IMPLEMENTATION OF SECURE COMMUNICATIONS IN A SUPPORT SYSTEM
First Claim
1. A computer-implemented method for providing secure communications, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving, by a hypervisor, a set of credentials associated with a guest operating system;
using, by the hypervisor on behalf of the guest operating system, the set of credentials to establish a secure connection to a computing device using a secure protocol, the hypervisor acting as a local endpoint of the secure connection;
receiving, by the hypervisor, one or more outgoing messages from the guest operating system to the computing device;
encrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of credentials, the one or more outgoing messages from the guest operating system to the computing device, the one or more outgoing messages becoming one or more outgoing encrypted messages;
sending, by the hypervisor, the outgoing encrypted messages to the computing device using the secure protocol;
receiving, by the hypervisor, one or more incoming encrypted messages from the computing device;
decrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of credentials, the one or more incoming encrypted messages from the computing device becoming one or more incoming decrypted messages; and
sending the one or more incoming decrypted messages to the guest operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
77 Citations
30 Claims
-
1. A computer-implemented method for providing secure communications, comprising:
-
under the control of one or more computer systems configured with executable instructions, receiving, by a hypervisor, a set of credentials associated with a guest operating system; using, by the hypervisor on behalf of the guest operating system, the set of credentials to establish a secure connection to a computing device using a secure protocol, the hypervisor acting as a local endpoint of the secure connection; receiving, by the hypervisor, one or more outgoing messages from the guest operating system to the computing device; encrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of credentials, the one or more outgoing messages from the guest operating system to the computing device, the one or more outgoing messages becoming one or more outgoing encrypted messages; sending, by the hypervisor, the outgoing encrypted messages to the computing device using the secure protocol; receiving, by the hypervisor, one or more incoming encrypted messages from the computing device; decrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of credentials, the one or more incoming encrypted messages from the computing device becoming one or more incoming decrypted messages; and sending the one or more incoming decrypted messages to the guest operating system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for providing secure communications, comprising:
-
under the control of one or more computer systems configured with executable instructions, receiving, by a support system of a host system, a request for a secure connection with a device to a guest operating system on the host system, the host system having the support system and configured to host at least one guest operating system; receiving, by the support system, a set of credentials associated with the guest operating system; using, by the support system, the set of credentials on behalf of the guest operating system to establish a secure connection with the device, the support system acting as an endpoint of the secure connection in place of the guest operating system; and sending, by the support system over the secure connection, one or more communications between the guest operating system and the device, the support system processing the one or more communications to enable the secure connection. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for enabling a secure connection, comprising:
-
one or more processors; and memory, including instructions executable by the one or more processors to cause the computer system to at least; receive, by a support system having a set of guest systems, a secure communication directed to a guest system from the set of guest systems; select, by the support system, the guest system from the set of guest systems to which the secure communication is directed; and provide, by the host system using a set of credentials that represent an identity of the selected guest operating system, a decrypted message to the selected guest operating system, the decrypted message prepared from the secure communication, the credentials unavailable to the selected guest system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. One or more computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, by a support system, a request for a secure connection with a device to a guest system; retrieve, by the support system, a set of credentials associated with the guest system, the credentials protected from access by the guest system; use, by the support system, the set of credentials on behalf of the guest system to establish a secure connection with the device, the support system acting as an endpoint of the secure connection in place of the guest system; and send, by the support system over the secure connection, one or more communications between the guest system and the device. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification