Authentication of solution topology

US 8,954,760 B2
Filed: 01/03/2013
Issued: 02/10/2015
Est. Priority Date: 12/21/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product for verifying an integrity of a solution, the computer program product comprising:

a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;

computer readable program code configured to hash a set of virtual machine instances in a solution topology of the solution;

computer readable program code configured to hash a set of connections in the solution topology, the set of connections comprising a connection between ones of the set of virtual machine instances, a connection between a first component of a first one of the set of virtual machine instances and a second component of a second one of the set of virtual machine instances, and combinations thereof;

computer readable program code configured to hash a set of solution-specific information;

computer readable program code configured to sign the hashes to create a first signed topology;

computer readable program code configured to incorporate the first signed topology into a solution registry that is a hierarchical database that stores configuration settings and options for the solution of the first signed topology, wherein the solution registry includes solution metadata, and wherein the solution metadata include a name of the set of virtual machine instances in the solution, a description of the solution, and a unique identifier of the solution; and

computer readable program code configured to sign the solution registry incorporating the first signed topology and to sign the solution metadata included in the solution registry.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method is provided to verify an integrity of a solution. The computer implemented method comprises hashing, by a computer, a set of virtual machine instances in a solution topology of the solution. The computer hashes a set of connections in the solution topology. The set of connections comprising a connection between ones of the set of virtual machine instances, a connection between a first component of a first one of the set of virtual machine instances and a second component of a second one of the set of virtual machine instances, and combinations thereof. The computer hashes a set of solution-specific information, and then signs the hashes to create a first signed topology.

Citations

25 Claims

1. A computer program product for verifying an integrity of a solution, the computer program product comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to hash a set of virtual machine instances in a solution topology of the solution;
  
  computer readable program code configured to hash a set of connections in the solution topology, the set of connections comprising a connection between ones of the set of virtual machine instances, a connection between a first component of a first one of the set of virtual machine instances and a second component of a second one of the set of virtual machine instances, and combinations thereof;
  
  computer readable program code configured to hash a set of solution-specific information;
  
  computer readable program code configured to sign the hashes to create a first signed topology;
  
  computer readable program code configured to incorporate the first signed topology into a solution registry that is a hierarchical database that stores configuration settings and options for the solution of the first signed topology, wherein the solution registry includes solution metadata, and wherein the solution metadata include a name of the set of virtual machine instances in the solution, a description of the solution, and a unique identifier of the solution; and
  
  computer readable program code configured to sign the solution registry incorporating the first signed topology and to sign the solution metadata included in the solution registry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer program product of claim 1, wherein the computer readable program code configured to hash the set of virtual machine instances further comprises:
    - computer readable program code configured to hash the set of virtual machine instances in the solution topology of the solution, each of the set of virtual machine instances comprising dynamic configuration parameters, static configuration parameters, software details, virtualization details, image identifications, existing signatures, configuration files, and user information.
  - 3. The computer program product of claim 2, wherein the dynamic configuration parameters are selected from a group consisting of Internet protocol addresses, cloud identities, solution identities, host names, and combinations thereof.
  - 4. The computer program product of claim 3, wherein a solution identity is a function of the solution, a solution signature, a verification object, and a key.
  - 5. The computer program product of claim 2, wherein the static configuration parameters are selected from a group consisting of owner identities, administration identities, and combinations thereof.
  - 6. The computer program product of claim 2, wherein the software details and virtualization details are selected from a group consisting of guest operating systems, virtualization identities, and combinations thereof.
  - 7. The computer program product of claim 2, wherein a virtual machine identity is a function of a virtual machine instance, a solution signature, a verification object, and a key.
  - 8. The computer program product of claim 1, wherein hashing the set of virtual machine instances, hashing the set of connections in the solution topology, and hashing the set of solution-specific information comprise one of hashing as a tree or hashing as a graph.
  - 9. The computer program product of claim 1, wherein signing the hashes further comprises signing the hashes to create the first signed topology, and wherein a signing scheme is selected from an RSA signing scheme, a DSA signing scheme, a composite signature signing scheme, and an aggregate signature signing scheme.
  - 10. The computer program product of claim 1, the computer readable program code further comprising:
    - computer readable program code configured to receive a second signed topology;
      
      computer readable program code configured to compare the first signed topology to the second signed topology; and
      
      computer readable program code configured, responsive to the second signed topology being equal to the first signed topology, to verify the integrity of the solution.

11. A computer comprising:
- a storage having computer readable program code embodied therewith for verifying an integrity of a solution;
  
  a bus connecting the storage to a processor; and
  
  a processor, wherein the processor executes the computer readable program code;
  
  to hash a set of virtual machine instances in a solution topology of the solution;
  
  to hash a set of connections in the solution topology, the set of connections comprising a connection between ones of the set of virtual machine instances, a connection between a first component of a first one of the set of virtual machine instances and a second component of a second one of the set of virtual machine instances, and combinations thereof;
  
  to hash a set of solution-specific information;
  
  to sign the hashes to create a first signed topology;
  
  to incorporate the first signed topology into a solution registry that is a hierarchical database that stores configuration settings and options for the solution of the first signed topology, wherein the solution registry includes solution metadata, and wherein the solution metadata include a name of the set of virtual machine instances in the solution, a description of the solution, and a unique identifier of the solution; and
  
  to sign the solution registry incorporating the first signed topology and to sign the solution metadata included in the solution registry.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer of claim 11, wherein the processor executing the computer readable program code to hash the set of virtual machine instances further comprises the processor executing the computer readable program code:
    - to hash the set of virtual machine instances in the solution topology of the solution, each of the set of virtual machine instances comprising dynamic configuration parameters, static configuration parameters, software details, virtualization details, image identifications, existing signatures, configuration files, and user information.
  - 13. The computer of claim 12, wherein the dynamic configuration parameters are selected from a group consisting of Internet protocol addresses, cloud identities, solution identities, host names, and combinations thereof.
  - 14. The computer of claim 12, wherein the static configuration parameters are selected from a group consisting of owner identities, administration identities, and combinations thereof.
  - 15. The computer of claim 12, wherein the software details and virtualization details are selected from a group consisting of guest operating systems, virtualization identities, and combinations thereof.
  - 16. The computer of claim 13, wherein a solution identity is a function of the solution, a solution signature, a verification object, and a key.
  - 17. The computer of claim 12, wherein a virtual machine identity is a function of a virtual machine instance, a solution signature, a verification object, and a key.
  - 18. The computer of claim 11, wherein hashing the set of virtual machine instances, hashing the set of connections in the solution topology, and hashing the set of solution-specific information comprise one of hashing as a tree or hashing as a graph.
  - 19. The computer of claim 11, wherein signing the hashes further comprises signing the hashes to create the first signed topology, and wherein a signing scheme is selected from an RSA signing scheme, a DSA signing scheme, a composite signature signing scheme, and an aggregate signature signing scheme.
  - 20. The computer of claim 11, wherein the processor further executes the computer readable program code:
    - to receive a second signed topology;
      
      to compare the first signed topology to the second signed topology; and
      
      to verify the integrity of the solution in response to the second signed topology being equal to the first signed topology.

21. A computer implemented method to verify an integrity of a solution, the computer implemented method comprising:
- hashing, by a computer, a set of virtual machine instances in a solution topology of the solution;
  
  hashing, by the computer, a set of connections in the solution topology, the set of connections comprising a connection between ones of the set of virtual machine instances, a connection between a first component of a first one of the set of virtual machine instances and a second component of a second one of the set of virtual machine instances, and combinations thereof;
  
  hashing, by the computer, a set of solution-specific information;
  
  signing, by the computer, the hashes to create a first signed topology;
  
  incorporating, by the computer, the first signed topology into a solution registry that is a hierarchical database that stores configuration settings and options for the solution of the first signed topology, wherein the solution registry includes solution metadata, and wherein the solution metadata include a name of the set of virtual machine instances in the solution, a description of the solution, and a unique identifier of the solution; and
  
  signing, by the computer, the solution registry incorporating the first signed topology and to sign the solution metadata included in the solution registry.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer implemented method of claim 21, wherein the step of hashing the set of virtual machine instances further comprises:
    - hashing, by the computer, the set of virtual machine instances in the solution topology of the solution, each of the set of virtual machine instances comprising dynamic configuration parameters, static configuration parameters, software details, virtualization details, image identifications, existing signatures, configuration files, and user information.
  - 23. The computer implemented method of claim 22, wherein the dynamic configuration parameters are selected from a group consisting of Internet protocol addresses, cloud identities, solution identities, host names, and combinations thereof.
  - 24. The computer implemented method of claim 22, wherein the static configuration parameters are selected from a group consisting of owner identities, administration identities, and combinations thereof.
  - 25. The computer implemented method of claim 22, wherein the software details and virtualization details are selected from a group consisting of guest operating systems, virtualization identities, and combinations thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kundu, Ashish, Mohindra, Ajay
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US13/733,505
Publication Number

US 20140181058A1
Time in Patent Office

768 Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 16/17   Details of further file sys...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2149   Restricted operating enviro...

G06F 9/45504   Abstract machines for progr...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 67/10   in which an application is ...

H04W 4/60   Subscription-based services...

Authentication of solution topology

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of solution topology

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links