Method and apparatus for token-based virtual machine recycling

US 8,474,056 B2
Filed: 08/15/2011
Issued: 06/25/2013
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to;

store a virtual machine token associated with a virtual machine running on a particular device, the virtual machine token comprising a timestamp indicating when the virtual machine was established;

store a secure image of the virtual machine; and

a processor operable to;

receive a token indicating that the particular device is attempting to access a resource;

in response to receiving the token, check the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine, wherein the time threshold identifies a period of time during which the virtual machine is valid;

determine that the virtual machine is invalid when the time threshold associated with the virtual machine exceeds a current time;

when the virtual machine is invalid, then communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;

recycle the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;

wait for completion of running of at least one pending process by the virtual machine prior to recycling the virtual machine, wherein the memory is further operable to store a secure copy of the at least one pending process; and

recover the secure copy of the at least one pending process after recycling the virtual machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a virtual machine token associated with a virtual machine running on a particular device and a secure image of the virtual machine. The virtual machine token may include a timestamp indicating when the virtual machine was established. The apparatus may receive a token indicating that the particular device is attempting to access a resource. In response, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine. If the virtual machine is invalid, then the apparatus may communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine.

32 Citations

View as Search Results

15 Claims

1. An apparatus comprising:
- a memory operable to;
  
  store a virtual machine token associated with a virtual machine running on a particular device, the virtual machine token comprising a timestamp indicating when the virtual machine was established;
  
  store a secure image of the virtual machine; and
  
  a processor operable to;
  
  receive a token indicating that the particular device is attempting to access a resource;
  
  in response to receiving the token, check the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine, wherein the time threshold identifies a period of time during which the virtual machine is valid;
  
  determine that the virtual machine is invalid when the time threshold associated with the virtual machine exceeds a current time;
  
  when the virtual machine is invalid, then communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  recycle the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  wait for completion of running of at least one pending process by the virtual machine prior to recycling the virtual machine, wherein the memory is further operable to store a secure copy of the at least one pending process; and
  
  recover the secure copy of the at least one pending process after recycling the virtual machine.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, the processor further operable to grant the particular device access to the requested resource if the virtual machine is valid.
  - 3. The apparatus of claim 1, the processor further operable to:
    - receive a hard token associated with the particular device; and
      
      check the validity of the virtual machine in response to receiving the hard token.
  - 4. The apparatus of claim 1, the memory further operable to store at least one token-based rule that is applied to determine that the virtual machine is invalid, wherein the communication of the at least one token to initiate the recycling of the virtual machine is in response to the determination that the virtual machine is invalid.
  - 5. The apparatus of claim 1, the processor further operable to, in response to receiving the token, check the status of a flag, wherein the flag is on if the virtual machine is invalid.

6. A method for recycling a virtual machine running on a device, comprising:
- storing a virtual machine token associated with a virtual machine running on a particular device, the virtual machine token comprising a timestamp indicating when the virtual machine was established;
  
  storing a secure image of the virtual machine;
  
  receiving a token indicating that the particular device is attempting to access a resource;
  
  in response to receiving the token, checking the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine, wherein the time threshold identifies a period of time during which the virtual machine is valid;
  
  determining that the virtual machine is invalid when the time threshold associated with the virtual machine exceeds a current time;
  
  when the virtual machine is invalid, then communicating at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  recycling the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  waiting for completion of running of at least one pending process by the virtual machine prior to recycling the virtual machine;
  
  storing a secure copy of the at least one pending process; and
  
  recovering the secure copy of the at least one pending process after recycling the virtual machine.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising granting the particular device access to the requested resource if the virtual machine is valid.
  - 8. The method of claim 6, further comprising:
    - receiving a hard token associated with the particular device; and
      
      checking the validity of the virtual machine in response to receiving the hard token.
  - 9. The method of claim 6, further comprising storing at least one token-based rule that is applied to determine that the virtual machine is invalid, wherein the communication of the at least one token to initiate the recycling of the virtual machine is in response to the determination that the virtual machine is invalid.
  - 10. The method of claim 6, further comprising:
    - in response to receiving the token, checking the status of a flag, wherein the flag is on if the virtual machine is invalid.

11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a virtual machine token associated with a virtual machine running on a particular device, the virtual machine token comprising a timestamp indicating when the virtual machine was established;
  
  store a secure image of the virtual machine; and
  
  receive a token indicating that the particular device is attempting to access a resource;
  
  in response to receiving the token, check the validity of the virtual machine running on the particular device based at least in part upon the timestamp associated with the virtual machine token and a time threshold associated with the virtual machine, wherein the time threshold identifies a period of time during which the virtual machine is valid;
  
  determine that the virtual machine is invalid when the time threshold associated with the virtual machine exceeds a current time;
  
  when the virtual machine is invalid, then communicate at least one token to initiate the recycling of the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  recycle the virtual machine by replacing the invalid virtual machine with the stored secure image of the virtual machine;
  
  wait for completion of running of at least one pending process by the virtual machine prior to recycling the virtual machine;
  
  store a secure copy of the at least one pending process; and
  
  recover the secure copy of the at least one pending process after recycling the virtual machine.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The media of claim 11 embodying software further operable to grant the particular device access to the requested resource if the virtual machine is valid.
  - 13. The media of claim 11 embodying software further operable to:
    - receive a hard token associated with the particular device; and
      
      check the validity of the virtual machine in response to receiving the hard token.
  - 14. The media of claim 11 embodying software further operable to store at least one token-based rule that is applied to determine that the virtual machine is invalid, wherein the communication of the at least one token to initiate the recycling of the virtual machine is in response to the determination that the virtual machine is invalid.
  - 15. The media of claim 11 embodying software further operable to, in response to receiving the token, check the status of a flag, wherein the flag is on if the virtual machine is invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/210,167
Publication Number

US 20130047259A1
Time in Patent Office

680 Days
Field of Search

713/150, 713155-159, 713164-167, 713182-187, 713/189, 713/193, 726 1- 10, 726 16- 21, 726 26- 30, 718/1, 718/100, 718/108
US Class Current

726/27
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/53   by executing in a restricte...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

Method and apparatus for token-based virtual machine recycling

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for token-based virtual machine recycling

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others