KR102726547B1 - 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 - Google Patents
멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 Download PDFInfo
- Publication number
- KR102726547B1 KR102726547B1 KR1020217039137A KR20217039137A KR102726547B1 KR 102726547 B1 KR102726547 B1 KR 102726547B1 KR 1020217039137 A KR1020217039137 A KR 1020217039137A KR 20217039137 A KR20217039137 A KR 20217039137A KR 102726547 B1 KR102726547 B1 KR 102726547B1
- Authority
- KR
- South Korea
- Prior art keywords
- key
- worker node
- processors
- data encryption
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/449,904 US11044080B2 (en) | 2019-06-24 | 2019-06-24 | Cryptographic key orchestration between trusted containers in a multi-node cluster |
| US16/449,904 | 2019-06-24 | ||
| PCT/EP2020/066133 WO2020260026A1 (en) | 2019-06-24 | 2020-06-10 | Cryptographic key orchestration between trusted containers in a multi-node cluster |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| KR20220002616A KR20220002616A (ko) | 2022-01-06 |
| KR102726547B1 true KR102726547B1 (ko) | 2024-11-06 |
Family
ID=71094329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020217039137A Active KR102726547B1 (ko) | 2019-06-24 | 2020-06-10 | 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 |
Country Status (12)
| Country | Link |
|---|---|
| US (1) | US11044080B2 (cg-RX-API-DMAC7.html) |
| EP (1) | EP3987712B1 (cg-RX-API-DMAC7.html) |
| JP (1) | JP7486530B2 (cg-RX-API-DMAC7.html) |
| KR (1) | KR102726547B1 (cg-RX-API-DMAC7.html) |
| CN (1) | CN113826352A (cg-RX-API-DMAC7.html) |
| AU (1) | AU2020305390B2 (cg-RX-API-DMAC7.html) |
| BR (1) | BR112021026146A2 (cg-RX-API-DMAC7.html) |
| CA (1) | CA3143383A1 (cg-RX-API-DMAC7.html) |
| IL (1) | IL288689B2 (cg-RX-API-DMAC7.html) |
| MX (1) | MX2021015223A (cg-RX-API-DMAC7.html) |
| SG (1) | SG11202110433SA (cg-RX-API-DMAC7.html) |
| WO (1) | WO2020260026A1 (cg-RX-API-DMAC7.html) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021056069A1 (en) * | 2019-09-25 | 2021-04-01 | Commonwealth Scientific And Industrial Research Organisation | Cryptographic services for browser applications |
| US11354151B2 (en) * | 2020-02-12 | 2022-06-07 | International Business Machines Corporation | Hardware memory encryption and protection for containers |
| US11494219B2 (en) * | 2020-02-26 | 2022-11-08 | Red Hat, Inc. | Encryption and remote attestation of containers |
| US20240022423A1 (en) * | 2021-03-12 | 2024-01-18 | Meta Platforms, Inc. | Processing private information in a distributed enclave framework |
| US11995197B2 (en) * | 2021-07-27 | 2024-05-28 | International Business Machines Corporation | Sensitive data encryption |
| WO2023038817A1 (en) * | 2021-09-08 | 2023-03-16 | Thales Dis Cpl Usa, Inc. | Extension of functionality to filesystems in container orchestration systems |
| US12041164B2 (en) | 2021-09-10 | 2024-07-16 | International Business Machines Corporation | Encryption key hybrid deployment management |
| US12316765B2 (en) * | 2023-05-10 | 2025-05-27 | Google Llc | Untrusted multi-party compute system |
| JPWO2024252681A1 (cg-RX-API-DMAC7.html) * | 2023-06-09 | 2024-12-12 | ||
| US20250062898A1 (en) * | 2023-08-14 | 2025-02-20 | Ally Financial Inc. | Techniques for secret synchronization and management across multiple clusters |
| US12602502B2 (en) * | 2023-10-13 | 2026-04-14 | Privafy Inc | System and method for providing trustworthy access enforcement to microservice container images on orchestration platforms |
| US12587838B2 (en) | 2023-10-19 | 2026-03-24 | International Business Machines Corporation | Encrypted end-to-end messaging using near-field communication (NFC) tags |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100904549B1 (ko) * | 2007-10-22 | 2009-06-25 | 성균관대학교산학협력단 | 이동 에이전트에 상응하여 링 토폴로지 형성 방법 및 그시스템 |
| US20170251023A1 (en) * | 2016-02-26 | 2017-08-31 | Fornetix Llc | System and method for associating encryption key management policy with device activity |
| US20180109378A1 (en) | 2016-10-14 | 2018-04-19 | Alibaba Group Holding Limited | Method and system for secure data storage and retrieval |
| US20190058696A1 (en) * | 2017-08-18 | 2019-02-21 | Intel Corporation | Techniques for shared private data objects in a trusted execution environment |
Family Cites Families (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421741B2 (en) | 2003-10-20 | 2008-09-02 | Phillips Ii Eugene B | Securing digital content system and method |
| GB2481563B (en) | 2009-12-22 | 2017-07-19 | Intel Corp | Method and apparatus to provide secure application execution |
| US8924727B2 (en) | 2012-10-12 | 2014-12-30 | Intel Corporation | Technologies labeling diverse content |
| EP2874093A1 (en) * | 2013-11-13 | 2015-05-20 | Gemalto SA | Method to protect a set of sensitive data associated to public data in a secured container |
| US9461821B1 (en) * | 2014-06-30 | 2016-10-04 | Emc Corporation | System and method for key material protection on devices using a secret sharing scheme |
| WO2017034642A2 (en) * | 2015-06-05 | 2017-03-02 | Nutanix, Inc. | Optimizable full-path encryption in a virtualization environment |
| US10534724B2 (en) * | 2015-12-24 | 2020-01-14 | Intel Corporation | Instructions and logic to suspend/resume migration of enclaves in a secure enclave page cache |
| US10523427B2 (en) * | 2016-01-11 | 2019-12-31 | Dell Products L.P. | Systems and methods for management controller management of key encryption key |
| US10326744B1 (en) * | 2016-03-21 | 2019-06-18 | EMC IP Holding Company LLC | Security layer for containers in multi-tenant environments |
| US10498726B2 (en) * | 2016-03-22 | 2019-12-03 | International Business Machines Corporation | Container independent secure file system for security application containers |
| US11165565B2 (en) * | 2016-12-09 | 2021-11-02 | Microsoft Technology Licensing, Llc | Secure distribution private keys for use by untrusted code |
| US11438155B2 (en) * | 2017-01-24 | 2022-09-06 | Microsoft Technology Licensing, Llc | Key vault enclave |
| US10567359B2 (en) | 2017-07-18 | 2020-02-18 | International Business Machines Corporation | Cluster of secure execution platforms |
| US10872145B2 (en) | 2017-10-25 | 2020-12-22 | International Business Machines Corporation | Secure processor-based control plane function virtualization in cloud systems |
| US10776459B2 (en) * | 2017-12-07 | 2020-09-15 | International Business Machines Corporation | Facilitating build and deploy runtime memory encrypted cloud applications and containers |
| US11388272B2 (en) * | 2018-03-30 | 2022-07-12 | Intel Corporation | Technologies for network packet processing between cloud and telecommunications networks |
| US10884814B2 (en) * | 2018-09-28 | 2021-01-05 | Intel Corporation | Mobile edge-cloud security infrastructure |
| US11048800B2 (en) * | 2018-12-17 | 2021-06-29 | Intel Corporation | Composable trustworthy execution environments |
-
2019
- 2019-06-24 US US16/449,904 patent/US11044080B2/en active Active
-
2020
- 2020-06-10 AU AU2020305390A patent/AU2020305390B2/en active Active
- 2020-06-10 CN CN202080035909.4A patent/CN113826352A/zh active Pending
- 2020-06-10 WO PCT/EP2020/066133 patent/WO2020260026A1/en not_active Ceased
- 2020-06-10 CA CA3143383A patent/CA3143383A1/en active Pending
- 2020-06-10 SG SG11202110433SA patent/SG11202110433SA/en unknown
- 2020-06-10 MX MX2021015223A patent/MX2021015223A/es unknown
- 2020-06-10 JP JP2021575206A patent/JP7486530B2/ja active Active
- 2020-06-10 KR KR1020217039137A patent/KR102726547B1/ko active Active
- 2020-06-10 BR BR112021026146A patent/BR112021026146A2/pt unknown
- 2020-06-10 EP EP20732828.7A patent/EP3987712B1/en active Active
- 2020-06-10 IL IL288689A patent/IL288689B2/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100904549B1 (ko) * | 2007-10-22 | 2009-06-25 | 성균관대학교산학협력단 | 이동 에이전트에 상응하여 링 토폴로지 형성 방법 및 그시스템 |
| US20170251023A1 (en) * | 2016-02-26 | 2017-08-31 | Fornetix Llc | System and method for associating encryption key management policy with device activity |
| US20180109378A1 (en) | 2016-10-14 | 2018-04-19 | Alibaba Group Holding Limited | Method and system for secure data storage and retrieval |
| US20190058696A1 (en) * | 2017-08-18 | 2019-02-21 | Intel Corporation | Techniques for shared private data objects in a trusted execution environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113826352A (zh) | 2021-12-21 |
| IL288689B2 (en) | 2024-06-01 |
| EP3987712B1 (en) | 2025-07-23 |
| US11044080B2 (en) | 2021-06-22 |
| CA3143383A1 (en) | 2020-12-30 |
| US20200403784A1 (en) | 2020-12-24 |
| EP3987712A1 (en) | 2022-04-27 |
| MX2021015223A (es) | 2022-01-18 |
| IL288689A (en) | 2022-02-01 |
| JP2022537739A (ja) | 2022-08-29 |
| AU2020305390B2 (en) | 2023-07-13 |
| KR20220002616A (ko) | 2022-01-06 |
| JP7486530B2 (ja) | 2024-05-17 |
| IL288689B1 (en) | 2024-02-01 |
| SG11202110433SA (en) | 2021-10-28 |
| WO2020260026A1 (en) | 2020-12-30 |
| AU2020305390A1 (en) | 2021-10-14 |
| BR112021026146A2 (pt) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102726547B1 (ko) | 멀티-노드 클러스터에서 신뢰할 수 있는 컨테이너들 간의 암호화 키 오케스트레이션 | |
| US12132835B2 (en) | Encrypted file storage | |
| US10277591B2 (en) | Protection and verification of user authentication credentials against server compromise | |
| JP6482526B2 (ja) | コンピュータアプリケーションのオブジェクトコードを変更することによるコンピュータアプリケーションのためのセキュリティサービス管理 | |
| US11750397B2 (en) | Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization | |
| KR20230078706A (ko) | 포스트 양자 암호화를 사용하는 인증서 기반 보안 | |
| US10931453B2 (en) | Distributed encryption keys for tokens in a cloud environment | |
| US11979411B2 (en) | Control of access to computing resources implemented in isolated environments | |
| US20180309738A1 (en) | Data access levels | |
| JP2024501168A (ja) | セキュアなメモリ共有方法 | |
| US11032708B2 (en) | Securing public WLAN hotspot network access | |
| US10546142B2 (en) | Systems and methods for zero-knowledge enterprise collaboration | |
| US10972455B2 (en) | Secure authentication in TLS sessions | |
| US20250310093A1 (en) | Blind secret management and rotation | |
| US11907394B1 (en) | Isolation and authorization for segregated command and query database resource access | |
| US20250322396A1 (en) | Encrypted subnets and secure containers | |
| CN119172434A (zh) | 信息处理方法及装置、设备、存储介质、程序产品 | |
| CN119906549A (zh) | 用于验证身份的方法、电子设备、计算机程序产品 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PA0105 | International application |
St.27 status event code: A-0-1-A10-A15-nap-PA0105 |
|
| A201 | Request for examination | ||
| PA0201 | Request for examination |
St.27 status event code: A-1-2-D10-D11-exm-PA0201 |
|
| PG1501 | Laying open of application |
St.27 status event code: A-1-1-Q10-Q12-nap-PG1501 |
|
| D13-X000 | Search requested |
St.27 status event code: A-1-2-D10-D13-srh-X000 |
|
| D14-X000 | Search report completed |
St.27 status event code: A-1-2-D10-D14-srh-X000 |
|
| E902 | Notification of reason for refusal | ||
| PE0902 | Notice of grounds for rejection |
St.27 status event code: A-1-2-D10-D21-exm-PE0902 |
|
| E13-X000 | Pre-grant limitation requested |
St.27 status event code: A-2-3-E10-E13-lim-X000 |
|
| P11-X000 | Amendment of application requested |
St.27 status event code: A-2-2-P10-P11-nap-X000 |
|
| P13-X000 | Application amended |
St.27 status event code: A-2-2-P10-P13-nap-X000 |
|
| PE0701 | Decision of registration |
St.27 status event code: A-1-2-D10-D22-exm-PE0701 |
|
| PR0701 | Registration of establishment |
St.27 status event code: A-2-4-F10-F11-exm-PR0701 |
|
| PR1002 | Payment of registration fee |
St.27 status event code: A-2-2-U10-U12-oth-PR1002 Fee payment year number: 1 |
|
| PG1601 | Publication of registration |
St.27 status event code: A-4-4-Q10-Q13-nap-PG1601 |