COMPUTER SYSTEM AND VIRTUAL COMPUTER MANAGEMENT METHOD

US 20140230024A1
Filed: 02/12/2014
Published: 08/14/2014
Est. Priority Date: 02/13/2013
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

a plurality of computers each including;

a processor;

a memory coupled to the processor; and

a network interface coupled to the processor;

a virtual computer system including a computer resource allocated to at least one virtual computer; and

a verification system for verifying integrity relating to the at least one virtual computer,the virtual computer system including;

a plurality of servers for providing the computer resource to the at least one virtual computer;

a management computer for managing a plurality of virtual computers that operate on each of the plurality of servers; and

an image data storage part for storing image data for generating a virtual computer for executing an application,the verification system including a verification server for verifying the integrity relating to the virtual computer for executing the application,the virtual computer system having;

image data management information in which the image data and a security strength required on a boot of the virtual computer for executing the application generated based on the image data are associated with each other; and

server management information in which the server and a security strength set for the server are associated with each other,the virtual computer system including;

a deployment request reception part for receiving, from a user using the virtual computer system, a deployment request including identification information on target image data for generating the virtual computer for executing the application;

a server search part for searching for the server, for which a security strength equal to or larger than the security strength associated with the target image data is set, based on the image data management information and the server management information;

a deployment instruction part for instructing the retrieved server to deploy the target image data; and

a virtual computer management part for generating the virtual computer for executing the application on the retrieved server by using the target image data, and transmitting a first integrity report, which is obtained on the boot of the virtual computer for executing the application and used to verify the integrity relating to the virtual computer for executing the application, to the verification server, wherein;

the virtual computer management part receives a result of a verification process with respect to the first integrity report transmitted from the verification server; and

the deployment request reception part outputs a deployment result for the target image data based on the received result of the verification process with respect to the first integrity report.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system, comprising: a virtual computer system and a verification system, the virtual computer system including: a deployment request reception part for receiving a deployment request; a server search part for searching for a server, for which a security strength equal to or larger than the security strength associated with target image data is set; a deployment instruction part for instructing the retrieved server to deploy the target image data; and a virtual computer management part for generating a virtual computer for executing an application on the retrieved server by using the target image data, and transmitting a integrity report, which is obtained on the boot of the virtual computer for executing the application and used to verify the integrity relating to the virtual computer for executing the application, to a verification server.

Citations

14 Claims

1. A computer system, comprising:
- a plurality of computers each including;
  
  a processor;
  
  a memory coupled to the processor; and
  
  a network interface coupled to the processor;
  
  a virtual computer system including a computer resource allocated to at least one virtual computer; and
  
  a verification system for verifying integrity relating to the at least one virtual computer,the virtual computer system including;
  
  a plurality of servers for providing the computer resource to the at least one virtual computer;
  
  a management computer for managing a plurality of virtual computers that operate on each of the plurality of servers; and
  
  an image data storage part for storing image data for generating a virtual computer for executing an application,the verification system including a verification server for verifying the integrity relating to the virtual computer for executing the application,the virtual computer system having;
  
  image data management information in which the image data and a security strength required on a boot of the virtual computer for executing the application generated based on the image data are associated with each other; and
  
  server management information in which the server and a security strength set for the server are associated with each other,the virtual computer system including;
  
  a deployment request reception part for receiving, from a user using the virtual computer system, a deployment request including identification information on target image data for generating the virtual computer for executing the application;
  
  a server search part for searching for the server, for which a security strength equal to or larger than the security strength associated with the target image data is set, based on the image data management information and the server management information;
  
  a deployment instruction part for instructing the retrieved server to deploy the target image data; and
  
  a virtual computer management part for generating the virtual computer for executing the application on the retrieved server by using the target image data, and transmitting a first integrity report, which is obtained on the boot of the virtual computer for executing the application and used to verify the integrity relating to the virtual computer for executing the application, to the verification server, wherein;
  
  the virtual computer management part receives a result of a verification process with respect to the first integrity report transmitted from the verification server; and
  
  the deployment request reception part outputs a deployment result for the target image data based on the received result of the verification process with respect to the first integrity report.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system according to claim 1, further comprising an application providing system for distributing the image data stored in the image data storage part, wherein:
    - the application providing system includes;
      
      an authentication server for verifying the integrity of the application executed on the virtual computer for executing the application generated based on the image data, and monitoring a usage status of the application; and
      
      a license data storage part for storing information indicating the usage status of the application;
      
      the virtual computer management part transmits the first integrity report to the authentication server; and
      
      the authentication server is configured to;
      
      transfer the received first integrity report to the verification server;
      
      update the information stored in the license data storage part based on the received first integrity report and the result of the verification process with respect to the first integrity report received from the verification server; and
      
      transfer the received result of the verification process with respect to the first integrity report to the virtual computer management part.
  - 3. The computer system according to claim 2, wherein:
    - the application providing system has a secret key and a public key;
      
      the image data associated with the public key is registered in the image data storage part;
      
      the virtual computer management part is configured to;
      
      encrypt the first integrity report by using the public key; and
      
      transmit the encrypted first integrity report to the authentication server; and
      
      the authentication server is configured to;
      
      determine whether the encrypted first integrity report can be decoded by using the secret key; and
      
      transfer the decoded first integrity report to the verification server, in a case where it is determined that the encrypted first integrity report can be decoded by using the secret key.
  - 4. The computer system according to claim 2, wherein:
    - the image data includes;
      
      a first piece of image data for generating a virtual computer for execution for executing the application; and
      
      ,a second piece of image data for generating a virtual computer for authentication for performing communications for verifying the integrity of the application executed on the virtual computer for execution;
      
      the image data storage part stores software including at least one first piece of image data and at least one second piece of image data;
      
      the identification information on the target image data included in the deployment request is identification information on the software;
      
      the server search part is configured to;
      
      search for a first server for which a security strength equal to or larger than the security strength associated with the first piece of image data included in the software designated by the user is set; and
      
      search for a second server for which a security strength equal to or larger than the security strength associated with the second piece of image data included in the software designated by the user is set;
      
      the deployment instruction part is configured to;
      
      instruct the retrieved first server to deploy the first piece of image data included in the software designated by the user; and
      
      instruct the retrieved second server to deploy the second piece of image data included in the software designated by the user;
      
      the virtual computer for execution generated based on the first piece of image data transmits a second integrity report including information indicating an execution status of the application to the virtual computer for authentication generated based on the second piece of image data every first period; and
      
      the virtual computer for authentication generated based on the second piece of image data is configured to;
      
      transmit a third integrity report including a plurality of the second integrity reports to the authentication server every second period that is longer than the first period; and
      
      return the second integrity report based on a verification result with respect to the third integrity report received from the authentication server.
  - 5. The computer system according to claim 2, wherein:
    - the image data management information further includes information relating to the computer resource necessary for the virtual computer for executing the application generated by using the image data, which is associated with the image data and the security strength each other;
      
      the plurality of servers include a third server has a TPM; and
      
      the server search part is configured to;
      
      refer to the server management information to search for the third server, in a case where the security strength associated with the target image data is a value indicating that a boot process for the virtual computer for executing the application using the TPM is necessary;
      
      calculate a computer resource amount that can be allocated to the third server;
      
      determine that can be allocated whether the virtual computer for executing the application can be generated on the retrieved third server by using the target image data, based on the image data management information and the calculated computer resource amount; and
      
      output deployment information for generating the virtual computer for executing the application by using the target image data, in a case where it is determined that the virtual computer for executing the application can be generated on the retrieved third server by using the target image data.
  - 6. The computer system according to claim 5, wherein:
    - the virtual computer management part generates a virtual computer for a virtual TPM for emulating the TPM on the retrieved third server;
      
      the virtual computer for the virtual TPM generates the virtual TPM allocated to the virtual computer for executing the application generated by using the target image data;
      
      the virtual computer management part generates the virtual computer for executing the application based on the target image data, the generated virtual TPM, and the computer resource of the retrieved third server; and
      
      the virtual computer for executing the application starts executing the application based on the result of the verification process with respect to the first integrity report.
  - 7. The computer system according to claim 6, wherein:
    - the retrieved third server writes a value indicating a status of a program executed in the boot process for the virtual computer for executing the application using the image data to the virtual TPM;
      
      the virtual computer for the virtual TPM writes the value written to the virtual TPM to the TPM; and
      
      the virtual computer management part transmits the first integrity report including the value written to the TPM.

8. A virtual computer management method performed in a computer system including a plurality of computers,the plurality of computers each including:
- a processor;
  
  a memory coupled to the processor; and
  
  a network interface coupled to the processor;
  
  the computer system including;
  
  a virtual computer system including a computer resource allocated to at least one virtual computer; and
  
  a verification system for verifying integrity relating to the at least one virtual computer,the virtual computer system including;
  
  a plurality of servers for providing the computer resource to the at least one virtual computer;
  
  a management computer for managing a plurality of virtual computers that operates on each of the plurality of servers; and
  
  an image data storage part for storing image data for generating a virtual computer for executing an application,the verification system including;
  
  a verification server for verifying the integrity of the virtual computer for executing the application; and
  
  a data-for-verification storage part for storing information used to verify the integrity of the virtual computer for executing the application,the virtual computer system having;
  
  image data management information in which the image data and a security strength required on a boot of the virtual computer for executing the application generated based on the image data are associated with each other; and
  
  server management information in which the server and a security strength set for the server are associated with each other,the virtual computer management method including;
  
  a first step of receiving, by the management computer, from a user using the virtual computer system, a deployment request including identification information on target image data for generating the virtual computer for executing the application;
  
  a second step of searching, by the management computer, for the server, for which a security strength equal to or larger than the security strength associated with the target image data is set, based on the image data management information and the server management information;
  
  a third step of instructing, by the management computer, the retrieved server to deploy the target image data;
  
  a fourth step of generating, by the server instructed to deploy the target image data, the virtual computer for executing the application by using the target image data, and transmitting a first integrity report, which is obtained on the boot of the virtual computer for executing the application and used to verify the integrity relating to the virtual computer for executing the application, to the verification server;
  
  a fifth step of receiving, by the server instructed to deploy the target image data, a result of a verification process with respect to the first integrity report transmitted from the verification server;
  
  a sixth step of transmitting, by the server instructed to deploy the target image data, the received result of the verification process with respect to the first integrity report to the management computer; and
  
  a seventh step of outputting, by the management computer, a deployment result for the target image data to the user based on the received result of the verification process with respect to the first integrity report.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The virtual computer management method according to claim 8, wherein:
    - the computer system further includes an application providing system for distributing the image data stored in the image data storage part;
      
      the application providing system includes;
      
      an authentication server for verifying the integrity of an application executed on the virtual computer for executing the application generated based on the image data, and monitoring a usage status of the application; and
      
      a license data storage part for storing information indicating the usage status of the application; and
      
      the fourth step includes;
      
      an eighth step of transmitting, by the server instructed to deploy the target image data, the first integrity report to the authentication server;
      
      a ninth step of transferring, by the authentication server, the received first integrity report to the verification server;
      
      a tenth step of updating, by the authentication server, the information stored in the license data storage part based on the received first integrity report and the result of the verification process with respect to the first integrity report received from the verification server; and
      
      an eleventh step of transferring, by the authentication server, the received result of the verification process with respect to the first integrity report to the server instructed to deploy the target image data.
  - 10. The virtual computer management method according to claim 9, wherein:
    - the application providing system has a secret key and a public key;
      
      the image data associated with the public key is registered in the image data storage part;
      
      the eighth step includes;
      
      encrypting, by the server instructed to deploy the target image data, the first integrity report by using the public key; and
      
      transmitting, by the server instructed to deploy the target image data, the encrypted first integrity report to the authentication server; and
      
      the ninth step includes;
      
      determining, by the authentication server, whether the encrypted first integrity report can be decoded by using the secret key; and
      
      transferring, by the authentication server, the decoded first integrity report to the verification server, in a case where it is determined that the encrypted first integrity report can be decoded by using the secret key.
  - 11. The virtual computer management method according to claim 9, wherein:
    - the image data includes;
      
      a first piece of image data for generating a virtual computer for execution for executing the application; and
      
      a second piece of image data for generating a virtual computer for authentication for performing communications for verifying the integrity of the application executed on the virtual computer for execution;
      
      the image data storage part stores software including at least one first piece of image data and at least one second piece of image data;
      
      the first step includes receiving the deployment request including identification information on the software;
      
      the second step includes;
      
      searching, by the management computer, for a first server for which a security strength equal to or larger than the security strength associated with the first piece of image data included in the software designated by the user is set; and
      
      searching, by the management computer, for a second server for which a security strength equal to or larger than the security strength associated with the second piece of image data included in the software designated by the user is set;
      
      the third step includes;
      
      instructing, by the management computer, the retrieved first server to deploy the first piece of image data included in the software designated by the user; and
      
      instructing, by the management computer, the retrieved second server to deploy the second piece of image data included in the software designated by the user; and
      
      the virtual computer management method further includes;
      
      transmitting, by the virtual computer for execution generated based on the first piece of image data, a second integrity report including information indicating an execution status of the application to the virtual computer for authentication generated based on the second piece of image data every first period;
      
      transmitting, by the virtual computer for authentication generated based on the second piece of image data, a third integrity report including a plurality of the second integrity reports to the authentication server every second period that is longer than the first period; and
      
      returning, by the virtual computer for authentication generated based on the second piece of image data, the second integrity report based on a result of a verification process with respect to the third integrity report received from the authentication server.
  - 12. The virtual computer management method according to claim 9, wherein:
    - the image data management information further includes information relating to the computer resource necessary for the virtual computer for executing the application generated by using the image data, which is associated with the image data and the security strength each other;
      
      the plurality of servers include a third server has a TPM; and
      
      the second step includes;
      
      referring to the server management information to search for the third server, in a case where the security strength associated with the target image data is a value indicating that a boot process for the virtual computer for executing the application using the TPM is necessary;
      
      calculating a computer resource amount that can be allocated to the third server;
      
      determining based on the image data management information and the calculated computer resource amount that can be allocated whether the virtual computer for executing the application can be generated on the retrieved third server by using the target image data; and
      
      outputting deployment information for generating the virtual computer for executing the application by using the target image data, in a case where it is determined that the virtual computer for executing the application can be generated on the retrieved third server by using the target image data.
  - 13. The virtual computer management method according to claim 12, wherein the fourth step includes:
    - a twelfth step of generating, by the third server, a virtual computer for a virtual TPM for emulating the TPM;
      
      a thirteenth step of generating, by the virtual computer for the virtual TPM, the virtual TPM allocated to the virtual computer for executing the application generated by using the target image data;
      
      a fourteenth step of generating, by the third server, the virtual computer for executing the application based on the target image data, the generated virtual TPM, and the computer resource of the retrieved third server; and
      
      a fifteenth step of starting, by the virtual computer for executing the application, executing the application based on the result of the verification process with respect to the first integrity report.
  - 14. The virtual computer management method according to claim 13, wherein:
    - the fourteenth step includes;
      
      writing, by the retrieved third server, a value indicating a status of a program executed in the boot process for the virtual computer for executing the application using the image data to the virtual TPM; and
      
      writing, by the virtual computer for the virtual TPM, the value written to the virtual TPM to the TPM; and
      
      the eighth step comprises transmitting the first integrity report comprising the value written to the TPM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
UEHARA, Keitaro, HATTORI, Naoya

Granted Patent

US 9,288,155 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 47/70   Admission control; Resource...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

COMPUTER SYSTEM AND VIRTUAL COMPUTER MANAGEMENT METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER SYSTEM AND VIRTUAL COMPUTER MANAGEMENT METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links