logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9819496 B1

PDFFull Text
Date of Patent:
Nov. 14, 2017

Filed:

Jan. 16, 2015

Method and system for protecting root ca certificate in a virtualization environment

Applicants:

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, CN;

Data Assurance&communication Security Center, Chinese Academy of Sciences, Beijing, CN;

Inventors:

Jingqiang Lin, Beijing, CN;

Jiwu Jing, Beijing, CN;

Le Guan, Beijing, CN;

Bingyu Li, Beijing, CN;

Jing Wang, Beijing, CN;

Wuqiong Pan, Beijing, CN;

Yuewu Wang, Beijing, CN;

Assignees:

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, CN;

Data Assurance & Communications Security Center, Chinese Academy of Sciences, Beijing, CN;

Attorney:

SV Patent Service

Primary Examiner:

Ali Shayanfar

Int. Cl.
CPC ...
H04L 29/06 (2006.01); H04L 9/32 (2006.01); G06F 9/455 (2006.01);
U.S. Cl.
CPC ...
H04L 9/3263 (2013.01); G06F 9/45504 (2013.01); H04L 9/32 (2013.01); H04L 29/06 (2013.01); H04L 63/0823 (2013.01); H04L 63/20 (2013.01);
Abstract

The present invention discloses a method and a system for protecting root CA certificates in a virtualization environment. The method installs a root CA certificate security manager on a host computer. The root CA certificate security manager stores the lists of root CA certificates and provides certificate validation service to virtual machines via a read-only interface. When a virtual machine needs the verification of a certificate, it sends a certificate validation service request to the root CA security manager. The root CA certificate security manager provides certificate validation services to the virtual machine in response to the request. The virtual list of root CA certificates in the present invention has the following features: it isolates the list of the root CA certificates from the virtual machine; the virtual machine can only access the list of the root CA certificates in a read-only manner; modification or configuration of the lists of root CA certificates can only be made via an interface of the CA certificate security manager on the host computer; and the virtual machine can flexibly choose the way how a certificate is to be verified.

Find Patent Forward Citations

Loading…