System and methods for remote maintenance in an electronic network with multiple clients

US 9,766,914 B2
Filed: 05/15/2015
Issued: 09/19/2017
Est. Priority Date: 03/23/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A client system comprising:

a plurality of nodes, including a first node storing software for operation of the client system;

a first virtual machine handling first data associated with an external data center, wherein the first data includes software update data delivered from the external data center to the client system;

a second virtual machine handling second data associated with the first node, wherein the second data specifies at least one of a status, a version and a configuration of the first node;

a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine in association with a trusted platform module;

wherein the first virtual machine is configured to assess a state of the client system and identify a software update for installation on the first node based on a comparison of the first data and the second data, the software update configured to maintain identity between the first data and the second data; and

wherein the virtual machine manager is configured to conduct an attestation process to verify an identity of the external data center using the trusted platform module prior to authorizing the first virtual machine to install the software update on the first node using the second virtual machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client supported by remote maintenance in an electronic network configured to serve a plurality of clients may comprise a plurality of nodes, a first virtual machine (VM), a second virtual machine, and a virtual machine manager (VMM). The first VM may handle data associated with an external data center. The second VM may be associated with one of the plurality of nodes. The VMM may be configured to manage data transfer between the first VM and the second VM. The first VM may be configured to assess a state of the client system and identify a software update for installation on the one of the plurality of nodes. The software update may be configured to maintain identity between the data in the one of the plurality of nodes and the data center. The VMM may manage an attestation process prior to delivering or installing the software update on the client system using the first VM.

Citations

25 Claims

1. A client system comprising:
- a plurality of nodes, including a first node storing software for operation of the client system;
  
  a first virtual machine handling first data associated with an external data center, wherein the first data includes software update data delivered from the external data center to the client system;
  
  a second virtual machine handling second data associated with the first node, wherein the second data specifies at least one of a status, a version and a configuration of the first node;
  
  a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine in association with a trusted platform module;
  
  wherein the first virtual machine is configured to assess a state of the client system and identify a software update for installation on the first node based on a comparison of the first data and the second data, the software update configured to maintain identity between the first data and the second data; and
  
  wherein the virtual machine manager is configured to conduct an attestation process to verify an identity of the external data center using the trusted platform module prior to authorizing the first virtual machine to install the software update on the first node using the second virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The client system according to claim 1, wherein the client system is a mobile phone.
  - 3. The client system according to claim 2, wherein the first node comprises a subscriber identity module (SIM) card.
  - 4. The client system according to claim 1, wherein the software update is delivered wirelessly to the client system.
  - 5. The client system according to claim 1, wherein the first virtual machine interrogates the second virtual machine to verify the first node has received the software update.
  - 6. The client system according to claim 1, further comprising a log stored by the first virtual machine, the log identifying one or more software updates delivered to the client system.
  - 7. The client system according to claim 1, further comprising a log stored by the second virtual machine, the log identifying one or more software updates delivered to the client system.
  - 8. The client system according to claim 1, further comprising a log stored by the second virtual machine, the log identifying one or more software updates delivered to the client system and the log including a time-stamp associated with each software update.
  - 9. The client system according to claim 1, wherein delivery of the software update is controlled based on registered information associated with the client system.
  - 10. The client system according to claim 1, wherein delivery of the software update is controlled based on sensor data collected by a sensor in the client system.

11. An electronic network comprising:
- a client system having a plurality of nodes, including a first node storing software for operation of the client system;
  
  an external data center managing the first node;
  
  a first virtual machine on the client system, the first virtual machine handling first data associated with the external data center, wherein the first data includes software update data delivered from the external data center to the client system;
  
  a second virtual machine on the client system, the second virtual machine handling second data associated with the first node, wherein the second data specifies at least one of a status, a version and a configuration of the first node; and
  
  a virtual machine manager on the client system configured to manage data transfer between the first virtual machine and the second virtual machine in association with a trusted platform module;
  
  wherein the first virtual machine is configured to assess a state of the client system and identify a software update for installation from the external data center on the first node based on a comparison of the first data and the second data, the software update configured to maintain identity between the first data and the second data; and
  
  wherein the virtual machine manager is configured to complete an attestation process to verify an identity of the external data center using the trusted platform module prior authorizing the first virtual machine to install the software update on the first node using the second virtual machine.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The electronic network according to claim 11, wherein the client system is a mobile phone.
  - 13. The electronic network according to claim 12, wherein the first node comprises a subscriber identity module (SIM) card.
  - 14. The electronic network according to claim 11, wherein the software update is delivered wirelessly to the client system.
  - 15. The electronic network according to claim 11, wherein the first virtual machine interrogates the second virtual machine to verify the first node has received the software update.
  - 16. The electronic network according to claim 11, further comprising a log stored by the first virtual machine, the log identifying one or more software updates delivered to the client system.
  - 17. The electronic network according to claim 11, further comprising a log stored by the second virtual machine, the log identifying one or more software updates delivered to the client system.
  - 18. The electronic network according to claim 11, further comprising a log stored by the second virtual machine, the log identifying one or more software updates delivered to the client system and the log including a time-stamp associated with each software update.

19. A method of performing remote maintenance in an electronic network configured to serve a plurality of client systems, the method comprising:
- operating a data center having a database of software associated with a plurality of nodes in a client system, including a first node storing software for operation of the client system;
  
  communicating with a first virtual machine hosted by the client system, the first virtual machine handling a first data set associated with the data center, wherein the first data set includes software update data delivered from the external data center to the client system;
  
  receiving a request from the first virtual machine identifying a software update for delivery to the first node;
  
  sending the software update to the first virtual machine using a closed network;
  
  authorizing the first virtual machine to install the software update on the client system using a second virtual machine associated with the first node, wherein the second virtual machine handles second data specifying at least one of a status, a version and a configuration of the first node; and
  
  the first virtual machine and the second virtual machine communicating through a virtual machine manager on the client system in association with a trusted platform module, wherein the virtual machine manager is configured to complete an attestation process to verify an identity of the data center using the trusted platform module prior authorizing the first virtual machine to install the software update on the first node using the second virtual machine.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method according to claim 19, wherein the client system is a mobile phone.
  - 21. The method according to claim 19, wherein the first node comprises a subscriber identity module (SIM) card.
  - 22. The method according to claim 19, wherein the software update is delivered wirelessly to the client system.
  - 23. The method according to claim 19, wherein the first virtual machine operates to interrogate the second virtual machine to verify the client system has received the software update.

24. A method of requesting and receiving software updates, the method comprising:
- hosting a first virtual machine and a second virtual machine on a client system;
  
  the first virtual machine handling a first data set associated with an external data center, wherein the first data set includes software update data delivered from the external data center to the client system;
  
  the second virtual machine handling a second data set associated with a node in the client system wherein the second data set specifies at least one of a status, a version and a configuration of the node;
  
  operating a virtual machine manager configured to manage communication between the first virtual machine and the second virtual machine in association with a trusted platform module;
  
  recognizing the first data set is out of identity with the second data set;
  
  identifying a software update for delivery to the node, the software update configured to restore identity between the first data set and the second data set;
  
  requesting the software update from the external data center;
  
  receiving the software update from the external data center to the first virtual machine;
  
  after receiving the software update, installing the software update on the node by the second virtual machine;
  
  the first virtual machine and the second virtual machine communicating through a virtual machine manager on the client system in association with a trusted platform module, wherein the virtual machine manager is configured to complete an attestation process to verify an identity of the external data center using the trusted platform module prior authorizing the first virtual machine to install the software update on the first node using the second virtual machine.
- View Dependent Claims (25)
- - 25. The method according to claim 24, wherein the client system comprises a mobile phone and the node comprises a subscriber identity module (SIM) card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Kotani, Seigo, Suzuki, Masato
Primary Examiner(s)
An, Meng
Assistant Examiner(s)
Huaracha, Willy W

Application Number

US14/713,675
Publication Number

US 20150261554A1
Time in Patent Office

858 Days
Field of Search

718 1
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 2009/4557   Distribution of virtual mac...

G06F 21/32   using biometric data, e.g. ...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2151   Time stamp

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/123   received data contents, e.g...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

H04L 9/0897   involving additional device...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3297 : involving time stamps, e.g....

H04W 12/10 : Integrity

H04W 12/61 : Time-dependent

View All

System and methods for remote maintenance in an electronic network with multiple clients

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for remote maintenance in an electronic network with multiple clients

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links