COMPUTATIONAL ASSET IDENTIFICATION WITHOUT PREDETERMINED IDENTIFIERS

US 20130125114A1
Filed: 11/11/2011
Published: 05/16/2013
Est. Priority Date: 11/11/2011
Status: Active Grant

First Claim

Patent Images

1. A system for communicating with a plurality of virtual machines (VMs) in a computing system, the system comprising:

a plurality of host computing devices executing a plurality of VMs; and

a management device coupled in communication with the host computing devices and configured to;

negotiate an expected transaction nonce with a first VM of the plurality of VMs, wherein the first VM is enrolled by the management device and associated with a first VM authenticator value;

receive a transaction request from a sender VM of the plurality of VMs, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce, wherein the first VM authenticator value and the transaction nonce are used to authenticate the sender VM;

when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender VM based on the received transaction request; and

when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce, enroll the sender VM as a second VM, wherein the second VM is associated with a second VM authenticator value different from the first VM authenticator value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender'"'"'s knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce. When such knowledge is disproven, the manager treats the computational asset as a duplicate of the one that was originally associated with the computational asset authenticator value.

Citations

23 Claims

1. A system for communicating with a plurality of virtual machines (VMs) in a computing system, the system comprising:
- a plurality of host computing devices executing a plurality of VMs; and
  
  a management device coupled in communication with the host computing devices and configured to;
  
  negotiate an expected transaction nonce with a first VM of the plurality of VMs, wherein the first VM is enrolled by the management device and associated with a first VM authenticator value;
  
  receive a transaction request from a sender VM of the plurality of VMs, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce, wherein the first VM authenticator value and the transaction nonce are used to authenticate the sender VM;
  
  when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender VM based on the received transaction request; and
  
  when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce, enroll the sender VM as a second VM, wherein the second VM is associated with a second VM authenticator value different from the first VM authenticator value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the management device is configured to enroll the sender VM at least in part by:
    - transmitting an enrollment invitation to the sender VM, wherein the enrollment invitation includes a manager authenticator value associated with the management device; and
      
      receiving an enrollment request from the sender VM, wherein the enrollment request includes the second VM authenticator value that is associated with the sender VM.
  - 3. The system of claim 1, wherein the negotiated transaction nonce is a first negotiated transaction nonce, and the management device is further configured to negotiate a second transaction nonce with the sender VM.
  - 4. The system of claim 3, wherein the transaction request is a first transaction request received from a first sender VM, and the management device is further configured to:
    - receive a second transaction request from a second sender VM of the plurality of VMs, wherein the second transaction request is associated with the second VM authenticator value and a transaction nonce;
      
      when the transaction nonce associated with the second transaction request is equal to the previously negotiated second expected transaction nonce, transmit a transaction result to the second VM based on the second transaction request; and
      
      when the transaction nonce associated with the second transaction request is not equal to the previously negotiated second expected transaction nonce, enroll the sender VM as a third VM, wherein the third VM is associated with a third VM authenticator value.
  - 5. The system of claim 1, wherein the management device is further configured to:
    - generate a random value; and
      
      negotiate the transaction nonce with the first VM based on the generated random value.
  - 6. The system of claim 5, wherein the management device is further configured to negotiate the transaction nonce with the first VM based further on the first VM authenticator value.
  - 7. The system of claim 5, wherein the management device is further configured to negotiate the transaction nonce with the first VM based further on a manager authenticator value associated with the management device.
  - 8. The system of claim 1, wherein the sender VM is authenticated, and the management device is further configured to negotiate a second expected transaction nonce with the sender VM based on the first expected transaction nonce.

9. A method comprising:
- receiving, by a computing device executing a receiver software application, a transaction request from a sender software application, wherein the transaction request is associated with an authenticator value and a transaction nonce that are used to authenticate the sender software application;
  
  determining by the computing device a first expected transaction nonce that is associated with the authenticator value; and
  
  when the transaction nonce associated with the transaction request is equal to the first expected transaction nonce, transmitting by the computing device a transaction result to the sender software application based on the received transaction request; and
  
  when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, associating the sender software application with a second expected transaction nonce.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the sender software application is a manager software application and the receiver software application is a computational asset managed by the manager software application, the method further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce:
    - generating by the computing device a computational asset authenticator value; and
      
      transmitting by the computing device an enrollment request to the manager software application, wherein the enrollment request is associated with the generated computational asset authenticator value.
  - 11. The method of claim 9, wherein the receiver software application is a manager software application, the sender software application is a computational asset managed by the manager software application, and the computational asset value is a first computational asset value, the method further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, enrolling by the manager software application the computational asset, wherein the computational asset is associated with a second computational asset authenticator value different from the first computational asset authenticator value.
  - 12. The method of claim 11, further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, determining by the computing device a second expected transaction nonce associated with the first computational asset authenticator value.
  - 13. The method of claim 11, wherein the transaction request includes a sequence number, the method further comprising:
    - associating with the authenticator value an expected sequence number; and
      
      validating the transaction request at least in part by determining whether the sequence number of the transaction request is equal to the expected sequence number.
  - 14. The method of claim 9, wherein determining the expected transaction nonce comprises negotiating a transaction nonce based on a first authenticator value associated with the receiver software application and a second authenticator value associated with the sender software application.
  - 15. The method of claim 9, wherein determining the first expected transaction nonce comprises negotiating a transaction nonce between the receiver software application and the sender software application based on a random value generated by the receiver software application.
  - 16. The method of claim 9, wherein determining the first expected transaction nonce comprises negotiating a transaction nonce between the receiver software application and the sender software application based on a random value generated by the sender software application.

17. One or more computer-readable storage media having computer-executable components comprising:
- an enrollment component that when executed causes at least one processor to;
  
  transmit an enrollment invitation from a manager software application to a first computational asset of a plurality of computational assets, wherein the enrollment invitation includes a manager authenticator value associated with the manager software application; and
  
  enroll the first computational asset based on receiving an enrollment request from the first computational asset, wherein the first computational asset is associated with a computational asset authenticator value; and
  
  a transaction component that when executed causes at least one processor to;
  
  determine an expected transaction nonce associated with the first computational asset;
  
  receive a transaction request from a sender computational asset, wherein the transaction request is associated with the computational asset authenticator value and a transaction nonce; and
  
  when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender computational asset based on the received transaction request.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer-readable storage media of claim 17, wherein when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce, the enrollment component causes at least one processor to transmit an enrollment invitation to the sender computational asset.
  - 19. The computer-readable storage media of claim 17, wherein the transaction component causes at least one processor to determine the expected transaction nonce at least in part by negotiating a transaction nonce with the first computational asset based on the computational asset authenticator value and the manager authenticator value.
  - 20. The computer-readable storage media of claim 19, wherein the transaction component causes at least one processor to negotiate the transaction nonce with the first computational asset based further on a first random value generated by the transaction component and a second random value generated by the first computational asset.
  - 21. The computer-readable storage media of claim 17, wherein the expected transaction nonce is a first expected transaction nonce, and the transaction component further causes at least one processor to determine a second expected transaction nonce associated with the first computational asset when the received transaction nonce is equal to the expected transaction nonce.

22. One or more computer-readable storage media having computer-executable components comprising:
- an enrollment component that when executed causes at least one processor to;
  
  transmit an enrollment invitation from a manager software application to a computational asset, wherein the enrollment invitation includes a manager authenticator value associated with the manager software application; and
  
  enroll the computational asset based on receiving an enrollment request from the computational asset, wherein the computational asset is associated with a computational asset authenticator value; and
  
  a transaction component that when executed causes at least one processor to;
  
  determine an expected transaction nonce associated with the computational asset;
  
  transmit a transaction request from the manager software application to the computational asset, wherein the transaction request is associated with the manager authenticator value and the expected transaction nonce; and
  
  receive a transaction result from the computational asset when the computational asset determines that the transaction nonce associated with the transaction request is equal to an expected transaction nonce associated with the manager software application at the computational asset.
- View Dependent Claims (23)
- - 23. The computer-readable storage media of claim 22, wherein the computational asset value is a first computational asset value, and the enrollment component further causes at least one processor to:
    - enroll the computational asset based on receiving an enrollment request from the computational asset when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce associated with the manager software application at the computational asset,wherein the computational asset is associated with a second computational asset authenticator value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
FRASCADORE, Gregory

Granted Patent

US 9,098,318 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 9/455   Emulation; Interpretation; ...

H04L 41/0816   the condition being an adap...

H04L 41/40   using virtualisation of net...

COMPUTATIONAL ASSET IDENTIFICATION WITHOUT PREDETERMINED IDENTIFIERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTATIONAL ASSET IDENTIFICATION WITHOUT PREDETERMINED IDENTIFIERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links