METHOD AND SYSTEM FOR RESTRICTING EXECUTION OF VIRTUAL APPLICATIONS TO A MANAGED PROCESS ENVIRONMENT
First Claim
1. A computer-implemented method performed by a first process configured to execute an application file, the method comprising:
- determining whether the first process has a parent process;
when it is determined that the first process does not have a parent process, terminating execution of the application file;
when it is determined that the first process has a parent process, determining whether the parent process has a digital signature;
when it is determined that the parent process has a digital signature, determining whether the parent process is associated with an authorized entity;
when it is determined that the parent process is not associated with an authorized entity, terminating execution of the application file;
when it is determined that the parent process is associated with an authorized entity, determining whether the digital signature is valid using a public key associated with the authorized entity;
when it is determined that the digital signature is valid, executing the application file; and
when it is determined that the digital signature is invalid, terminating execution of the application file.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date.
83 Citations
28 Claims
-
1. A computer-implemented method performed by a first process configured to execute an application file, the method comprising:
-
determining whether the first process has a parent process; when it is determined that the first process does not have a parent process, terminating execution of the application file; when it is determined that the first process has a parent process, determining whether the parent process has a digital signature; when it is determined that the parent process has a digital signature, determining whether the parent process is associated with an authorized entity; when it is determined that the parent process is not associated with an authorized entity, terminating execution of the application file; when it is determined that the parent process is associated with an authorized entity, determining whether the digital signature is valid using a public key associated with the authorized entity; when it is determined that the digital signature is valid, executing the application file; and when it is determined that the digital signature is invalid, terminating execution of the application file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method performed by a first process implemented by an application file comprising configuration information, the method comprising:
-
reading the configuration information from the application file to obtain a digital rights management indicator; when the digital rights management indicator indicates that a parent process of the first process is not to be validated, allowing the application file to continue executing; and when the digital rights management indicator indicates that a parent process of the first process is to be validated, determining whether the first process was launched by a parent process, when it is determined that the first process was not launched by a parent process, terminating execution of the application file, when it is determined that the first process was launched by a parent process, determining whether the parent process has a digital signature, when it is determined that the parent process has a digital signature, using an entity identifier associated with the parent process to determine whether the digital signature is associated with an authorized entity, when it is determined that the digital signature is not associated with an authorized entity, terminating execution of the application file, when it is determined that the digital signature is associated with an authorized entity, determining whether the digital signature is valid using a public key associated with the authorized entity, when it is determined that the digital signature is valid, allowing the application file to continue executing, and when it is determined that the digital signature is invalid, terminating execution of the application file. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-implemented method for use with a launching application and a separate runtime engine, the launching application and the runtime engine being configured to access a shared memory location, the method comprising:
-
at the launching application, receiving a first instruction to execute an application file and a ticket, the ticket comprising a digital signature and an expiration date; at the launching application, storing the ticket in the shared memory location and sending a second instruction to the runtime engine instructing the runtime engine to execute the application file; and in response to the second instruction received from the launching application, at the runtime engine, reading the ticket from the shared memory block, determining whether the digital signature is valid, determining whether the ticket has expired, and executing the application file only when the runtime engine determines the ticket is valid and has not yet expired, whether the ticket is valid being determined based on the digital signature, and whether the ticket has expired being determined based on the expiration date. - View Dependent Claims (15, 16, 17)
-
-
18. A computer-implemented method for use with an application file, and a shared memory location storing a ticket comprising a digital signature and an expiration date, the application file comprising a digital rights management indicator, the method comprising:
-
receiving an instruction to execute the application file; in response to the instruction, reading the ticket from the shared memory location and reading the digital rights management indicator from the application file; if the digital rights management indicator indicates the ticket is to be validated, determining whether the digital signature is valid, determining whether the ticket has expired, and executing the application file only when the ticket is determined to be valid and not yet expired, whether the ticket is valid being determined based on the digital signature, and whether the ticket has expired being determined based on the expiration date; and if the digital rights management indicator indicates the ticket is not to be validated, executing the application file. - View Dependent Claims (19, 20)
-
-
21. A computer-implemented method for use with a remote computing device implementing a launching application and a separate runtime engine, the method comprising:
-
instructing the remote computing device to display a plurality of selectable options, each option corresponding to an application file; receiving a selection of one of the plurality of selectable options from the remote computing device; creating a ticket comprising a digital signature and an expiration date; instructing the launching application on the remote computing device to launch the application file corresponding to the selected one of the plurality of selectable options; and transmitting the ticket to the launching application, the launching application being operable to communicate the ticket to the runtime engine, the runtime engine being operable to execute the application file corresponding to the selected one of the plurality of selectable options in response to an instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
-
receiving a ticket and a first instruction to execute an application file from the server computing device, the ticket comprising a digital signature and an expiration date; storing the ticket in a memory location accessible by the runtime engine; sending a second instruction to the runtime engine instructing the runtime engine to execute the application file, the runtime engine being operable to execute the application file in response to the instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date. - View Dependent Claims (27, 28)
-
Specification