What technology area does this patent fall under?

Primary CPC classification G06F9/455. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Aug 04 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Computational asset identification without predetermined identifiers

US9098318B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9098318-B2
Application number	US-201113294813-A
Country	US
Kind code	B2
Filing date	Nov 11, 2011
Priority date	Nov 11, 2011
Publication date	Aug 4, 2015
Grant date	Aug 4, 2015

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender's knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce. When such knowledge is disproven, the manager treats the computational asset as a duplicate of the one that was originally associated with the computational asset authenticator value.

First claim

Opening claim text (preview).

What is claimed is: 1. A system for communicating with a plurality of virtual machines (VMs) in a computing system, the system comprising: a plurality of host computing devices executing a plurality of VMs; and a management device coupled in communication with the host computing devices and configured to: negotiate an expected transaction nonce with a first VM of the plurality of VMs, wherein the first VM is enrolled by the management device and associated with a first VM authenticator value; receive a transaction request from a sender VM of the plurality of VMs, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce, wherein the first VM authenticator value and the transaction nonce are used to authenticate the sender VM; upon determining that the transaction nonce associated with the transaction request is equal to the expected transaction nonce, enroll the sender VM as the first VM; receive a second transaction request from a second sender VM of the plurality of VMs, wherein the second transaction request is associated with the first VM authenticator value and a second transaction nonce, wherein the first VM authenticator value and the second transaction nonce are used to authenticate the second sender VM; and upon determining that the second transaction nonce associated with the second transaction request is equal to the expected transaction nonce, enroll the second sender VM as a duplicate of the first VM. 2. The system of claim 1 , wherein the management device is configured to enroll the sender VM at least in part by: transmitting an enrollment invitation to the sender VM, wherein the enrollment invitation includes a manager authenticator value associated with the management device; and receiving an enrollment request from the sender VM, wherein the enrollment request includes the second VM authenticator value that is associated with the sender VM. 3. The system of claim 1 , wherein the negotiated transaction nonce is a first negotiated transaction nonce, and the management device is further configured to negotiate a second transaction nonce with the sender VM. 4. The system of claim 3 , wherein the transaction request is a first transaction request received from a first sender VM, and the management device is further configured to: receive a second transaction request from a second sender VM of the plurality of VMs, wherein the second transaction request is associated with the second VM authenticator value and a transaction nonce; when the transaction nonce associated with the second transaction request is equal to the previously negotiated second expected transaction nonce, transmit a transaction result to the second VM based on the second transaction request; and when the transaction nonce associated with the second transaction request is not equal to the previously negotiated second expected transaction nonce, enroll the sender VM as a third VM, wherein the third VM is associated with a third VM authenticator value. 5. The system of claim 1 , wherein the management device is further configured to: generate a random value; and negotiate the transaction nonce with the first VM based on the generated random value. 6. The system of claim 5 , wherein the management device is further configured to negotiate the transaction nonce with the first VM based further on the first VM authenticator value. 7. The system of claim 5 , wherein the management device is further configured to negotiate the transaction nonce with the first VM based further on a manager authenticator value associated with the management device. 8. The system of claim 1 , wherein the sender VM is authenticated, and the management device is further configured to negotiate a second expected transaction nonce with the sender VM based on the first expected transaction nonce. 9. A method comprising: negotiating an expected transaction nonce with a first VM, wherein the first VM is associated with a first VM authenticator value; receiving, by a computing device executing a receiver software application, a transaction request from a sender software application, wherein the transaction request is associated with the first VM authenticator value and a transaction nonce that are used to authenticate the sender software application; upon determining that the transaction nonce associated with the transaction request is equal to the expected transaction nonce, enrolling the sender VM as an original VM; receiving a second transaction request from a second sender, wherein the second transaction request is associated with the first VM authenticator value and a second transaction nonce, wherein the first VM authenticator value and the second transaction nonce are used to authenticate the second sender VM; and upon determining that the second transaction nonce associated with the second transaction request is equal to the expected transaction nonce, enrolling the second sender VM as a duplicate of the original VM. 10. The method of claim 9 , wherein the sender software application is a manager software application and the receiver software application is a computational asset managed by the manager software application, the method further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce: generating by the computing device a computational asset authenticator value; and transmitting by the computing device an enrollment request to the manager software application, wherein the enrollment request is associated with the generated computational asset authenticator value. 11. The method of claim 9 , wherein the receiver software application is a manager software application, the sender software application is a computational asset managed by the manager software application, and the computational asset value is a first computational asset value, the method further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, enrolling by the manager software application the computational asset, wherein the computational asset is associated with a second computational asset authenticator value different from the first computational asset authenticator value. 12. The method of claim 11 , further comprising, when the transaction nonce associated with the transaction request is not equal to the first expected transaction nonce, determining by the computing device a second expected transaction nonce associated with the first computational asset authenticator value. 13. The method of claim 11 , wherein the transaction request includes a sequence number, the method further comprising: associating with the authenticator value an expected sequence number; and validating the transaction request at least in part by determining whether the sequence number of the transaction request is equal to the expected sequence number. 14. The method of claim 9 , wherein determining the expected transaction nonce comprises negotiating a transaction nonce based on a first authenticator value associated with the receiver software application and a second authenticator value associated with the sender software application. 15. The method of claim 9 , wherein determining the first expected transaction nonce comprises negotiating a transaction nonce between the receiver software application and the sender software application based on a random value generated by the receiver software application. 16. One or more non-transitory computer-readable storage med

Assignees

Inventors

Frascadore Gregory

Classifications

G06F9/455Primary
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
G06F21/30
Authentication, i.e. establishing the identity or authorisation of security principals · CPC title
H04L41/40Primary
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
H04L41/0816
the condition being an adaptation, e.g. in response to network events · CPC title

Patent family

Related publications grouped by family.

View patent family 48281935

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9098318B2 cover?: Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once)…
Who is the assignee on this patent?: Frascadore Gregory, Vmware Inc
What technology area does this patent fall under?: Primary CPC classification G06F9/455. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Aug 04 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).