公开(公告)号：WO2014058299A1

公开(公告)日：2014-04-17

申请号：PCT/MY2013/000172

申请日：2013-09-27

Applicant: MIMOS BERHAD

Inventor： MOHD AMRIL, Nurman Mohd Nazir ,  ONG, Hong Hoe ,  ETTIKAN, Kandasamy karuppiah ,  YASZRINA, Mohamad Yassin

IPC: G06F9/50

CPC classification number: G06F9/5072 ,  G06F9/5077

Abstract: A system (600) for virtual peer to virtual peer (vp2vp) networking in a virtualized environment comprising: a hardware layer (201); a virtualisation layer (203); a vp2vp layer (204); and an application layer (206), characterised in that said vp2vp layer (204) is provided with a vp2vp protocol comprising: a vp2vp Registrar component (610) provided with means for registering virtual machines (VMs) as part of a peer to peer overlay network based on virtual and physical proximity; a vp2vp Discovery component (620) provided with means that enables a user and/or an application to communicate with said virtual machines in said overlay network and locate the nearest virtual machine that satisfies user and/or application requirements; a vp2vp Scheduler component (630) provided with means to extract runtime information to determine a physical server to assign new virtual machines based on said overlay network; a vp2vp Load Balancer component (630) provided with means to collect information on current load and hardware specifications and thereby reorganise deployed virtual machines from a plurality of physical servers; a vp2vp Data Manager component (650) provided with means for managing distribution of data generated by applications in a peer to peer manner in the virtualized environment; a vp2vp Service Level Agreement component (660) provided with means to define service level agreements in said vp2vp system; and a vp2vp Pricing component (670) provided with means to determine charges to be applied to a user based on quality of service requirements of the user.

Abstract translation: 一种用于虚拟环境中的虚拟对等（vp2vp）联网的系统（600），包括：硬件层（201）; 虚拟化层（203）; vp2vp层（204）; 应用层（206），其特征在于所述vp2vp层（204）被提供有vp2vp协议，包括：vp2vp注册器组件（610），其提供有用于将虚拟机（VM）注册为对等覆盖的一部分的装置 基于虚拟和物理接近的网络; vp2vp发现组件（620），其具有使用户和/或应用能够与所述覆盖网络中的所述虚拟机进行通信并且定位满足用户和/或应用需求的最近的虚拟机的装置; vp2vp调度器组件（630），其具有提取运行时信息以确定物理服务器以基于所述覆盖网络分配新的虚拟机的装置; vp2vp负载平衡器组件（630），其具有用于收集关于当前负载和硬件规格的信息并由此重组来自多个物理服务器的部署的虚拟机的手段; vp2vp数据管理器组件（650），其具有用于在虚拟化环境中以对等方式管理应用程序生成的数据的分发的装置; vp2vp服务级别协议组件（660），具有在所述vp2vp系统中定义服务级别协议的手段; 以及vp2vp定价组件（670），其具有用于基于用户的服务质量要求来确定要应用于用户的费用的手段。

公开(公告)号：WO2014092534A1

公开(公告)日：2014-06-19

申请号：PCT/MY2013/000230

申请日：2013-12-05

Applicant: MIMOS BERHAD

Inventor： POH, Geong Sen ,  MOHD AMRIL, Nurman Mohd Nazir

IPC: H04W84/18 ,  H04L29/06 ,  H04L29/08 ,  G06F9/50

CPC classification number: H04L63/0884 ,  G06F21/33 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L63/062 ,  H04L67/1046 ,  H04W84/18

Abstract: A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation is provided by using a hybrid approach of pre-shared symmetric keys on the user level and PKI on the peer level. The system includes an Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre-shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine; an User Authenticator module (114) configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication; a Peer Authenticator module (124) configured for mutually authenticating at least two peers through public key signature scheme and creating a session key for secure communication; a Credential Delegator module (132) configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport; and a Job-Authentication-Delegator module (128) configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs. The hybrid authentication approach and authenticated credential generation permits flexible peer discovery for direct submission of jobs.

Abstract translation: 通过使用用户级别的预共享对称密钥和对等体PKI的混合方式提供了具有最近邻居凭证授权的对等实体认证的系统和方法。 该系统包括在受信任的机构（102）内的启动器模块（108）; 所述启动器模块（108）被配置为用于注册用户和对等体，生成和分发预共享密钥给用户和对等体，其中用户提交作业请求并获得处理的结果，对等体至少是虚拟机; 用户认证器模块（114），被配置为通过预共享密钥相互认证用户和对等体，并创建用于安全通信的至少一个会话密钥; 对等体认证器模块（124），被配置为通过公共密钥签名方案相互认证至少两个对等体，并创建用于安全通信的会话密钥; 凭证委托模块（132），被配置为用于匹配，检索和提供不在所述对等体列表中的用户的认证凭证给其他对等体，并进一步提供用户的秘密密钥传输; 以及作业验证委托模块（128），其被配置用于匹配，验证和提供用于将作业委托给具有适合于处理作业的应用的认证凭证。 混合认证方法和认证证书生成允许灵活的对等体发现来直接提交作业。