluster, and the method includes:
distributing a corresponding key for each accessed user;
when a target user is detected to deploy a target container, calling a target key corresponding to the target user to encrypt sensitive information needing to be encrypted in a first configuration file for operating the target container, and obtaining a second configuration file containing the encrypted sensitive information;
sending the second configuration file to the target container to enable the target container to run based on the second configuration file.
Optionally, the k8s cluster is integrated with a key management system; the step of assigning a corresponding key for each accessed user comprises:
and distributing a corresponding key for each accessed user based on the key management system.
Optionally, the method further comprises:
verifying the user identity of the user to be accessed based on the user name/password input by the user to be accessed;
and when the authentication is passed, determining the user access.
Optionally, if the encryption algorithm is asymmetric encryption, the key distributed to each accessed user is a key pair; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the method further comprises the following steps:
and calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
Optionally, if the encryption algorithm is symmetric encryption, the key distributed for each accessed user is a private key; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the method further comprises the following steps:
and calling a private key corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
In a second aspect, the present application provides a container deployment apparatus, applied to a k8s cluster, the apparatus including:
the distribution unit is used for distributing a corresponding key for each accessed user;
the encryption unit is used for calling a target key corresponding to a target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container when the target container is detected to be deployed by the target user, so as to obtain a second configuration file containing the encrypted sensitive information;
a sending unit, configured to send the second configuration file to the target container, so that the target container runs based on the second configuration file.
Optionally, the k8s cluster is integrated with a key management system; when a corresponding key is allocated for each accessed user, the allocation unit is specifically configured to:
and distributing a corresponding key for each accessed user based on the key management system.
Optionally, the apparatus further comprises:
the authentication unit is used for authenticating the user identity of the user to be accessed based on the user name/password input by the user to be accessed;
and the determining unit is used for determining the user access when the authentication is passed.
Optionally, if the encryption algorithm is asymmetric encryption, the key distributed to each accessed user is a key pair; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in a first configuration file for operating the target container, the encryption unit is specifically configured to:
calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
Optionally, if the encryption algorithm is symmetric encryption, the key distributed for each accessed user is a private key; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in a first configuration file for operating the target container, the encryption unit is specifically configured to:
calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
In a third aspect, an embodiment of the present application provides a container deployment apparatus, including:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory and for executing the steps of the method according to any one of the above first aspects in accordance with the obtained program instructions.
In a fourth aspect, the present application further provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the steps of the method according to any one of the above first aspects.
In summary, the container deployment method provided in the embodiment of the present application is applied to a k8s cluster, and the method includes: distributing a corresponding key for each accessed user; when a target user is detected to deploy a target container, calling a target key corresponding to the target user to encrypt sensitive information needing to be encrypted in a first configuration file for operating the target container, and obtaining a second configuration file containing the encrypted sensitive information; sending the second configuration file to the target container to enable the target container to run based on the second configuration file.
By adopting the container deployment method provided by the embodiment of the application, the corresponding key is configured for each accessed user in advance, when any accessed user adopts the k8s cluster deployment container, the key corresponding to the user can be adopted to encrypt the sensitive information to be encrypted, so that the isolation of the key based on the user is realized, namely, the sensitive information encrypted by the key corresponding to one user can only be encrypted based on the key corresponding to the user to obtain the original data, and the key is adopted to encrypt the sensitive information, so that the security of the original data is greatly enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.
Fig. 1 is a detailed flowchart of a container deployment method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a container deployment apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of another container deployment device provided in an embodiment of the present application.
Detailed Description
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
Illustratively, referring to fig. 1, a detailed flowchart of a container deployment method provided in an embodiment of the present application, where the method is applied to a k8s cluster, includes the following steps:
step 100: a corresponding key is assigned for each accessed user.
In the embodiment of the present application, the k8s cluster is integrated with a Key Management System (KMS), and when a corresponding Key is allocated to each accessed user, a preferred implementation manner is to allocate a corresponding Key to each accessed user based on the KMS.
That is, each user that has access to the k8s cluster may be assigned a corresponding key by the key management system.
In practical applications, when a user accesses the k8s cluster, the k8s cluster needs to authenticate the identity of the user to be accessed, and in this embodiment of the present application, before allocating a corresponding key to each accessed user, the container deployment method further includes the following steps:
verifying the user identity of the user to be accessed based on the user name/password input by the user to be accessed; and when the authentication is passed, determining that the user is accessed, namely the user is an accessed user.
Step 110: when a target user is detected to deploy a target container, calling a target key corresponding to the target user to encrypt sensitive information needing to be encrypted in a first configuration file for operating the target container, and obtaining a second configuration file containing the encrypted sensitive information.
In this embodiment of the application, an accessed user may perform container deployment through a k8s cluster, and before the container deployment, the user needs to prepare a configuration file, and the container deployment and operation need to depend on parameters in the configuration file to perform deployment and operation, and many sensitive information (such as passwords, token keys, ssh keys, and the like) exists in the configuration file, so that in order to ensure the security of the sensitive information, special processing needs to be performed on the sensitive information, so that after other users acquire the processed sensitive information, specific content of the sensitive information cannot be obtained. In the embodiment of the application, when the target user is detected to deploy the target container, a key distributed for the target user is called to encrypt sensitive information to be encrypted in a first configuration file for operating the target container.
In practical application, the encryption algorithm may be asymmetric encryption or symmetric encryption. If the encryption algorithm is asymmetric encryption, the key distributed to each accessed user is a key pair; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
and calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file.
If the encryption algorithm is symmetric encryption, the key distributed for each accessed user is a private key; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
and calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file.
Step 120: sending the second configuration file to the target container to enable the target container to run based on the second configuration file.
Specifically, the second configuration file containing the encrypted sensitive information is sent to the target container, so that the target container decrypts the encrypted sensitive information based on a key corresponding to the target user, and runs the container based on the decrypted sensitive information.
If the encryption algorithm is asymmetric encryption, when the encrypted sensitive information is decrypted, calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
If the encryption algorithm is asymmetric encryption, when the encrypted sensitive information is decrypted, the private key corresponding to the target user is called to decrypt the encrypted sensitive information in the second configuration file.
Illustratively, referring to fig. 2, the present application provides a schematic structural diagram of a container deployment apparatus, where the metadata backup apparatus is applied to a k8s cluster, and the container deployment apparatus includes at least an allocation unit 20, an encryption unit 21, and a sending unit 22:
an assigning unit 20, configured to assign a corresponding key to each accessed user;
the encryption unit 21 is configured to, when it is detected that a target user deploys a target container, invoke a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for running the target container, and obtain a second configuration file containing the encrypted sensitive information;
a sending unit 22, configured to send the second configuration file to the target container, so that the target container runs based on the second configuration file.
Optionally, the k8s cluster is integrated with a key management system; when allocating a corresponding key for each accessed user, the allocating unit 20 is specifically configured to:
and distributing a corresponding key for each accessed user based on the key management system.
Optionally, the apparatus further comprises:
the authentication unit is used for authenticating the user identity of the user to be accessed based on the user name/password input by the user to be accessed;
and the determining unit is used for determining the user access when the authentication is passed.
Optionally, if the encryption algorithm is asymmetric encryption, the key distributed to each accessed user is a key pair; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in the first configuration file for operating the target container, the encryption unit 21 is specifically configured to:
calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
Optionally, if the encryption algorithm is symmetric encryption, the key distributed for each accessed user is a private key; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in the first configuration file for operating the target container, the encryption unit 21 is specifically configured to:
calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
The above units may be one or more integrated circuits configured to implement the above methods, for example: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above units is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these units may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Further, in the container deployment apparatus provided in the embodiment of the present application, from a hardware level, a schematic diagram of a hardware architecture of the container deployment may be shown in fig. 3, where the container deployment apparatus may include: a memory 30 and a processor 31, which,
the memory 30 is used for storing program instructions; the processor 31 calls the program instructions stored in the memory 30 and executes the above-described method embodiments in accordance with the obtained program instructions. The specific implementation and technical effects are similar, and are not described herein again.
Optionally, the present application also provides a container deployment device comprising at least one processing element (or chip) for performing the above-described method embodiments.
Optionally, the present application also provides a program product, such as a computer-readable storage medium, having stored thereon computer-executable instructions for causing the computer to perform the above-described method embodiments.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. A container deployment method applied to a k8s cluster, the method comprising:
distributing a corresponding key for each accessed user;
when a target user is detected to deploy a target container, calling a target key corresponding to the target user to encrypt sensitive information needing to be encrypted in a first configuration file for operating the target container, and obtaining a second configuration file containing the encrypted sensitive information;
sending the second configuration file to the target container to enable the target container to run based on the second configuration file.
2. The method of claim 1, wherein the k8s cluster is integrated with a key management system; the step of assigning a corresponding key for each accessed user comprises:
and distributing a corresponding key for each accessed user based on the key management system.
3. The method of claim 1, wherein the method further comprises:
verifying the user identity of the user to be accessed based on the user name/password input by the user to be accessed;
and when the authentication is passed, determining the user access.
4. A method according to any one of claims 1 to 3, wherein if the encryption algorithm is asymmetric encryption, the key allocated for each accessed user is a key pair; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the method further comprises the following steps:
and calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
5. A method according to any one of claims 1 to 3, characterized in that if the encryption algorithm is symmetric encryption, the key assigned for each accessed user is a private key; the step of calling a target key corresponding to the target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container comprises the following steps:
calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the method further comprises the following steps:
and calling a private key corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
6. A container deployment apparatus, for application to a k8s cluster, the apparatus comprising:
the distribution unit is used for distributing a corresponding key for each accessed user;
the encryption unit is used for calling a target key corresponding to a target user to encrypt sensitive information to be encrypted in a first configuration file for operating the target container when the target container is detected to be deployed by the target user, so as to obtain a second configuration file containing the encrypted sensitive information;
a sending unit, configured to send the second configuration file to the target container, so that the target container runs based on the second configuration file.
7. The apparatus of claim 6, wherein the k8s cluster is integrated with a key management system; when a corresponding key is allocated for each accessed user, the allocation unit is specifically configured to:
and distributing a corresponding key for each accessed user based on the key management system.
8. The apparatus of claim 6, wherein the apparatus further comprises:
the authentication unit is used for authenticating the user identity of the user to be accessed based on the user name/password input by the user to be accessed;
and the determining unit is used for determining the user access when the authentication is passed.
9. The apparatus according to any of claims 6-8, wherein if the encryption algorithm is asymmetric encryption, the key assigned for each accessed user is a key pair; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in a first configuration file for operating the target container, the encryption unit is specifically configured to:
calling a public key in a key pair corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key in a key pair corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
10. The apparatus according to any one of claims 6-8, wherein if the encryption algorithm is symmetric encryption, the key assigned for each accessed user is a private key; when the target key corresponding to the target user is called to encrypt sensitive information to be encrypted in a first configuration file for operating the target container, the encryption unit is specifically configured to:
calling a private key corresponding to the target user to encrypt the sensitive information to be encrypted in the first configuration file;
the device further comprises:
and the decryption unit is used for calling a private key corresponding to the target user to decrypt the encrypted sensitive information in the second configuration file.
CN202111057615.4A 2021-09-09 2021-09-09 Container deployment method and device Pending CN113986448A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111057615.4A CN113986448A (en) 2021-09-09 2021-09-09 Container deployment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111057615.4A CN113986448A (en) 2021-09-09 2021-09-09 Container deployment method and device

Publications (1)

Publication Number Publication Date
CN113986448A true CN113986448A (en) 2022-01-28

Family

ID=79735554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111057615.4A Pending CN113986448A (en) 2021-09-09 2021-09-09 Container deployment method and device

Country Status (1)

Country Link
CN (1) CN113986448A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116011000A (en) * 2023-03-27 2023-04-25 北京信安世纪科技股份有限公司 Access method, device and computing equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116011000A (en) * 2023-03-27 2023-04-25 北京信安世纪科技股份有限公司 Access method, device and computing equipment

Similar Documents

Publication Publication Date Title
CN111539813B (en) Method, device, equipment and system for backtracking processing of business behaviors
CN108932297B (en) Data query method, data sharing method, device and equipment
CN111538996B (en) Trusted starting method and device of block chain all-in-one machine
US10069629B2 (en) Controlled access to data in a sandboxed environment
CN105577379B (en) Information processing method and device
JP5361894B2 (en) Multi-factor content protection
CN111541725B (en) Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN109347839B (en) Centralized password management method and device, electronic equipment and computer storage medium
CN106650482A (en) Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system
CN102624699A (en) Method and system for protecting data
CN109450620B (en) Method for sharing security application in mobile terminal and mobile terminal
CN111342966B (en) Data storage method, data recovery method, device and equipment
CN112287376A (en) Method and device for processing private data
CN111783071A (en) Password-based and privacy data-based verification method, device, equipment and system
CN114969784A (en) Model processing method, device and equipment
Thilakanathan et al. Secure multiparty data sharing in the cloud using hardware-based TPM devices
CN111079157A (en) Secret fragmentation trusteeship platform based on block chain, equipment and medium
CN113986448A (en) Container deployment method and device
CN110020533B (en) Safety protection method for VR resources and terminal
CN115766173A (en) Data processing method, system and device
CN115941336A (en) Data processing method, device and equipment
CN108985109A (en) A kind of date storage method and device
CN113536291B (en) Data security classification white-box password generation and management method, device and equipment
US10459722B2 (en) Device, system, and method for secure supervisor system calls
CN112506810B (en) Storage space distribution method applied to chip and chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination