News Column

Researchers Submit Patent Application, "Virtual Relay Device for Providing a Secure Connection to a Remote Device", for Approval

May 22, 2014



By a News Reporter-Staff News Editor at Politics & Government Week -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Farina, Ralph (Downingtown, PA); Hinaman, Ted (Malvern, PA); Johnson, Robert A. (Pottstown, PA); Rajcan, Steven (Glenmoore, PA); Trocki, James (Whitehall, PA); Vallevand, Mark (Lino Lakes, MN), filed on October 31, 2012, was made available online on May 8, 2014.

The patent's assignee is Unisys Corporation.

News editors obtained the following quote from the background information supplied by the inventors: "Virtual machines running in a cloud are not well protected from other machines in the cloud, or from devices with physical access to the cloud. For example, virtual machines executing in a cloud may receive communications from any device in the cloud, whether a public cloud or a private cloud. Further, data transmitted by the virtual machine in the cloud may be intercepted by unintended recipients.

"In a conventional solution, a network may include a plurality of virtual or hardware servers hosting virtual machines leased by tenants. The virtual machines may start and stop based on demand for the tenant's services. Because the virtual machines are frequently starting and stopping there are no dedicated resources for the tenant. This reduces the cost for the tenant, because resources are only used when they are needed. Thus, the tenant only pays for resources as they are used. However, because there is no leased hardware for the tenant, the tenant's virtual machines may start on any one of a number of server systems in the network.

"For example, a tenant may be a customer owning one or more virtual machines executing within the network. Because the virtual machines execute on shared hardware with other virtual machines belonging to other tenants, the transmission to and/or from the virtual machine may be intercepted by another tenant. Conventional solutions for isolating hardware of one tenant from hardware of another tenant are not useful for improving security, because any tenant's virtual machine may execute on hardware with another tenant's virtual machines.

"Furthermore, remote devices, not a part of the network hosting the plurality of servers, may need access to the virtual machines or other devices on the shared network. Conventionally, the remote device may connect to the network through a tunnel, such as a virtual private network (VPN). The tunnel encrypts data between the network and the remote device. However, because the network does not belong to a single tenant, but is shared by multiple tenants, such a solution would allow the remote device access to virtual machines and other devices on the network that may be owned or leased by another tenant."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "Remote devices may access hosts on a shared network through a virtual device relay hosted on the shared network. When a remote device, such as cellular phone, smart phone or a tablet, attempts to access a shared network, a virtual machine executing a virtual device relay may start. The virtual device relay may receive communications from the remote device and provide access to devices on the shared network. When the virtual device relay starts, authorization information received from the remote device may be used to determine one or more community-of-interests to assign to the virtual device relay. The remote device may then have access to other devices in the assigned communities-of-interest through the virtual device relay.

"According to one embodiment, a system includes a virtual private network (VPN) appliance coupled to a shared network. The system also includes a remote device in communication with the VPN appliance. The system further includes a virtual device relay in communication with the VPN appliance and the shared network.

"According to another embodiment, an apparatus includes a virtual device broker configured to execute virtual channel connections. The virtual channel connections include a virtual device relay and a router in communication with the virtual device relay.

"According to yet another embodiment, a method includes receiving an incoming connection from a remote device. The method also includes starting a virtual device broker on a shared network executing a virtual device relay. The method further includes receiving data from the remote device. The method also includes relaying the data from the virtual device relay to a device on the shared network.

"According to one embodiment, a method includes receiving, at a virtual device relay, data from a remote device. The method also includes forwarding the data to a host, when the virtual device relay and the host share a community-of-interest.

"According to another embodiment, a computer program includes a computer-readable medium having code to receive, at a virtual device relay, data from a remote device. The medium also includes code to forward the data to a host, when the virtual device relay and the host share a community-of-interest.

"According a further embodiment, an apparatus includes a memory and a processor coupled to the memory. The processor is configured to receive, at a virtual device relay, data from a remote device. The processor also is configured to forward the data to a host, when the virtual device relay and the host share a community-of-interest.

"According to one embodiment, a method includes initiating, by a remote device, a secure connection to a router executing in a virtual machine of a server. The method also includes transmitting, through the secure connection, data to the router destined for another virtual host on a shared network within the server.

"According to another embodiment, a computer program product includes a computer-readable medium having code to initiate a secure connection to a router executing in a virtual machine of a server. The medium also includes code to transmit data to the router destined for a host on a shared network within the server.

"According a further embodiment, an apparatus includes a memory and a processor coupled to the memory. The processor is configured to initiate a secure connection to a router executing in a virtual machine of a server. The processor is also configured to transmit data to the router destined for a host on a shared network within the server.

"The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter that form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present invention, it should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims. The novel features that are believed to be characteristic of the invention, both as to its organization and method of operation, together with further objects and advantages will be better understood from the following description when considered in connection with the accompanying figures. It is to be expressly understood, however, that each of the figures is provided for the purpose of illustration and description only and is not intended as a definition of the limits of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

"For a more complete understanding of the disclosed system and methods, reference is now made to the following descriptions taken in conjunction with the accompanying drawings.

"FIG. 1 is a flow chart illustrating a method for cryptographically isolating virtual machines according to one embodiment of the disclosure.

"FIG. 2 is a block diagram illustrating an encrypted enclave of virtual machines organized into communities-of-interest according to one embodiment of the disclosure.

"FIG. 3 is a block diagram illustrating a system for connecting a remote device to a shared network through a virtual device relay according to one embodiment of the disclosure.

"FIG. 4 is a block diagram illustrating an authorization system for authorization of a remote device for access to a shared network according to one embodiment.

"FIG. 5 is a flow chart illustrating a method of starting a virtual device relay on a host according to one embodiment of the disclosure.

"FIG. 6 is a flow chart illustrating a method providing access to a shared network to a remote device through a virtual device relay according to one embodiment of the disclosure.

"FIG. 7 is a flow chart illustrating a method of securing a connection between a remote device and a shared network according to one embodiment of the disclosure.

"FIG. 8 is a block diagram illustrating a computer network according to one embodiment of the disclosure.

"FIG. 9 is a block diagram illustrating a computer system according to one embodiment of the disclosure.

"FIG. 10A is a block diagram illustrating a server hosting an emulated software environment for virtualization according to one embodiment of the disclosure.

"FIG. 10B is a block diagram illustrating a server hosting an emulated hardware environment according to one embodiment of the disclosure."

For additional information on this patent application, see: Farina, Ralph; Hinaman, Ted; Johnson, Robert A.; Rajcan, Steven; Trocki, James; Vallevand, Mark. Virtual Relay Device for Providing a Secure Connection to a Remote Device. Filed October 31, 2012 and posted May 8, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=130&p=3&f=G&l=50&d=PG01&S1=20140501.PD.&OS=PD/20140501&RS=PD/20140501

Keywords for this news article include: Unisys Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Politics & Government Week


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters