Key protection method and device

A technology of key protection and key vault, applied in the field of key protection methods and devices, can solve the problems of stealing user keys, threats to user data and business integrity, and easy leakage of keys, and achieves a solution to reducing security threats. Effect

Active Publication Date: 2018-08-21
HUAWEI TECH CO LTD
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, a malicious administrator of a cloud service provider may steal the keys used by user applications through management tools or management domains, and malicious virtual machines may also use technical means to attack other virtual machines on the same physical server to steal keys used by user applications
In addition, hackers may also exploit security holes in VMM and OS to invade cloud servers and steal keys used by user applications.
[0005] It can be seen that under the current cloud service architecture, the user's private key is easily leaked to the privileged software running on the cloud server, which seriously threatens the integrity of the user's data and business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key protection method and device
  • Key protection method and device
  • Key protection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0179] In order to make the purpose, technical solution and advantages of the application clearer, the application will be further described in detail below in conjunction with the accompanying drawings. Apparently, the described embodiments are only some of the embodiments of the application, not all of them.

[0180] The network architecture and business scenarios described in the embodiments of the present invention are to more clearly illustrate the technical solutions of the embodiments of the present invention, and do not constitute limitations on the technical solutions provided by the embodiments of the present invention. Those of ordinary skill in the art know that With the evolution of the network architecture and the emergence of new service scenarios, the technical solutions provided by the embodiments of the present invention are also applicable to similar technical problems.

[0181] figure 1 It is a schematic diagram of the architecture of a cloud service involv...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application discloses a key protection method and device, and belongs to the technical field of network security. In the application, user equipment sends a key identifier of at least one user keyto a server, so that a user application running on the server can transmit an operation parameter set including a corresponding key identifier to an execution node in a secure execution space when anoperation using the user key is initiated. The secure execution space is configured to be capable of preventing external access to a privilege-level code, so that an internal execution node can acquire the user key in a key library through the key identifier when the privilege-level code is invisible so as to perform the abovementioned operation using the user key and return an execution result.The user key and a key operation process are packaged within the secure execution space, so that the security threat to the user key caused by privileged software in a cloud server can be lowered.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a key protection method and device. Background technique [0002] Virtualization technology is one of the key technologies in the field of cloud computing, which can virtualize the physical resources of a physical computer into multiple virtual machines (Virtual Machine, VM), such as a virtualization platform of a virtual machine monitor (Virtual Machine Monitor, VMM). The physical resources are provided to each virtual machine in the form of a virtual resource pool, and different operating systems (Operating System, OS) are run on different virtual machines to be allocated to multiple users, and the physical resources of the physical computer are shared among the virtual machines . [0003] In the cloud service scenario, cloud service providers can provide cloud service services to a large number of users and allocate virtual machines to users. During the us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/12G06F21/62
CPCH04L63/06H04L63/20G06F21/12G06F21/62H04L9/40
Inventor 翟征德申宇
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap