Virtual image management

US 8,479,015 B2
Filed: 10/17/2008
Issued: 07/02/2013
Est. Priority Date: 10/17/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

creating, by a server computing device, a virtual image configured for execution by a hypervisor on a client computing device;

obtaining, by the server computing device, usage privileges defining access to the virtual image;

storing, by the server computing device, the usage privileges in a description file;

generating an encrypted version of the description file;

deriving a first coded summary from the encrypted version of the description file, wherein the first coded summary identifies a valid encrypted version of the description file; and

transmitting the virtual image, the encrypted version of the description file, and the first coded summary from the server computing device to the client computing device, wherein the hypervisor, in response to obtaining the virtual image;

derives a second coded summary from the encrypted version of the description file;

authenticates the encrypted version by determining that the first coded summary matches the second coded summary;

obtains, in response to the authentication, the description file by decrypting the encrypted version of the description file;

executes the virtual image according to the usage privileges in the description file; and

restricts access to the virtual image based on the usage privileges in the description file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods may operate to create a virtual image, define usage privileges associated with the virtual image in a description file, and associate a coded summary of an encrypted version of the description file with the virtual image. Other activities may include receiving a request to access the virtual image, authenticating a transmitted version of the coded summary to determine validity of the encrypted version, and processing the encrypted version to determine whether the request to access will be granted. Additional apparatus, systems, and methods are disclosed.

Citations

13 Claims

1. A method comprising:
- creating, by a server computing device, a virtual image configured for execution by a hypervisor on a client computing device;
  
  obtaining, by the server computing device, usage privileges defining access to the virtual image;
  
  storing, by the server computing device, the usage privileges in a description file;
  
  generating an encrypted version of the description file;
  
  deriving a first coded summary from the encrypted version of the description file, wherein the first coded summary identifies a valid encrypted version of the description file; and
  
  transmitting the virtual image, the encrypted version of the description file, and the first coded summary from the server computing device to the client computing device, wherein the hypervisor, in response to obtaining the virtual image;
  
  derives a second coded summary from the encrypted version of the description file;
  
  authenticates the encrypted version by determining that the first coded summary matches the second coded summary;
  
  obtains, in response to the authentication, the description file by decrypting the encrypted version of the description file;
  
  executes the virtual image according to the usage privileges in the description file; and
  
  restricts access to the virtual image based on the usage privileges in the description file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the deriving the first coded summary comprises:
    - hashing the encrypted version to obtain a hash, wherein the first coded summary comprises the hash of the encrypted version.
  - 3. The method of claim 1, wherein the deriving the first coded summary comprises:
    - applying a checksum algorithm to the encrypted version to obtain a checksum, wherein the coded summary comprises the checksum of the encrypted version.
  - 4. The method of claim 1, wherein the usage privileges comprise at least one selected from a group consisting of permission to execute the virtual image, permission to transmit the virtual image, permission to modify the virtual image, permission to copy the virtual image, and permission to clone the virtual image.
  - 5. The method of claim 1, further comprising:
    - fusing, by the server computing device, the first coded summary to the virtual image to become part of the virtual image.

6. A method comprising:
- receiving, by a hypervisor on a client computing device, a request to access a virtual image;
  
  obtaining, by the client computing device from a server computing device, the virtual image, an encrypted version of a description file defining access to the virtual image, and a first coded summary derived from the encrypted version;
  
  deriving, by the client computing device, a second coded summary from the encrypted version of the description file;
  
  authenticating, by the client computing device, the encrypted version of the description file by determining that the first coded summary matches the second coded summary;
  
  obtaining, in response to the authentication, the description file by decrypting the encrypted version;
  
  determining, based on usage privileges defined in the description file, that the request to access the virtual image will be granted; and
  
  executing, by the hypervisor after granting access to the virtual image, the virtual image according to the usage privileges in the description file.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the usage privileges comprise at least one selected from a group consisting of permission to execute the virtual image, permission to transmit the virtual image, permission to modify the virtual image, permission to copy the virtual image, and permission to clone the virtual image.
  - 8. The method of claim 7, wherein obtaining the virtual image comprises:
    - receiving the virtual image from the server computing device, wherein the virtual image is streamed over a global communications network.
  - 9. The method of claim 6, wherein the server computing device comprises a location within a shared, virtualized resource pool and the client computing device comprises a location outside the shared, virtualized resource pool, wherein the virtual image is transmitted responsive to the request originating from the first computing device.

10. An apparatus comprising:
- one or more processors;
  
  a memory to store instructions which, when executed by the one or more processors, results in the one or more processors operating to;
  
  create a virtual image configured for execution by a hypervisor on a client computing device;
  
  obtain usage privileges defining access to the virtual image;
  
  store the usage privileges in a description file;
  
  generate an encrypted version of the description file;
  
  derive a first coded summary from the encrypted version of the description file, wherein the first coded summary identifies a valid encrypted version of the description file; and
  
  transmit the virtual image, the encrypted version of the description file, and the first coded summary to a client computing device comprising a hypervisor, wherein the hypervisor, in response to obtaining the virtual image;
  
  derives a second coded summary from the encrypted version of the description file;
  
  authenticates the encrypted version of the description file by determining that the first coded summary matches the second coded summary;
  
  obtains, in response to the authentication, the description file by decrypting the encrypted version of the description file;
  
  executes the virtual image according to the usage privileges in the description file; and
  
  restricts access to the virtual image based on the usage privileges in the description file; and
  
  a module to receive indications from a user input device to provide a selection of the usage privileges.
- View Dependent Claims (11, 12)
- - 11. The apparatus of claim 10, further comprising:
    - an encryption module to provide the encrypted version.
  - 12. The apparatus of claim 11, further comprising:
    - a processing module to process the encrypted version to provide the first coded summary.

13. A non-transitory machine-readable storage medium storing instructions that, when executed by a machine, cause the machine to perform a method comprising:
- receiving, by a hypervisor on a client computing device, a request to access a virtual image;
  
  obtaining, by the client computing device from a server computing device, the virtual image, an encrypted version of a description file defining access to the virtual image, and a first coded summary derived from the encrypted version;
  
  deriving, by the client computing device, a second coded summary from the encrypted version of the description file;
  
  authenticating, by the client computing device, the encrypted version of the description file by determining that the first coded summary matches the second coded summary;
  
  obtaining, in response to the authentication, the description file by decrypting the encrypted version of the description file;
  
  determining, based on usage privileges defined in the description file, that the request to access the virtual image will be granted; and
  
  executing, by the hypervisor after granting access to the virtual image, the virtual image according to the usage privileges in the description file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Dutta, Arijit
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
DESAI, MARGISHI V

Application Number

US12/253,526
Publication Number

US 20100100744A1
Time in Patent Office

1,719 Days
Field of Search

713/182, 713/165, 713/189, 455/410
US Class Current

713/189
CPC Class Codes

H04L 9/3236 using cryptographic hash fu...

Virtual image management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual image management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links