SECURED LIVE SOFTWARE MIGRATION

US 20090132804A1
Filed: 11/21/2007
Published: 05/21/2009
Est. Priority Date: 11/21/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system to support secured live migration of software, comprising:

an encryption component embodied in a machine readable medium;

a decryption component embodied in a machine readable medium;

a software component running at a first host;

a secured live migration engine wherein, in operation;

encrypts one or more pages of the software component running at the first host via the encryption component;

migrates the software component live from the first host to a second host over a network;

decrypts the one or more encrypted pages of the software component at the second host via the decryption component;

keeps the software component operational during the encrypting, migrating, and decrypting steps.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A novel approach is introduced for secured live migration of a software component currently running on one hosting device to another hosting device. One or more pages of the software component are encrypted before migration of the software component, and are later decrypted after the migration is complete. The software component is kept operational during the encryption, migration, and decryption of the software component. The one or more pages to be encrypted and decrypted can be selected based on data sensitivity and/or other criteria.

119 Citations

View as Search Results

22 Claims

1. A system to support secured live migration of software, comprising:
- an encryption component embodied in a machine readable medium;
  
  a decryption component embodied in a machine readable medium;
  
  a software component running at a first host;
  
  a secured live migration engine wherein, in operation;
  
  encrypts one or more pages of the software component running at the first host via the encryption component;
  
  migrates the software component live from the first host to a second host over a network;
  
  decrypts the one or more encrypted pages of the software component at the second host via the decryption component;
  
  keeps the software component operational during the encrypting, migrating, and decrypting steps.
- View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein:
    - the first or second host is one of;
      
      a laptop PC, a desktop PC, a tablet PC, a PDA, an iPod, a server machine, a mobile phone, and any electronic device capable of running the software component.
  - 3. The system of claim 1, wherein:
    - the network is one of;
      
      TCP/IP network, internet, intranet, WAN, LAN, wireless network, Bluetooth, and mobile communication network.
  - 7. The system of claim 1, wherein:
    - the secured live migration engine migrates the software component to balance load on available physical resources on the first and the second host.
  - 8. The system of claim 1, wherein:
    - the secured live migration engine encrypts and decrypts every page of the software component.
  - 9. The system of claim 1, wherein:
    - the secured live migration engine encrypts and decrypts only the one or more pages of the software component containing sensitive information.
  - 10. The system of claim 1, wherein:
    - the sensitive information includes sensitive user data and/or one or more cryptographic keys to access the data.
  - 11. The system of claim 1, wherein:
    - the secured live migration engine selects the one or more pages of the software component to be encrypted and decrypted and skips a portion of the software component for encryption and decryption based on one or more of;
      
      address range of the one or more pages, content, and owner of the software component.
  - 12. The system of claim 11, wherein:
    - the skipped portion includes an installed driver and/or an application not containing or dealing with sensitive data of the software component.
  - 13. The system of claim 1, wherein:
    - the secured live migration engine wherein, in operation;
      
      signs one or more pages of the software component running on the first host before migrating the software component to the second host;
      
      verifies the signed one or more pages of the software component after migrating the software component to the second host.

4. A system to support secured live migration of virtual machine, comprising:
- an encryption component plugged-in on a first virtual machine monitor operating on a first host;
  
  a decryption component plugged-in on a second virtual machine monitor operating on a second host;
  
  a virtual machine running at the first host;
  
  a live secured live migration engine wherein, in operation;
  
  encrypts one or more pages of image of the virtual machine running at the first host via the encryption component;
  
  migrates the virtual machine live from the first host to a second host over a network;
  
  decrypts the one or more encrypted pages of the image of the virtual machine at the second host via the decryption component;
  
  keeps the software component operational during the encrypting, migrating, and decrypting steps.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4, wherein:
    - the first or second virtual machine monitor is VMWare, Xen, or other virtualization product.
  - 6. The system of claim 4, wherein:
    - the first and the second virtual machine monitors monitor and/or manage the virtual machine'"'"'s operation on the first and the second hosts, respectively.

14. A method to support secured live migration of software, comprising:
- encrypting one or more pages of a software component running at a first host;
  
  migrating the software component live from the first host to a second host over a network;
  
  decrypting the one or more encrypted pages of the software component at the second host;
  
  keeping the software component operational during the encrypting, migrating, and decrypting steps.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 14, further comprising:
    - migrating the software component to balance load on available physical resources on the first and the second host.
  - 17. The method of claim 14, further comprising:
    - monitoring and/or managing operation of the software component on the first and the second hosts, respectively.
  - 18. The method of claim 14, further comprising:
    - encrypting and decrypting every page of the software component.
  - 19. The method of claim 14, further comprising:
    - encrypting and decrypting only the one or more pages of the software component containing sensitive information.
  - 20. The method of claim 14, further comprising:
    - selecting the one or more pages of the software component to be encrypted and decrypted based on one or more of;
      
      address range, content, and owner of the software component.
  - 21. The method of claim 14, further comprising:
    - signing one or more pages of the software component running on the first host before migrating the software component to the second host;
      
      verifying the signed one or more pages of the software component after migrating the software component to the second host.

15. A method to support secured live migration of virtual machine, comprising:
- encrypting one or more pages of image of a virtual machine running at a first host;
  
  migrating the virtual machine live from the first host to a second host over a network;
  
  decrypting the one or more encrypted pages of the image of the virtual machine at the second host;
  
  keeping the software component operational during the encrypting, migrating, and decrypting steps.

22. A system to support secured live migration of software, comprising:
- means for encrypting one or more pages of the software component running at the first host before migration of the software component;
  
  means for migrating the software component live from the first host to a second host over a network;
  
  means for decrypting the one or more encrypted pages of the software component at the second host after migration of the software component;
  
  means for keeping the software component operational and/or the migration transparent to a user of the software component during the encrypting, migrating, and decrypting steps.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Paul, Prabir, Vempati, Anil

Application Number

US11/944,354
Publication Number

US 20090132804A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 9/5077   Logical partitioning of res...

G06F 9/5088   involving task migration

SECURED LIVE SOFTWARE MIGRATION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURED LIVE SOFTWARE MIGRATION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links