Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

User data security protection method in Kubernetes environment

A user data and security protection technology, applied in the field of data security, can solve problems such as inability to guarantee call requests, inability to verify the real identity of users, and inability to verify whether scheduling requests come from trusted users, etc., to achieve the effect of ensuring security and improving security

Active Publication Date: 2021-01-08
航天科工网络信息发展有限公司
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the Master node, Kubernetes cannot verify whether the scheduling request comes from a trusted user
[0007] 3) Although the authentication mechanism for data transfer between components is provided in "Authentication Mechanisms to Ensure Kubernetes Security", the certificate cannot guarantee that the call request is issued by the user himself
For example, the computer is used by others and a request is sent to the server. At this time, the server cannot verify the real identity of the user.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User data security protection method in Kubernetes environment
  • User data security protection method in Kubernetes environment
  • User data security protection method in Kubernetes environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0021] figure 1 Shown is the system block diagram of the present invention, as figure 1 As shown, the present invention introduces Ukey to authenticate user requests, and securely manages the data stored in Kubernetes etcd through the public-private key system, so as to ensure the security of data transmission and access, and realize "one account, one secret" under the Kubernetes environment. ” user access mechanism.

[0022] Kubernetes is divided into two parts, the Master cluster control node and the Node node, and the Kubernetes security component of the present invention is defined as follows:

[0023] 1) etcd: saves the state of the entire cluster and is responsible for storing the encrypted information of the c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a user data security protection method in a Kubernetes environment. The user data security protection method comprises encryption storage and access decryption. The encryptionstorage is implemented by the steps of: arranging and splicing non-empty fields in a test.yaml file into a character string according to a lexicographical order, and storing the character string intoa stringA in the test.yaml file; after a client receives the test.yaml file sent by a KubernetesAPISserver, decrypting a sign field in the file by using a private key, using an SHA1 signature algorithm to encrypt a stingA field by the client, comparing a decrypted abstract sign_d with a sign_2 obtained after the stingA is encrypted by the client, and ensuring that the fields are not tampered after comparison abstract results are the same; and encrypting the fields in the test.yaml by using a public key. The access decryption is implemented by the steps of: receiving an encrypted file by meansof the KubernetesAPISserver, and sending a request to an etcd; after the Kubernetes APIServer receives the information, sending the encrypted yaml configuration file to the client; receiving a test.yaml file sent by the APIServer by the client; decrypting, by means of the client, the data by using the private key; sending the decrypted file to the KubernetesAPISserver through an https protocol; receiving the data of the client by the KubernetesAPISserver; decrypting an abstract of the field sign; andensuring that the field is not tampered after confirming that abstract text results are the same.

Description

technical field [0001] The invention relates to data security technology, in particular to a user data security protection method in a Kubernetes environment. Background technique [0002] Enterprises, governments, and individuals generate all kinds of data every day. Data storage has also become a growing concern for us. With the development of the big data era, various information leakage incidents have caused more and more attention to security issues. In order to ensure data security, it is necessary to do a good job in the safe storage and management of data. [0003] Kubernetes (k8s) is a management platform for automatic deployment, expansion, and operation and maintenance of container clusters. It provides a mechanism for application deployment, planning, updating, and maintenance. Kubernetes deploys applications through containers. Each container is independent of each other and has its own file system. It has the characteristics of fast deployment and low resou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/32H04L29/08
CPCH04L63/0428H04L63/0442H04L9/3247H04L9/3234H04L63/083H04L63/0853H04L67/10Y02D30/50
Inventor 黄亚杰马俊杰瞿秋薏苏帅苏玉娇姜瀚刘韡
Owner 航天科工网络信息发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com