KR102726547B1 - 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 - Google Patents

멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 Download PDF

Info

Publication number
KR102726547B1
KR102726547B1 KR1020217039137A KR20217039137A KR102726547B1 KR 102726547 B1 KR102726547 B1 KR 102726547B1 KR 1020217039137 A KR1020217039137 A KR 1020217039137A KR 20217039137 A KR20217039137 A KR 20217039137A KR 102726547 B1 KR102726547 B1 KR 102726547B1
Authority
KR
South Korea
Prior art keywords
key
worker node
processors
data encryption
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020217039137A
Other languages
English (en)
Korean (ko)
Other versions
KR20220002616A (ko
Inventor
에두아르도 로드리게즈
프라티크 카르나티
카루나카르 보지레디
Original Assignee
인터내셔널 비지네스 머신즈 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 인터내셔널 비지네스 머신즈 코포레이션 filed Critical 인터내셔널 비지네스 머신즈 코포레이션
Publication of KR20220002616A publication Critical patent/KR20220002616A/ko
Application granted granted Critical
Publication of KR102726547B1 publication Critical patent/KR102726547B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
KR1020217039137A 2019-06-24 2020-06-10 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 Active KR102726547B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/449,904 US11044080B2 (en) 2019-06-24 2019-06-24 Cryptographic key orchestration between trusted containers in a multi-node cluster
US16/449,904 2019-06-24
PCT/EP2020/066133 WO2020260026A1 (en) 2019-06-24 2020-06-10 Cryptographic key orchestration between trusted containers in a multi-node cluster

Publications (2)

Publication Number Publication Date
KR20220002616A KR20220002616A (ko) 2022-01-06
KR102726547B1 true KR102726547B1 (ko) 2024-11-06

Family

ID=71094329

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020217039137A Active KR102726547B1 (ko) 2019-06-24 2020-06-10 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션

Country Status (12)

Country Link
US (1) US11044080B2 (cg-RX-API-DMAC7.html)
EP (1) EP3987712B1 (cg-RX-API-DMAC7.html)
JP (1) JP7486530B2 (cg-RX-API-DMAC7.html)
KR (1) KR102726547B1 (cg-RX-API-DMAC7.html)
CN (1) CN113826352A (cg-RX-API-DMAC7.html)
AU (1) AU2020305390B2 (cg-RX-API-DMAC7.html)
BR (1) BR112021026146A2 (cg-RX-API-DMAC7.html)
CA (1) CA3143383A1 (cg-RX-API-DMAC7.html)
IL (1) IL288689B2 (cg-RX-API-DMAC7.html)
MX (1) MX2021015223A (cg-RX-API-DMAC7.html)
SG (1) SG11202110433SA (cg-RX-API-DMAC7.html)
WO (1) WO2020260026A1 (cg-RX-API-DMAC7.html)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021056069A1 (en) * 2019-09-25 2021-04-01 Commonwealth Scientific And Industrial Research Organisation Cryptographic services for browser applications
US11354151B2 (en) * 2020-02-12 2022-06-07 International Business Machines Corporation Hardware memory encryption and protection for containers
US11494219B2 (en) * 2020-02-26 2022-11-08 Red Hat, Inc. Encryption and remote attestation of containers
US20240022423A1 (en) * 2021-03-12 2024-01-18 Meta Platforms, Inc. Processing private information in a distributed enclave framework
US11995197B2 (en) * 2021-07-27 2024-05-28 International Business Machines Corporation Sensitive data encryption
WO2023038817A1 (en) * 2021-09-08 2023-03-16 Thales Dis Cpl Usa, Inc. Extension of functionality to filesystems in container orchestration systems
US12041164B2 (en) 2021-09-10 2024-07-16 International Business Machines Corporation Encryption key hybrid deployment management
US12316765B2 (en) * 2023-05-10 2025-05-27 Google Llc Untrusted multi-party compute system
JPWO2024252681A1 (cg-RX-API-DMAC7.html) * 2023-06-09 2024-12-12
US20250062898A1 (en) * 2023-08-14 2025-02-20 Ally Financial Inc. Techniques for secret synchronization and management across multiple clusters
US12602502B2 (en) * 2023-10-13 2026-04-14 Privafy Inc System and method for providing trustworthy access enforcement to microservice container images on orchestration platforms
US12587838B2 (en) 2023-10-19 2026-03-24 International Business Machines Corporation Encrypted end-to-end messaging using near-field communication (NFC) tags

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100904549B1 (ko) * 2007-10-22 2009-06-25 성균관대학교산학협력단 이동 에이전트에 상응하여 링 토폴로지 형성 방법 및 그시스템
US20170251023A1 (en) * 2016-02-26 2017-08-31 Fornetix Llc System and method for associating encryption key management policy with device activity
US20180109378A1 (en) 2016-10-14 2018-04-19 Alibaba Group Holding Limited Method and system for secure data storage and retrieval
US20190058696A1 (en) * 2017-08-18 2019-02-21 Intel Corporation Techniques for shared private data objects in a trusted execution environment

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421741B2 (en) 2003-10-20 2008-09-02 Phillips Ii Eugene B Securing digital content system and method
GB2481563B (en) 2009-12-22 2017-07-19 Intel Corp Method and apparatus to provide secure application execution
US8924727B2 (en) 2012-10-12 2014-12-30 Intel Corporation Technologies labeling diverse content
EP2874093A1 (en) * 2013-11-13 2015-05-20 Gemalto SA Method to protect a set of sensitive data associated to public data in a secured container
US9461821B1 (en) * 2014-06-30 2016-10-04 Emc Corporation System and method for key material protection on devices using a secret sharing scheme
WO2017034642A2 (en) * 2015-06-05 2017-03-02 Nutanix, Inc. Optimizable full-path encryption in a virtualization environment
US10534724B2 (en) * 2015-12-24 2020-01-14 Intel Corporation Instructions and logic to suspend/resume migration of enclaves in a secure enclave page cache
US10523427B2 (en) * 2016-01-11 2019-12-31 Dell Products L.P. Systems and methods for management controller management of key encryption key
US10326744B1 (en) * 2016-03-21 2019-06-18 EMC IP Holding Company LLC Security layer for containers in multi-tenant environments
US10498726B2 (en) * 2016-03-22 2019-12-03 International Business Machines Corporation Container independent secure file system for security application containers
US11165565B2 (en) * 2016-12-09 2021-11-02 Microsoft Technology Licensing, Llc Secure distribution private keys for use by untrusted code
US11438155B2 (en) * 2017-01-24 2022-09-06 Microsoft Technology Licensing, Llc Key vault enclave
US10567359B2 (en) 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms
US10872145B2 (en) 2017-10-25 2020-12-22 International Business Machines Corporation Secure processor-based control plane function virtualization in cloud systems
US10776459B2 (en) * 2017-12-07 2020-09-15 International Business Machines Corporation Facilitating build and deploy runtime memory encrypted cloud applications and containers
US11388272B2 (en) * 2018-03-30 2022-07-12 Intel Corporation Technologies for network packet processing between cloud and telecommunications networks
US10884814B2 (en) * 2018-09-28 2021-01-05 Intel Corporation Mobile edge-cloud security infrastructure
US11048800B2 (en) * 2018-12-17 2021-06-29 Intel Corporation Composable trustworthy execution environments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100904549B1 (ko) * 2007-10-22 2009-06-25 성균관대학교산학협력단 이동 에이전트에 상응하여 링 토폴로지 형성 방법 및 그시스템
US20170251023A1 (en) * 2016-02-26 2017-08-31 Fornetix Llc System and method for associating encryption key management policy with device activity
US20180109378A1 (en) 2016-10-14 2018-04-19 Alibaba Group Holding Limited Method and system for secure data storage and retrieval
US20190058696A1 (en) * 2017-08-18 2019-02-21 Intel Corporation Techniques for shared private data objects in a trusted execution environment

Also Published As

Publication number Publication date
CN113826352A (zh) 2021-12-21
IL288689B2 (en) 2024-06-01
EP3987712B1 (en) 2025-07-23
US11044080B2 (en) 2021-06-22
CA3143383A1 (en) 2020-12-30
US20200403784A1 (en) 2020-12-24
EP3987712A1 (en) 2022-04-27
MX2021015223A (es) 2022-01-18
IL288689A (en) 2022-02-01
JP2022537739A (ja) 2022-08-29
AU2020305390B2 (en) 2023-07-13
KR20220002616A (ko) 2022-01-06
JP7486530B2 (ja) 2024-05-17
IL288689B1 (en) 2024-02-01
SG11202110433SA (en) 2021-10-28
WO2020260026A1 (en) 2020-12-30
AU2020305390A1 (en) 2021-10-14
BR112021026146A2 (pt) 2022-02-08

Similar Documents

Publication Publication Date Title
KR102726547B1 (ko) 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션
US12132835B2 (en) Encrypted file storage
US10277591B2 (en) Protection and verification of user authentication credentials against server compromise
JP6482526B2 (ja) コンピュータアプリケーションのオブジェクトコードを変更することによるコンピュータアプリケーションのためのセキュリティサービス管理
US11750397B2 (en) Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization
KR20230078706A (ko) 포스트 양자 암호화를 사용하는 인증서 기반 보안
US10931453B2 (en) Distributed encryption keys for tokens in a cloud environment
US11979411B2 (en) Control of access to computing resources implemented in isolated environments
US20180309738A1 (en) Data access levels
JP2024501168A (ja) セキュアなメモリ共有方法
US11032708B2 (en) Securing public WLAN hotspot network access
US10546142B2 (en) Systems and methods for zero-knowledge enterprise collaboration
US10972455B2 (en) Secure authentication in TLS sessions
US20250310093A1 (en) Blind secret management and rotation
US11907394B1 (en) Isolation and authorization for segregated command and query database resource access
US20250322396A1 (en) Encrypted subnets and secure containers
CN119172434A (zh) 信息处理方法及装置、设备、存储介质、程序产品
CN119906549A (zh) 用于验证身份的方法、电子设备、计算机程序产品

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

A201 Request for examination
PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

D13-X000 Search requested

St.27 status event code: A-1-2-D10-D13-srh-X000

D14-X000 Search report completed

St.27 status event code: A-1-2-D10-D14-srh-X000

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

E13-X000 Pre-grant limitation requested

St.27 status event code: A-2-3-E10-E13-lim-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601