VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES

US 20140019750A1
Filed: 07/12/2012
Published: 01/16/2014
Est. Priority Date: 07/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a virtual gateway, a message destined for a target virtual machine of a plurality of virtual machines;

identifying a community-of-interest corresponding to the target virtual machine;

encrypting the message with a key assigned to the identified community-of-interest; and

transmitting the encrypted message to the target virtual machine.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine'"'"'s COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices.

Citations

20 Claims

1. A method, comprising:
- receiving, by a virtual gateway, a message destined for a target virtual machine of a plurality of virtual machines;
  
  identifying a community-of-interest corresponding to the target virtual machine;
  
  encrypting the message with a key assigned to the identified community-of-interest; and
  
  transmitting the encrypted message to the target virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, in which the community-of-interest (COI) is at least one of a web tier COI, an application COI, a database COI, and an administrative COI.
  - 3. The method of claim 1, in which the message is received from an unencrypted network.
  - 4. The method of claim 1, further comprising, when the identified community-of-interest is not common with a community-of-interest assigned to the virtual gateway, dropping the message.
  - 5. The method of claim 1, further comprising, when the message has a characteristic matching a defined rule of the virtual gateway, dropping the message.
  - 6. The method of claim 5, in which the characteristic comprises at least one of a source address, a destination address, a source port, and a destination port.
  - 7. The method of claim 1, further comprising receiving a request for a dynamic license from the virtual machine.

8. A computer program product, comprising:
- a non-transitory computer readable medium comprising;
  
  code to receive, by a virtual gateway, a message destined for a target virtual machine of a plurality of virtual machines;
  
  code to identify a community-of-interest corresponding to the target virtual machine;
  
  code to encrypt the message with a key assigned to the identified community-of-interest; and
  
  code to transmit the encrypted message to the target virtual machine.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, in which the community-of-interest (COI) is at least one of a web tier COI, an application COI, a database COI, and an administrative COI.
  - 10. The computer program product of claim 8, in which the message is received from an unencrypted network.
  - 11. The computer program product of claim 8, in which the medium further comprises code to, when the identified community-of-interest is not common with a community-of-interest assigned to the virtual gateway, drop the message.
  - 12. The computer program product of claim 8, in which the medium further comprises code to, when the message has a characteristic matching a defined rule of the virtual gateway, drop the message.
  - 13. The computer program product of claim 12, in which the characteristic comprises at least one of a source address, a destination address, a source port, and a destination port.
  - 14. The computer program product of claim 12, in which the medium further comprises code to receive a request for a dynamic license from the virtual machine.

15. An apparatus, comprising:
- a memory;
  
  a network interface; and
  
  a processor coupled to the memory and to the network interface, in which the processor is configured;
  
  to receive, by a virtual gateway, a message destined for a target virtual machine of a plurality of virtual machines;
  
  to identify a community-of-interest corresponding to the target virtual machine;
  
  to encrypt the message with a key assigned to the identified community-of-interest; and
  
  to transmit the encrypted message to the target virtual machine through the network interface.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, in which the message is received, through the network interface, from an unencrypted network.
  - 17. The apparatus of claim 15, in which the processor is further configured to, when the identified community-of-interest is not common with a community-of-interest assigned to the virtual gateway, drop the message.
  - 18. The apparatus of claim 15, in which the processor is further configured to, when the message has a characteristic matching a defined rule of the virtual gateway, drop the message.
  - 19. The apparatus of claim 15, in which the characteristic comprises at least one of a source address, a destination address, a source port, and a destination port.
  - 20. The apparatus of claim 15, in which the processor is further configured to receive a request for a dynamic license from the virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Fontana, James A., Johnson, Robert A., Narisi, Anthony, Dodgson, David S., Farlan, Ralph, Maw, David

Granted Patent

US 9,819,658 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0471   applying encryption by an i...

H04L 63/104   Grouping of entities

VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links