COMPUTATIONAL ASSET IDENTIFICATION WITHOUT PREDETERMINED IDENTIFIERS
First Claim
1. A system for communicating with a plurality of virtual machines (VMs) in a computing system, the system comprising:
- a plurality of host computing devices executing a plurality of VMs; and
a management device coupled in communication with the host computing devices and configured to;
negotiate an expected transaction nonce with a first VM of the plurality of VMs, wherein the first VM is enrolled by the management device and associated with a first VM authenticator value;
receive a transaction request from a sender VM of the plurality of VMs, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce, wherein the first VM authenticator value and the transaction nonce are used to authenticate the sender VM;
when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender VM based on the received transaction request; and
when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce, enroll the sender VM as a second VM, wherein the second VM is associated with a second VM authenticator value different from the first VM authenticator value.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender'"'"'s knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce. When such knowledge is disproven, the manager treats the computational asset as a duplicate of the one that was originally associated with the computational asset authenticator value.
-
Citations
23 Claims
-
1. A system for communicating with a plurality of virtual machines (VMs) in a computing system, the system comprising:
-
a plurality of host computing devices executing a plurality of VMs; and a management device coupled in communication with the host computing devices and configured to; negotiate an expected transaction nonce with a first VM of the plurality of VMs, wherein the first VM is enrolled by the management device and associated with a first VM authenticator value; receive a transaction request from a sender VM of the plurality of VMs, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce, wherein the first VM authenticator value and the transaction nonce are used to authenticate the sender VM; when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender VM based on the received transaction request; and when the transaction nonce associated with the transaction request is not equal to the expected transaction nonce, enroll the sender VM as a second VM, wherein the second VM is associated with a second VM authenticator value different from the first VM authenticator value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, by a computing device executing a receiver software application, a transaction request from a sender software application, wherein the transaction request is associated with an authenticator value and a transaction nonce that are used to authenticate the sender software application; determining by the computing device a first expected transaction nonce that is associated with the authenticator value; and when the transaction nonce associated with the transaction request is equal to the first expected transaction nonce, transmitting by the computing device a transaction result to the sender software application based on the received transaction request; and when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, associating the sender software application with a second expected transaction nonce. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable storage media having computer-executable components comprising:
-
an enrollment component that when executed causes at least one processor to; transmit an enrollment invitation from a manager software application to a first computational asset of a plurality of computational assets, wherein the enrollment invitation includes a manager authenticator value associated with the manager software application; and enroll the first computational asset based on receiving an enrollment request from the first computational asset, wherein the first computational asset is associated with a computational asset authenticator value; and a transaction component that when executed causes at least one processor to; determine an expected transaction nonce associated with the first computational asset; receive a transaction request from a sender computational asset, wherein the transaction request is associated with the computational asset authenticator value and a transaction nonce; and when the transaction nonce associated with the transaction request is equal to the expected transaction nonce, transmit a transaction result to the sender computational asset based on the received transaction request. - View Dependent Claims (18, 19, 20, 21)
-
-
22. One or more computer-readable storage media having computer-executable components comprising:
-
an enrollment component that when executed causes at least one processor to; transmit an enrollment invitation from a manager software application to a computational asset, wherein the enrollment invitation includes a manager authenticator value associated with the manager software application; and enroll the computational asset based on receiving an enrollment request from the computational asset, wherein the computational asset is associated with a computational asset authenticator value; and a transaction component that when executed causes at least one processor to; determine an expected transaction nonce associated with the computational asset; transmit a transaction request from the manager software application to the computational asset, wherein the transaction request is associated with the manager authenticator value and the expected transaction nonce; and receive a transaction result from the computational asset when the computational asset determines that the transaction nonce associated with the transaction request is equal to an expected transaction nonce associated with the manager software application at the computational asset. - View Dependent Claims (23)
-
Specification