Virtual machine monitor providing secure cryptographic operations
US-11537421-B1 · Dec 27, 2022 · US
Pre-boot authentication for virtual machines using credentials stored in virtual trusted platform modules
US11829482B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11829482-B2 |
| Application number | US-202117381337-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 21, 2021 |
| Priority date | Jun 8, 2021 |
| Publication date | Nov 28, 2023 |
| Grant date | Nov 28, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An apparatus comprises a processing device configured to receive, at a host operating system of a virtual machine host, a request to execute a virtual machine and to obtain, from a virtual trusted platform module running on the virtual machine host, credentials for logging in to a guest operating system of the virtual machine. The processing device is further configured to provide, to pre-boot authentication software associated with the virtual machine, the credentials obtained from the virtual trusted platform module, and to automatically log in to the guest operating system of the virtual machine utilizing the pre-boot authentication software and the provided credentials.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: at least one processing device comprising a processor coupled to a memory; the at least one processing device being configured to perform steps of: receiving, at a host operating system of a virtual machine host, a request to execute a virtual machine; obtaining, from a virtual trusted platform module running on the virtual machine host and external to the virtual machine, credentials for logging in to a guest operating system of the virtual machine; providing, to pre-boot authentication software associated with the virtual machine, the credentials obtained from the virtual trusted platform module; and automatically logging in to the guest operating system of the virtual machine utilizing the pre-boot authentication software and the provided credentials. 2. The apparatus of claim 1 wherein the virtual machine host comprises a bare metal hypervisor running on a host device. 3. The apparatus of claim 1 wherein the virtual machine host comprises a hypervisor running within the host operating system. 4. The apparatus of claim 1 wherein the virtual machine host comprises a hypervisor running within another virtual machine. 5. The apparatus of claim 1 wherein the virtual machine comprises a nested virtual machine that executes inside of a virtualized computing environment of the virtual machine host. 6. The apparatus of claim 5 wherein the nested virtual machine is installed on a root virtual machine of the virtualized computing environment. 7. The apparatus of claim 1 wherein the credentials comprise access credentials for a given user in a given domain, and wherein the access credentials for the given user in the given domain are the same for the host operating system of the virtual machine host and the guest operating system of the virtual machine. 8. The apparatus of claim 1 wherein the credentials comprise single sign-on credentials provided via an authentication server external to the virtual machine host. 9. The apparatus of claim 8 wherein the credentials comprise a token generated by the authentication server external to the virtual machine host. 10. The apparatus of claim 9 wherein the token is stored in encrypted form in the virtual trusted platform module utilizing a secret key of the virtual trusted platform module. 11. The apparatus of claim 1 wherein the credentials comprise local user authentication credentials. 12. The apparatus of claim 11 wherein the local user authentication credentials comprise lightweight directory access protocol authentication credentials. 13. The apparatus of claim 1 wherein the credentials comprise a private key generated by the pre-boot authentication software during a previous boot of the virtual machine, and wherein the private key is stored in encrypted form in the virtual trusted platform module utilizing a secret key of the virtual trusted platform module. 14. The apparatus of claim 1 wherein providing the credentials obtained from the virtual trusted platform module to the pre-boot authentication software running on the virtual machine comprises: creating a user authentication tunnel between the virtual trusted platform module and the virtual machine; and passing the credentials over the user authentication tunnel between the virtual trusted platform module and the virtual machine. 15. A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes the at least one processing device to perform steps of: receiving, at a host operating system of a virtual machine host, a request to execute a virtual machine; obtaining, from a virtual trusted platform module running on the virtual machine host and external to the virtual machine, credentials for logging in to a guest operating system of the virtual machine; providing, to pre-boot authentication software associated with the virtual machine, the credentials obtained from the virtual trusted platform module; and automatically logging in to the guest operating system of the virtual machine utilizing the pre-boot authentication software and the provided credentials. 16. The computer program product of claim 15 wherein the credentials comprise a private key generated by the pre-boot authentication software during a previous boot of the virtual machine, and wherein the private key is stored in encrypted form in the virtual trusted platform module utilizing a secret key of the virtual trusted platform module. 17. The computer program product of claim 15 wherein providing the credentials obtained from the virtual trusted platform module to the pre-boot authentication software running on the virtual machine comprises: creating a user authentication tunnel between the virtual trusted platform module and the virtual machine; and passing the credentials over the user authentication tunnel between the virtual trusted platform module and the virtual machine. 18. A method comprising: receiving, at a host operating system of a virtual machine host, a request to execute a virtual machine; obtaining, from a virtual trusted platform module running on the virtual machine host and external to the virtual machine, credentials for logging in to a guest operating system of the virtual machine; providing, to pre-boot authentication software associated with the virtual machine, the credentials obtained from the virtual trusted platform module; and automatically logging in to the guest operating system of the virtual machine utilizing the pre-boot authentication software and the provided credentials; wherein the method is performed by at least one processing device comprising a processor coupled to a memory. 19. The method of claim 18 wherein the credentials comprise a private key generated by the pre-boot authentication software during a previous boot of the virtual machine, and wherein the private key is stored in encrypted form in the virtual trusted platform module utilizing a secret key of the virtual trusted platform module. 20. The method of claim 18 wherein providing the credentials obtained from the virtual trusted platform module to the pre-boot authentication software running on the virtual machine comprises: creating a user authentication tunnel between the virtual trusted platform module and the virtual machine; and passing the credentials over the user authentication tunnel between the virtual trusted platform module and the virtual machine.
Assignees
Inventors
Classifications
- G06F21/575Primary
Secure boot · CPC title
Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
User authentication · CPC title
by adding security routines or objects to programs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11829482B2 cover?
- An apparatus comprises a processing device configured to receive, at a host operating system of a virtual machine host, a request to execute a virtual machine and to obtain, from a virtual trusted platform module running on the virtual machine host, credentials for logging in to a guest operating system of the virtual machine. The processing device is further configured to provide, to pre-boot …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 28 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).