Techniques for identity authentication of virtualized machines

US 8,561,137 B2
Filed: 07/23/2008
Issued: 10/15/2013
Est. Priority Date: 07/23/2008
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium comprising instructions for authenticating a virtual machine (VM) and a VM operating system (VMOS) that, when executed by a processor, perform a method, the method comprising:

receiving, by a VM server service, a request to install the VM on a physical machine, wherein the physical machine comprises a plurality of physical devices;

authenticating, by the VM server service, VM credentials of the VM in response to receiving the request;

acquiring identity information for each of the plurality of physical devices using an identifiable pattern of each of the plurality of physical devices;

authenticating, by the VM server service, the physical machine by verifying the identity information for each of the plurality of physical devices;

determining that the VM is an authenticated VM in response to authenticating the VM credentials and authenticating the physical machine;

providing drivers for the plurality of physical devices to the authenticated VM, wherein the authenticated VM is installed on the physical machine using the drivers;

identifying, by a VMOS authentication service, the VMOS attempting to install on the authenticated VM;

authenticating, by the VMOS authentication service, a VMOS identity of the VMOS;

authenticating, by the VMOS authentication service, the physical machine by verifying the identity information for each of the plurality of physical devices;

providing, by the VMOS authentication service, VM drivers to the VMOS in response to the authenticating the VMOS identity and the authenticating the identity information, wherein the VMOS is installed on the authenticated VM using the VM drivers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for identity authentication of Virtual Machines (VM'"'"'s) are provided. A VM is authenticated and once authenticated, each device interfaced to or accessible to the VM is also authenticated. When both the VM and each device are authenticated, the VM is granted access to a machine for installation thereon.

34 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable medium comprising instructions for authenticating a virtual machine (VM) and a VM operating system (VMOS) that, when executed by a processor, perform a method, the method comprising:
- receiving, by a VM server service, a request to install the VM on a physical machine, wherein the physical machine comprises a plurality of physical devices;
  
  authenticating, by the VM server service, VM credentials of the VM in response to receiving the request;
  
  acquiring identity information for each of the plurality of physical devices using an identifiable pattern of each of the plurality of physical devices;
  
  authenticating, by the VM server service, the physical machine by verifying the identity information for each of the plurality of physical devices;
  
  determining that the VM is an authenticated VM in response to authenticating the VM credentials and authenticating the physical machine;
  
  providing drivers for the plurality of physical devices to the authenticated VM, wherein the authenticated VM is installed on the physical machine using the drivers;
  
  identifying, by a VMOS authentication service, the VMOS attempting to install on the authenticated VM;
  
  authenticating, by the VMOS authentication service, a VMOS identity of the VMOS;
  
  authenticating, by the VMOS authentication service, the physical machine by verifying the identity information for each of the plurality of physical devices;
  
  providing, by the VMOS authentication service, VM drivers to the VMOS in response to the authenticating the VMOS identity and the authenticating the identity information, wherein the VMOS is installed on the authenticated VM using the VM drivers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, the method further comprising:
    - identifying new devices added to the physical machine;
      
      acquiring identifying information specific to the new devices using an identifiable pattern of the new devices; and
      
      using the identifying information specific to the new devices when authenticating the VM for installation on the physical machine.
  - 3. The computer-readable medium of claim 2, wherein identifying new devices further includes recognizing at least one new device as one selected from a group consisting of a network card, a hard drive, a universal serial bus device, a network attached device, a peripheral device, and a network mapping, a file system mount.
  - 4. The computer-readable medium of claim 1, wherein acquiring the identity information further comprises gathering information for each device which is unique to that device as compared to other devices on the physical machine.
  - 5. The computer-readable medium of claim 1, the method further comprising, denying the request when the VM credentials fail to authenticate.
  - 6. The computer-readable medium of claim 1, wherein providing drivers for the plurality of physical devices to the authenticated VM further comprises:
    - granting the authenticated VM access to virtual drivers; and
      
      provide a mechanism for the authenticated VM to install on the physical machine.
  - 7. The computer-readable medium of claim 1, wherein receiving the request further comprises recognizing the physical machine as one selected from a group consisting of a computer, a handheld device, a phone, and an intelligent appliance.

8. A method, comprising:
- receiving, by a virtual machine (VM) server service, a request to install a VM on a physical machine, wherein the physical machine comprises a plurality of physical devices;
  
  authenticating, by the VM server service, VM credentials of the VM in response to receiving the request;
  
  acquiring identity information for each of the plurality of physical devices using an identifiable pattern of each of the plurality of physical devices;
  
  authenticating, by the VM server service, the physical machine by verifying the identity information for each of the plurality of physical devices;
  
  determining that the VM is an authenticated VM in response to authenticating the VM credentials and authenticating the physical machine;
  
  providing drivers for the plurality of physical devices to the authenticated VM, wherein the authenticated VM installs on the physical machine using the drivers;
  
  identifying, by a VM operating system (VMOS) authentication service, a VMOS attempting to install on the authenticated VM;
  
  authenticating, by the VMOS authentication service, a VMOS identity of the VMOS;
  
  authenticating, by the VMOS authentication service, the physical machine by verifying the identity information for each of the plurality of physical devices; and
  
  providing, by the VMOS authentication service, VM drivers to the VMOS in response to the authenticating the VMOS identity and the authenticating the identity information, wherein the VMOS is installed on within the authenticated VM using the VM drivers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein authenticating the VMOS identity further comprises consulting a remote identity service over a network as an identity service.
  - 10. The method of claim 8, wherein authenticating the VMOS identity further comprises consulting a local identity service that is local to a machine processing the VM server service.
  - 11. The method of claim 8, wherein authenticating the VMOS identity further comprises providing credentials for the VMOS to an identity service to perform the authentication of the VMOS identity.
  - 12. The method of claim 8, wherein verifying the identity information for each of the plurality of physical devices comprises gathering identification patterns for each device and using the identification patterns to further request that an identity service assist in authenticating each device.
  - 13. The method of claim 8, wherein verifying the identity information for each of the plurality of physical devices comprises recognizing at least one device as a physical device interfaced to the VM and recognizing at least one device as a logical device interfaced and installed on the VM.
  - 14. The method of claim 8 further comprising:
    - detecting a new device attempting to install on the VMOS after the VMOS has installed on the VM; and
      
      authenticating the new device before permitting the new device to connect or install in the VMOS.

15. A Virtual Machine (VM) server comprising:
- a processor;
  
  a plurality of physical devices;
  
  a VM server service, executing on the processor configured to;
  
  receive a request to install a VM on the VM server;
  
  authenticate VM credentials of the VM in response to receiving the request;
  
  acquire identity information for each of the plurality of physical devices using an identifiable pattern of each of the plurality of physical devices;
  
  authenticate the plurality of physical devices by verifying the identity information for each of the plurality of physical devices;
  
  determine that the VM is an authenticated VM in response to authenticating the VM credentials and authenticating the plurality of physical devices; and
  
  provide drivers for the plurality of physical devices to the authenticated VM, wherein the authenticated VM installs on the VM server using the drivers;
  
  a VM operating system (VMOS) authentication service configured to;
  
  identify a VMOS attempting to install on the authenticated VM;
  
  authenticate a VMOS identity of the VMOS;
  
  authenticate the plurality of physical devices by verifying the identity information for each of the plurality of physical devices;
  
  provide VM drivers to the VMOS in response to the authenticating the VMOS identity and the authenticating the identity information, wherein the VMOS uses the VM drivers to install on the authenticated VM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein authenticating the VMOS identity comprises consulting an identity service remotely located over a network from the VM server.
  - 17. The system of claim 15, wherein VM server provides one or more certificates to the VMOS once successfully authenticated for subsequent validation and authentication of the VMOS to other resources of a network.
  - 18. The system of claim 15, wherein the VM server identifies the VM making a request to the VM server to authenticate the VMOS for installation.
  - 19. The system of claim 15, wherein verifying the identity information for each of the plurality of physical devices comprises dynamically acquiring identity information associated with each device during the authentication.
  - 20. The system of claim 19, wherein the identity information includes producing patterns from the identity information unique to each device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sabin, Jason Allen, Brown, Jeremy Ray, Burch, Lloyd Leon
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US12/177,932
Publication Number

US 20100023996A1
Time in Patent Office

1,910 Days
Field of Search

726 1- 4, 726/16, 726/26
US Class Current

726/2
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 2209/80   Wireless network architectu...

H04L 9/32   including means for verifyi...

Techniques for identity authentication of virtualized machines

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Techniques for identity authentication of virtualized machines

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others