System and Method for Supporting Secure Subsystems in a Client Hosted Virtualization System

US 20110296157A1
Filed: 05/28/2010
Published: 12/01/2011
Est. Priority Date: 05/28/2010
Status: Active Grant

First Claim

Patent Images

1. A client hosted virtualization system (CHVS) comprising:

an authentication device;

a processor operable to execute code; and

a non-volatile memory including first code to implement a basic input/output system for the CHVS and second code to implement a virtualization manager operable to;

authenticate a first virtual machine image associated with a first virtual machine;

launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image, wherein the first portion of the first virtual machine is operable to initiate a first authentication session with the authentication device;

receive an authentication object from the authentication device in response to the first portion of the first virtual machine initiating the first authentication session;

send the authentication object to the first portion of the first virtual machine; and

launch a second portion of the first virtual machine;

wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An client hosted virtualization system includes an authentication device, a processor and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system authenticates a virtual machine image, launches a portion of the virtual machine that initiates an authentication session with the authentication device, receives an authentication object from the authentication device, sends the authentication object to the portion of the virtual machine, and launches another portion of the virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager.

20 Citations

View as Search Results

20 Claims

1. A client hosted virtualization system (CHVS) comprising:
- an authentication device;
  
  a processor operable to execute code; and
  
  a non-volatile memory including first code to implement a basic input/output system for the CHVS and second code to implement a virtualization manager operable to;
  
  authenticate a first virtual machine image associated with a first virtual machine;
  
  launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image, wherein the first portion of the first virtual machine is operable to initiate a first authentication session with the authentication device;
  
  receive an authentication object from the authentication device in response to the first portion of the first virtual machine initiating the first authentication session;
  
  send the authentication object to the first portion of the first virtual machine; and
  
  launch a second portion of the first virtual machine;
  
  wherein the CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The CHVS of claim 1, further comprising a mass storage device, and wherein the first virtual machine image:
    - is stored on the mass storage device; and
      
      includes an operating system and an application.
  - 3. The CHVS of claim 1, wherein:
    - the authentication device includes a keyboard; and
      
      the authentication object includes a password.
  - 4. The CHVS of claim 1, wherein the authentication device includes a biometric input device.
  - 5. The CHVS of claim 1, further comprising:
    - a secure memory device;
      
      wherein the virtualization manager is further operable to;
      
      store the authentication object in the secure memory device; and
      
      send the authentication object to the first portion of the first virtual machine from the security device.
  - 6. The CHVS of claim 1, wherein the virtualization manager is further operable to:
    - authenticate a second virtual machine image associated with a second virtual machine;
      
      launch a first portion of the second virtual machine on the CHVS based on the second virtual machine image, wherein the first portion of the second virtual machine is operable to initiate a second authentication session with the authentication device;
      
      receive an authentication object from the authentication device in response to the first portion of the first virtual machine initiating the authentication session;
      
      send the authentication object to the first portion of the second virtual machine from the secure memory device; and
      
      launch a second portion of the first virtual machine.
  - 7. The CHVS of claim 6, further comprising:
    - a trusted platform module;
      
      wherein the virtualization manager is further operable to;
      
      receive a first validation request from the first virtual machine;
      
      send the first validation request to the trusted platform module;
      
      receive a validation response from the trusted platform module;
      
      store the validation response in the secure memory device; and
      
      send the validation response to the first virtual machine from the security device.
  - 8. The CHVS of claim 7, wherein:
    - the virtualization manager is further operable to;
      
      receive a second validation request from the second virtual machine; and
      
      send the validation response to the second virtual machine from the security device; and
      
      the first validation request and the second validation request are requests to validate a resource.
  - 9. The CHVS of claim 8, wherein the resource is a hardware resource of the CHVS.
  - 10. The CHVS of claim 8, wherein the resource is a software resource of the CHVS.

11. A method of pre-boot authentication in a client hosted virtualization system (CHVS), comprising:
- storing first code in a non-volatile memory of the CHVS to implement a basic input/output system for the CHVS;
  
  storing second code in the non-volatile memory, the second code being operable to;
  
  initialize the CHVS;
  
  authenticate a first virtual machine image associated with a first virtual machine;
  
  launch a first portion of the first virtual machine on the CHVS based on the first virtual machine image;
  
  initiate from the first portion of the first virtual machine a first authentication session with an authentication device of the CHVS;
  
  receive an authentication object from the authentication device in response to initiating the first authentication session;
  
  send the authentication object to the first portion of the first virtual machine; and
  
  launch a second portion of the first virtual machine;
  
  determining to execute the second code to the exclusion of the first code; and
  
  in response to determining to execute the second code, executing the second code.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the first virtual machine image includes an operating system and an application.
  - 13. The method of claim 11, the second code being further operable to:
    - store the authentication object in a secure memory device of the CHVS;
      
      wherein sending the authentication object to the first portion of the first virtual machine is in response to storing the authentication object in the secure memory device.
  - 14. The method of claim 13, the second code being further operable to:
    - authenticate a second virtual machine image associated with a second virtual machine;
      
      launch a first portion of the second virtual machine on the CHVS based on the second virtual machine image;
      
      initiate from the first portion of the second virtual machine a second authentication session with the authentication device;
      
      send the authentication object to the first portion of the second virtual machine; and
      
      launch a second portion of the second virtual machine.
  - 15. The method of claim 11, wherein:
    - the authentication device includes a keyboard; and
      
      the authentication object includes a password.

16. A method of validating a resource in a client hosted virtualization system (CHVS), comprising:
- storing first code in a non-volatile memory of the CHVS to implement a basic input/output system for the CHVS;
  
  storing second code in the non-volatile memory, the second code being operable to;
  
  initialize the CHVS;
  
  authenticate a first virtual machine image associated with a first virtual machine, wherein the first virtual machine includes an operating system and an application;
  
  launch the first virtual machine on the CHVS based on the first virtual machine image;
  
  receive a first request to validate a resource from the first virtual machine;
  
  send the first request to a trusted platform module of the CHVS;
  
  receive a response from the trusted platform module in response to sending the first request to the trusted platform module; and
  
  send the response to the first virtual machine from the security device;
  
  determining to execute the second code to the exclusion of the first code; and
  
  in response to determining to execute the second code, executing the second code.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, the second code being further operable to:
    - store the response in a secure memory device of the CHVS;
      
      wherein sending the response to the first virtual machine is in response to storing the authentication object in the secure memory device.
  - 18. The method of claim 17, the second code being further operable to:
    - authenticate a second virtual machine image associated with a second virtual machine;
      
      launch the second virtual machine on the CHVS based on the second virtual machine image;
      
      receive a second request to validate the resource from the second virtual machine; and
      
      send the response to the second virtual machine from the security device.
  - 19. The method of claim 18, wherein the resource is a hardware resource of the CHVS.
  - 20. The method of claim 18, wherein the resource is a software resource of the CHVS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Dandekar, Shree, Konetski, David, Stufflebeam, Kenneth W.

Granted Patent

US 8,751,781 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 9/45558   Hypervisor-specific managem...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

System and Method for Supporting Secure Subsystems in a Client Hosted Virtualization System

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Supporting Secure Subsystems in a Client Hosted Virtualization System

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links