SECURE COMMUNICATION USING A TRUSTED VIRTUAL MACHINE

US 20140053245A1
Filed: 08/20/2012
Published: 02/20/2014
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A client computer system comprising at least a processor configured to operate:

an untrusted virtual machine including a set of drivers for controlling a first set of hardware devices of the client computer system, the first set of hardware devices comprising a network interface, the set of drivers including a network interface driver for the network interface; and

a hypervisor configured to control a second set of hardware devices of the client computer system, the second set comprising a shared device selected from a group consisting of an output device and an input device, wherein the hypervisor is further configured to;

in response to the untrusted virtual machine receiving a user request to connect to a remote server system, launch a trusted virtual machine distinct from the untrusted virtual machine, wherein launching the trusted virtual machine comprises;

employing the hypervisor to determine the authenticity of an image of the trusted virtual machine; and

when the image of the trusted virtual machine is authentic, employing the hypervisor to load the image into a memory of the client computer system;

in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine, wherein the data unit is encrypted by the trusted virtual machine; and

send the data unit to the network interface driver of the untrusted virtual machine for transmission to the remote server system through the network interface;

and wherein the hypervisor is further configured to employ time-division multiplexing to alternate granting exclusive use of the shared device to the trusted virtual machine with granting exclusive use of the shared device to the untrusted virtual machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client system, such as a computer or a smartphone, securely exchanges sensitive information with a remote service provider computer system such as a bank or an online retailer. The client system executes a commercially available operating system in an untrusted virtual machine (VM), which may be affected by malware. A hypervisor is configured to launch a trusted, malware-free VM from an authenticated image stored on computer-readable media used by the untrusted VM. The trusted VM executes a thin operating system with minimal functionality, to manage a secure communication channel with the remote server system, wherein sensitive communication is encrypted. Data from the trusted VM is forwarded via the hypervisor to a network interface driver of the untrusted VM for transmission to the remote service provider. The service provider may perform a remote attestation of the client system to determine whether it operates a trusted VM.

Citations

19 Claims

1. A client computer system comprising at least a processor configured to operate:
- an untrusted virtual machine including a set of drivers for controlling a first set of hardware devices of the client computer system, the first set of hardware devices comprising a network interface, the set of drivers including a network interface driver for the network interface; and
  
  a hypervisor configured to control a second set of hardware devices of the client computer system, the second set comprising a shared device selected from a group consisting of an output device and an input device, wherein the hypervisor is further configured to;
  
  in response to the untrusted virtual machine receiving a user request to connect to a remote server system, launch a trusted virtual machine distinct from the untrusted virtual machine, wherein launching the trusted virtual machine comprises;
  
  employing the hypervisor to determine the authenticity of an image of the trusted virtual machine; and
  
  when the image of the trusted virtual machine is authentic, employing the hypervisor to load the image into a memory of the client computer system;
  
  in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine, wherein the data unit is encrypted by the trusted virtual machine; and
  
  send the data unit to the network interface driver of the untrusted virtual machine for transmission to the remote server system through the network interface;
  
  and wherein the hypervisor is further configured to employ time-division multiplexing to alternate granting exclusive use of the shared device to the trusted virtual machine with granting exclusive use of the shared device to the untrusted virtual machine.
- View Dependent Claims (2, 3)
- - 2. The client computer system of claim 1, wherein the image of the trusted virtual machine is stored on computer-readable media used by the untrusted virtual machine.
  - 3. The client computer system of claim 1, wherein determining the authenticity of the image of the trusted virtual machine comprises:
    - calculating a hash of the image of the trusted virtual machine; and
      
      when the hash matches a reference hash stored in a protected storage module of the client computer system, determining that the image is authentic, wherein the untrusted virtual machine does not have permission to modify a content of the protected storage module.

4. A server computer system comprising at least a processor and configured to receive a data unit from a client computer system, wherein the client computer system is configured to operate:
- an untrusted virtual machine including a set of drivers for controlling a first set of hardware devices of the client computer system, the first set of hardware devices comprising a network interface, the set of drivers including a network interface driver for the network interface; and
  
  a hypervisor configured to control a second set of hardware devices of the client computer system, the second set comprising a shared device selected from a group consisting of an input device and an output device, wherein the hypervisor is further configured to;
  
  in response to the untrusted virtual machine receiving a user request to connect to a remote server system, launch a trusted virtual machine distinct from the untrusted virtual machine, wherein launching the trusted virtual machine comprises;
  
  employing the hypervisor to determine the authenticity of an image of the trusted virtual machine; and
  
  when the image of the trusted virtual machine is authentic, employing the hypervisor to load the image into a memory of the client computer system;
  
  in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine, wherein the data unit is encrypted by the trusted virtual machine; and
  
  send the data unit to the network interface driver of the untrusted virtual machine for transmission to the server computer system through the network interface;
  
  and wherein the hypervisor is further configured to employ time-division multiplexing to alternate granting exclusive use of the shared device to the trusted virtual machine with granting exclusive use of the shared device to the untrusted virtual machine.
- View Dependent Claims (5, 6, 7)
- - 5. The server computer system of claim 4, wherein the image of the trusted virtual machine is stored on computer-readable media used by the untrusted virtual machine.
  - 6. The server computer system of claim 4, wherein performing the integrity check comprises:
    - calculating a hash of the image of the trusted virtual machine; and
      
      when the hash matches a reference hash stored in a protected storage module of the client computer system, determining that the image is authentic, wherein the untrusted virtual machine does not have permission to modify a content of the protected storage module.
  - 7. The server computer system of claim 4, further configured to:
    - perform an attestation of the trusted virtual machine according to the data unit; and
      
      when the attestation is successful, grant the client computer system access to a protected resource of the server computer system.

8. A client computer system comprising at least a processor configured to operate a hypervisor, the hypervisor further configured to:
- in response to a user request to connect to a remote server system, launch a trusted virtual machine on the client computer system, the trusted virtual machine loaded from a computer-readable medium used by an untrusted virtual machine executing on the client computer system;
  
  in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine; and
  
  send the data unit to a network interface driver of the untrusted virtual machine for transmission to the remote server system.
- View Dependent Claims (9, 10, 11)
- - 9. The client computer system of claim 8, wherein the trusted virtual machine is further configured to encrypt the data packet.
  - 10. The client computer system of claim 8, wherein launching the trusted virtual machine comprises:
    - calculating a hash of an image of the trusted virtual machine; and
      
      when the hash matches a reference hash stored in a protected storage module of the client computer system, load the image into a memory of the client computer system, wherein the untrusted virtual machine does not have permission to modify a content of the protected storage module.
  - 11. The client computer system of claim 8, further comprising a shared hardware device selected from a group consisting of an input device and an output device, and wherein the hypervisor is further configured to employ time-division multiplexing to alternate granting exclusive use of the shared device to the trusted virtual machine with granting exclusive use of the shared device to the untrusted virtual machine.

12. A server computer system comprising at least a processor and configured to receive a data unit from a client computer system, wherein the client computer system is configured to operate a hypervisor, the hypervisor further configured to:
- in response to a user request to connect to the server computer system, launch a trusted virtual machine on the client computer system, the trusted virtual machine loaded from a computer-readable medium used by an untrusted virtual machine executing on the client computer system;
  
  in response to launching the trusted virtual machine, receive the data unit from the trusted virtual machine; and
  
  send the data unit to a network interface driver of the untrusted virtual machine for transmission to the server computer system.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The server computer system of claim 12, wherein the trusted virtual machine is further configured to encrypt the data unit.
  - 14. The server computer system of claim 12, wherein launching the trusted virtual machine comprises:
    - calculating a hash of an image of the trusted virtual machine; and
      
      when the hash matches a reference hash stored at a protected storage module of the client computer system, load the image file into a memory of the client computer system, wherein the untrusted virtual machine does not have permission to modify a content of the protected storage module.
  - 15. The server computer system of claim 12, wherein the client computer system further comprises a shared hardware device selected from a group consisting of an input device and an output device, and wherein the hypervisor is further configured to employ time-division multiplexing to alternate granting exclusive use of the shared device to the trusted virtual machine with granting exclusive use of the shared device to the untrusted virtual machine.
  - 16. The server computer system of claim 12, further configured to:
    - perform an attestation of the trusted virtual machine according to the data unit; and
      
      when the attestation is successful, grant the client computer system access to a protected resource of the server computer system.

17. A method comprising employing a hypervisor executing on a client computer system, the client computer system including at least a processor, to:
- in response to a user request to connect to a server computer system, launch a trusted virtual machine on the client computer system, the trusted virtual machine loaded from a computer-readable medium used by an untrusted virtual machine executing on the client computer system;
  
  in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine; and
  
  send the data unit to a network interface driver of the untrusted virtual machine, for transmission to the server computer system.

18. A method comprising:
- employing a server computer system comprising at least a processor to receive a data unit from a client computer system, wherein the client computer system is configured to operate a hypervisor configured to;
  
  in response to a user request to connect to the server computer system, launch a trusted virtual machine on the client computer system, the trusted virtual machine loaded from a computer-readable medium used by an untrusted virtual machine executing on the client computer system;
  
  in response to launching the trusted virtual machine, receive the data unit from the trusted virtual machine; and
  
  in response to receiving the data unit, send the data unit to a network interface driver of the untrusted virtual machine for transmission to the server computer system;
  
  employing the server computer system to perform an attestation of the trusted virtual machine according to the data unit; and
  
  when the attestation is successful, employing the server computer system to grant the client computer system access to a protected resource of the server computer system.

19. A non-transitory computer-readable medium storing instructions which, when executed, cause a client computer system comprising at least a processor to form a hypervisor, the hypervisor further configured to:
- in response to a user request to connect to a remote server computer system, launch a trusted virtual machine on the client computer system, the trusted virtual machine loaded from a computer-readable medium used by an untrusted virtual machine executing on the client computer system;
  
  in response to launching the trusted virtual machine, receive a data unit from the trusted virtual machine; and
  
  send the data unit to a network interface driver of the untrusted virtual machine for transmission to the remote server computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bitdefender IPR Management Limited (Bitdefender LLC)
Original Assignee
Dan H. Lutas, Raul V. Tosa, Sandor Lukacs
Inventors
TOSA, Raul V., LUKACS, Sandor, LUTAS, Dan H.

Granted Patent

US 8,656,482 B1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/60   Protecting data

G06F 21/606   by securing the transmissio...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/08   for authentication of entit...

SECURE COMMUNICATION USING A TRUSTED VIRTUAL MACHINE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE COMMUNICATION USING A TRUSTED VIRTUAL MACHINE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links