Dividing a data processing device into separate security domains

US 10,305,937 B2
Filed: 05/25/2018
Issued: 05/28/2019
Est. Priority Date: 08/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for operating a computer data processing device in two or more data security domains, comprising:

providing in data memory associated with said computer data processing device at least one external policy defining a first domain;

associating a first computer data processing device application with said first domain;

providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application awl without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system;

receiving an application request at said persistent control mechanism;

processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;

an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and

responding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.

80 Citations

View as Search Results

27 Claims

1. A method for operating a computer data processing device in two or more data security domains, comprising:
- providing in data memory associated with said computer data processing device at least one external policy defining a first domain;
  
  associating a first computer data processing device application with said first domain;
  
  providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application awl without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system;
  
  receiving an application request at said persistent control mechanism;
  
  processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;
  
  an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
  
  responding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising loading said persistent control mechanism substantially at the time of initial device software loading, or installing said persistent control mechanism on said device at a time subsequent to the initial device software load.
  - 3. The method of claim 1, further comprising integrating said persistent control mechanism with the operating system of said device, integrating said persistent control mechanism with said application, or installing said persistent control mechanism as part of or bound with said application.
  - 4. The method of claim 1, further comprising associating said persistent control mechanism with a structure in the operating system &
    - slimed to support pluggable mediation modules.
  - 5. The method of claim 1, further comprising registering said persistent control mechanism with said operating system of said device and receiving an operating system call at said persistent control mechanism.
  - 6. The method of claim 5, further comprising passing said operating system call from said persistent control mechanism as necessary.
  - 7. The method of claim 5, wherein said operating system uses vector hooking, and said persistent control mechanism responds to said request by blocking the request, passing the request to the original operating system function specified by said request, modifying the request before passing it to the original operating system function specified by said request, redirecting said request, or modifying said request and then redirecting said request, to a different operating system function.
  - 8. The method of claim 6, wherein said operating system and said application use a shared memory region for communication between said application and services provided by said operating system, and said method further comprises replacing that portion of the operating system service that receives notification of requests, or which reads requests from a shared memory buffer, or both, with a portion of said request mediation module.
  - 9. The method of claim 1, further comprising providing a second persistent control mechanism, said second persistent control mechanism being bound to said application and implemented externally to said operating system, said second persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within the policies of said first domain without modifying said application and without requiring operating system privileges, over said computer data processing device application associated with said first domain, said second persistent control mechanism being subject to policies defined for said first domain, and said second persistent control mechanism being located logically between said first data processing device application and said operating system;
    - receiving an application request at said second persistent control mechanism;
      
      processing said application request by said second persistent control mechanism, said second persistent control mechanism determining how to process said application request using one or more of;
      
      an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
      
      responding to said application by said second persistent control mechanism by either blocking the request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.

10. A computer data processing system including two or more electronically encoded data security domains, said system comprising:
- electronic computer memory in electronic communication with said computer data processing device, said electronic computer memory holding in electronic encoded format at least one external policy defining a first domain;
  
  a first computer data processing device application encoded in in electronic data memory associated with said first domain and operating under electronic computer control;
  
  a persistent control mechanism in electronic format in electronic memory and operating under electronic computer control, said persistent control mechanism being bound to said application and implemented to operate electronically externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application and without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system;
  
  said persistent control mechanism being further implemented to receive electronically encoded application requests and process said electronically encoded application requests under electronic computer control, including determining how to process said application request using one or more of;
  
  an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the request application and the data; and
  
  said persistent control mechanism responding electronically to said application request under electronic computer control by either blocking said request completely, modifying at least, one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein said persistent control mechanism is electronically encoded to be loaded at substantially at the time of initial device software loading, or installing said persistent control mechanism on said device at a time subsequent to the initial device software load.
  - 12. The system of claim 10, wherein said persistent control mechanism is electronically encoded to be integrated with the operating system of said device, with said application, or installed as part of or bound with said application.
  - 13. The system of claim 10, wherein said is electronically encoded to be associated with a structure in the operating system designed to support pluggable mediation modules.
  - 14. The system of claim 10, wherein said persistent control mechanism is electronically encoded to be registered with said operating system of said device and receiving an operating system call at said persistent control mechanism.
  - 15. The system of claim 14, wherein said persistent control mechanism is electronically encoded to pass said operating system call as necessary.
  - 16. The system of claim 14, wherein said operating system uses vector hooking, and said persistent control mechanism is electronically encoded to respond to said request by blocking the request, passing the request to the original operating system function specified by said request, modifying the request before passing it to the original operating system function specified by said request redirecting said request, or modifying said request and then redirecting said request, to a different operating system function.
  - 17. The system of claim 15, wherein said operating system and said application use a shared memory region for communication between said application and services provided by said operating system, and said persistent control mechanism is further electronically encoded to replace that portion of the operating system service that receives notification of requests, or which reads requests from a shared memory buffer, or both, with a portion of said request mediation module.
  - 18. The system of claim 10, further comprising a second persistent control mechanism in electronic format in electronic memory and operating under electronic computer control, said second persistent control mechanism being bound to said application and implemented to operate electronically externally to said operating system, said second persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within the policies of said first domain without modifying said application and without requiring operating system privileges, over said computer data processing device application associated with said first domain, said second persistent control mechanism being subject to policies defined for said first domain, and said second persistent control mechanism being located logically between said first data processing device application and said operating system;
    - said second persistent control mechanism being further implemented to receive electronically encoded application requests and process said electronically encoded application requests under electronic computer control including determining how to process said application request using one or more of;
      
      an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
      
      said second persistent, control mechanism responding electronically to said application request under electronic computer control by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.

19. A non-transitory computer-readable medium containing a computer program product for operating a computer data processing device, said computer program product being configured to enable said computer data processing device to operate securely in two or more data security domains, said computer program product being configured to enable said computer data processing device to perform actions comprising:
- providing in data memory associated with said computer data processing device at least one external policy defining a first domain;
  
  associating a first computer data processing device application with said first domain;
  
  providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application and without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system;
  
  receiving an application request at said persistent control mechanism;
  
  processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;
  
  an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
  
  responding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The non-transitory computer-readable medium of claim 19, further comprising loading said persistent control mechanism substantially at the time of initial device software loading, or installing said persistent control mechanism on said device at a time subsequent to the initial device software load.
  - 21. The non-transitory computer-readable medium of claim 19, further comprising integrating said persistent control mechanism with the operating system of said device, integrating said persistent control mechanism with said application, or installing said persistent control mechanism as part of or bound with said application.
  - 22. The non-transitory computer-readable medium of claim 19, further comprising associating said persistent control mechanism with a structure in the operating system designed to support pluggable mediation modules.
  - 23. The non-transitory computer-readable medium of claim 19, further comprising registering said persistent control mechanism with said operating system of said device and receiving an operating system call at said persistent control mechanism.
  - 24. The non-transitory computer-readable medium of claim 23, further comprising passing said operating system call from said persistent control mechanism as necessary.
  - 25. The non-transitory computer-readable medium of claim 23, wherein said operating system uses vector hooking, and said persistent control mechanism responds to said request by blocking the request, passing the request to the original operating system function specified by said request, modifying the request before passing it to the original operating system function specified by said request, redirecting said request, or modifying said request and then redirecting said request, to a different operating system function.
  - 26. The non-transitory computer-readable medium of claim 24, wherein said operating system and said application use a shared memory region for communication between said application and services provided by said operating system, and said non-transitory computer-readable medium further comprises replacing that portion of the operating system service that receives notification of requests, or winch reads requests from a shared memory buffer, or both, with a portion of said request mediation module.
  - 27. The non-transitory computer-readable medium of claim 19, further comprising providing a second persistent control mechanism, said second persistent control mechanism being bound to said application and implemented externally to said operating system, said second persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within the policies of said first domain without modifying said application and without requiring operating system privileges, over said computer data processing device application associated with said first domain, said second persistent control mechanism being subject to policies defined for said first domain, and said second persistent control mechanism being located logically between said first data processing device application and said operating system;
    - receiving an application request at said second persistent control mechanism;
      
      processing said application request by said second persistent control mechanism, said second persistent control mechanism determining how to process said application request using one or more of;
      
      an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
      
      responding to said application by said second persistent control mechanism by either blocking the request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Cellsec, Inc. (Ivanti Software, Inc.)
Inventors
Weiss, Yoav, Goldschlag, David, Ginter, Karl, Bartman, Michael
Primary Examiner(s)
Williams, Jeffery L

Application Number

US15/989,513
Publication Number

US 20180302443A1
Time in Patent Office

368 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/74   operating in dual or compar...

H04L 63/20   for managing network securi...

Dividing a data processing device into separate security domains

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Dividing a data processing device into separate security domains

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others