公开(公告)号：US10248442B2

公开(公告)日：2019-04-02

申请号：US13547148

申请日：2012-07-12

申请人： David S Dodgson ,  Ralph Farina ,  James A Fontana ,  Robert A Johnson ,  David Maw ,  Anthony Narisi

发明人： David S Dodgson ,  Ralph Farina ,  James A Fontana ,  Robert A Johnson ,  David Maw ,  Anthony Narisi

IPC分类号： G06F9/455 ,  G06F21/60 ,  H04L29/06

摘要： Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server.

公开(公告)号：US20140019959A1

公开(公告)日：2014-01-16

申请号：US13547148

申请日：2012-07-12

申请人： David S. Dodgson ,  Ralph Farina ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

发明人： David S. Dodgson ,  Ralph Farina ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

IPC分类号： G06F9/455

CPC分类号： G06F9/455 ,  G06F9/45558 ,  G06F21/606 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/0823

摘要： Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server.

摘要翻译： 可以通过使用仅由预期接收者拥有的密钥对虚拟机之间的传输进行加密来隔离网络中的虚拟机。 在网络中，虚拟机可以在逻辑上被组织成许多社区（COI）组。 每个COI可以使用加密密钥来保护COI内的通信，使得仅COI中的其他虚拟机可以解密该消息。 当虚拟机启动时，虚拟机可能会自动配置配置信息，例如加密密钥。 可以基于存储在配置服务器上的模板来创建供应信息。

公开(公告)号：US09819658B2

公开(公告)日：2017-11-14

申请号：US13547143

申请日：2012-07-12

申请人： David S. Dodgson ,  Ralph Farina ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

发明人： David S. Dodgson ,  Ralph Farina ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

IPC分类号： H04L29/06

CPC分类号： H04L63/0471 ,  H04L63/0281 ,  H04L63/104

摘要： Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine's COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices.

公开(公告)号：US20140019750A1

公开(公告)日：2014-01-16

申请号：US13547143

申请日：2012-07-12

申请人： David S. Dodgson ,  Ralph Farlan ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

发明人： David S. Dodgson ,  Ralph Farlan ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisi

IPC分类号： H04L29/06

CPC分类号： H04L63/0471 ,  H04L63/0281 ,  H04L63/104

摘要： Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine's COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices.

摘要翻译： 可以通过使用仅由预期接收者拥有的密钥对虚拟机之间的传输进行加密来隔离网络中的虚拟机。 在网络中，虚拟机可以在逻辑上被组织成许多社区（COI）组。 每个COI可以使用加密密钥来保护COI内的通信，使得仅COI中的其他虚拟机可以解密该消息。 虚拟机可以进一步通过被分配用于处理虚拟机和虚拟机的COI之外的设备之间的所有通信的虚拟网关来隔离。 虚拟网关可以是用于处理解密和加密消息以在虚拟机和其他设备之间传输的单独的虚拟机。

公开(公告)号：US20140019745A1

公开(公告)日：2014-01-16

申请号：US13547138

申请日：2012-07-12

申请人： David S. Dodgson ,  Ralph Foring ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisl

发明人： David S. Dodgson ,  Ralph Foring ,  James A. Fontana ,  Robert A. Johnson ,  David Maw ,  Anthony Narisl

IPC分类号： H04L29/06

CPC分类号： H04L63/065 ,  H04L63/0227 ,  H04L63/0428

摘要： Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Security may be further enhanced by establishing a session key for use during communications between a first and a second virtual machine. The session key may be encrypted with the COI key.

摘要翻译： 可以通过使用仅由预期接收者拥有的密钥对虚拟机之间的传输进行加密来隔离网络中的虚拟机。 在网络中，虚拟机可以在逻辑上被组织成许多社区（COI）组。 每个COI可以使用加密密钥来保护COI内的通信，使得仅COI中的其他虚拟机可以解密该消息。 可以通过建立在第一和第二虚拟机之间的通信期间使用的会话密钥来进一步增强安全性。 会话密钥可以用COI密钥加密。

公开(公告)号：US20210266289A1

公开(公告)日：2021-08-26

申请号：US16797756

申请日：2020-02-21

申请人： David Maw ,  Robert A Johnson ,  Alex Dorrell ,  Arthur J Nilson

发明人： David Maw ,  Robert A Johnson ,  Alex Dorrell ,  Arthur J Nilson

IPC分类号： H04L29/06 ,  G06F21/62

摘要： A method of securing containers within clusters is disclosed. The method includes configuring service access points within clusters as secure endpoints; associating services within clusters with secure identities to constrain which communities-of-interest can reach which services; and wherein each cluster is cryptographically isolated such that no information will leak in or out of the cluster through an associated network.

公开(公告)号：US09215227B2

公开(公告)日：2015-12-15

申请号：US13974083

申请日：2013-08-23

申请人： Gary Salamon ,  Jerry Bassett ,  David Maw ,  William Deck

发明人： Gary Salamon ,  Jerry Bassett ,  David Maw ,  William Deck

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L29/0602 ,  H04L63/166

摘要： Systems and methods enable a method including: providing a first system; generating data to be sent over a network link; determining a transport protocol that will be used to transmit data over the network communication link; negotiating connection services to be performed on data that will transmitted over the network communication link; sending a request to open a network communication link; sending a request to the connectivity services of the second system for credentials of the second system; receiving the credentials from the connectivity services module of the second system; verifying that the credentials match an authenticated computer system; opening a network connection between the first system and the second system when the second system's credentials have been verified by the connectivity services module of the first system; and transmitting the data to the second system according to the determining network protocol and negotiated connection services.

摘要翻译： 系统和方法实现了一种方法，包括：提供第一系统; 生成要通过网络链路发送的数据; 确定将用于通过网络通信链路传输数据的传输协议; 对将通过网络通信链路传输的数据执行协商连接服务; 发送打开网络通信链路的请求; 向第二系统的连接服务发送对第二系统的凭证的请求; 从第二系统的连接服务模块接收凭证; 验证证书与认证的计算机系统匹配; 当第二系统的凭证已被第一系统的连接服务模块验证时，在第一系统和第二系统之间打开网络连接; 以及根据确定的网络协议和协商的连接服务将数据发送到第二系统。

公开(公告)号：US20150058946A1

公开(公告)日：2015-02-26

申请号：US13974083

申请日：2013-08-23

申请人： Gary Salamon ,  Jerry Bassett ,  David Maw ,  William Deck

发明人： Gary Salamon ,  Jerry Bassett ,  David Maw ,  William Deck

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L29/0602 ,  H04L63/166

摘要： Systems and methods are disclosed herein to method comprising: providing a first system; generating data to be sent over a network link; determining a transport protocol that will be used to transmit data over the network communication link; negotiating connection services to be performed on data that will transmitted over the network communication link; sending a request to open a network communication link; sending a request to the connectivity services of the second system for credentials of the second system; receiving the credentials from the connectivity services module of the second system; verifying that the credentials match an authenticated computer system; opening a network connection between the first system and the second system when the second system's credentials have been verified by the connectivity services module of the first system; and transmitting the data to the second system according to the determining network protocol and negotiated connection services.

摘要翻译： 本文公开了系统和方法，其方法包括：提供第一系统; 生成要通过网络链路发送的数据; 确定将用于通过网络通信链路传输数据的传输协议; 对将通过网络通信链路传输的数据执行协商连接服务; 发送打开网络通信链路的请求; 向第二系统的连接服务发送对第二系统的凭证的请求; 从第二系统的连接服务模块接收凭证; 验证证书与认证的计算机系统匹配; 当第二系统的凭证已被第一系统的连接服务模块验证时，在第一系统和第二系统之间打开网络连接; 以及根据确定的网络协议和协商的连接服务将数据发送到第二系统。