Verifying Applications in Virtual Environments Using a Trusted Security Zone

US 9,208,339 B1
Filed: 08/12/2013
Issued: 12/08/2015
Est. Priority Date: 08/12/2013
Status: Active Grant

First Claim

Patent Images

1. A method of transmitting information between virtual environments comprising:

copying a first virtual environment, wherein the first virtual environment comprises a plurality of original applications, a first clock, and a first trusted security zone, wherein the first trusted security zone comprises a verification application and a nonce application;

subsequently, creating a second virtual environment, wherein the second virtual environment comprises a copy of at least some applications of the plurality of original applications, a second clock, and a second trusted security zone;

receiving, by the verification application residing in the first trusted security zone, from a copied application, a request for a transmission with an original application of the plurality of the original applications;

determining, by the verification application residing in the first trusted security zone, if a nonce associated with the copied application is a verified nonce, wherein the nonce comprises a clock value of the second clock and a time stamp, and wherein determining if the nonce is a verified nonce comprises;

comparing, by the verification application residing in the first trusted security zone, at least the clock value of the nonce to a clock value of the first clock; and

determining, by the first trusted security zone, if the clock value of the nonce correlates sufficiently to the clock value of the first clock; and

at least one of;

granting, in response to a determination that the clock value of the nonce correlates sufficiently to the clock value of the first clock, the request, and sending the requested transmission from the first trusted security zone to the second trusted security zone;

ordenying, in response to a determination that the clock value of the nonce does not correlate sufficiently to the clock value of the first clock, the request.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for transmitting information between virtual environments comprising: copying a first virtual environment, wherein the first virtual environment comprises a plurality of original applications, a first clock, and a first trusted security zone to create a second virtual environment, wherein the second virtual environment comprises a copy of at least some applications of the plurality of original applications, a second clock, and a second trusted security zone. The first trusted security zone may receive a request from a copied application to engage in a transmission with an original application. The first trusted security zone may then determine if a nonce associated with the copied application is a verified nonce, wherein determining if the nonce is a verified nonce comprises comparing, by the first trusted security zone, the nonce associated with the copied application to a nonce associated with the at least one original application.

416 Citations

18 Claims

1. A method of transmitting information between virtual environments comprising:
- copying a first virtual environment, wherein the first virtual environment comprises a plurality of original applications, a first clock, and a first trusted security zone, wherein the first trusted security zone comprises a verification application and a nonce application;
  
  subsequently, creating a second virtual environment, wherein the second virtual environment comprises a copy of at least some applications of the plurality of original applications, a second clock, and a second trusted security zone;
  
  receiving, by the verification application residing in the first trusted security zone, from a copied application, a request for a transmission with an original application of the plurality of the original applications;
  
  determining, by the verification application residing in the first trusted security zone, if a nonce associated with the copied application is a verified nonce, wherein the nonce comprises a clock value of the second clock and a time stamp, and wherein determining if the nonce is a verified nonce comprises;
  
  comparing, by the verification application residing in the first trusted security zone, at least the clock value of the nonce to a clock value of the first clock; and
  
  determining, by the first trusted security zone, if the clock value of the nonce correlates sufficiently to the clock value of the first clock; and
  
  at least one of;
  
  granting, in response to a determination that the clock value of the nonce correlates sufficiently to the clock value of the first clock, the request, and sending the requested transmission from the first trusted security zone to the second trusted security zone;
  
  ordenying, in response to a determination that the clock value of the nonce does not correlate sufficiently to the clock value of the first clock, the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the nonce further comprises a unique alpha, numeric, symbol, or combination identifier.
  - 3. The method of claim 1, wherein the nonce associated with the copied application is a verified nonce if at least one of the clock value and the time stamp are verified.
  - 4. The method of claim 1, further comprising comparing, by the nonce application, the time stamp to a time the nonce was assigned, wherein the nonce application comprises stored data, wherein the stored data comprises a plurality of information about nonces including the time the nonce was assigned.
  - 5. The method of claim 1, wherein the time stamp of each copied application is a time when the nonce was assigned to each application.
  - 6. The method of claim 1, wherein the clock value of the nonce is the current time in the second virtual environment.
  - 7. The method of claim 1, wherein the request for transmission is for at least one of to transmit information to the original application or receive information from the original application.
  - 8. The method of claim 1, wherein the copied application is not requesting access to its corresponding original application in the first virtual environment.

9. A method for transmitting data between applications in a virtual environment comprising:
- receiving, by a first application in a first virtual environment, at least one of a request to send information to a second application or a request to receive information from the second application, wherein the first virtual environment comprises a trusted security zone, a plurality of applications, and a clock, and wherein the second application comprises a nonce;
  
  sending, by the first application, a request for verification of the second application to the trusted security zone in the first virtual environment, wherein the trusted security zone comprises a verification application; and
  
  receiving, by the first application, from the verification application, a confirmation of verification of the second application, wherein the confirmation is sent based on;
  
  comparing, by the verification application, a nonce associated with the second application with an assigned nonce of a plurality of assigned nonces stored in the trusted security zone, wherein the nonce comprises a clock value and a time stamp;
  
  comparing the time stamp to a time the nonce was assigned, wherein the nonce application comprises stored data, wherein the stored data comprises a plurality of information about nonces including the time the nonce was assigned; and
  
  determining, by the verification application, that the clock value correlates sufficiently to a current clock value on the clock in the first virtual environment.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the second application is in a second virtual environment.
  - 11. The method of claim 10, wherein the second application is a copy of an application of the plurality of applications in the first virtual environment.
  - 12. The method of claim 9, wherein each assigned nonce of the plurality of the assigned nonces corresponds to a nonce assigned to an application.
  - 13. The method of claim 9, further comprising at least one of sending the information to or receiving the information from the second application in response to receiving the confirmation.
  - 14. The method of claim 9, wherein a plurality of records associated with the plurality of assigned nonces is stored in a nonce application in the trusted security zone.

15. A system for transmitting information between applications comprising:
- a first virtual environment stored in a non-transitory memory of a computing device,wherein the first virtual environment comprises a clock, a first application of a plurality of applications, and a trusted security zone;
  
  wherein the trusted security zone comprises a verification application and a nonce application;
  
  a second application stored in a non-transitory memory, wherein the trusted security zone receives a request from the first application to verify the second application;
  
  wherein the first application resides in the trusted security zone and verifies that a nonce that comprises a clock value and a time stamp and is associated with the second application is verifiable based at least on a comparison of the clock value of the nonce and a clock value of the clock; and
  
  wherein the second application, in response to the verification that the clock value of the nonce correlates sufficiently to the clock value of the clock, at least one of receives a transmission from the first application or sends a transmission to the first application.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the first application sends the request to the trusted security zone in response to receiving a request from the second application to at least one of send information to the second application or receive information from the second application.
  - 17. The system of claim 15, further comprising a second virtual environment, wherein the second application is a copy of an application of the plurality of applications of the first virtual environment, and wherein the second application is in the second virtual environment.
  - 18. The method of claim 15, wherein the nonce comprises a unique alpha, numeric, symbol, or combination identifier, and a clock value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew Carl
Primary Examiner(s)
Okeke, Izunna
Assistant Examiner(s)
Wright, Bryan

Application Number

US13/964,112
Time in Patent Office

848 Days
Field of Search

726/30
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/725   operating on a secure refer...

G06F 21/74   operating in dual or compar...

Verifying Applications in Virtual Environments Using a Trusted Security Zone

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

416 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying Applications in Virtual Environments Using a Trusted Security Zone

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

416 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links