DE112018004390B4 - Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung - Google Patents

Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung Download PDF

Info

Publication number
DE112018004390B4
DE112018004390B4 DE112018004390.8T DE112018004390T DE112018004390B4 DE 112018004390 B4 DE112018004390 B4 DE 112018004390B4 DE 112018004390 T DE112018004390 T DE 112018004390T DE 112018004390 B4 DE112018004390 B4 DE 112018004390B4
Authority
DE
Germany
Prior art keywords
user
encrypted
file
secure environment
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE112018004390.8T
Other languages
German (de)
English (en)
Other versions
DE112018004390T5 (de
Inventor
Olgierd Pieczul
Jinhui Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112018004390T5 publication Critical patent/DE112018004390T5/de
Application granted granted Critical
Publication of DE112018004390B4 publication Critical patent/DE112018004390B4/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
DE112018004390.8T 2017-10-19 2018-10-12 Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung Active DE112018004390B4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/788,647 2017-10-19
US15/788,647 US10834081B2 (en) 2017-10-19 2017-10-19 Secure access management for tools within a secure environment
PCT/IB2018/057911 WO2019077452A1 (en) 2017-10-19 2018-10-12 MANAGING SECURE ACCESS TO TOOLS IN A SECURE ENVIRONMENT

Publications (2)

Publication Number Publication Date
DE112018004390T5 DE112018004390T5 (de) 2020-05-14
DE112018004390B4 true DE112018004390B4 (de) 2022-12-08

Family

ID=66169577

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112018004390.8T Active DE112018004390B4 (de) 2017-10-19 2018-10-12 Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung

Country Status (6)

Country Link
US (4) US10834081B2 (https=)
JP (1) JP7189944B2 (https=)
CN (1) CN111149337B (https=)
DE (1) DE112018004390B4 (https=)
GB (1) GB2581721B (https=)
WO (1) WO2019077452A1 (https=)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11150788B2 (en) * 2019-03-14 2021-10-19 Ebay Inc. Augmented or virtual reality (AR/VR) companion device techniques
US10890992B2 (en) 2019-03-14 2021-01-12 Ebay Inc. Synchronizing augmented or virtual reality (AR/VR) applications with companion device interfaces
CN110245004A (zh) * 2019-06-13 2019-09-17 深圳前海微众银行股份有限公司 命令执行方法、装置、设备及计算机可读存储介质
CN112182635B (zh) * 2019-07-03 2024-02-23 北京百度网讯科技有限公司 一种联合建模的实现方法、装置、设备和介质
KR102325986B1 (ko) * 2020-01-22 2021-11-12 네이버클라우드 주식회사 스토리지 암호화의 동적 적용을 위한 방법 및 시스템
US11750566B1 (en) * 2020-03-31 2023-09-05 Amazon Technologies, Inc. Configuring virtual computer systems with a web service interface to perform operations in cryptographic devices
US11880482B2 (en) * 2020-12-10 2024-01-23 International Business Machines Corporation Secure smart containers for controlling access to data
CN112668030A (zh) * 2021-03-09 2021-04-16 邓晨 一种金融自助端的身份id确认及环境安全的认证方法
CN113901442B (zh) * 2021-10-28 2025-02-28 中国工商银行股份有限公司 容器控制方法、容器控制装置、电子设备和存储介质
US12197397B1 (en) * 2021-12-10 2025-01-14 Amazon Technologies, Inc. Offloading of remote service interactions to virtualized service devices
TWI868416B (zh) * 2021-12-29 2025-01-01 新唐科技股份有限公司 保護並管理金鑰的方法及裝置
CN115334073B (zh) * 2022-10-13 2023-01-24 中国电子科技集团公司第十五研究所 一种深度拉取远程文件的方法和系统
CN115883536B (zh) * 2022-11-28 2024-06-18 中国联合网络通信集团有限公司 文件传递方法、装置、系统及存储介质
CN115967553B (zh) * 2022-12-15 2025-11-07 厦门安胜网络科技有限公司 一种基于虚拟化系统的文件安全下发方法和系统
CN116866335B (zh) * 2023-08-21 2024-04-16 北京和德宇航技术有限公司 一种数据传输系统及方法
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013123548A2 (en) 2012-02-20 2013-08-29 Lock Box Pty Ltd. Cryptographic method and system
WO2017003583A1 (en) 2015-06-27 2017-01-05 Mcafee, Inc. Virtualized trusted storage
CN107196932A (zh) 2017-05-18 2017-09-22 北京计算机技术及应用研究所 一种基于虚拟化的文档集中管控系统

Family Cites Families (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6249866B1 (en) * 1997-09-16 2001-06-19 Microsoft Corporation Encrypting file system and method
US7143288B2 (en) 2002-10-16 2006-11-28 Vormetric, Inc. Secure file system server architecture and methods
US7603553B1 (en) * 2003-04-25 2009-10-13 Netapp, Inc. System and method to make file handles opaque to clients
US7103772B2 (en) * 2003-05-02 2006-09-05 Giritech A/S Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
JP2005071196A (ja) * 2003-08-27 2005-03-17 Hitachi Ltd ディスクアレイ装置、及びその障害情報の制御方法
US20050114870A1 (en) * 2003-11-21 2005-05-26 Song Dong H. System and method for executing an application on a secured run-time environment
US8146141B1 (en) 2003-12-16 2012-03-27 Citibank Development Center, Inc. Method and system for secure authentication of a user by a host system
US7506170B2 (en) * 2004-05-28 2009-03-17 Microsoft Corporation Method for secure access to multiple secure networks
CN101512490B (zh) * 2006-01-17 2013-11-20 基达罗(以色列)有限公司 在网络化环境中保护数据安全
US9354927B2 (en) * 2006-12-21 2016-05-31 Vmware, Inc. Securing virtual machine data
US7908476B2 (en) * 2007-01-10 2011-03-15 International Business Machines Corporation Virtualization of file system encryption
CN101398824A (zh) * 2007-09-26 2009-04-01 新奥特硅谷视频技术有限责任公司 利用虚拟文件系统技术实现数据处理后存储的方法
US8572370B1 (en) * 2007-12-21 2013-10-29 Parallels IP Holdings GmbH Accessing a remote virtual environment without user authentication
US20090172393A1 (en) * 2007-12-31 2009-07-02 Haluk Kent Tanik Method And System For Transferring Data And Instructions Through A Host File System
CN101741553B (zh) 2008-11-04 2012-07-25 翊杰科技股份有限公司 数据保密储存与回复方法及系统
US8560826B2 (en) * 2009-12-14 2013-10-15 Citrix Systems, Inc. Secure virtualization environment bootable from an external media device
US8478996B2 (en) * 2009-12-21 2013-07-02 International Business Machines Corporation Secure Kerberized access of encrypted file system
US8977661B2 (en) * 2010-02-22 2015-03-10 Sookasa Inc. System, method and computer readable medium for file management
US20110213971A1 (en) * 2010-03-01 2011-09-01 Nokia Corporation Method and apparatus for providing rights management at file system level
US8555377B2 (en) * 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
CN101853363B (zh) * 2010-05-07 2012-08-08 飞天诚信科技股份有限公司 一种文件保护方法及系统
US8752047B2 (en) * 2010-05-28 2014-06-10 Bromium, Inc. Automated management of virtual machines to process untrusted data based on client policy information
CN101901313B (zh) * 2010-06-10 2013-12-18 中科方德软件有限公司 一种Linux文件保护系统及方法
WO2012040231A2 (en) 2010-09-20 2012-03-29 Orsini Rick L Systems and methods for secure data sharing
US9053339B2 (en) * 2010-10-27 2015-06-09 Hytrust, Inc. System and method for secure storage of virtual machines
CN102065104A (zh) * 2011-01-10 2011-05-18 深信服网络科技(深圳)有限公司 一种异地文件访问方法、装置及系统
US8745384B2 (en) * 2011-08-11 2014-06-03 Cisco Technology, Inc. Security management in a group based environment
AU2012300852C1 (en) 2011-08-31 2018-01-04 Thomson Licensing Method for a secured backup and restore of configuration data of an end-user device, and device using the method
US9973484B2 (en) * 2011-10-31 2018-05-15 Reid Consulting Group, Inc. System and method for securely storing and sharing information
KR20130079004A (ko) * 2012-01-02 2013-07-10 (주)소만사 스마트폰에서 파일 시스템 가상화를 이용한 모바일 정보 보호 시스템 및 가상 보안 환경 제공 방법
US20140237252A1 (en) * 2012-12-31 2014-08-21 Safelylocked, Llc Techniques for validating data exchange
US9003183B2 (en) * 2013-01-28 2015-04-07 Digitalmailer, Inc. Virtual storage system and file encryption methods
EP2974121A4 (en) 2013-03-13 2016-12-07 Jumpto Media Inc SECURE COMMUNICATION IN NETWORK
US9177165B2 (en) * 2013-03-31 2015-11-03 Noam Camiel System and method for a secure environment that authenticates secure data handling to the user
US9596315B2 (en) * 2013-05-30 2017-03-14 Zentera Systems, Inc. Secure data transfer platform for hybrid computing environment
CN104348846A (zh) * 2013-07-24 2015-02-11 航天信息股份有限公司 基于wpki实现云存储系统数据通信安全的方法和系统
US9436842B2 (en) * 2013-08-16 2016-09-06 Vinay Purohit Distributed fragments file system
EP3522446B1 (en) * 2013-11-14 2021-01-06 Pleasant Solutions Inc. System and method for credentialed access to a remote server
RU2573785C2 (ru) * 2013-12-05 2016-01-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ применения правил доступа к файлам при их передаче между компьютерами
DE102013225021A1 (de) * 2013-12-05 2015-06-11 Bundesdruckerei Gmbh Verfahren zum Zugriff auf einen Datenspeicher eines Cloud-Computersystems
US9762614B2 (en) * 2014-02-13 2017-09-12 Cupp Computing As Systems and methods for providing network security using a secure digital device
CN104980477B (zh) * 2014-04-14 2019-07-09 航天信息股份有限公司 云存储环境下的数据访问控制方法和系统
US10013574B2 (en) * 2014-06-11 2018-07-03 Bijit Hore Method and apparatus for secure storage and retrieval of encrypted files in public cloud-computing platforms
CN104917741B (zh) 2014-07-19 2018-10-02 国家电网公司 一种基于usbkey的明文文档公网安全传输系统
US10122703B2 (en) 2014-09-30 2018-11-06 Citrix Systems, Inc. Federated full domain logon
US9563785B2 (en) * 2014-12-03 2017-02-07 Vmware, Inc. Optimized encryption filtering of files
US9584325B1 (en) 2014-12-04 2017-02-28 Amazon Technologies, Inc. User-configurable cryptographic interface controller
CN104579879A (zh) 2014-12-05 2015-04-29 上海斐讯数据通信技术有限公司 一种虚拟专用网络通信系统、连接方法及数据包传输方法
US10073985B2 (en) * 2015-02-27 2018-09-11 Samsung Electronics Co., Ltd. Apparatus and method for trusted execution environment file protection
US9798678B2 (en) * 2015-04-02 2017-10-24 International Business Machines Corporation Protecting storage from unauthorized access
US10432592B2 (en) 2015-05-10 2019-10-01 Citrix Systems, Inc. Password encryption for hybrid cloud services
US10460119B2 (en) * 2016-02-26 2019-10-29 Intuit Inc. IDPS access-controlled and encrypted file system design
US10705894B2 (en) * 2016-05-30 2020-07-07 Samsung Electronics Co., Ltd. Electronic device for authenticating application and operating method thereof
US20180314837A1 (en) * 2017-04-28 2018-11-01 Dell Products L.P. Secure file wrapper for tiff images
CN107172027A (zh) * 2017-05-05 2017-09-15 北京凤凰理理它信息技术有限公司 证书管理方法、存储设备、存储介质和装置
US10157290B1 (en) * 2017-10-11 2018-12-18 Symantec Corporation Systems and methods for encrypting files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013123548A2 (en) 2012-02-20 2013-08-29 Lock Box Pty Ltd. Cryptographic method and system
WO2017003583A1 (en) 2015-06-27 2017-01-05 Mcafee, Inc. Virtualized trusted storage
CN107196932A (zh) 2017-05-18 2017-09-22 北京计算机技术及应用研究所 一种基于虚拟化的文档集中管控系统

Also Published As

Publication number Publication date
WO2019077452A1 (en) 2019-04-25
CN111149337B (zh) 2022-03-04
US20190124084A1 (en) 2019-04-25
US20240007470A1 (en) 2024-01-04
GB2581721B (en) 2022-05-11
US10834081B2 (en) 2020-11-10
US20210152556A1 (en) 2021-05-20
US11799861B2 (en) 2023-10-24
CN111149337A (zh) 2020-05-12
JP7189944B2 (ja) 2022-12-14
US10924486B2 (en) 2021-02-16
GB2581721A (en) 2020-08-26
JP2021500782A (ja) 2021-01-07
DE112018004390T5 (de) 2020-05-14
GB202006911D0 (en) 2020-06-24
US20190253421A1 (en) 2019-08-15

Similar Documents

Publication Publication Date Title
DE112018004390B4 (de) Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung
DE112021002245T5 (de) Verhindern einer unberechtigten bereitstellung von paketen in clustern
DE112018004411B4 (de) Zugriffssteuerung in mikrodienst-architekturen
DE102016222034B4 (de) Dynamische Kennworterzeugung
DE112020005625T5 (de) Binden sicherer objekte eines sicherheitsmoduls an einen sicheren gast
DE112022000340T5 (de) Attributgestützte verschlüsselungsschlüssel als schlüsselmaterial zum authentifizieren und berechtigen von benutzern mit schlüssel-hash-nachrichtenauthentifizierungscode
DE112012002741T5 (de) Identitäts- und Berechtigungsprüfungsverfahren für die Sicherheit einer Cloud-Datenverarbeitungsplattform
DE112020002343B4 (de) Verteilung von Sicherheitsberechtigungsnachweisen
DE102011077218B4 (de) Zugriff auf in einer Cloud gespeicherte Daten
DE112017007963T5 (de) Identitätsüberprüfung unter verwendung von biometrischen daten und nicht umkehrbaren funktionen über eine blockchain
DE112015004500T5 (de) Automatisierte Verwaltung von vertraulichen Daten in Cloud-Umgebungen
US20160335118A1 (en) Mapping tenat groups to identity management classes
DE112021002099T5 (de) Hypervisor-geschützter schlüssel
DE112021000340B4 (de) Sichere private schlüsselverteilung zwischen endpunktinstanzen
DE112021006372T5 (de) Sichere bereitstellung einer datenverarbeitungsressource unter verwendung einer homomorphen verschlüsselung
DE112021005561T5 (de) Implementieren einer widerstandsfähigen deterministischen verschlüsselung
DE112022000963T5 (de) Verbindungsbeständige mehrfaktorauthentifizierung
DE112022004921T5 (de) Sichere verteilung von richtlinien in einer cloud-umgebung
DE112021002747T5 (de) Sicheres wiederherstellen von geheimen schlüsseln
DE112021003864T5 (de) Durchsetzung von signaturen für die konfiguration von softwarebereitstellung
DE112021006008B4 (de) Sichere übertragung grosser datenmengen
DE112019003130T5 (de) Hsm-selbstzerstörung in einer hybriden cloud-kms-lösung
DE102016105062A1 (de) Nähengestützte Berechtigungsprüfung für einheitenübergreifend verteilte Daten
DE112019001957T5 (de) Sichere operationen mit verschlüsselten daten
DE112021005979T5 (de) Sichere gemeinsame nutzung von speicher

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R079 Amendment of ipc main class

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: G06F0016160000

R016 Response to examination communication
R018 Grant decision by examination section/examining division
R084 Declaration of willingness to licence
R020 Patent grant now final