DE112018003077T5 - Ein cluster von sicheren ausführungsplattformen - Google Patents

Ein cluster von sicheren ausführungsplattformen Download PDF

Info

Publication number
DE112018003077T5
DE112018003077T5 DE112018003077.6T DE112018003077T DE112018003077T5 DE 112018003077 T5 DE112018003077 T5 DE 112018003077T5 DE 112018003077 T DE112018003077 T DE 112018003077T DE 112018003077 T5 DE112018003077 T5 DE 112018003077T5
Authority
DE
Germany
Prior art keywords
sep
key
data
cluster
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
DE112018003077.6T
Other languages
German (de)
English (en)
Inventor
Danny Harnik
Paula Kim Ta-Shma
Yaron Weinsberg
Moshik Hershcovitch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112018003077T5 publication Critical patent/DE112018003077T5/de
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/154Networked environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/16General purpose computing application
    • G06F2212/163Server or database system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Human Computer Interaction (AREA)
DE112018003077.6T 2017-07-18 2018-07-05 Ein cluster von sicheren ausführungsplattformen Pending DE112018003077T5 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/652,314 US10567359B2 (en) 2017-07-18 2017-07-18 Cluster of secure execution platforms
US15/652,314 2017-07-18
PCT/IB2018/054958 WO2019016641A1 (en) 2017-07-18 2018-07-05 CLUSTER OF SECURE EXECUTION PLATFORMS

Publications (1)

Publication Number Publication Date
DE112018003077T5 true DE112018003077T5 (de) 2020-03-05

Family

ID=65016362

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112018003077.6T Pending DE112018003077T5 (de) 2017-07-18 2018-07-05 Ein cluster von sicheren ausführungsplattformen

Country Status (6)

Country Link
US (2) US10567359B2 (enExample)
JP (1) JP7015904B2 (enExample)
CN (1) CN110892691B (enExample)
DE (1) DE112018003077T5 (enExample)
GB (1) GB2579490B (enExample)
WO (1) WO2019016641A1 (enExample)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10567359B2 (en) * 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms
US20190095910A1 (en) * 2017-09-25 2019-03-28 Intel Corporation Secure cryptocurrency exchange
US11025493B2 (en) * 2017-11-14 2021-06-01 Volkan Sevindik Smallcell network deployment, optimization and management based on blockchain technology
EP4155996B1 (en) 2018-04-30 2025-10-15 Google LLC Enclave interactions
EP3788518B1 (en) 2018-04-30 2024-11-20 Google LLC Managing enclave creation through a uniform enclave interface
US11921905B2 (en) 2018-04-30 2024-03-05 Google Llc Secure collaboration between processors and processing accelerators in enclaves
US10904322B2 (en) * 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US11218313B1 (en) * 2018-12-27 2022-01-04 Equinix, Inc. Decentralized verification of devices using distributed ledger technology
US10983789B2 (en) * 2019-01-25 2021-04-20 Allstate Insurance Company Systems and methods for automating and monitoring software development operations
CA3057212A1 (en) 2019-03-18 2019-05-31 Alibaba Group Holding Limited System and method for ending view change protocol
EP3596888B1 (en) 2019-03-18 2022-08-03 Advanced New Technologies Co., Ltd. System and method for ending view change protocol
KR102392420B1 (ko) 2019-03-26 2022-05-02 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. 다중키 쌍 시그너처를 사용한 프로그램 실행 및 데이터 증명 체계
CN111095899B (zh) * 2019-04-26 2021-12-24 创新先进技术有限公司 针对可信执行环境的分布式密钥管理
US11044080B2 (en) * 2019-06-24 2021-06-22 International Business Machines Corporation Cryptographic key orchestration between trusted containers in a multi-node cluster
US11436517B2 (en) 2019-08-26 2022-09-06 Bank Of America Corporation Quantum-tunneling-enabled device case
CN110727731B (zh) 2019-09-05 2021-12-21 创新先进技术有限公司 区块链网络中加入节点的方法和区块链系统
CN110730204B (zh) 2019-09-05 2022-09-02 创新先进技术有限公司 区块链网络中删除节点的方法和区块链系统
US11569989B2 (en) 2019-10-23 2023-01-31 Bank Of America Corporation Blockchain system for hardening quantum computing security
US10997521B1 (en) * 2019-10-23 2021-05-04 Bank Of America Corporation Quantum-resilient computer cluster
US11251946B2 (en) 2019-10-31 2022-02-15 Bank Of America Corporation Quantum key synchronization within a server-cluster
US11468356B2 (en) 2019-10-31 2022-10-11 Bank Of America Corporation Matrix-based quantum-resilient server-cluster
CN111092727B (zh) * 2020-03-18 2020-07-17 支付宝(杭州)信息技术有限公司 共享集群密钥的方法及装置
US11308234B1 (en) * 2020-04-02 2022-04-19 Wells Fargo Bank, N.A. Methods for protecting data
WO2021213691A1 (en) * 2020-04-23 2021-10-28 NEC Laboratories Europe GmbH Tee-based mining pools for pow-cryptocurrencies
CN111936995B (zh) 2020-06-08 2024-12-20 蚂蚁链技术有限公司 海关清关数据的分布式存储
WO2020169126A2 (en) * 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Managing user authorizations for blockchain-based custom clearance services
SG11202102583UA (en) 2020-06-08 2021-04-29 Alipay Labs Singapore Pte Ltd Blockchain-based document registration for custom clearance
CN111989663B (zh) 2020-06-08 2024-07-16 支付宝实验室(新加坡)有限公司 基于区块链的智能合约池
WO2020169127A2 (en) 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. User management of blockchain-based custom clearance service platform
CN111868725B (zh) 2020-06-08 2024-05-24 支付宝实验室(新加坡)有限公司 基于区块链处理进口海关清关数据
US11601262B2 (en) * 2020-10-15 2023-03-07 Dell Products L.P. Distributed key management system
US11650800B2 (en) 2020-12-24 2023-05-16 Intel Corporation Attestation of operations by tool chains
CN113065134B (zh) * 2020-12-28 2024-03-12 上海零数众合信息科技有限公司 一种区块链代码和数据安全计算方法
US12021861B2 (en) * 2021-01-04 2024-06-25 Bank Of America Corporation Identity verification through multisystem cooperation
US12443446B2 (en) * 2022-06-30 2025-10-14 Dell Products L.P. Fencing off cluster services based on shared storage access keys
US12182289B2 (en) * 2022-06-30 2024-12-31 Dell Products L.P. Fencing off cluster services based on access keys for shared storage
CN115955303B (zh) * 2022-12-16 2025-07-25 东软集团股份有限公司 可信校验方法、装置、可读存储介质及电子设备
US11899824B1 (en) * 2023-08-09 2024-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
US20250053685A1 (en) * 2023-08-09 2025-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
DE102023131415B3 (de) 2023-11-13 2024-12-19 Bayerische Motoren Werke Aktiengesellschaft Ein Verfahren zur Einbindung einer Hardware-Security-Module Vorrichtung in einem laufenden Client-Server Betrieb und diesbezügliche Vorrichtung und System
GB202400811D0 (en) * 2024-01-22 2024-03-06 Cybernetica As Secure data sharing system and associated methods

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060129627A1 (en) * 1996-11-22 2006-06-15 Mangosoft Corp. Internet-based shared file service with native PC client access and semantics and distributed version control
US7606898B1 (en) 2000-10-24 2009-10-20 Microsoft Corporation System and method for distributed management of shared computers
JP4610169B2 (ja) * 2002-07-23 2011-01-12 パナソニック株式会社 通信方法および通信システム
DE60321275D1 (de) * 2002-07-23 2008-07-10 Matsushita Electric Industrial Co Ltd Endgerät, Kommunikationsmethode und -system zur Authentifizierung von Benutzern in einer Benutzergruppe im Netzwerk
US7594262B2 (en) * 2002-09-04 2009-09-22 Secure Computing Corporation System and method for secure group communications
US7444514B2 (en) * 2003-10-15 2008-10-28 International Business Machines Corporation Group key exchanges with failures
WO2008054456A2 (en) 2006-02-22 2008-05-08 Luna Innovations Inc. Hardware-facilitated secure software execution environment
US7818567B2 (en) * 2006-09-27 2010-10-19 Lenovo (Singapore) Pte. Ltd. Method for protecting security accounts manager (SAM) files within windows operating systems
US8767964B2 (en) * 2008-03-26 2014-07-01 International Business Machines Corporation Secure communications in computer cluster systems
US8230253B2 (en) * 2008-07-21 2012-07-24 International Business Machines Corporation Byzantine fault tolerant dynamic quorum using a trusted platform module
WO2010019916A1 (en) 2008-08-14 2010-02-18 The Trustees Of Princeton University Hardware trust anchors in sp-enabled processors
WO2010140194A1 (ja) 2009-06-05 2010-12-09 富士通株式会社 情報処理システムの管理方法、情報処理システム、記録媒体、管理プログラム
US8909928B2 (en) 2010-06-02 2014-12-09 Vmware, Inc. Securing customer virtual machines in a multi-tenant cloud
US8904190B2 (en) 2010-10-20 2014-12-02 Advanced Micro Devices, Inc. Method and apparatus including architecture for protecting sensitive code and data
CN102761521B (zh) * 2011-04-26 2016-08-31 上海格尔软件股份有限公司 云安全存储及共享服务平台
US9129283B1 (en) * 2012-01-10 2015-09-08 Intuit Inc. Accessing confidential data securely using a trusted network of mobile devices
US20140052877A1 (en) * 2012-08-16 2014-02-20 Wenbo Mao Method and apparatus for tenant programmable logical network for multi-tenancy cloud datacenters
US9143442B2 (en) * 2012-12-12 2015-09-22 Cisco Technology, Inc. Flexible and scalable virtual network segment pruning
US9747456B2 (en) 2013-03-15 2017-08-29 Microsoft Technology Licensing, Llc Secure query processing over encrypted data
GB2515047B (en) 2013-06-12 2021-02-10 Advanced Risc Mach Ltd Security protection of software libraries in a data processing apparatus
US9245140B2 (en) * 2013-11-15 2016-01-26 Kabushiki Kaisha Toshiba Secure data encryption in shared storage using namespaces
US9722945B2 (en) * 2014-03-31 2017-08-01 Microsoft Technology Licensing, Llc Dynamically identifying target capacity when scaling cloud resources
JP6277827B2 (ja) 2014-03-31 2018-02-14 富士通株式会社 情報処理装置、スケール管理方法およびプログラム
WO2015164521A1 (en) * 2014-04-23 2015-10-29 Intralinks, Inc. Systems and methods of secure data exchange
US9424063B2 (en) * 2014-04-29 2016-08-23 Vmware, Inc. Method and system for generating remediation options within a cluster of host computers that run virtual machines
US10747888B2 (en) * 2014-06-30 2020-08-18 Nicira, Inc. Method and apparatus for differently encrypting data messages for different logical networks
WO2016004397A1 (en) 2014-07-03 2016-01-07 Huawei Technologies Co., Ltd. System and method for wireless network access protection and security architecture
US9705849B2 (en) 2014-09-30 2017-07-11 Intel Corporation Technologies for distributed detection of security anomalies
US9256467B1 (en) 2014-11-11 2016-02-09 Amazon Technologies, Inc. System for managing and scheduling containers
US9733849B2 (en) * 2014-11-21 2017-08-15 Security First Corp. Gateway for cloud-based secure storage
WO2016178316A1 (ja) 2015-05-07 2016-11-10 日本電気株式会社 計算機調達予測装置、計算機調達予測方法、及び、プログラム
US20160350534A1 (en) * 2015-05-29 2016-12-01 Intel Corporation System, apparatus and method for controlling multiple trusted execution environments in a system
US10387181B2 (en) * 2016-01-12 2019-08-20 International Business Machines Corporation Pre-deployment of particular virtual machines based on performance and due to service popularity and resource cost scores in a cloud environment
US10708067B2 (en) * 2016-06-18 2020-07-07 Intel Corporation Platform attestation and registration for servers
KR101704540B1 (ko) * 2016-08-03 2017-02-09 성결대학교 산학협력단 M2m 환경의 다중 디바이스 데이터 공유를 위한 그룹키 관리 방법
US10437985B2 (en) * 2016-10-01 2019-10-08 Intel Corporation Using a second device to enroll a secure application enclave
CN106778326A (zh) * 2016-11-28 2017-05-31 福建升腾资讯有限公司 一种实现移动存储设备保护的方法及系统
CN106682531A (zh) * 2017-01-23 2017-05-17 济南浪潮高新科技投资发展有限公司 一种基于生物信息授权的机密数据加密方法
US10740455B2 (en) * 2017-05-11 2020-08-11 Microsoft Technology Licensing, Llc Encave pool management
US10567359B2 (en) * 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms

Also Published As

Publication number Publication date
US20190026234A1 (en) 2019-01-24
JP7015904B2 (ja) 2022-02-03
US11057361B2 (en) 2021-07-06
US20200053067A1 (en) 2020-02-13
GB202001762D0 (en) 2020-03-25
GB2579490B (en) 2022-03-16
US10567359B2 (en) 2020-02-18
CN110892691B (zh) 2022-07-19
WO2019016641A1 (en) 2019-01-24
JP2020527791A (ja) 2020-09-10
GB2579490A (en) 2020-06-24
CN110892691A (zh) 2020-03-17

Similar Documents

Publication Publication Date Title
DE112018003077T5 (de) Ein cluster von sicheren ausführungsplattformen
DE60218615T2 (de) Verfahren und Architektur zur durchdringenden Absicherung von digitalen Gütern
DE112018004390B4 (de) Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung
Michalas et al. Security aspects of e-health systems migration to the cloud
DE102011077218B4 (de) Zugriff auf in einer Cloud gespeicherte Daten
Caballero Information security essentials for information technology managers: Protecting mission-critical systems
DE102019123253A1 (de) System und einrichtung für datenvertraulichkeit im distributed ledger
DE112015004500T5 (de) Automatisierte Verwaltung von vertraulichen Daten in Cloud-Umgebungen
DE19960977A1 (de) System für ein elektronisches Datenarchiv mit Erzwingung einer Zugriffskontrolle beim Datenabruf
DE112011103580B4 (de) Verfahren, sichere Einheit, System und Computerprogrammprodukt für das sichere Verwalten des Benutzerzugriffs auf ein Dateisystem
DE112014000584T5 (de) Erreichen von Speichereffizienz bei durchgängiger Verschlüsselung unter Verwendung von nachgelagerten (Downstream-)Decryptern
DE112022000340T5 (de) Attributgestützte verschlüsselungsschlüssel als schlüsselmaterial zum authentifizieren und berechtigen von benutzern mit schlüssel-hash-nachrichtenauthentifizierungscode
DE112021002747T5 (de) Sicheres wiederherstellen von geheimen schlüsseln
CN103763313A (zh) 一种文档保护方法和系统
DE112021005862T5 (de) Selbstprüfende blockchain
DE112022000963T5 (de) Verbindungsbeständige mehrfaktorauthentifizierung
DE112020002343T5 (de) Verteilung von Sicherheitsberechtigungsnachweisen
DE202025100530U1 (de) System für sichere Datenverarbeitung und datenschutzkonforme Analytik
DE102009054128A1 (de) Verfahren und Vorrichtung zum Zugriff auf Dateien eines sicheren Fileservers
DE10146361B4 (de) Verteiltes System
DE112021000340T5 (de) Sichere private schlüsselverteilung zwischen endpunktinstanzen
DE112022003983T5 (de) Berechtigte, sichere datenverschiebung
Himmel et al. Security on distributed systems: Cloud security versus traditional IT
EP3373545A1 (de) Sicherheitseinheit insbesondere ein für iot-gerät und verfahren zur ausführung einer oder mehrerer applikationen zum gesicherten datenaustausch mit einem oder mehrere web-dienste bereitstellenden servern
Bhardwaj et al. Case study of Azure and Azure security practices

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R079 Amendment of ipc main class

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0065000000

R084 Declaration of willingness to licence