Provisioning virtual machines from template by splitting and building index for locating content portions via content-centric network
US-9021478-B1 · Apr 28, 2015 · US
Distributing and verifying authenticity of virtual macahine images and virtual machine image reposiroty using digital signature based on signing policy
US9396006B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9396006-B2 |
| Application number | US-201213651266-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 12, 2012 |
| Priority date | Oct 1, 2012 |
| Publication date | Jul 19, 2016 |
| Grant date | Jul 19, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer implemented method distributes a virtual machine image. A request for a virtual machine image is received. Responsive to receiving the request or the virtual machine image, the authenticity of a virtual machine image catalog associated with the virtual machine image is identified. Responsive to identifying that the virtual machine image catalog is authentic, a first digital signature to be sent with the virtual machine image is determined. Responsive to determining the signature, the virtual machine image and the signature is sent.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for distributing and verifying authenticity of virtual machine images using digital signatures, the computer-implemented method comprising: dividing, by a computer, a virtual machine image into a plurality of chunks based on operating system pages of the virtual machine image; representing, by the computer, the plurality of chunks of the virtual machine image as a graph, each chunk of the plurality of chunks is represented as a node in the graph and an edge between two nodes in the graph represents a dependency between two chunks represented by the two nodes; signing, by the computer, the graph representing the plurality of chunks of the virtual machine image with a first digital signature; receiving, by the computer, a request for the virtual machine image from a client hypervisor; responsive to receiving the request for the virtual machine image, identifying, by the computer, whether a virtual machine image repository is authentic, wherein the virtual machine image repository contains the virtual machine image; responsive to identifying that the virtual machine image repository is authentic, determining, by the computer, a particular type of the first digital signature to send with the virtual machine image based on a signing policy that includes one or more rules used to determine a specific signing scheme; and responsive to determining the particular type of the first digital signature to send with the virtual machine image, sending, by the computer, the virtual machine image and the first digital signature of that particular type to the client hypervisor that provisions a virtual machine to execute using the virtual machine image. 2. The computer-implemented method of claim 1 , wherein the virtual machine image repository is identified as authentic by verifying a second digital signature that corresponds to the virtual machine image repository. 3. The computer-implemented method of claim 2 , further comprising: further responsive to identifying that the virtual machine repository is authentic, identifying, by the computer, whether the virtual machine image is authentic. 4. The computer-implemented method of claim 3 , wherein the virtual machine image is identified as authentic by verifying the first digital signature that corresponds to the graph representing the plurality of chunks of the virtual machine image. 5. The computer-implemented method of claim 1 , wherein the particular type of the first digital signature is selected from a group consisting of an existing digital signature of the graph representing the plurality of chunks of the virtual machine image, a redacted digital signature of the graph representing the plurality of chunks of the virtual machine image, an aggregated digital signature of the graph representing the plurality of chunks of the virtual machine image, and a sanitized digital signature of the graph representing the plurality of chunks of the virtual machine image. 6. A computer program product for distributing and verifying authenticity of virtual machine images using digital signatures, the computer program product comprising a computer readable hardware storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to: divide, by the computer, a virtual machine image into a plurality of chunks based on operating system pages of the virtual machine image; represent, by the computer, the plurality of chunks of the virtual machine image as a graph, each chunk of the plurality of chunks is represented as a node in the graph and an edge between two nodes in the graph represents a dependency between two chunks represented by the two nodes; sign, by the computer, the graph representing the plurality of chunks of the virtual machine image with a first digital signature; receive, by the computer, a request for the virtual machine image from a client hypervisor; identify, by the computer, whether a virtual machine image repository is authentic in response to receiving the request for the virtual machine image, wherein the virtual machine image repository contains the virtual machine image; determine, by the computer, a particular type of the first digital signature to send with the virtual machine image based on a signing policy that includes one or more rules used to determine a specific signing scheme in response to identifying that the virtual machine image repository is authentic; and send, by the computer, the virtual machine image and the first digital signature of that particular type to the client hypervisor that provisions a virtual machine to execute using the virtual machine image in response to determining the particular type of the first digital signature to send with the virtual machine image. 7. The computer program product of claim 6 , wherein the virtual machine image repository image is identified as authentic by verifying a second digital signature that corresponds to the virtual machine image repository. 8. The computer program product of claim 7 , further comprising: identify, by the computer, whether the virtual machine image is authentic in further response to identifying that the virtual machine repository is authentic. 9. The computer program product of claim 8 , wherein the virtual machine image is identified as authentic by verifying the first digital signature that corresponds to the graph representing the plurality of chunks of the virtual machine image. 10. The computer program product of claim 6 , wherein the particular type of the first digital signature is selected from a group consisting of an existing digital signature of the graph representing the plurality of chunks of the virtual machine image, a redacted digital signature of the graph representing the plurality of chunks of the virtual machine image, an aggregated digital signature of the graph representing the plurality of chunks of the virtual machine image, and a sanitized digital signature of the graph representing the plurality of chunks of the virtual machine image. 11. A computer for distributing and verifying authenticity of virtual machine images using digital signatures, the computer comprising: a bus; a hardware storage device connected to the bus, wherein the hardware storage device stores program instructions; and a processor connected to the bus, wherein the processor executes the program instructions to: divide a virtual machine image into a plurality of chunks based on operating system pages of the virtual machine image; represent the plurality of chunks of the virtual machine image as a graph, each chunk of the plurality of chunks is represented as a node in the graph and an edge between two nodes in the graph represents a dependency between two chunks represented by the two nodes; sign the graph representing the plurality of chunks of the virtual machine image with a first digital signature; receive a request for the virtual machine image from a client hypervisor; identify whether a virtual machine image repository is authentic in response to receiving the request for the virtual machine image, wherein the virtual machine image repository contains the virtual machine image; determine a particular type of the first digital signature to send with the virtual machine image based on a signing policy that includes one or more rules used to determine a specific signing scheme in response to identifying that the virtual machine image repository is authentic; and send the virtual machine image and the first digital signature of that particular type to the client hypervisor that provisions a virtual machine to execute using the virtu
Assignees
Inventors
Classifications
- G06F9/455Primary
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Isolation or security of virtual machine instances · CPC title
Distribution of virtual machine instances; Migration and load balancing · CPC title
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9396006B2 cover?
- A computer implemented method distributes a virtual machine image. A request for a virtual machine image is received. Responsive to receiving the request or the virtual machine image, the authenticity of a virtual machine image catalog associated with the virtual machine image is identified. Responsive to identifying that the virtual machine image catalog is authentic, a first digital signature…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F9/455. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).