System and Method for Secure Client Hosted Virtualization in an Information Handling System

US 20110296156A1
Filed: 05/28/2010
Published: 12/01/2011
Est. Priority Date: 05/28/2010
Status: Active Grant

First Claim

Patent Images

1. A client hosted virtualization system (CHVS) comprising:

a processor operable to execute code; and

a non-volatile memory including first code to implement a basic input/output system for the CHVS, and second code to implement a virtualization manager operable to;

initialize the CHVS;

authenticate a first virtual machine image associated with a first virtual machine; and

launch the first virtual machine on the CHVS based on the first virtual machine image;

wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client hosted virtualization system (CHVS) includes a processor and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the CHVS, authenticates a virtual machine image and launches the virtual machine based on the image. The CHVS is configurable to execute the BIOS or the virtualization manager. A client system update network includes a client update system and a CHVS with a processor, a security processor, and non-volatile memory with BIOS code and virtualization manager code that initializes the CHVS, authenticates a virtual machine image and launches a virtual machine based on the image. The CHVS is configurable to execute the BIOS or the virtualization manager. The client update system receives updates and sends them to the CHVS. The CHVS authenticates the updates with the security processor, and overwrites the non-volatile memory with the updates.

Citations

20 Claims

1. A client hosted virtualization system (CHVS) comprising:
- a processor operable to execute code; and
  
  a non-volatile memory including first code to implement a basic input/output system for the CHVS, and second code to implement a virtualization manager operable to;
  
  initialize the CHVS;
  
  authenticate a first virtual machine image associated with a first virtual machine; and
  
  launch the first virtual machine on the CHVS based on the first virtual machine image;
  
  wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The CHVS of claim 1, further comprising a mass storage device, and wherein the first virtual machine image:
    - is stored on the mass storage device; and
      
      includes an operating system and an application.
  - 3. The CHVS of claim 1, wherein the virtualization manager is further operable to:
    - authenticate a second virtual machine image associated with a second virtual machine; and
      
      launch the second virtual machine on the CHVS based on the second virtual machine image.
  - 4. The CHVS of claim 1, wherein:
    - the BIOS is operable to launch a virtual machine hypervisor; and
      
      the virtual machine hypervisor is operable to launch the first virtual machine on the CHVS based on the first virtual machine image.
  - 5. The CHVS of claim 4, further comprising:
    - a switch operable to maintain a first state or a second state; and
      
      wherein the non-volatile memory includes third code operable to;
      
      determine if the switch is maintaining the first state or the second state;
      
      direct the processor to execute the first code in response to the switch being determined to be in the first state; and
      
      direct the processor to execute the second code in response to the switch being determined to be in the second state.
  - 6. The CHVS of claim 5, wherein:
    - the switch is initially in the first state, and is subsequently placed into the second state; and
      
      after being placed into the second state, the switch is permanently in the second state.
  - 7. The CHVS of claim 1, further comprising:
    - a trusted platform module;
      
      wherein the non-volatile memory includes third code to implement an update manager operable to;
      
      receive fourth code;
      
      determine with the trusted platform module that the fourth code was received from an authenticated source; and
      
      over write the non-volatile memory such that the second code is replaced with the fourth code.
  - 8. The CHVS of claim 7, wherein:
    - the fourth code is encrypted using a public key infrastructure encryption; and
      
      the third code is further operable to direct the trusted platform module to decrypt the fourth code before over writing the non-volatile memory.

9. A client system update network comprising:
- a client hosted virtualization system (CHVS) having;
  
  a processor operable to execute code;
  
  a security processor; and
  
  a non-volatile memory including;
  
  first code to implement a basic input/output system for the CHVS; and
  
  second code to implement a virtualization manager operable to initialize the CHVS, authenticate a virtual machine image associated with a first virtual machine, and launch the virtual machine on the CHVS based on the virtual machine image;
  
  wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code; and
  
  a client update system coupled to the network interface and operable to;
  
  receive third code including an update to the second code;
  
  encode the third code; and
  
  send the third code to the CHVS;
  
  wherein the CHVS is operable to;
  
  receive the third code;
  
  decode and authenticate the third code with the security processor; and
  
  in response to determining that the third code is authentic, overwrite the non-volatile memory such that the second code is replaced with the third code.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The client system update network of claim 9, wherein the CHVS further comprises a mass storage device operable to store the first virtual machine image, and wherein the first virtual machine image includes an operating system and an application.
  - 11. The client system update network of claim 9, wherein:
    - the second code includes a device driver for a particular device of the CHVS; and
      
      the third code includes an updated device driver for the particular device.
  - 12. The client system update network of claim 9, wherein:
    - the client update system is further operable to determine that the third code is newer than the second code; and
      
      sending the third code to the CHVS is in response to determining that the third code is newer than the second code.
  - 13. The client system update network of claim 9, wherein the CHVS is further operable to:
    - determine that the third code is newer than the second code; and
      
      request the client update system to send the third code to the CHVS;
      
      wherein sending the third code to the CHVS is in response to receiving the request.

14. A method of providing a client hosted virtualization system (CHVS), comprising:
- storing first code in a non-volatile memory of the CHVS to implement a basic input/output system for the CHVS;
  
  storing second code in the non-volatile memory, the second code being operable to;
  
  initialize the CHVS;
  
  authenticate a first virtual machine image associated with a first virtual machine;
  
  launch the first virtual machine on the CHVS based on the first virtual machine image;
  
  authenticate a second virtual machine image associated with a second virtual machine; and
  
  launch the second virtual machine on the CHVS based on the second virtual machine image;
  
  determining to execute the second code to the exclusion of the first code; and
  
  in response to determining to execute the second code, executing the second code.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the first virtual machine image includes a first operating system and a first application, and the second virtual machine image includes a second operating system and a second application.
  - 16. The method of claim 14, the second code being further operable to:
    - receive a first transaction from the first virtual machine;
      
      provide the first transaction to an encryption engine; and
      
      direct the encryption engine to encrypt the first transaction.
  - 17. The method of claim 16, the second code being further operable to:
    - receive a second transaction targeted to the first virtual machine, wherein the second transaction is encrypted;
      
      provide the second transaction to the encryption engine;
      
      direct the encryption engine to decrypt the second transaction; and
      
      provide the decrypted second transaction to the first virtual machine.
  - 18. The method of claim 14, wherein:
    - determining to execute the second code to the exclusion of the first code comprises determining that a switch of the CHVS is maintained in a particular state; and
      
      executing the second code is in response to determining that the switch is maintained in the particular state.
  - 19. The method of claim 18, wherein:
    - the switch is initially in a first state, and is subsequently placed into a second state; and
      
      after being placed into the second state, the switch is permanently in the second state.
  - 20. The method of claim 14, further comprising:
    - storing third code in a non-volatile memory of the CHVS, the third code being operable to;
      
      receive fourth code;
      
      determine that the fourth code was received from an authenticated source; and
      
      over write the non-volatile memory such that the second code is replaced with the fourth code; and
      
      executing the third code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Molsberry, Frank H., Dandekar, Shree, Huber, Gary D., Lo, Yuan-Chang, Srivastava, Neeraj

Granted Patent

US 8,719,557 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 9/45533   Hypervisors; Virtual machin...

System and Method for Secure Client Hosted Virtualization in an Information Handling System

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Secure Client Hosted Virtualization in an Information Handling System

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links