Implementation of secure communications in a support system
First Claim
1. A computer-implemented method for providing secure communications, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving, by a hypervisor, a set of cryptographic credentials associated with a guest operating system from a certificate store, wherein the set of cryptographic credentials comprises a Transport Layer Security (TLS) certificate;
using, by the hypervisor on behalf of the guest operating system, the set of cryptographic credentials to establish a secure connection to a computing device using a secure protocol, in response to a request for the secure connection by the computing device, the request directed to the guest operating system among a set of guest operating systems supported by the hypervisor, the hypervisor acting as a local endpoint of the secure connection using the set of credentials;
receiving, by the hypervisor, one or more outgoing messages from the guest operating system to the computing device;
encrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of cryptographic credentials, the one or more outgoing messages from the guest operating system to the computing device, the one or more outgoing messages becoming one or more outgoing encrypted messages;
sending, by the hypervisor, the one or more outgoing encrypted messages to the computing device using the secure protocol;
receiving, by the hypervisor, one or more incoming encrypted messages from the computing device;
decrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of cryptographic credentials, the one or more incoming encrypted messages from the computing device becoming one or more incoming decrypted messages; and
sending the one or more incoming decrypted messages to the guest operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
30 Citations
30 Claims
-
1. A computer-implemented method for providing secure communications, comprising:
under the control of one or more computer systems configured with executable instructions, receiving, by a hypervisor, a set of cryptographic credentials associated with a guest operating system from a certificate store, wherein the set of cryptographic credentials comprises a Transport Layer Security (TLS) certificate; using, by the hypervisor on behalf of the guest operating system, the set of cryptographic credentials to establish a secure connection to a computing device using a secure protocol, in response to a request for the secure connection by the computing device, the request directed to the guest operating system among a set of guest operating systems supported by the hypervisor, the hypervisor acting as a local endpoint of the secure connection using the set of credentials; receiving, by the hypervisor, one or more outgoing messages from the guest operating system to the computing device; encrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of cryptographic credentials, the one or more outgoing messages from the guest operating system to the computing device, the one or more outgoing messages becoming one or more outgoing encrypted messages; sending, by the hypervisor, the one or more outgoing encrypted messages to the computing device using the secure protocol; receiving, by the hypervisor, one or more incoming encrypted messages from the computing device; decrypting, by the hypervisor on behalf of the guest operating system using the secure protocol and the set of cryptographic credentials, the one or more incoming encrypted messages from the computing device becoming one or more incoming decrypted messages; and sending the one or more incoming decrypted messages to the guest operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer-implemented method for providing secure communications, comprising:
under the control of one or more computer systems configured with executable instructions, receiving, by a support system of a host system, from a device, a request for a secure connection from the device to a guest operating system of a set of guest operating systems on the host system, the host system having the support system and configured to host at least one guest operating system; receiving, by the support system, a set of-cryptographic-credentials associated with the guest operating system; using, by the support system, the set of cryptographic credentials on behalf of the guest operating system to establish a secure connection with the device, the secure connection established in response to the request for the secure connection by the device and dedicated to communications between the device and the guest operating system, the support system acting as an endpoint of the secure connection in place of the guest operating system; sending, by the support system over the secure connection, one or more communications between the guest operating system and the device, the support system processing the one or more communications to enable the secure connection; encrypting, by the support system on behalf of the guest operating system using a secure protocol and the set of cryptographic credentials, one or more outgoing unencrypted messages from the guest operating system to the device, the one or more outgoing unencrypted messages becoming one or more outgoing encrypted messages; and decrypting, by the support system on behalf of the guest operating system using the secure protocol and the set of cryptographic credentials, one or more incoming encrypted messages from the device becoming one or more incoming decrypted messages. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A computer system for enabling a secure connection, comprising:
-
one or more processors; and memory, including instructions executable by the one or more processors to cause the computer system to at least; establish a secure connection, by a support system, in response to a request for the secure connection by a device, the request directed to a guest system of a set of guest systems supported by the support system, the secure connection established using a set of cryptographic credentials that represent an identity of the guest system, the set of cryptographic credentials being unavailable to the guest system; receive, by the support system, a secure communication directed to the guest system from the device; select, by the support system, the guest system from the set of guest systems to which the secure communication is directed; encrypt, by the support system on behalf of the guest system, one or more outgoing messages from the guest system using a secure protocol; decrypt, by the support system on behalf of the guest system, one or more incoming messages using the secure protocol, the decrypted message prepared from the secure communication, using the set of cryptographic credentials that represent the identity of the selected guest system, the set of credentials unavailable to the selected guest system; and provide, by the support system, the decrypted one or more incoming messages to the selected guest-system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. One or more computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, by a support system, from a device, a request for a secure connection with a guest system, the request directed to the guest system of a set of guest systems; manage, by the support system, a set of cryptographic credentials associated with the guest system, the set of cryptographic credentials protected from access by the guest system; use, by the support system in response to the request, the set of cryptographic credentials on behalf of the guest system to establish a secure connection with the device, the support system acting as an endpoint of the secure connection in place of the guest system; encrypt, by the support system on behalf of the guest system, one or more outgoing messages from the guest using a secure protocol and the set of cryptographic credentials; send, by the support system over the secure connection, the encrypted one or more outgoing messages; receive, by the support system over the secure connection, one or more encrypted communications from the device to the guest system; and decrypt, by the support system on behalf of the guest system, one or more incoming messages using the secure protocol and the set of credentials. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification