TECHNIQUES FOR IDENTITY AUTHENTICATION OF VIRTUALIZED MACHINES

US 20100023996A1
Filed: 07/23/2008
Published: 01/28/2010
Est. Priority Date: 07/23/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method for authenticating a virtual machine (VM), comprising:

receiving a request by the VM to install on a machine;

acquiring from the machine identity information that is specific to the machine in order to create an identify for the machine; and

authenticating the VM and the identity and then executing policy before authorizing the request and permitting the VM to install on the machine.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for identity authentication of Virtual Machines (VM'"'"'s) are provided. A VM is authenticated and once authenticated, each device interfaced to or accessible to the VM is also authenticated. When both the VM and each device are authenticated, the VM is granted access to a machine for installation thereon.

86 Citations

View as Search Results

25 Claims

1. A machine-implemented method for authenticating a virtual machine (VM), comprising:
- receiving a request by the VM to install on a machine;
  
  acquiring from the machine identity information that is specific to the machine in order to create an identify for the machine; and
  
  authenticating the VM and the identity and then executing policy before authorizing the request and permitting the VM to install on the machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - identifying one or more other devices associated with the machine;
      
      acquiring other identifying information specific to the one or more other devices to create other identifies of the other devices; and
      
      using the other identities when authenticating the VM for installation on the machine.
  - 3. The method of claim 2, wherein identifying further includes recognizing at least one device as one of the following:
    - a network card, a hard drive, a universal serial bus device, a network attached device, a peripheral device, a network mapping, a file system mount, and any device that can execute on or interface to a computer.
  - 4. The method of claim 2, wherein acquiring further includes gathering for at least one device a pattern of different information for that device, which is that device'"'"'s other identifying information.
  - 5. The method of claim 1 further comprising, denying the request if either the VM or the identity of the machine fail to authenticate.
  - 6. The method of claim 1 further comprising, granting access to virtual drivers to satisfy the request and provide a mechanism for the VM to install on the machine.
  - 7. The method of claim 1, wherein receiving further includes recognizing the machine as one of the following:
    - a computer, a handheld device, a phone, and an intelligent appliance.

8. A method, comprising:
- identifying a virtual machine (VM) operating system (OS) attempting to install within a VM;
  
  requesting that the VM OS be authenticated by an identity service;
  
  authenticating an identity of the VM OS and each device interfaced to the VM; and
  
  granting the VM OS access to one or more VM drivers that permit the VM OS to install within the VM when the VM OS, the identity of the VM OS, and each device has been authenticated.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein requesting further includes consulting a remote identity service over a network as the identity service.
  - 10. The method of claim 8, wherein requesting further includes consulting a local identity service that is local to a machine processing the VM as the identity service.
  - 11. The method of claim 8, wherein requesting further includes providing credentials for the VM OS to the identity service to perform the authentication of the VM OS.
  - 12. The method of claim 8, wherein authenticating further includes gathering identification patterns for each device and using the identification patterns to further request that the identity service assist in authenticating each device.
  - 13. The method of claim 8, wherein authenticating further includes recognizing at least one device as a physical device interfaced to the VM and recognizing at least one device as a logical device interfaced and installed on the VM.
  - 14. The method of claim 8 further comprising, detecting a new device attempting to connect or install in the VM OS after the VM OS has installed on the VM and in response thereto attempting to authenticate the new device before permitting the new device to connect or install in the VM OS.

15. A machine-implemented system, comprising:
- an identity service implemented in a machine-accessible and computer-readable storage medium and to process on a machine of a network; and
  
  a Virtual Machine (VM) server implemented in a machine-accessible and computer-readable storage medium and to process on the machine or an entirely different machine of the network;
  
  wherein the VM server identifies an attempt by a VM operating system (OS) to install on a VM and consults the identity service to authenticate the VM OS and each device interfaced to the VM and when the VM OS and each device are successfully authenticated by the identity service the VM server gives the VM OS access to VM drivers that permit the VM OS to install on the VM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the identity service is remotely located over the network from the VM server.
  - 17. The system of claim 15, wherein VM server provides one or more certificates to the VM OS once successfully authenticated for subsequent validation and authentication of the VM OS to other resources of the network.
  - 18. The system of claim 15, wherein the VM server identifies the attempt by the VM making a request to the VM server to authenticate the VM OS for installation.
  - 19. The system of claim 15, wherein each device is authenticated by dynamically acquiring identifying information associated with each device during the authentication.
  - 20. The system of claim 19, wherein the identifying information includes producing identifying patterns from the identifying information to uniquely identify each device for the authentication.

21. A machine-implemented system, comprising:
- an authentication service implemented in a machine-accessible and computer-readable storage medium and to process on a machine of a network; and
  
  a VM implemented in a machine-accessible and computer-readable storage medium and to process on the machine or a different machine of the network;
  
  wherein the VM detects when a VM operating system (OS) attempts to install within the VM, and wherein the VM consults the authentication service to authenticate the VM OS and supply a unique VM OS identity, and wherein the VM interrogates each device associated with the VM for unique identifying information and authenticates each device in response to its unique identifying information, and the VM provides the VM OS access to VM drivers that permit the VM OS to install within the VM when the VM OS is successfully authenticated and when each device is successfully authenticated.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The system of claim 21, wherein at least one device is a logical device installed on the VM.
  - 23. The system of claim 21, wherein at least one device is a physical device connected or interfaced to the VM.
  - 24. The system of claim 21, wherein VM interacts with a VM server that consults the authentication service on behalf of the VM.
  - 25. The system of claim 21, wherein the VM authenticates itself to the authentication service before consulting with the authentication service to authenticate the VM OS and provide the unique VM OS identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Brown, Jeremy Ray, Sabin, Jason Allen, Burch, Lloyd Leon

Granted Patent

US 8,561,137 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 2209/80   Wireless network architectu...

H04L 9/32   including means for verifyi...

TECHNIQUES FOR IDENTITY AUTHENTICATION OF VIRTUALIZED MACHINES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR IDENTITY AUTHENTICATION OF VIRTUALIZED MACHINES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links