Method and system for providing security and reliability to collaborative applications

US 20070157025A1
Filed: 12/30/2005
Published: 07/05/2007
Est. Priority Date: 12/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

an application domain, wherein the application domain includes a non-critical application component, and wherein the application domain is a first virtual machine;

an engine domain, wherein the engine domain includes a critical application component, and wherein the engine domain is secure, and wherein the engine domain is a second virtual machine;

an inter-domain communication channel to couple the application domain to the engine domain, and wherein the inter-domain communication channel is secure; and

a virtual machine monitor coupled to the first and second virtual machines and to the inter-domain communication channel, the virtual machine monitor to supervise communication between the application domain and the engine domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of a method and system for providing secure and reliable collaborative applications are described. In some embodiments, a collaborative application may be separated into critical and non-critical components. The critical components may be run on a secure domain on a virtual machine, apart from the non-critical components, according to some embodiments. Other embodiments are described.

48 Citations

View as Search Results

35 Claims

1. A system comprising:
- an application domain, wherein the application domain includes a non-critical application component, and wherein the application domain is a first virtual machine;
  
  an engine domain, wherein the engine domain includes a critical application component, and wherein the engine domain is secure, and wherein the engine domain is a second virtual machine;
  
  an inter-domain communication channel to couple the application domain to the engine domain, and wherein the inter-domain communication channel is secure; and
  
  a virtual machine monitor coupled to the first and second virtual machines and to the inter-domain communication channel, the virtual machine monitor to supervise communication between the application domain and the engine domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the application domain further comprises:
    - a user-level translation layer; and
      
      a kernel-level translation layer, wherein the user-level translation layer is adapted to transfer control from the user-level translation layer to the kernel-level translation layer, and to respond to calls from the kernel-level translation layer, and wherein the kernel-level translation layer is adapted to send notifications to the engine domain, to respond to notifications sent by the engine domain, to transfer control from the kernel-level translation layer to the user-level translation layer, and to transfer data between the kernel-level translation layer and the user-level translation layer.
  - 3. The system of claim 1, wherein the engine domain further comprises:
    - a user-level translation layer; and
      
      a kernel-level translation layer.
  - 4. The system of claim 3, wherein the user-level translation layer comprises:
    - a parameter check service module;
      
      an encryption service module; and
      
      an integrity check service module.
  - 5. The system of claim 1, wherein the non-critical application component is a graphical user interface for a voice over internet protocol application, and the critical application component is a voice over internet protocol communication stack.
  - 6. The system of claim 1, wherein the non-critical application component and the critical application component are parts of a collaboration application.
  - 7. The system of claim 6, wherein the collaboration application is a voice over internet protocol application, an electronic mail application, an instant messaging application, a multi-player game application, a video-on-demand application, or a secure billing application.
  - 8. The system of claim 1, wherein more than one non-critical application component is included in the application domain.
  - 9. The system of claim 1, wherein more than one application domain is included in the system.
  - 10. The system of claim 1, wherein more than one critical application component is included in the engine domain.
  - 11. The system of claim 1, wherein more than one engine domain is included in the system.

12. A method comprising:
- receiving a request to run a collaboration application, wherein the collaboration application includes at least one non-critical component and at least one critical component;
  
  running the non-critical component in an application domain on a first virtual machine;
  
  running the critical component in an engine domain on a second virtual machine; and
  
  linking the first and second virtual machines with an inter-domain communication channel.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method of claim 12, further comprising:
    - separating a collaboration application into a non-critical component and a critical component.
  - 14. The method of claim 12, further comprising:
    - monitoring the first and second virtual machines, and the inter-domain communication channel with a virtual machine monitor, wherein the virtual machine monitor supervises communication between the application domain and the engine domain.
  - 15. The method of claim 12, further comprising:
    - running a user-level translation layer in the application domain; and
      
      running a kernel-level translation layer in the application domain, wherein the user-level translation layer is adapted to transfer control from the user-level translation layer to the kernel-level translation layer, and to respond to calls from the kernel-level translation layer, and wherein the kernel-level translation layer is adapted to send notifications to the engine domain, to respond to notifications sent by the engine domain, to transfer control from the kernel-level translation layer to the user-level translation layer, and to transfer data between the kernel-level translation layer and the user-level translation layer.
  - 16. The method of claim 12, further comprising:
    - running a user-level translation layer in the engine domain; and
      
      running a kernel-level translation layer in the engine domain.
  - 17. The method of claim 16, wherein the running of the user-level translation layer further comprises:
    - running a parameter check service module;
      
      running an encryption service module; and
      
      running an integrity check service module.
  - 18. The method of claim 12, wherein the non-critical application component is a graphical user interface for a voice over internet protocol application, and the critical application component is a voice over internet protocol communication stack.
  - 19. The method of claim 12, wherein the collaboration application is a voice over internet protocol application, an electronic mail application, an instant messaging application, a multi-player game application, a video-on-demand application, or a secure billing application.
  - 20. The method of claim 12, wherein more than one non-critical application component is included in the application domain.
  - 21. The method of claim 12, wherein more than one application domain is running.
  - 22. The method of claim 12, wherein more than one critical application component is included in the engine domain.
  - 23. The method of claim 12, wherein more than one engine domain is running.

24. A machine readable medium containing program instructions that, when executed, cause the machine to:
- receive a request to run a collaboration application, wherein the collaboration application includes at least one non-critical component and at least one critical component;
  
  run the non-critical component in an application domain on a first virtual machine;
  
  run the critical component in an engine domain on a second virtual machine; and
  
  link the first and second virtual machines with an inter-domain communication channel.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 25. The machine readable medium of claim 24, further comprising:
    - separate a collaboration application into a non-critical component and a critical component.
  - 26. The machine readable medium of claim 24, further comprising:
    - monitor the first and second virtual machines, and the inter-domain communication channel with a virtual machine monitor, wherein the virtual machine monitor supervises communication between the application domain and the engine domain.
  - 27. The machine readable medium of claim 24, further comprising:
    - run a user-level translation layer in the application domain; and
      
      run a kernel-level translation layer in the application domain, wherein the user-level translation layer is adapted to transfer control from the user-level translation layer to the kernel-level translation layer, and to respond to calls from the kernel-level translation layer, and wherein the kernel-level translation layer is adapted to send notifications to the engine domain, to respond to notifications sent by the engine domain, to transfer control from the kernel-level translation layer to the user-level translation layer, and to transfer data between the kernel-level translation layer and the user-level translation layer.
  - 28. The machine readable medium of claim 24, further comprising:
    - run a user-level translation layer in the engine domain; and
      
      run a kernel-level translation layer in the engine domain.
  - 29. The machine readable medium of claim 28, wherein the running of the user-level translation layer further comprises:
    - run a parameter check service module;
      
      run an encryption service module; and
      
      run an integrity check service module.
  - 30. The machine readable medium of claim 24, wherein the non-critical application component is a graphical user interface for a voice over internet protocol application, and the critical application component is a voice over internet protocol communication stack.
  - 31. The machine readable medium of claim 24, wherein the collaboration application is a voice over internet protocol application, an electronic mail application, an instant messaging application, a multi-player game application, a video-on-demand application, or a secure billing application.
  - 32. The machine readable medium of claim 24, wherein more than one non-critical application component is included in the application domain.
  - 33. The machine readable medium of claim 24, wherein more than one application domain is adapted to run.
  - 34. The machine readable medium of claim 24, wherein more than one critical application component is included in the engine domain.
  - 35. The machine readable medium of claim 24, wherein more than one engine domain is adapted to run.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wang, Shao-Cheng, Adrangi, Farid, Covington, Michael, Manohar, Deepak, Sastry, Manoj

Application Number

US11/322,683
Publication Number

US 20070157025A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 65/1053   IP private branch exchange ...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 67/52   specially adapted for the l...

H04M 2242/04   for emergency applications

H04W 88/18   Service support devices; Ne...

Method and system for providing security and reliability to collaborative applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

Method and system for providing security and reliability to collaborative applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others