Trusted virtual machine as a client
First Claim
Patent Images
1. A trusted computing method, comprising:
- generating a dedicated virtual machine image (DVMI) including an application for a target service provider and only operating system (OS) functionality for the application of the target service provider, and reducing OS file system usage of the application for the target service provider by using a memory image and/or a file system image of files to transact with the target service provider;
storing the DVMI in a portable computing device;
responsive to a communicable connection by the portable computing device to a host device, executing a process of;
verifying the host device by;
executing a host verifier on the portable computing device,retrieving by the host verifier a host measurement from the host device,transmitting the host measurement to a server of the target service provider,verifying by the target service provider server the host device based upon the host measurement, andlaunching the DVMI in the host device as a dedicated virtual machine (DVM) by;
requesting by the host device a token from the target service provider server including transmitting, to the target service provider server, a measurement of both the host device including the DVM and a measurement of the portable computing device,determining by the target service provider whether to issue a token based on the measurement information sent from the host device, andlaunching the DVM upon receipt of the token by the host device, wherein a determination by the target service provider of a trust level for the DVM is based upon the verifying and a level of service provided by the target service provider to the DVM is according to the trust level of the DVM.
1 Assignment
0 Petitions
Accused Products
Abstract
The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM.
39 Citations
18 Claims
-
1. A trusted computing method, comprising:
-
generating a dedicated virtual machine image (DVMI) including an application for a target service provider and only operating system (OS) functionality for the application of the target service provider, and reducing OS file system usage of the application for the target service provider by using a memory image and/or a file system image of files to transact with the target service provider; storing the DVMI in a portable computing device; responsive to a communicable connection by the portable computing device to a host device, executing a process of; verifying the host device by; executing a host verifier on the portable computing device, retrieving by the host verifier a host measurement from the host device, transmitting the host measurement to a server of the target service provider, verifying by the target service provider server the host device based upon the host measurement, and launching the DVMI in the host device as a dedicated virtual machine (DVM) by; requesting by the host device a token from the target service provider server including transmitting, to the target service provider server, a measurement of both the host device including the DVM and a measurement of the portable computing device, determining by the target service provider whether to issue a token based on the measurement information sent from the host device, and launching the DVM upon receipt of the token by the host device, wherein a determination by the target service provider of a trust level for the DVM is based upon the verifying and a level of service provided by the target service provider to the DVM is according to the trust level of the DVM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A trusted computing transaction method, comprising:
-
generating a dedicated virtual machine image (DVMI) including an application for a target service provider and only operating system (OS) functionality for the application of the target service provider, and reducing OS file system usage of the application for the target service provider by using a memory image and/or a file system image of files to transact with the target service provider; launching by a portable computing device the DVMI in a host device as a Trusted Dedicated Virtual Machine (TDVM) by; requesting by the host device a token from a target service provider server including transmitting a measurement of both the DVMI and the portable computing device, to the target service provider server; determining by the target service provider whether to issue a token based on the measurement information sent from the host device; upon receipt of the token by the host device, launching the DVMI as the TDVM, and determining by the target service provider a trust level for the TDVM, based upon the measurement information sent from the host device; and providing a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM. - View Dependent Claims (14)
-
-
15. A computer system for accessing a server of a target service provider, comprising:
-
a host device; and a portable computing device capable of communication with the host device, the portable computing device storing a dedicated virtual machine image (DVMI) including an application for the target service provider and only operating system (OS) functionality for the application of the target service provider, and memory image and/or a file system image of files to transact with the target service provider to reduce OS file system usage of the application for the target service provider, wherein the host device and/or the portable computing device comprise a computer processor executing; verifying the host device, the verifying including a measurement of the DVMI, and controlling launching of the DVMI by the host device as a Trusted Dedicated Virtual Machine (TDVM) by; requesting by the host device a token from the target service provider server including transmitting a measurement of both the host device, including the DVMI, and a measurement of the portable computing device, to the target service provider server; determining by the target service provider whether to issue a token based on the measurement information sent from the host device; upon receipt of the token by the host device, launching the DVMI as the TDVM, a determination by the target service provider of a trust level for the TDVM is based upon the measurement information sent from the host device and a level of service provided by the target service provider to the TDVM is according to the trust level of the TDVM. - View Dependent Claims (16, 17, 18)
-
Specification