WO2019127973A1 - Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage - Google Patents

Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage Download PDF

Info

Publication number
WO2019127973A1
WO2019127973A1 PCT/CN2018/082269 CN2018082269W WO2019127973A1 WO 2019127973 A1 WO2019127973 A1 WO 2019127973A1 CN 2018082269 W CN2018082269 W CN 2018082269W WO 2019127973 A1 WO2019127973 A1 WO 2019127973A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
request
information
token
warehouse
Prior art date
Application number
PCT/CN2018/082269
Other languages
English (en)
Chinese (zh)
Inventor
刘俊杰
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019127973A1 publication Critical patent/WO2019127973A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Definitions

  • the present application relates to the field of Docker technology, and specifically relates to a method, system, device and storage medium for authenticating a mirror warehouse.
  • Docker (Docker Is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish them to any popular Linux On the machine, virtualization can also be implemented.
  • the container technology provided allows several containers to be run on the same host or virtual machine, each container being a separate virtual environment or application.
  • Container from Docker Mirroring which can be generated by the user or by a running container commit. After the image is generated, it can be pushed to the image repository for saving or mirroring. The repository pulls to the local to run the container.
  • Docker provides an official image repository (Docker hub), while allowing users to build their own private image repository (private Registry). For most organizations and organizations, it is necessary to use a private image repository to protect the mirrored content and use of the repository.
  • the access control needs to be refined for images in different mirrored warehouses.
  • a public image that is, access to the official image repository
  • any user can pull (Pull) the image, and only the system administrator can push (Push) the image
  • the user's own namespace Name Mirror under space
  • the authorization verification can pull/push the image, that is, when accessing, it is necessary to judge which mirrors in the warehouse can be pulled according to the identity of the user terminal, or which mirrors can be pushed to which warehouse. Can improve the security of the image.
  • the permission setting of the Docker image server is relatively simple, generally adopting two methods.
  • the first way is to check whether the user authentication information is provided together at the request, and does not verify the true and false; the second way is to configure static
  • the username and password are correct, and the password file needs to be generated in advance.
  • the mirror service can be operated by simple user login.
  • the present application provides a method, system, device and storage medium for authenticating a mirror warehouse, which mainly solves the problem that the existing Docker image access is not secure.
  • a method for authenticating a mirrored warehouse includes the following steps:
  • the proxy server When the access to the Docker image repository is denied by the proxy server, the unauthorized error information returned by the mirrored warehouse is received, wherein the mirrored warehouse is deployed in the cloud management area, and the response header of the unauthorized error information includes the authentication method prompt information;
  • the token server is deployed in the cloud management area
  • the parsing the unauthorized error information, generating a rights authentication request according to the authentication method prompt information, and sending the permission authentication request to the proxy server, and the step of the proxy server sending the rights authentication request to the token server for performing the rights authentication includes:
  • the authority authentication request information is sent to the proxy server, and the proxy server sends the authority authentication request to the token server for authority authentication.
  • the step of generating the rights authentication request information by using the user authentication information and requesting the mirrored content range according to the prompt of the authentication method prompt information includes:
  • the user authentication information is encrypted according to the authentication method prompt information, placed in the request header of the https request, and the requested mirror content range is placed in the request parameter of the https request, and the permission authentication request is generated based on the request header and the request parameter of the https request. information.
  • the proxy server sends the rights authentication request to the token server for the rights authentication, and receives the token returned by the token server in the cloud management area, and Before the step of sending the access request to the mirror warehouse, the rights authentication method further includes:
  • the proxy server performs secure transport layer protocol authentication according to the domain name entered by the client, and receives the data access request of the client after the verification is passed and sends it to the token server of the cloud management area;
  • the token server of the cloud management area parses the authority authentication request information, and verifies the user authentication information
  • the token is generated and returned to the client according to the user authentication information and the requested mirrored content range.
  • the method further includes:
  • the mirror repository receives the token, parses and verifies the token, and returns a mirror to the client when the verification passes.
  • a permission authentication system for a mirrored warehouse comprising a plurality of available zones, each of which is provided with a rights authentication device and a proxy server,
  • the authorization authentication device is configured to access the mirrored warehouse, and when the access mirror warehouse is rejected, receiving the unauthorized error information returned by the mirror warehouse, where the response header of the unauthorized error information includes the authentication method prompt information; And parsing the unauthorized error information, and generating a rights authentication request according to the authentication method prompt information and sending it to the proxy server; and receiving the token returned by the token server; and carrying the token to send the access to the mirror warehouse Request; and receive the image returned by the mirror repository;
  • the proxy server is configured to send a rights authentication request to a token server of the cloud management area.
  • the rights authentication system of the mirrored warehouse further includes a token server disposed in the cloud management zone, the token server is configured to parse the authority authentication request information, and verify user authentication information; and authenticate the user.
  • the token server is configured to parse the authority authentication request information, and verify user authentication information; and authenticate the user.
  • the token server is configured to parse the authority authentication request information, and verify user authentication information; and authenticate the user.
  • determining whether the client can access the requested mirrored content according to the scope of the requested mirrored content and when the client can access the requested mirrored content, generating a token according to the user authentication information and the requested mirrored content range is returned to the client end.
  • the proxy server is further configured to perform a secure transport layer protocol authentication according to the domain name input by the client, and receive the data access request of the client after the verification is passed and send the data access request to the token server of the cloud management area.
  • the number of the token servers is one.
  • the rights authentication system of the mirror warehouse further includes a mirror warehouse disposed in the cloud management area, the image warehouse is configured to receive the token, parse and verify the token, and when the verification passes, to the client Return to the image.
  • a rights authentication device for mirroring a warehouse comprising a processor, a memory, and a rights authentication program stored on the memory and executable by the processor, the rights authentication program being used by the processor When executed, implement the following steps:
  • the proxy server When the access to the Docker image repository is denied by the proxy server, the unauthorized error information returned by the mirrored warehouse is received, wherein the mirrored warehouse is deployed in the cloud management area, and the response header of the unauthorized error information includes the authentication method prompt information;
  • the token server is deployed in the cloud management area
  • a storage medium storing a rights authentication program, the rights authentication program being executed by a processor, implementing the following steps:
  • the proxy server When the access to the Docker image repository is denied by the proxy server, the unauthorized error information returned by the mirrored warehouse is received, wherein the mirrored warehouse is deployed in the cloud management area, and the response header of the unauthorized error information includes the authentication method prompt information;
  • the token server is deployed in the cloud management area
  • the privilege authentication method first receives the unauthorized error information returned by the mirror warehouse when the proxy server accesses the mirror warehouse is rejected, wherein the mirror warehouse Deployed in the cloud management area, the response header of the unauthorized error information includes authentication method prompt information; afterwards, the unauthorized error information is parsed, and the authority authentication request is generated according to the authentication method prompt information and sent to the proxy server,
  • the proxy server sends a rights authentication request to the token server for rights authentication, wherein the proxy server is deployed in the available area, and the token server is deployed in the cloud management area; afterwards, the token returned by the token server in the cloud management area is received, And carrying the token to send an access request to the mirror warehouse; receiving the image returned by the mirror warehouse, that is, completing the private Docker The access operation of the mirrored warehouse.
  • the application improves the security of the image according to the request token issuance authority, and by setting the token server in the cloud management area, it is no longer necessary to set the authentication component in each available area, avoiding each
  • the API of the cloud management area needs to be called to authenticate the user's domain account, which avoids the waste of resources.
  • the proxy server since the maintenance of the proxy server is much less difficult than the authentication component of the self-research, only the need is needed. Maintain a token server in the cloud zone.
  • FIG. 1 is a flowchart of a preferred embodiment of a method for authenticating a mirrored warehouse provided by the present application
  • step S20 is a flowchart of a preferred embodiment of step S20 in the method for authenticating a mirrored warehouse provided by the present application;
  • FIG. 3 is a functional block diagram of a preferred embodiment of a rights authentication system for a mirrored warehouse provided by the present application;
  • FIG. 4 is a functional block diagram of a preferred embodiment of the rights authentication device in the rights authentication system of the mirrored warehouse provided by the present application;
  • FIG. 5 is a functional block diagram of a parsing module of a rights authentication device in a rights authentication system of a mirrored warehouse provided by the present application;
  • FIG. 6 is a functional block diagram of a token processing module of a token server in a rights authentication system of a mirrored warehouse provided by the present application.
  • the present application is directed to the current image permission management requirement, and the authentication program is deployed in the mirror warehouse of the cloud management area, and the token server of the cloud management area is designated by the mirror warehouse to provide authentication services for the user to access the private Docker image warehouse and its image.
  • the mirroring warehouse receives a request for access to the image by a user of an available area, instructs the available area client to send the user information, the accessed mirror information, and the access action to the token of the cloud management area through the proxy server of the available area.
  • the server, the token server determines whether to grant the user the requested access rights based on the user information.
  • FIG. 1 is a flowchart of a preferred embodiment of a method for authenticating a mirrored warehouse provided by the present application. As shown in FIG. 1 , the following steps are performed on the authority authentication method of the mirror warehouse in the preferred embodiment of the present application:
  • the mirrored warehouse is a unique mirrored warehouse set in the cloud management area, and is not a mirrored warehouse of an available area. All the private Docker images are stored in the mirrored warehouse of the cloud management area, and each available area can be mirrored.
  • the warehouse initiates an access request.
  • the client uses the command to log in to the Docker image repository, push the docker image, and pull the docker image, the docker client process sends a request to the mirror repository through the proxy server.
  • the image repository When the image repository identifies the client as the first access, it returns an unauthorized error message to the client, and prompts the client authentication method in the file header of the authorization error message, prompting the client to go to the token server of the cloud management area. Get the token.
  • the client receives the unauthorized error message, first parses the unauthorized error information to obtain the authentication method prompt information, and then requests the token from the token server according to the prompt of the authentication method.
  • FIG. 2 is a flowchart of a preferred embodiment of step S20 in the method for authenticating the mirrored warehouse provided by the present application.
  • the step S20 includes:
  • S22 Generate permission authentication request information by using user authentication information and requesting a mirrored content range according to the prompt of the authentication method prompt information;
  • step S22 when the rights authentication request information is generated, the user authentication information is encrypted by the docker client process according to the authentication method prompt information, placed in the request header of the https request, and the requested mirror content range is placed in the request of the https request.
  • the authority authentication request information is generated based on the request header and the request parameter of the https request.
  • the authentication information includes a user name and a password.
  • the authentication process information of the user is first encrypted by the docker client process according to the prompt returned by the mirroring repository, and then placed in https (Hypertext) Transfer Protocol over Secure Socket Layer, which is a security-oriented HTTP channel, which is simply a secure version of HTTP) AUTHORIZATIONHeader (authorization header) of the request, and the scope of the image content requested by the user is placed in the request parameter of the https request, and sent to the proxy server through the domain name.
  • https Hypertext Transfer Protocol over Secure Socket Layer
  • AUTHORIZATIONHeader authorization header
  • Each of the available areas is deployed with a set of proxy servers, which are Nginx proxy servers.
  • the clients of each available area send the permission authentication request to the token server of the cloud management area through the proxy server set in the area.
  • the domain name, certificate, and key of the proxy server in the Availability Zone are the same, so the consistency of the system is guaranteed.
  • All clients in all available areas in this application have the same mirror service and image authentication service. Only the centralized management area has a set of image libraries and authentication servers. Only the cloud management area needs to deploy mirrored warehouses and token servers. Only need to deploy the proxy server, which saves the deployment cost; the mirrored warehouse only needs one configuration, and the authentication service address in the response header of the first request returning the 401 response is specified as the authentication service domain name of the DNS resolution of each region, and then All areas can be used to make expansion, configuration and maintenance easier; moreover, the token server can be connected to other systems to extend the docking of other user information systems, which provides the possibility of integrating users of other systems.
  • the method for the client to send the permission authentication request to the token server through the proxy server is specifically: the client accesses the proxy server through the domain name, and the proxy server performs the secure transport layer protocol authentication according to the domain name input by the client, and passes the verification.
  • the client accesses the proxy server through the domain name and the proxy server performs the secure transport layer protocol authentication according to the domain name input by the client, and passes the verification.
  • the proxy server After receiving the client's data access request and sending it to the token server of the cloud zone, due to the domain name of the proxy server of each Availability Zone.
  • the certificate and key are the same, so the consistency of the system is guaranteed.
  • the docker client process After the docker client process gets the token, it takes the token to request the same mirror content from the mirror warehouse again. After the token is received by the mirrored warehouse, the token is parsed to determine whether to release or block the user's request.
  • the method further includes:
  • the proxy server performs secure transport layer protocol authentication according to the domain name entered by the client, and receives the data access request of the client after the verification is passed and sends it to the token server of the cloud management area;
  • the token server of the cloud management area parses the authority authentication request information, and verifies the user authentication information
  • the token is generated and returned to the client according to the user authentication information and the requested mirrored content range.
  • the proxy server after the client uploads the rights authentication request information to the proxy server, the proxy server performs the following steps: performing security transport layer protocol authentication according to the domain name input by the client, and receiving the data access request of the client after the verification is passed. Send it to the token server in the cloud zone. The proxy server verifies that when the domain name is entered incorrectly, it returns the domain name error message to the client, prompting the client to re-enter the domain name.
  • the token server of the cloud management area performs the following actions:
  • the client When the user authentication passes, it is determined according to the scope of the requested mirror content whether the client can access the mirrored content of the request.
  • the error token is returned when the user authentication fails, and the client is not authorized to access the mirror repository.
  • the token is generated and returned to the client according to the user authentication information and the requested mirrored content range.
  • the user authentication information is verified, but the client cannot access the specified image content, an error message is generated and returned to the docker client process, indicating that the client does not have permission to access the content of the request.
  • the pull mirror and the push image of the present application further include: the mirror warehouse receives the token, parses and verifies the token, and returns a mirror to the client when the verification passes.
  • the first step the client of the Availability Zone uses docker login, docker push, docker pull
  • the docker client process of the client in the available area issues a request to the mirror warehouse of the cloud management area
  • the mirror warehouse of the cloud management area After receiving the request, the mirror warehouse of the cloud management area returns an unauthorized error message to the client of the requesting available area, where the response header of the unauthorized error information includes a method for prompting the client authentication;
  • the third step the docker client process of the available area encrypts the user's authentication information according to the prompt and puts it in https.
  • the AUTHORIZATION header of the request, and the content range requested by the user is placed in the request parameter and sent to the proxy server of the Availability Zone;
  • the proxy server of the available area performs the secure transport layer protocol authentication according to the domain name input by the client, and receives the data access request of the client after the verification is passed and sends the data access request to the token server of the cloud management area;
  • the token server of the cloud management area parses and verifies the user authentication token and the scope of the request mirror content, and sends the corresponding token to the client of the available area by verifying the corresponding token;
  • Step 6 After obtaining the token, the docker client process of the available area requests the same content to the mirror warehouse of the cloud management area with the token again;
  • the token warehouse of the cloud management area obtains the token
  • the token is parsed and verified, and the docker client process returns the corresponding image when the verification is passed.
  • the present application further provides a rights authentication system for a mirrored warehouse, as shown in FIG. 3, the rights authentication system includes a plurality of available areas, and each of the available areas includes rights authentication.
  • Device 1 and proxy server 2 which can be considered as a Docker client for accessing the mirror repository and receiving unauthorized error information returned by the mirror repository when the access mirror repository is rejected,
  • the response header of the unauthorized error message includes authentication method prompt information; and is used for parsing the unauthorized error information, and generates a rights authentication request according to the authentication method prompt information and sends it to the proxy server; and receiving the token server to return The token; and carrying the token to send an access request to the mirror repository; and receiving the image returned by the mirror repository.
  • the rights authentication device referred to in the present application may be divided into one or more modules, which refers to a series of computer program instruction segments capable of performing a specific function, which is more suitable for describing the authority authentication program of the image warehouse than the program.
  • the execution process in the Docker client The following description divides the rights authentication device into modules to introduce its functions.
  • the authority authentication device 1 includes an access module 11 for accessing a mirror warehouse
  • the receiving module 12 is configured to receive the unauthorized error information returned by the mirror warehouse when the access mirror warehouse is rejected, and the response header of the unauthorized error information includes the authentication method prompt information;
  • the parsing module 13 is configured to parse the unauthorized error information, and generate a rights authentication request according to the authentication method prompt information and send the same to the proxy server;
  • the receiving module 12 is further configured to receive a token returned by the token server;
  • the authority authentication requesting module 14 is configured to carry the token to send an access request to the mirror warehouse;
  • the receiving module 12 is further configured to receive a mirror returned by the mirror warehouse.
  • the proxy server 2 is configured to send a rights authentication request to the token server of the cloud management area.
  • the proxy server is specifically configured to perform security transport layer protocol authentication according to the domain name input by the client, and receive the authentication after the verification is passed.
  • the client's data access request is sent to the token server in the cloud zone.
  • the parsing module 13 includes:
  • the parsing unit 131 is configured to parse the unauthorized error information, and the response header for obtaining the unauthorized error information includes the authentication method prompt information;
  • the request information generating unit 132 is configured to generate the authority authentication request information by using the user authentication information and requesting the mirrored content range according to the prompt of the authentication method prompt information;
  • the sending unit 133 is configured to send the rights authentication request information to the proxy server, and the proxy server sends the rights authentication request to the token server for rights authentication.
  • the request information generating unit 132 is specifically configured to encrypt the user authentication information according to the authentication method prompt information, put it in the request header of the https request, and place the requested mirror content range in the request parameter of the https request, based on the request parameter.
  • the request header and request parameters of the https request generate permission authentication request information.
  • the authority authentication system of the mirror warehouse of the present application further includes a token server 3 disposed in the cloud management area, where the token server is configured to parse the authority authentication request information and verify user authentication information; When the user authentication is passed, it is determined whether the client can access the requested mirrored content according to the requested mirror content range; and when the client can access the mirrored content of the request, the token is generated according to the user authentication information and the requested mirrored content range.
  • the token server referred to in this application can also be divided into one or more modules, which are a series of computer program instructions that are capable of performing a particular function, and are more suitable than the program to describe the execution process. The following description divides the token server into modules to introduce its functions.
  • the token server 3 includes:
  • the verification module 31 is configured to parse the authority authentication request information, and verify user authentication information
  • the determining module 32 is configured to determine, according to the scope of the mirrored content of the request, whether the client can access the mirrored content of the request when the user passes the authentication;
  • the token processing module 33 is configured to: when the client can access the requested mirrored content, generate a token according to the user authentication information and the requested mirrored content range, and return the token to the client.
  • the number of the token servers is one, and the token server is not required to be set in each available area, so that each time the authority authentication is performed, the API of the cloud management area needs to be called to authenticate the user's domain account, thereby avoiding resources. Waste, after using the proxy server, because the maintenance of the Nginx proxy server is much less difficult than the maintenance of the token server, the maintenance cost of the system is reduced, and only one token server of the cloud management area needs to be maintained.
  • the rights authentication system of the mirrored warehouse of the present application further includes a mirrored warehouse 4 for receiving the token, parsing and verifying the token, and returning the image to the client when the verification is passed.
  • the number of mirrored warehouses is only one, so the authentication of the mirror is the same for all clients, maintaining system consistency.
  • the present application improves the security of the image by granting the authority authentication to the third party for verification, according to the request token issuance authority, and by setting the token server in the cloud management area, it is no longer necessary to set the reference in each available area.
  • the right component avoids the need to call the cloud management area API to authenticate the user's domain account every time the authority authentication is performed, thereby avoiding waste of resources.
  • the maintenance of the proxy server is much less difficult than the self-research authentication. Component, so you only need to maintain a token server in the cloud zone.
  • the present application also provides a rights authentication device for a mirrored warehouse, the rights authentication device including a processor, a memory, and a rights authentication program stored on the memory and executable by the processor, the rights authentication program When executed by the processor, the steps of the rights authentication method as described above are implemented.
  • the present application also provides a storage medium storing a rights authentication program, and when the rights authentication program is executed by the processor, implementing the steps of the rights authentication method as described above.
  • a computer program to instruct related hardware (such as a processor, a controller, etc.), and the program can be stored in one.
  • the program when executed, may include the processes of the various method embodiments as described above.
  • the storage medium described therein may be a memory, a magnetic disk, an optical disk, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un procédé et un système d'authentification d'autorité pour un référentiel de miroirs. Le procédé d'authentification d'autorité comprend les étapes suivantes : tout d'abord, lorsque l'accès à un référentiel de miroirs Docker au moyen d'un serveur mandataire est refusé, recevoir des informations d'erreur non autorisées renvoyées par le référentiel de miroirs; puis, analyser les informations d'erreur autorisées, produire une requête d'authentification d'autorité selon des informations d'invite de procédé d'authentification et envoyer celles-ci au serveur mandataire, de sorte que le serveur mandataire envoie la requête d'authentification d'autorité à un serveur de jetons pour une authentification d'autorité; puis, recevoir un jeton renvoyé par le serveur de jetons dans une zone de gestion en nuage et envoyer une requête d'accès portant le jeton au référentiel de miroirs; et recevoir un miroir renvoyé par le référentiel de miroirs, de sorte que l'opération d'accès à un référentiel de miroirs Docker privé soit achevée.
PCT/CN2018/082269 2017-12-29 2018-04-09 Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage WO2019127973A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711476882.9 2017-12-29
CN201711476882.9A CN107948201B (zh) 2017-12-29 2017-12-29 Docker镜像仓库的权限认证方法和系统

Publications (1)

Publication Number Publication Date
WO2019127973A1 true WO2019127973A1 (fr) 2019-07-04

Family

ID=61937912

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/082269 WO2019127973A1 (fr) 2017-12-29 2018-04-09 Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage

Country Status (2)

Country Link
CN (1) CN107948201B (fr)
WO (1) WO2019127973A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110737498A (zh) * 2019-10-16 2020-01-31 黑龙江鑫联华信息股份有限公司 一种基于虚拟容器图形界面的大数据、人工智能在线考试方法及系统
CN111273926A (zh) * 2020-01-14 2020-06-12 一飞智控(天津)科技有限公司 机场客户端远程升级管理方法、系统、存储介质、无人机
CN111291017A (zh) * 2020-03-03 2020-06-16 中国工商银行股份有限公司 镜像仓库的镜像存储、提取方法及装置
CN111538566A (zh) * 2020-04-24 2020-08-14 咪咕文化科技有限公司 镜像文件处理方法、装置、系统、电子设备及存储介质
CN112667998A (zh) * 2020-12-08 2021-04-16 中国科学院信息工程研究所 一种容器镜像仓库的安全访问方法及系统
CN112887352A (zh) * 2019-11-29 2021-06-01 北京神州泰岳软件股份有限公司 一种Docker容器的镜像文件上传方法、装置
CN113110917A (zh) * 2021-04-28 2021-07-13 北京链道科技有限公司 基于Kubernetes的数据发现和安全访问方法
CN116107715A (zh) * 2023-02-02 2023-05-12 北京天云融创软件技术有限公司 一种运行Docker容器任务的方法和任务调度器
WO2023185514A1 (fr) * 2022-03-29 2023-10-05 北京有竹居网络技术有限公司 Procédés et appareils de transmission de message, support de stockage et dispositif électronique
WO2023216084A1 (fr) * 2022-05-09 2023-11-16 北京小米移动软件有限公司 Procédé et dispositif d'authentification, support et puce

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109343934A (zh) * 2018-09-17 2019-02-15 北京北信源信息安全技术有限公司 一种基于容器的私服架构及其搭建和可视化方法
CN109814889B (zh) * 2019-01-30 2022-12-23 北京百度网讯科技有限公司 用于更新源代码库的方法和装置
CN109831435B (zh) * 2019-01-31 2021-06-01 广州银云信息科技有限公司 一种数据库操作方法、系统及代理服务器和存储介质
US11128617B2 (en) * 2019-01-31 2021-09-21 Baidu Usa Llc Token based secure multiparty computing framework using a restricted operating environment
CN110022294A (zh) * 2019-02-27 2019-07-16 广州虎牙信息科技有限公司 一种代理服务器、Docker系统及其权限管理方法、存储介质
CN110929269B (zh) * 2019-10-12 2023-08-15 平安证券股份有限公司 系统权限管理方法、装置、介质及电子设备
CN111209582A (zh) * 2020-01-03 2020-05-29 平安科技(深圳)有限公司 请求认证方法、装置、设备及存储介质
CN112311788A (zh) * 2020-10-28 2021-02-02 北京锐安科技有限公司 一种访问控制方法、装置、服务器及介质
CN114050911B (zh) * 2021-09-27 2023-05-16 度小满科技(北京)有限公司 一种容器远程登录方法及系统
CN114745431B (zh) * 2022-03-18 2023-09-29 上海道客网络科技有限公司 基于边车技术的无侵入式权限认证方法、系统、介质和设备
CN114726513A (zh) * 2022-03-18 2022-07-08 阿里巴巴(中国)有限公司 数据传输方法、设备、介质及产品

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506510A (zh) * 2014-12-15 2015-04-08 百度在线网络技术(北京)有限公司 用于设备认证的方法、装置及认证服务系统
CN105653901A (zh) * 2015-12-29 2016-06-08 深圳市科漫达智能管理科技有限公司 一种组件仓库管理的方法及系统
US20170070504A1 (en) * 2015-09-03 2017-03-09 Vmware, Inc. Access control policy management in a cloud services environment
US20170177877A1 (en) * 2015-12-18 2017-06-22 Amazon Technologies, Inc. Software container registry inspection
CN107239688A (zh) * 2017-06-30 2017-10-10 平安科技(深圳)有限公司 Docker镜像仓库的权限认证方法和系统

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7391865B2 (en) * 1999-09-20 2008-06-24 Security First Corporation Secure data parser method and system
CN102055730B (zh) * 2009-11-02 2013-09-11 华为终端有限公司 云处理系统、云处理方法和云计算代理装置
US9667637B2 (en) * 2014-06-09 2017-05-30 Guardicore Ltd. Network-based detection of authentication failures
CN106657248A (zh) * 2016-11-01 2017-05-10 山东大学 一种基于Docker容器的网络负载均衡系统及其搭建方法、工作方法
CN106790663A (zh) * 2017-01-22 2017-05-31 济南浪潮高新科技投资发展有限公司 基于Docker的网络存储系统的实现方法
CN107105033B (zh) * 2017-04-21 2020-08-18 北京奇安信科技有限公司 云应用访问方法、云代理服务器及云应用访问系统
CN107247793B (zh) * 2017-06-21 2020-03-17 平安科技(深圳)有限公司 Docker镜像仓库的镜像同步方法和镜像同步系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506510A (zh) * 2014-12-15 2015-04-08 百度在线网络技术(北京)有限公司 用于设备认证的方法、装置及认证服务系统
US20170070504A1 (en) * 2015-09-03 2017-03-09 Vmware, Inc. Access control policy management in a cloud services environment
US20170177877A1 (en) * 2015-12-18 2017-06-22 Amazon Technologies, Inc. Software container registry inspection
CN105653901A (zh) * 2015-12-29 2016-06-08 深圳市科漫达智能管理科技有限公司 一种组件仓库管理的方法及系统
CN107239688A (zh) * 2017-06-30 2017-10-10 平安科技(深圳)有限公司 Docker镜像仓库的权限认证方法和系统

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110737498A (zh) * 2019-10-16 2020-01-31 黑龙江鑫联华信息股份有限公司 一种基于虚拟容器图形界面的大数据、人工智能在线考试方法及系统
CN110737498B (zh) * 2019-10-16 2023-03-10 黑龙江鑫联华信息股份有限公司 一种基于虚拟容器图形界面的大数据、人工智能在线考试方法及系统
CN112887352B (zh) * 2019-11-29 2023-04-18 北京神州泰岳软件股份有限公司 一种Docker容器的镜像文件上传方法、装置
CN112887352A (zh) * 2019-11-29 2021-06-01 北京神州泰岳软件股份有限公司 一种Docker容器的镜像文件上传方法、装置
CN111273926A (zh) * 2020-01-14 2020-06-12 一飞智控(天津)科技有限公司 机场客户端远程升级管理方法、系统、存储介质、无人机
CN111291017A (zh) * 2020-03-03 2020-06-16 中国工商银行股份有限公司 镜像仓库的镜像存储、提取方法及装置
CN111291017B (zh) * 2020-03-03 2024-04-05 中国工商银行股份有限公司 镜像仓库的镜像存储、提取方法及装置
CN111538566A (zh) * 2020-04-24 2020-08-14 咪咕文化科技有限公司 镜像文件处理方法、装置、系统、电子设备及存储介质
CN112667998A (zh) * 2020-12-08 2021-04-16 中国科学院信息工程研究所 一种容器镜像仓库的安全访问方法及系统
CN112667998B (zh) * 2020-12-08 2024-03-01 中国科学院信息工程研究所 一种容器镜像仓库的安全访问方法及系统
CN113110917B (zh) * 2021-04-28 2024-03-15 北京链道科技有限公司 基于Kubernetes的数据发现和安全访问方法
CN113110917A (zh) * 2021-04-28 2021-07-13 北京链道科技有限公司 基于Kubernetes的数据发现和安全访问方法
WO2023185514A1 (fr) * 2022-03-29 2023-10-05 北京有竹居网络技术有限公司 Procédés et appareils de transmission de message, support de stockage et dispositif électronique
WO2023216084A1 (fr) * 2022-05-09 2023-11-16 北京小米移动软件有限公司 Procédé et dispositif d'authentification, support et puce
CN116107715A (zh) * 2023-02-02 2023-05-12 北京天云融创软件技术有限公司 一种运行Docker容器任务的方法和任务调度器
CN116107715B (zh) * 2023-02-02 2023-09-26 北京天云融创软件技术有限公司 一种运行Docker容器任务的方法和任务调度器

Also Published As

Publication number Publication date
CN107948201A (zh) 2018-04-20
CN107948201B (zh) 2020-11-13

Similar Documents

Publication Publication Date Title
WO2019127973A1 (fr) Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage
US11641361B2 (en) Dynamic access control to network resources using federated full domain logon
US10116700B2 (en) Installing configuration information on a host
WO2016169410A1 (fr) Procédé et dispositif d'ouverture de session, serveur et système d'ouverture de session
US10356612B2 (en) Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access
WO2014069777A1 (fr) Commande de transit pour des données
US20220114249A1 (en) Systems and methods for secure and fast machine learning inference in a trusted execution environment
WO2021150032A1 (fr) Procédé permettant de fournir un service d'authentification à l'aide d'une identité décentralisée, et serveur utilisant ledit procédé
EP1320009A2 (fr) Procédé et dispositif de stockage sécurisé d'une clé publique
CN109155780A (zh) 基于隧道客户端网络请求的设备认证
JP2023541599A (ja) サービス通信方法、システム、装置及び電子機器
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2014003516A1 (fr) Procédé et appareil de fourniture de partage de données
CN115113970A (zh) 一种基于容器引擎的数据处理方法以及相关设备
US11050560B2 (en) Secure reusable access tokens
US11811917B2 (en) System and method for secure authentication of backup clients using short-term tokens
WO2017016272A1 (fr) Procédé, appareil et système de traitement de données de ressources virtuelles
WO2019205288A1 (fr) Procédé, système, et dispositif d'établissement de connexion, et support de stockage lisible par ordinateur
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2014137063A1 (fr) Procédé de certification utilisant une application, et système et appareil associés
WO2018043832A1 (fr) Procédé d'exploitation d'un navigateur web sécurisé
WO2018143510A1 (fr) Module de sécurité de l'internet des objets
WO2015099287A1 (fr) Procédé pour authentifier un utilisateur par utilisation d'un mot de passe à usage unique, et dispositif correspondant
WO2023113081A1 (fr) Procédé, appareil et support d'enregistrement lisible par ordinateur servant à commander l'exécution d'une charge de travail de conteneur dans un schéma de diffusion en continu d'événements dans un environnement infonuagique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18894800

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/10/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18894800

Country of ref document: EP

Kind code of ref document: A1