US 12,321,472 B2
Method for building a predefined secret value
Milas Fokle Kokou, Gemenos (FR); and Guillaume Huysmans, Gemenos (FR)
Assigned to THALES DIS FRANCE SAS, Meudon (FR)
Appl. No. 17/279,651
Filed by THALES DIS FRANCE SAS, Meudon (FR)
PCT Filed Aug. 22, 2019, PCT No. PCT/EP2019/072520
§ 371(c)(1), (2) Date Mar. 25, 2021,
PCT Pub. No. WO2020/064234, PCT Pub. Date Apr. 2, 2020.
Claims priority of application No. 18306271 (EP), filed on Sep. 27, 2018.
Prior Publication US 2021/0390195 A1, Dec. 16, 2021
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01); G06F 21/78 (2013.01)
CPC G06F 21/6209 (2013.01) [G06F 21/78 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A computer-implemented method for building a predefined secret value,
wherein a system comprises an orchestrator and a node,
wherein the node comprises a first pod and a second pod,
wherein said predefined secret value is allocated to said first pod,
wherein said system includes and controls a first storage area whose access is restricted to pods comprised in the node,
wherein said system includes a second storage area whose access is restricted to said second pod,
wherein the node comprises a third storage area that stores a first secret value allocated to the second pod,
wherein each of said first and second pods comprises one or more containers,
wherein the method comprises the successive steps:
the second pod retrieves both the first secret value from the third storage area and a second secret value stored in the second storage area and computes a third secret value by applying a first function to said first and second secret values,
one of said first and second pods retrieves a fourth secret value stored in the first storage area and computes a fifth secret value by applying a second function to said third and fourth secret values,
said first pod retrieves a sixth secret value stored in said first pod and computes the predefined secret value by applying a third function to said fifth and sixth secret values,
wherein the method comprise the following steps performed during an enrollment phase prior to said successive steps:
identifying the predefined secret value and allocating the predefined secret value to the first pod,
getting the sixth secret value from a configuration file corresponding to the first pod,
computing said fifth secret value from both the predefined secret value and the sixth secret value based on inverse of said third function,
identifying the fourth secret value and computing said third secret value from both the fourth secret value and the fifth secret value based on inverse of said second function,
identifying the first secret value and computing said second secret value from both the first secret value and the third secret value based on inverse of said first function.