Optimizing docker image encryption—kubernetes using shamir secrets to enforce multiple constraints in container runtime environment

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Kfir Wolfson · Beer Sheva, IL
• Jehuda Shemer · Kfar Sava, IL
• Stav Sapir · Beer Sheva, IL
• Naor Radami · Beer Sheva, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45587
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

One example method includes using a primary key to encrypt a decryption key, splitting the primary key into ‘n’ parts, where at least ‘k’ parts of the ‘n’ parts are required to restore the primary key, and ‘k’≤‘n’, storing some of the ‘k’ parts in respective locations in a production environment, and one of the stored ‘k’ parts is held by a verifier stage, receiving, at the verifier stage, a request for restoration of the primary key, where the request is received from a deployment pod and the request includes a subset of the ‘k’ parts and the encrypted decryption key, performing, by the verifier stage, a validation process concerning the deployment pod, and restoring, by the verifier stage, the primary key, wherein the primary key is restored using the ‘k’ part held by the verifier stage.