Method and system for restricting execution of virtual applications to a managed process environment
First Claim
1. A computer-implemented method for use with a launching application and a separate runtime engine, the launching application and the runtime engine being configured to access a shared memory location, the method comprising:
- at the launching application, receiving a first instruction to execute a virtualized application file and a ticket, the ticket comprising a digital signature and an expiration date;
at the launching application, storing the ticket in the shared memory location and sending a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file; and
in response to the second instruction received from the launching application, at the runtime engine, reading the ticket from the shared memory location, determining whether the digital signature is valid, determining whether the ticket has expired, and executing the virtualized application file only when the runtime engine determines the ticket is valid and has not yet expired, whether the ticket is valid being determined based on the digital signature, and whether the ticket has expired being determined based on the expiration date.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date.
-
Citations
10 Claims
-
1. A computer-implemented method for use with a launching application and a separate runtime engine, the launching application and the runtime engine being configured to access a shared memory location, the method comprising:
-
at the launching application, receiving a first instruction to execute a virtualized application file and a ticket, the ticket comprising a digital signature and an expiration date; at the launching application, storing the ticket in the shared memory location and sending a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file; and in response to the second instruction received from the launching application, at the runtime engine, reading the ticket from the shared memory location, determining whether the digital signature is valid, determining whether the ticket has expired, and executing the virtualized application file only when the runtime engine determines the ticket is valid and has not yet expired, whether the ticket is valid being determined based on the digital signature, and whether the ticket has expired being determined based on the expiration date. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method for use with a virtualized application file, and a shared memory location storing a ticket comprising a digital signature and an expiration date, the virtualized application file comprising a digital rights management indicator, the method comprising:
-
receiving an instruction to execute the virtualized application file from a launching application that stored the ticket in the shared memory location; in response to the instruction, reading the ticket from the shared memory location and reading the digital rights management indicator from the virtualized application file; when the digital rights management indicator indicates the ticket is to be validated, determining whether the digital signature is valid, determining whether the ticket has expired, and executing the virtualized application file only when the ticket is determined to be valid and not yet expired, whether the ticket is valid being determined based on the digital signature, and whether the ticket has expired being determined based on the expiration date; and when the digital rights management indicator indicates the ticket is not to be validated, executing the virtualized application file. - View Dependent Claims (6, 7)
-
-
8. A computer-implemented method for use with a remote computing device operated by a user, the remote computing device implementing a launching application and a separate runtime engine, the method comprising:
-
instructing the remote computing device to display a plurality of selectable options, each option corresponding to an application file, wherein the application file is a virtualized application file; receiving a selection of one of the plurality of selectable options from the remote computing device; determining whether the user operating the remote computing device has logged into a user account; when the user has not logging into a user account, instructing the remote computing device to display a login display, receiving login information from the remote computing device via the login display, and determining whether the login information is valid; when the login information is valid, creating a login session; creating a ticket comprising a digital signature and an expiration date, creating the ticket comprising incorporating information related to the login session into the ticket; instructing the launching application on the remote computing device to launch the application file corresponding to the selected one of the plurality of selectable options; and transmitting the ticket to the launching application, the launching application being operable to communicate the ticket to the runtime engine, the runtime engine being operable to execute the application file corresponding to the selected one of the plurality of selectable options in response to an instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date. - View Dependent Claims (9, 10)
-
Specification