Virtual machine management among networked servers
US-9342373-B2 · May 17, 2016 · US
Enabling a secure environment through operating system switching
US9563457B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9563457-B2 |
| Application number | US-201314082478-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 18, 2013 |
| Priority date | Nov 18, 2013 |
| Publication date | Feb 7, 2017 |
| Grant date | Feb 7, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Described systems and methods allow a host system, such as a computer or a smartphone, to enable a secure environment, which can be used to carry out secure communications with a remote service provider, for applications such as online banking, e-commerce, private messaging, and online gaming, among others. A hypervisor oversees a switch between an insecure environment and the secure environment, in response to a user input, or in response to an event such as receiving a telephone call. Switching from the insecure to the secure environment comprises transitioning the insecure environment to a sleeping state and loading the secure environment from a memory image (snapshot) saved to disk, after checking the integrity of the snapshot. Switching from the secure to the insecure environment comprises transitioning the secure environment into a sleeping state and waking up the insecure environment.
First claim
Opening claim text (preview).
What is claimed is: 1. A host system comprising at least one processor configured to execute a hypervisor, the hypervisor configured to expose a client virtual machine (VM) and a secure VM, the client VM and secure VM executing alternately on the host system, wherein: the client VM is configured to execute a VM switch application, the VM switch application configured, in response to detecting a trigger event indicative of a risk to a user's data security, to instruct an operating system of the client VM to perform a wake-to-sleep transition, the wake-to-sleep transition configured to transform the client VM from a state in which a peripheral device used by the client VM is in a high-powered condition to a state in which the peripheral device is in a low-powered condition; and the hypervisor is further configured to switch execution to the secure VM, wherein switching execution to the secure VM comprises: loading a pre-determined core VM snapshot into memory, the core VM snapshot being determined by initializing an operating system of the secure VM while hiding the peripheral device from the operating system of the secure VM; in response to intercepting an event indicative of the wake-to-sleep transition, executing the core VM snapshot to launch the secure VM; and in response to launching the secure VM, revealing the peripheral device to the operating system of the secure VM. 2. The host system of claim 1 , wherein switching execution to the secure VM further comprises, in response to loading the core VM snapshot, checking the integrity of the core VM snapshot. 3. The host system of claim 1 , wherein loading the core VM snapshot is performed in response to intercepting the event indicative of the wake-to-sleep transition. 4. The host system of claim 1 , wherein the secure VM is configured to perform an electronic communication with a remote computer system, and wherein the trigger event comprises receiving a user input indicative of the user's intent to perform the electronic communication. 5. The host system of claim 1 , wherein the trigger event comprises the host system receiving an electronic communication from a remote computer system. 6. The host system of claim 1 , wherein the host system comprises a telephone, and wherein the trigger event comprises the host system receiving a telephone call. 7. The host system of claim 1 , wherein the peripheral device comprises an item selected from a group consisting of a keyboard, a display adapter, and a network adapter. 8. The host system of claim 1 , wherein hiding the peripheral device comprises intercepting an attempt by the operating system of the secure VM to access a configuration space of a peripheral component interconnect (PCI) bus connecting the peripheral device to the at least one processor. 9. The host system of claim 1 , wherein intercepting the event indicative of the wake-to-sleep transition comprises intercepting an attempt by the operating system of the client VM to access a register of a power management controller of the host system. 10. The host system of claim 1 , wherein the hypervisor is further configured, in response to detecting an event indicating a user's intent to exit the secure VM, to instruct the operating system of the client VM to perform a sleep-to-wake transition, wherein the sleep-to-wake transition transforms the client VM from the state in which the peripheral device is in the low-powered condition to the state in which the peripheral device is in the high-powered condition. 11. A non-transitory computer-readable medium storing instructions which, when executed by at least one processor of a host system, configure the at least one processor to form a hypervisor configured to expose a client virtual machine (VM) and a secure VM, the client VM and secure VM executing alternately on the host system, wherein: the client VM is configured to execute a VM switch application, the VM switch application configured, in response to detecting a trigger event indicative of a risk to a user's data security, to instruct an operating system of the client VM to perform a wake-to-sleep transition, the wake-to-sleep transition configured to transform the client VM from a state in which a peripheral device used by the client VM is in a high-powered condition to a state in which the peripheral device is in a low-powered condition; and the hypervisor is further configured to switch execution to the secure VM, wherein switching execution to the secure VM comprises: loading a pre-determined core VM snapshot into memory, the core VM snapshot being determined by initializing an operating system of the secure VM while hiding the peripheral device from the operating system of the secure VM; in response to intercepting an event indicative of the wake-to-sleep transition, executing the core VM snapshot to launch the secure VM; and in response to launching the secure VM, revealing the peripheral device to the operating system of the secure VM. 12. The computer-readable medium of claim 11 , wherein switching execution to the secure VM further comprises, in response to loading the core VM snapshot, checking the integrity of the core VM snapshot. 13. The computer-readable medium of claim 11 , wherein loading the core VM snapshot is performed in response to intercepting the event indicative of the wake-to-sleep transition. 14. The computer-readable medium of claim 11 , wherein the secure VM is configured to perform an electronic communication with a remote computer system, and wherein the trigger event comprises receiving a user input indicative of the user's intent to perform the electronic communication. 15. The computer-readable medium of claim 11 , wherein the trigger event comprises the host system receiving an electronic communication from a remote computer system. 16. The computer-readable medium of claim 11 , wherein the host system comprises a telephone, and wherein the trigger event comprises the host system receiving a telephone call. 17. The computer-readable medium of claim 11 , wherein the peripheral device comprises an item selected from a group consisting of a keyboard, a display adapter, and a network adapter. 18. The computer-readable medium of claim 11 , wherein hiding the peripheral device comprises intercepting an attempt by the operating system of the secure VM to access a configuration space of a peripheral component interconnect (PCI) bus connecting the peripheral device to the at least one processor. 19. The computer-readable medium of claim 11 , wherein intercepting the event indicative of the wake-to-sleep transition comprises intercepting an attempt by the operating system of the client VM to access a register of a power management controller of the host system. 20. The computer-readable medium of claim 11 , wherein the hypervisor is further configured, in response to detecting an event indicating a user's intent to exit the secure VM, to instruct the operating system of the client VM to perform a sleep-to-wake transition, wherein the sleep-to-wake transition transforms the client VM from the state in which the peripheral device is in the low-powered condition to the state in which the peripheral device is in the high-powered condition. 21. A non-transitory computer-readable medium storing instructions which, when executed by at least one processor of a host system, configure the at least one processor to form a hypervisor configured to expose a client virtual machine (VM) and a secure VM, the client VM and secure VM execut
Assignees
Inventors
Classifications
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
by program, e.g. task dispatcher, supervisor, operating system · CPC title
Isolation or security of virtual machine instances · CPC title
Saving or restoring of program or task context · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9563457B2 cover?
- Described systems and methods allow a host system, such as a computer or a smartphone, to enable a secure environment, which can be used to carry out secure communications with a remote service provider, for applications such as online banking, e-commerce, private messaging, and online gaming, among others. A hypervisor oversees a switch between an insecure environment and the secure environmen…
- Who is the assignee on this patent?
- Bitdefender Ipr Man Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).