Data confidential information protection system based on zero-trust network

Abstract

The invention discloses a data confidential information protection system based on a zero-trust network, and belongs to the technical field of communication. The system comprises a control plane module, a confidential information storage module, a configuration center, a configuration agent, a sidecar main module and an external system, the control plane module is used for adding, deleting, modifying and checking confidential information, verifying authority information of operators, storing configuration information into a configuration center, and sending a configuration updating signal to the configuration center; the confidential information storage module is used for storing confidential information; receiving and storing the configuration updating signal by using the configuration center; calling an update signal and actual configuration from a configuration center by using a configuration agent, applying the configuration, and communicating with a sidecar main module; management and verification of confidential information are realized by using the sidecar main module; an external system is used for receiving micro-service calling, and a checking request is initiated for confidential information content.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a data confidential information protection system based on a zero-trust network. Background technique [0002] In a zero-trust network, some sensitive information of microservices, especially passwords, secret keys, and tokens used to authenticate external systems, are usually stored in configuration files or environment variables. On the one hand, these locations are insecure and easy to be obtained by attackers, and information is usually circulated between systems in plain text. Insecurity in any link may cause leakage, making protection difficult. On the other hand, ordinary development or operation and maintenance personnel can access it, so it is easy to maliciously delete the database and other phenomena. Some solutions have realized this problem and started to store these sensitive information in confidential storage components, but this information also requires ...

AI Technical Summary

Problems solved by technology

On the one hand, these locations are insecure and easy to be obtained by attackers, and information is usually circulated between systems in plain text. Any insecurity in any link may cause leakage, and the protection is difficult

On the other hand, ordinary development or operation and maintenance personnel can access it, which is prone to malicious deletion of databases and other phenomena.

Some solutions have realized this problem and started to store these sensitive information in confidential storage components, but this information also requires a very effective management system to manage which services/personnel can view which information

Moreover, when the service connects to this information, it usually needs to import the corresponding SDK for different confidential storage components for development, which will lead to the addi

Images