System and method for streaming application isolation

US 9,253,184 B1
Filed: 03/25/2013
Issued: 02/02/2016
Est. Priority Date: 04/10/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a host server with one or more memory locations configured to store one or more isolated environments and one or more host server update-caches, wherein the isolated environments comprise at least one or more applications, files and executables for said one or more applications, and an interception database comprised of mappings between resources inside an isolated environment and outside;

one or more clients comprising one or more memory locations configured to store one or more isolated environments, an update-cache for each isolated environment, and a host operating system, wherein said one or more isolated environments comprise at least one or more applications, files and executables for said one or more applications, and an interception database comprised of mappings between resources inside an isolated environment and outside; and

an isolated environment client policy manager configured to store client credentials for the one or more clients, wherein said one or more clients are authenticated against said isolated environment client policy manager and access to applications and isolated environments are granted based on said client-authentication;

wherein one or more of said isolated environments on the host server are streamed to the one or more clients, and said one or more host server update-caches are configured to identify which files in said streamed isolated environments have changed since last being streamed to said one or more clients; and

wherein said host server is authenticated using a certificate and said one or more clients validate said host certificate before accepting streaming applications from said host.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing streaming of one or more applications from streaming servers onto one or more clients. The computer readable medium includes computer-executable instructions for execution by a processing system. The applications are contained within one or more isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may include encrypted communication between the streaming servers and the clients. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades. The streamed isolated environments may be isolated from other applications and the host operating system on the clients and applications within the isolated environments may run without performing an application-installation on the client.

Citations

20 Claims

1. A system, comprising:
- a host server with one or more memory locations configured to store one or more isolated environments and one or more host server update-caches, wherein the isolated environments comprise at least one or more applications, files and executables for said one or more applications, and an interception database comprised of mappings between resources inside an isolated environment and outside;
  
  one or more clients comprising one or more memory locations configured to store one or more isolated environments, an update-cache for each isolated environment, and a host operating system, wherein said one or more isolated environments comprise at least one or more applications, files and executables for said one or more applications, and an interception database comprised of mappings between resources inside an isolated environment and outside; and
  
  an isolated environment client policy manager configured to store client credentials for the one or more clients, wherein said one or more clients are authenticated against said isolated environment client policy manager and access to applications and isolated environments are granted based on said client-authentication;
  
  wherein one or more of said isolated environments on the host server are streamed to the one or more clients, and said one or more host server update-caches are configured to identify which files in said streamed isolated environments have changed since last being streamed to said one or more clients; and
  
  wherein said host server is authenticated using a certificate and said one or more clients validate said host certificate before accepting streaming applications from said host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system according to claim 1, wherein the isolated environment client policy manager stores client account records comprising one or more of client login, account holder name, status of account and a list of credentialed isolated environments.
  - 3. The system according to claim 1, wherein authentication of the client credentials is performed by using one of a certificate, a user-id, or a client policy manager.
  - 4. The system according to claim 1, wherein secure socket layer (SSL) encrypted communication is established using said certificate between the one or more clients and the isolated environment of the host server.
  - 5. The system according to claim 1, wherein the client credentials for the one or more clients are validated for access to said isolated environments.
  - 6. The system according to claim 5, wherein non-credentialed isolated environments are removed from the one or more clients.
  - 7. The system according to claim 5, wherein a credentialed isolated environment is updated if it is already installed on the one or more clients.
  - 8. The system according to claim 5, wherein a credentialed isolated environment is installed on the one or more clients if it is not already installed.
  - 9. The system according to claim 1, further comprising:
    - a graphical user interface configured to provide the one or more clients with an option to select which isolated environment to access.
  - 10. The system according to claim 9, wherein a most recently run isolated environment is automatically selected for access.
  - 11. The system according to claim 1, wherein the one or more clients access at least one local isolated environment without validating credentials against the isolated environment of the host server.
  - 12. The system according to claim 1, wherein the one or more clients are validated against the isolated environment of the host server prior to accessing any isolated environments.
  - 13. The system according to claim 12, wherein the one or more clients access already installed isolated environments without accepting updates from the isolated environment of the host server.
  - 14. The system according to claim 1, wherein the isolated environment client policy manager contains a record with credentialed isolated environments, account information, and a cache sub-system for each of the one or more clients.
  - 15. The system according to claim 1 further comprising:
    - a management interface wherein an administrator configures client configuration settings and isolated environment host server configuration settings.
  - 16. The system according to claim 15, wherein at least one or more applications are streamed to the one or more clients and the one or more clients can access the one or more applications without performing a local installation.
  - 17. The system according to claim 15, wherein said client configuration settings comprise one or more of adding and removing credentialed isolated environments, adding and removing clients, forcing a rebuild of client update-caches, setting user-names, and setting account status.
  - 18. The system according to claim 15, wherein the isolated environment host server configuration settings comprise one or more of installing and removing isolated environments, updating isolated environments, rebuilding one or more update caches, setting a compression algorithm, and setting a message digest algorithm.
  - 19. The system according to claim 15, wherein the management interface is provided using a graphical user interface.
  - 20. The system according to claim 15, wherein the management interface is provided using an application programming interface (API).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Open Invention Network LLC
Inventors
Havemose, Allan
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US13/849,940
Time in Patent Office

1,044 Days
Field of Search

726/3, 726/1, 726/4, 726/7
US Class Current

1/1
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/145   the attack involving the pr...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 65/61   for supporting one-way stre...

H04L 67/01   Protocols

H04W 12/069   using certificates or pre-s...

H04W 4/60   Subscription-based services...

System and method for streaming application isolation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for streaming application isolation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links