What technology area does this patent fall under?

Primary CPC classification G06F21/83. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and systems for allocating a USB device to a trusted virtual machine or a non-trusted virtual machine

US9507615B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9507615-B2
Application number	US-201314101010-A
Country	US
Kind code	B2
Filing date	Dec 9, 2013
Priority date	Dec 14, 2009
Publication date	Nov 29, 2016
Grant date	Nov 29, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The methods and systems described herein provide for allocating a universal serial bus (USB) device to one of a trusted virtual machine and a non-trusted virtual machine. A control program receives data indicating a USB port on the computing machine received a USB device and identifies at least one attribute of the USB device. The control program selects, based on application of a policy to the identified at least one device attribute, one of a trusted virtual machine and a non-trusted virtual machine executing. The control program grants, to the virtual machine selected by the control program, access to the USB device.

First claim

Opening claim text (preview).

What is claimed: 1. A method for allocating at least one universal serial bus (USB) device to one of a trusted virtual machine and a non-trusted virtual machine, in a computing device executing a hypervisor hosting the trusted virtual machine and the non-trusted virtual machine, the method comprising: establishing, by a control program executed by a processor of the computing device, a trust level of a virtual machine responsive to a user providing authentication credentials; receiving, by the control program, data indicating a USB port on the computing device received a first USB device; identifying, by the control program, at least one attribute of the first USB device; selecting, by the control program, a first security policy based on the at least one attribute of the first USB device; applying, by the control program, the first security policy to the at least one attribute of the first USB device to determine a security level of the first USB device; granting, by the control program to the trusted virtual machine, access to the first USB device based on the security level of the first USB device; preventing, by the control program to the non-trusted virtual machine, access to the first USB device based on the security level of the first USB device; and selecting, by the control program, based on (i) the at least one attribute of the first USB device and (ii) the security level of the first USB device, the trusted virtual machine among a plurality of virtual machines executing on the computing device. 2. The method of claim 1 , wherein identifying at least one attribute of the first USB device comprises identifying a device type of the first USB device. 3. The method of claim 1 , wherein identifying at least one attribute of the first USB device further comprises requesting, by the control program from a USB manager executing on the computing device, the at least one attribute of the first USB device. 4. The method of claim 1 , further comprising: identifying, by the control program, at least one attribute of a second USB device of a same type as the first USB device; and applying, by the control program, a second security policy to the at least one attribute of the second USB device to determine a security level of the second USB device, wherein the security level of the second USB device is a different security level than the security level of the first USB device. 5. The method of claim 1 , further comprising: determining, by the control program, the security level of the first USB device, the security level of the first USB device indicating the first USB device cannot be accessed by trusted virtual machines; selecting, by the control program based on the security level of the first USB device, a non-trusted virtual machine executing on the computing device; and granting, by the control program to the selected non-trusted virtual machine, access to the first USB device. 6. The method of claim 1 , further comprising identifying, by the control program based on application of the first security policy to the at least one attribute of the first USB device, a group of permitted transactions. 7. The method of claim 1 , further comprising: intercepting, by the control program, a request to access the first USB device by the trusted virtual machine; determining, by the control program, whether the trusted virtual machine is permitted to access the first USB device; granting, by the control program to the trusted virtual machine access to the first USB device; and forwarding, by the control program, the request to the first USB device. 8. The method of claim 1 , wherein selecting one of the trusted virtual machine executing on the computing device and the non-trusted virtual machine executing on the computing device is performed further responsive to a window generated by an application executed by the selected virtual machine having focus. 9. The method of claim 1 , further comprising updating, by the control program, a virtualized view of physical resources available to the trusted virtual machine to include the first USB device. 10. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a system for allocating at least one universal serial bus (USB) device to one of the trusted virtual machine and the non-trusted virtual machine, comprising: the computing device comprising a USB port and a processor executing a control program and the hypervisor hosting the trusted virtual machine and the non-trusted virtual machine; and wherein the control program is configured to: establish a trust level of a virtual machine responsive to a user providing authentication credentials, receive data indicating the USB port on the computing device received a first USB device; identify at least one attribute of the first USB device; select a first security policy based on the at least one attribute of the first USB device; apply the first security policy to the at least one attribute of the first USB device to determine a security level of the first USB device, grant the trusted virtual machine access to the first USB device based on the security level of the first USB device; and prevent the non-trusted virtual machine access to the first USB device based on the security level of the first USB device; and select based on (i) the at least one attribute of the first USB device and (ii) the security level of the first USB device, the trusted virtual machine among a plurality of virtual machines executing on the computing device. 11. The system of claim 10 , wherein the control program is configured to identify a device type of the first USB device. 12. The system of claim 10 , wherein the control program is configured to request from a USB manager executing on the computing device, the at least one attribute of the first USB device. 13. The system of claim 10 , wherein the control program is configured to: identify at least one attribute of a second USB device of a same type as the first USB device; and apply a second security policy to the at least one attribute of the second USB device to determine a security level of the second USB device, wherein the security level of the second USB device is a different security level than the security level of the first USB device. 14. The system of claim 10 , wherein the control program is configured to: determine the security level of the first USB device, the security level of the first USB device indicating the first USB device cannot be accessed by trusted virtual machines; select, based on the determination of the security level of the first USB device, a non-trusted virtual machine executing on the computing device; and grant access to the first USB device. 15. The system of claim 10 , wherein the control program is configured to identify, based on application of the first security policy to the at least one attribute of the first USB device, a group of permitted transactions. 16. The system of claim 10 , wherein the control program is configured to: intercept a request to access the first USB device by the trusted virtual machine; determine whether the trusted virtual machine is permitted to access the first USB device; grant the trusted virtual machine access to the first USB device; and forward the request to the first USB device. 17. The system of claim 10 , wherein the control program is configured to select one of the trusted virtual machine executing on the computing device and the non-trusted virtual machine executing on the computing dev

Assignees

Citrix Systems Inc

Inventors

Classifications

G06F21/57
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
G06F21/83Primary
input devices, e.g. keyboards, mice or controllers thereof · CPC title
G06F2221/2149
Restricted operating environment · CPC title
G06F2221/2143
Clearing memory, e.g. to prevent the data from being stolen · CPC title
G06F21/554
involving event detection and direct action · CPC title

Patent family

Related publications grouped by family.

View patent family 44142394

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9507615B2 cover?: The methods and systems described herein provide for allocating a universal serial bus (USB) device to one of a trusted virtual machine and a non-trusted virtual machine. A control program receives data indicating a USB port on the computing machine received a USB device and identifies at least one attribute of the USB device. The control program selects, based on application of a policy to the…
Who is the assignee on this patent?: Citrix Systems Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/83. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).