MULTIPLE APPLICATION CONTAINERIZATION IN A SINGLE CONTAINER

US 20140047535A1
Filed: 08/09/2012
Published: 02/13/2014
Est. Priority Date: 08/09/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a multiple application container that comprises socket monitoring and redirect logic, virtual private network (VPN) logic, and file input/output (I/O) logic;

wherein the VPN logic establishes a VPN tunnel with a predefined associated network that is shared by a first set of two or more associated applications within the multiple application container;

wherein the VPN logic excludes from the VPN tunnel data traffic between the associated network and associated applications other than the first set of two or more associated applications and stored on the apparatus outside of the multiple application container;

wherein the socket monitoring and redirect logic redirects data traffic between the associated network and the first set of two or more associated applications within the multiple application container through the VPN tunnel; and

wherein the socket monitoring and redirect logic redirects file input and output traffic between an associated storage device and the first set of two or more associated applications within the multiple application container through the file I/O logic, the file I/O logic encrypting file output traffic using data representative of keys before writing to the associated storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described in an example embodiment herein is a Multiple Application Container. Various embodiments of the Multiple Application Container may include, but are not limited to: (1) managed intranet access via a dedicated Virtual Private Network (VPN) tunnel shared amongst applications within the container, (2) managed file/data encryption, (3) native look and feel applications for the base Operating System (OS), (4) isolation from any non-OS based services on the device, and/or (5) Mobile Device Management (MDM) based capabilities, such as policy enforcement.

74 Citations

View as Search Results

20 Claims

1. An apparatus, comprising:
- a multiple application container that comprises socket monitoring and redirect logic, virtual private network (VPN) logic, and file input/output (I/O) logic;
  
  wherein the VPN logic establishes a VPN tunnel with a predefined associated network that is shared by a first set of two or more associated applications within the multiple application container;
  
  wherein the VPN logic excludes from the VPN tunnel data traffic between the associated network and associated applications other than the first set of two or more associated applications and stored on the apparatus outside of the multiple application container;
  
  wherein the socket monitoring and redirect logic redirects data traffic between the associated network and the first set of two or more associated applications within the multiple application container through the VPN tunnel; and
  
  wherein the socket monitoring and redirect logic redirects file input and output traffic between an associated storage device and the first set of two or more associated applications within the multiple application container through the file I/O logic, the file I/O logic encrypting file output traffic using data representative of keys before writing to the associated storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus set forth in claim 1, wherein the VPN logic isolates networked data that was not received via the VPN tunnel from the first set of two or more associated applications within the multiple application container.
  - 3. The apparatus set forth in claim 1, wherein when the VPN logic establishes the VPN tunnel responsive to the launching of one of the plurality of the first set of two or more associated applications in the multiple application container and determining that the VPN tunnel has not been established.
  - 4. The apparatus set forth in claim 1, wherein the associated storage device is a local disk.
  - 5. The apparatus set forth in claim 1, wherein the associated storage device is a secure digital memory card.
  - 6. The apparatus set forth in claim 1, wherein the keys employed by the file I/O logic are stored on the predefined associated network.
  - 7. The apparatus set forth in claim 6, wherein data representative of the keys are stored locally by the file I/O logic for a predetermined time period after the VPN tunnel has been torn down.
  - 8. The apparatus set forth in claim 1, wherein the multiple application container further comprises a mobile device management client.
  - 9. The apparatus set forth in claim 8, wherein the mobile device management client is operable to accept commands received via the VPN tunnel, and ignore commands that were not received via the VPN tunnel.
  - 10. The apparatus set forth in claim 1, wherein the VPN logic isolates from the first set of two or more associated applications within the multiple application container the data traffic excluded from the VPN tunnel between the associated network and associated applications stored on the apparatus other than the first set of two or more associated applications within the multiple application container.

11. Logic encoded in a tangible non-transitory computer readable medium for execution by a processor, and when executed operable to:
- establish a virtual private network (VPN) tunnel with a predefined associated network that is shared by a first set of two or more associated applications within in a multiple application container;
  
  exclude from the VPN tunnel data traffic between the associated network and associated applications other than the first set of two or more associated applications not within the multiple application container;
  
  redirect data traffic between the associated network and the first set of two or more associated applications within the multiple application container through the VPN tunnel; and
  
  redirect file input and output requests between an associated storage device and the first set of two or more associated applications within the multiple application container to a predefined encryption engine.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The logic set forth in claim 11, further operable to isolate networked data that was not received via the VPN tunnel from the first set of two or more associated applications within the multiple application container.
  - 13. The logic set forth in claim 11, further operable to obtain keys for the file input and output requests from the predefined associated network via the VPN tunnel.
  - 14. The logic set forth in claim 13, further operable to store data representative of the keys locally for a predetermined time period after the VPN tunnel has been torn down.
  - 15. The logic set forth in claim 11, further operable to establish the VPN tunnel responsive to the launching of one of the plurality of the first set of two or more associated applications in the multiple application container and determining that the VPN tunnel has not been established.
  - 16. The logic set forth in claim 11, further operable to isolate the associated applications other than the first set of two or more associated applications that are not in the multiple application container from the VPN tunnel.
  - 17. The logic set forth in claim 11, further operable to respond to mobile device management commands.
  - 18. The logic set forth in claim 17, further operable to ignore mobile device management commands that were not received via the VPN tunnel.

19. A method, comprising:
- establishing a virtual private network (VPN) tunnel with an associated network for a first set of two or more associated applications contained within a multiple application container;
  
  excluding from the VPN tunnel data traffic between the associated network and associated applications other than the first set of two or more associated applications outside of the multiple application container;
  
  redirecting data traffic between the associated network and the first set of two or more associated applications within the multiple application container through the VPN tunnel;
  
  receiving a file output request with data from a selected application of the first set of two or more associated applications within the multiple application container; and
  
  encrypting the data in the file output request prior to writing the data.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising:
    - launching a selected application of the first set of two or more associated applications within the multiple application container;
      
      determining whether the VPN tunnel has been established responsive to launching the selected application; and
      
      wherein establishing the VPN tunnel is responsive to determining the VPN tunnel has not been established and the application being launched.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Parla, Vincent E., Pescatore, Brian Henry, Champagne, Timothy Steven

Granted Patent

US 9,032,506 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04W 12/02   Protecting privacy or anony...

H04W 12/37   Managing security policies ...

MULTIPLE APPLICATION CONTAINERIZATION IN A SINGLE CONTAINER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTIPLE APPLICATION CONTAINERIZATION IN A SINGLE CONTAINER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links