Method and Apparatus for Differently Encrypting Different Flows
    1.
    发明申请
    Method and Apparatus for Differently Encrypting Different Flows 有权
    用于不同加密不同流量的方法和装置

    公开(公告)号:US20150379278A1

    公开(公告)日:2015-12-31

    申请号:US14320578

    申请日:2014-06-30

    申请人: Nicira, Inc.

    IPC分类号: G06F21/60 G06F9/455

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    摘要翻译: 对于执行一个或多个来宾虚拟机(GVM)的主机,一些实施例提供用于加密由GVM发送的数据消息的新型加密方法。 该方法最初接收一个数据消息,发送给在主机上执行的GVM。 该方法然后基于一组或多个加密规则来确定它是否应该加密数据消息。 当进程确定它应该加密接收到的数据消息时,它加密数据消息并将加密的数据消息转发到其目的地; 否则,该方法只将未加密的接收数据消息转发到其目的地。 在一些实施例中,主机对在主机上执行的不同GVM的数据消息进行不同的加密。 当两个不同的GVM是在公共网络结构上实现的两个不同的逻辑覆盖网络的一部分时,该方法在一些实施例中加密在一个逻辑网络的GVM之间交换的数据消息与在另一个逻辑网络的GVM之间交换的数据消息不同 。 在一些实施例中,该方法还可以不同地加密来自相同GVM的不同类型的数据消息。 此外,在一些实施例中,该方法可以响应于动态检测到的事件(例如恶意软件感染)动态地实施加密规则。

    Encryption architecture
    2.
    发明授权

    公开(公告)号:US10445509B2

    公开(公告)日:2019-10-15

    申请号:US14320573

    申请日:2014-06-30

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    Encryption System in a Virtualized Environment

    公开(公告)号:US20150381362A1

    公开(公告)日:2015-12-31

    申请号:US14815950

    申请日:2015-07-31

    申请人: Nicira, Inc.

    IPC分类号: H04L9/14 G06F9/455

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    Method and apparatus for dynamically creating encryption rules

    公开(公告)号:US12093406B2

    公开(公告)日:2024-09-17

    申请号:US17669344

    申请日:2022-02-10

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    Method and apparatus for encrypting messages based on encryption group association

    公开(公告)号:US11087006B2

    公开(公告)日:2021-08-10

    申请号:US14320582

    申请日:2014-06-30

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    Method and apparatus for differently encrypting data messages for different logical networks

    公开(公告)号:US10747888B2

    公开(公告)日:2020-08-18

    申请号:US14320576

    申请日:2014-06-30

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks
    8.
    发明申请
    Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks 审中-公开
    用于不同加密不同逻辑网络的数据消息的方法和装置

    公开(公告)号:US20150381578A1

    公开(公告)日:2015-12-31

    申请号:US14320576

    申请日:2014-06-30

    申请人: Nicira, Inc.

    IPC分类号: H04L29/06

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    摘要翻译: 对于执行一个或多个来宾虚拟机(GVM)的主机,一些实施例提供用于加密由GVM发送的数据消息的新型加密方法。 该方法最初接收一个数据消息,发送给在主机上执行的GVM。 该方法然后基于一组或多个加密规则来确定它是否应该加密数据消息。 当进程确定它应该加密接收到的数据消息时,它加密数据消息并将加密的数据消息转发到其目的地; 否则,该方法只将未加密的接收数据消息转发到其目的地。 在一些实施例中,主机对在主机上执行的不同GVM的数据消息进行不同的加密。 当两个不同的GVM是在公共网络结构上实现的两个不同的逻辑覆盖网络的一部分时,该方法在一些实施例中加密在一个逻辑网络的GVM之间交换的数据消息与在另一个逻辑网络的GVM之间交换的数据消息不同 。 在一些实施例中,该方法还可以不同地加密来自相同GVM的不同类型的数据消息。 此外,在一些实施例中,该方法可以响应于动态检测到的事件(例如恶意软件感染)动态地实施加密规则。

    Method and Apparatus for Dynamically Creating Encryption Rules
    9.
    发明申请
    Method and Apparatus for Dynamically Creating Encryption Rules 审中-公开
    动态创建加密规则的方法和装置

    公开(公告)号:US20150379280A1

    公开(公告)日:2015-12-31

    申请号:US14320581

    申请日:2014-06-30

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

    摘要翻译: 对于执行一个或多个来宾虚拟机(GVM)的主机,一些实施例提供用于加密由GVM发送的数据消息的新型加密方法。 该方法最初接收一个数据消息,发送给在主机上执行的GVM。 该方法然后基于一组或多个加密规则来确定它是否应该加密数据消息。 当进程确定它应该加密接收到的数据消息时,它加密数据消息并将加密的数据消息转发到其目的地; 否则,该方法只将未加密的接收到的数据消息转发到其目的地。 在一些实施例中,主机对在主机上执行的不同GVM的数据消息进行不同的加密。 当两个不同的GVM是在公共网络结构上实现的两个不同的逻辑覆盖网络的一部分时,该方法在一些实施例中加密在一个逻辑网络的GVM之间交换的数据消息与在另一个逻辑网络的GVM之间交换的数据消息不同 。 在一些实施例中,该方法还可以不同地加密来自相同GVM的不同类型的数据消息。 此外,在一些实施例中,该方法可以响应于动态检测到的事件(例如恶意软件感染)动态地实施加密规则。

    METHOD AND APPARATUS FOR DYNAMICALLY CREATING ENCRYPTION RULES

    公开(公告)号:US20220164456A1

    公开(公告)日:2022-05-26

    申请号:US17669344

    申请日:2022-02-10

    申请人: Nicira, Inc.

    摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.