System and Method for Supporting Secure Subsystems in a Client Hosted Virtualization System
First Claim
1. A client hosted virtualization system (CHVS) comprising:
- an authentication device;
a processor operable to execute code; and
a non-volatile memory including first code to implement a basic input/output system for the CHVS and second code to implement a virtualization manager operable to;
authenticate a first virtual machine image associated with a first virtual machine;
launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image, wherein the first portion of the first virtual machine is operable to initiate a first authentication session with the authentication device;
receive an authentication object from the authentication device in response to the first portion of the first virtual machine initiating the first authentication session;
send the authentication object to the first portion of the first virtual machine; and
launch a second portion of the first virtual machine;
wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.
14 Assignments
0 Petitions
Accused Products
Abstract
An client hosted virtualization system includes an authentication device, a processor and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system authenticates a virtual machine image, launches a portion of the virtual machine that initiates an authentication session with the authentication device, receives an authentication object from the authentication device, sends the authentication object to the portion of the virtual machine, and launches another portion of the virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager.
20 Citations
20 Claims
-
1. A client hosted virtualization system (CHVS) comprising:
-
an authentication device; a processor operable to execute code; and a non-volatile memory including first code to implement a basic input/output system for the CHVS and second code to implement a virtualization manager operable to; authenticate a first virtual machine image associated with a first virtual machine; launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image, wherein the first portion of the first virtual machine is operable to initiate a first authentication session with the authentication device; receive an authentication object from the authentication device in response to the first portion of the first virtual machine initiating the first authentication session; send the authentication object to the first portion of the first virtual machine; and launch a second portion of the first virtual machine; wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of pre-boot authentication in a client hosted virtualization system (CHVS), comprising:
-
storing first code in a non-volatile memory of the CHVS to implement a basic input/output system for the CHVS; storing second code in the non-volatile memory, the second code being operable to; initialize the CHVS; authenticate a first virtual machine image associated with a first virtual machine; launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image; initiate from the first portion of the first virtual machine a first authentication session with an authentication device of the CHVS; receive an authentication object from the authentication device in response to initiating the first authentication session; send the authentication object to the first portion of the first virtual machine; and launch a second portion of the first virtual machine; determining to execute the second code to the exclusion of the first code; and in response to determining to execute the second code, executing the second code. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of validating a resource in a client hosted virtualization system (CHVS), comprising:
-
storing first code in a non-volatile memory of the CHVS to implement a basic input/output system for the CHVS; storing second code in the non-volatile memory, the second code being operable to; initialize the CHVS; authenticate a first virtual machine image associated with a first virtual machine, wherein the first virtual machine includes an operating system and an application; launch the first virtual machine on the CHVS based on the first virtual machine image; receive a first request to validate a resource from the first virtual machine; send the first request to a trusted platform module of the CHVS; receive a response from the trusted platform module in response to sending the first request to the trusted platform module; and send the response to the first virtual machine from the security device; determining to execute the second code to the exclusion of the first code; and in response to determining to execute the second code, executing the second code. - View Dependent Claims (17, 18, 19, 20)
-
Specification