专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08656482B1 Secure communication using a trusted virtual machine 有权
标题翻译：使用可信虚拟机进行安全通信
公开(公告)号：US08656482B1
公开(公告)日：2014-02-18
申请号：US13590119
申请日：2012-08-20
申请人： Raul V. Tosa , Sandor Lukacs , Dan H. Lutas
发明人： Raul V. Tosa , Sandor Lukacs , Dan H. Lutas
IPC分类号： H04L12/22 , H04L12/12
CPC分类号： G06F9/45558 , G06F21/53 , G06F21/60 , G06F21/606 , H04L63/08
摘要： A client system, such as a computer or a smartphone, securely exchanges sensitive information with a remote service provider computer system such as a bank or an online retailer. The client system executes a commercially available operating system in an untrusted virtual machine (VM), which may be affected by malware. A hypervisor is configured to launch a trusted, malware-free VM from an authenticated image stored on computer-readable media used by the untrusted VM. The trusted VM executes a thin operating system with minimal functionality, to manage a secure communication channel with the remote server system, wherein sensitive communication is encrypted. Data from the trusted VM is forwarded via the hypervisor to a network interface driver of the untrusted VM for transmission to the remote service provider. The service provider may perform a remote attestation of the client system to determine whether it operates a trusted VM.
摘要翻译：诸如计算机或智能电话的客户端系统与诸如银行或在线零售商的远程服务提供商计算机系统安全地交换敏感信息。客户端系统在不受信任的虚拟机（VM）中执行可能受恶意软件影响的市售操作系统。虚拟机管理程序被配置为从存储在不受信任的VM使用的计算机可读介质上的经认证的映像启动受信任的无恶意软件的虚拟机。受信任的VM以最小的功能执行瘦操作系统，以管理与远程服务器系统的安全通信信道，其中对敏感通信进行加密。来自可信VM的数据经由管理程序转发到不受信任的VM的网络接口驱动程序，用于传输到远程服务提供商。服务提供商可以执行客户端系统的远程认证以确定其是否操作受信任的VM。

2. 发明申请

US20140053272A1 Multilevel Introspection of Nested Virtual Machines 审中-公开
标题翻译：嵌套虚拟机的多层次反思
公开(公告)号：US20140053272A1
公开(公告)日：2014-02-20
申请号：US13590098
申请日：2012-08-20
申请人： Sandor LUKACS , Dan H. LUTAS , Raul V. TOSA
发明人： Sandor LUKACS , Dan H. LUTAS , Raul V. TOSA
IPC分类号： G06F21/00 , G06F9/455
CPC分类号： G06F21/53 , G06F9/45558 , G06F2009/45566 , G06F2221/2145 , G06F2221/2149
摘要： Described systems and methods allow software introspection and/or anti-malware operations in a hardware virtualization system comprising a nested hierarchy of hypervisors and virtual machines, wherein introspection is carried out to any level of the hierarchy from a central location on a host hypervisor. An introspection engine intercepts a processor event occurring in a virtual machine exposed by a nested hypervisor, to determine an address of a software object executing on the respective virtual machine. The address is progressively translated down through all levels of the virtualization hierarchy, to an address within a memory space controlled by the host hypervisor. Anti-malware procedures can thus be performed from the level of the host hypervisor, and may comprise techniques such as signature matching and/or protecting certain areas of memory of the nested virtual machine.
摘要翻译：描述的系统和方法允许在包括虚拟机管理程序和虚拟机的嵌套层次结构的硬件虚拟化系统中进行软件内省和/或反恶意软件操作，其中内部从主机管理程序的中心位置执行到层级的任何级别。内省引擎拦截由嵌套管理程序公开的虚拟机中发生的处理器事件，以确定在相应虚拟机上执行的软件对象的地址。该地址逐渐向下翻译，通过虚拟化层次结构的所有级别转换为由主机管理程序控制的内存空间内的地址。因此，可以从主机管理程序的级别执行反恶意程序，并且可以包括诸如签名匹配和/或保护嵌套虚拟机的某些存储区域的技术。

3. 发明申请

US20140053245A1 SECURE COMMUNICATION USING A TRUSTED VIRTUAL MACHINE 有权
标题翻译：使用信号虚拟机的安全通信
公开(公告)号：US20140053245A1
公开(公告)日：2014-02-20
申请号：US13590119
申请日：2012-08-20
申请人： Raul V. TOSA , Sandor LUKACS , Dan H. LUTAS
发明人： Raul V. TOSA , Sandor LUKACS , Dan H. LUTAS
IPC分类号： H04L29/06
CPC分类号： G06F9/45558 , G06F21/53 , G06F21/60 , G06F21/606 , H04L63/08
摘要： A client system, such as a computer or a smartphone, securely exchanges sensitive information with a remote service provider computer system such as a bank or an online retailer. The client system executes a commercially available operating system in an untrusted virtual machine (VM), which may be affected by malware. A hypervisor is configured to launch a trusted, malware-free VM from an authenticated image stored on computer-readable media used by the untrusted VM. The trusted VM executes a thin operating system with minimal functionality, to manage a secure communication channel with the remote server system, wherein sensitive communication is encrypted. Data from the trusted VM is forwarded via the hypervisor to a network interface driver of the untrusted VM for transmission to the remote service provider. The service provider may perform a remote attestation of the client system to determine whether it operates a trusted VM.
摘要翻译：诸如计算机或智能电话的客户端系统与诸如银行或在线零售商的远程服务提供商计算机系统安全地交换敏感信息。客户端系统在不受信任的虚拟机（VM）中执行可能受恶意软件影响的市售操作系统。虚拟机管理程序被配置为从存储在不受信任的VM使用的计算机可读介质上的经认证的映像启动受信任的无恶意软件的虚拟机。受信任的VM以最小的功能执行瘦操作系统，以管理与远程服务器系统的安全通信信道，其中对敏感通信进行加密。来自可信VM的数据经由管理程序转发到不受信任的VM的网络接口驱动程序，用于传输到远程服务提供商。服务提供商可以执行客户端系统的远程认证以确定其是否操作受信任的VM。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式