Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data confidential information protection system based on zero-trust network

An information protection and confidentiality technology, applied in the field of communications, can solve the problems of illegal client theft, high protection difficulty, malicious deletion of databases, etc., to prevent interception or forgery, ensure data security, and increase information security.

Active Publication Date: 2022-05-10
南京智人云信息技术有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the one hand, these locations are insecure and easy to be obtained by attackers, and information is usually circulated between systems in plain text. Any insecurity in any link may cause leakage, and the protection is difficult
On the other hand, ordinary development or operation and maintenance personnel can access it, which is prone to malicious deletion of databases and other phenomena.
Some solutions have realized this problem and started to store these sensitive information in confidential storage components, but this information also requires a very effective management system to manage which services / personnel can view which information
Moreover, when the service connects to this information, it usually needs to import the corresponding SDK for different confidential storage components for development, which will lead to the addition of a large number of template codes that are not related to the actual business logic in the project.
Existing solutions are difficult to fine-grained quasi-real-time control of these information and permissions. When the configuration of data and permissions is changed, the service cannot effectively and timely obtain the changed data or apply the changed permissions.
[0003] On this basis, there are still some security risks in some scenarios. One is that zero trust protection is not added to the communication loop, which may lead to man-in-the-middle attacks or illegal clients stealing confidential information. The other is that the service There will still be confidential information in the memory, and the operator or maintenance party of the service may still be able to intercept the actual content of the confidential information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data confidential information protection system based on zero-trust network
  • Data confidential information protection system based on zero-trust network
  • Data confidential information protection system based on zero-trust network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0091] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0092] see Figure 1-Figure 4 , in this example:

[0093] The construction scenario is the password and other information protection scenarios when the service accesses the external mysql system, and mainly describes the case where the mysql access information is used as confidential information for protection.

[0094] MySQL is used as a persistent data storage facility for services, and its security determines the security of the entire service. In real li...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a data confidential information protection system based on a zero-trust network, and belongs to the technical field of communication. The system comprises a control plane module, a confidential information storage module, a configuration center, a configuration agent, a sidecar main module and an external system, the control plane module is used for adding, deleting, modifying and checking confidential information, verifying authority information of operators, storing configuration information into a configuration center, and sending a configuration updating signal to the configuration center; the confidential information storage module is used for storing confidential information; receiving and storing the configuration updating signal by using the configuration center; calling an update signal and actual configuration from a configuration center by using a configuration agent, applying the configuration, and communicating with a sidecar main module; management and verification of confidential information are realized by using the sidecar main module; an external system is used for receiving micro-service calling, and a checking request is initiated for confidential information content.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a data confidential information protection system based on a zero-trust network. Background technique [0002] In a zero-trust network, some sensitive information of microservices, especially passwords, secret keys, and tokens used to authenticate external systems, are usually stored in configuration files or environment variables. On the one hand, these locations are insecure and easy to be obtained by attackers, and information is usually circulated between systems in plain text. Insecurity in any link may cause leakage, making protection difficult. On the other hand, ordinary development or operation and maintenance personnel can access it, so it is easy to maliciously delete the database and other phenomena. Some solutions have realized this problem and started to store these sensitive information in confidential storage components, but this information also requires ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40H04L41/22H04L41/28H04L69/163G06F21/62G06F21/60G06F16/2455
CPCH04L63/0428H04L69/163H04L63/0884H04L41/22H04L41/28G06F21/602G06F16/24552G06F21/6245
Inventor 李彪张超徐建平
Owner 南京智人云信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com