Secure inter-node communication
First Claim
1. A method for establishing a secure transmission channel from a user process running on a first partition of a first node partitioned into a plurality of partitions including the first partition, each partition having a corresponding operating system instance such that each partition is a separate virtual computer running on the first node, to a user process running on a second partition of a second node partitioned into a plurality of partitions including the second partition, each partition having a corresponding operating system instance such that each partition is a separate virtual computer running on the second node, the method comprising:
- sending a key, identification of the first partition of the first node, and identification of the second partition of the second node from hardware of the first node to hardware of the second node, such that the key is inaccessible by all user processes running on the first node, in that none of the user processes are able to access the key, and unauthorized processes running on the first node are unable to send unauthorized messages through the hardware of the first node;
receiving the key, identification of the first partition of the first node, and identification of the second partition of the second node by the hardware of the second node;
verifying the identification of the first partition of the first node and the identification of the second partition of the second node by the hardware of the second node; and
,storing the key at the hardware of the second node, such that the key is inaccessible by all user processes running on the second node, in that none of the user processes are able to access the key,wherein the hardware of the first hardware and the hardware of the second node establish a channel over which the user process running on the first partition of the first node and the user process running on the second partition of the second node are able to communicate, andwherein the first and the second nodes are the same node.
3 Assignments
0 Petitions
Accused Products
Abstract
Secure inter-node communication is disclosed. The hardware of the first node sends a key, identification of the first node, and identification of a second node to hardware of the second node. The hardware of the second node receives the key and the identifications. The hardware of the second node verifies the identifications of the first and the second nodes, and stores the key. The key stored in the hardware of the first and the second nodes allows for a secure transmission channel from the software of the first node to software of the second node.
-
Citations
12 Claims
-
1. A method for establishing a secure transmission channel from a user process running on a first partition of a first node partitioned into a plurality of partitions including the first partition, each partition having a corresponding operating system instance such that each partition is a separate virtual computer running on the first node, to a user process running on a second partition of a second node partitioned into a plurality of partitions including the second partition, each partition having a corresponding operating system instance such that each partition is a separate virtual computer running on the second node, the method comprising:
-
sending a key, identification of the first partition of the first node, and identification of the second partition of the second node from hardware of the first node to hardware of the second node, such that the key is inaccessible by all user processes running on the first node, in that none of the user processes are able to access the key, and unauthorized processes running on the first node are unable to send unauthorized messages through the hardware of the first node; receiving the key, identification of the first partition of the first node, and identification of the second partition of the second node by the hardware of the second node; verifying the identification of the first partition of the first node and the identification of the second partition of the second node by the hardware of the second node; and
,storing the key at the hardware of the second node, such that the key is inaccessible by all user processes running on the second node, in that none of the user processes are able to access the key, wherein the hardware of the first hardware and the hardware of the second node establish a channel over which the user process running on the first partition of the first node and the user process running on the second partition of the second node are able to communicate, and wherein the first and the second nodes are the same node. - View Dependent Claims (2, 3, 4)
-
-
5. A computerized system comprising:
-
a plurality of nodes, each node having a plurality of partitions, each partition having a corresponding operating system instance such that the partition is a separate virtual computer running on the node, each partition having a plurality of user processes running thereon within the corresponding operating system instance of the partition; a first secure connection management hardware mechanism at a first node of the plurality of nodes to maintain first keys for secure communication to first user processes running on the partitions of the first node from second user processes running on the partitions of a second node of the plurality of nodes, the first keys inaccessible by all user processes running on the partitions of the first node and running on the partitions of the second node in that none of the user processes are able to access the first keys, each first key used for secure communication to one of the first processes from one of the second user processes, and unauthorized processes running on the first node are unable to send unauthorized messages through the first secure connection management hardware of the first node; and
,a second secure connection management hardware mechanism at the second node to maintain second keys for secure communication to the second user processes from the first user processes, the second keys inaccessible by all user processes running on the partitions of the first node and running on the partitions of the second node in that none of the user processes are able to access the second keys, each second key used for secure communication to one of the second user processes from one of the first user processes, wherein the first and the second secure connection management hardware mechanisms establish a channel over which the first user processes and the second user processes are able to communicate, and wherein the first and the second nodes are the same node. - View Dependent Claims (6, 7, 8)
-
-
9. An article comprising:
-
a computer-readable recordable data storage medium; and
,means in the medium for maintaining keys for secure communication to first processes running in a plurality of partitions of a first node from second processes running in a plurality of partitions of a second node, each partition having a corresponding operating system instance such that each partition is a separate virtual computer, the keys inaccessible by all user processes in that none of the user processes are able to access the keys, each key used for secure communication to one of the first user processes from one of the second user processes, wherein unauthorized processes are unable to send unauthorized messages, and wherein the first and the second nodes are the same node. - View Dependent Claims (10, 11, 12)
-
Specification