Method and system for restricting execution of virtual application to a managed process environment

US 9,747,425 B2
Filed: 07/01/2015
Issued: 08/29/2017
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:

at least partially downloading, by at least one computing device, a virtualized application file from the server computing device;

storing, by the at least one computing device, the virtualized application file locally;

receiving, by an application executing on the at least one computing device, a ticket and a first instruction from the server computing device, the ticket comprising a digital signature and an expiration date, the first instruction indicating the virtualized application file is to be executed;

storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and

sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date.

Citations

16 Claims

1. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
- at least partially downloading, by at least one computing device, a virtualized application file from the server computing device;
  
  storing, by the at least one computing device, the virtualized application file locally;
  
  receiving, by an application executing on the at least one computing device, a ticket and a first instruction from the server computing device, the ticket comprising a digital signature and an expiration date, the first instruction indicating the virtualized application file is to be executed;
  
  storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and
  
  sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprising:
    - at least partially downloading the virtualized application file from the server computing device.
  - 3. The computer-implemented method of claim 1, wherein the runtime engine has a copy of a public key, and the runtime engine is operable to determine the digital signature of the ticket is valid by decrypting the digital signature using the copy of the public key, and compare the decrypted digital signature to a second value determined based on a portion of the ticket.
  - 4. The computer-implemented method of claim 1, wherein the runtime engine is operable to terminate execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.
  - 5. The computer-implemented method of claim 4, wherein the runtime engine is operable to display an error before terminating execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.

6. A method comprising:
- receiving, by a server computing device, a selection of a virtualized application file;
  
  creating, by the server computing device, a login session and a session ticket, the session ticket having information related to the login session, a digital signature, and an expiration date;
  
  transmitting, by the server computing device, the session ticket and a request to download and launch the selected virtualized application file to an application executing on at least one computing device;
  
  downloading, by the application, the virtualized application file;
  
  storing, by the application, the session ticket in a shared memory location accessible by both a runtime engine and the application;
  
  instructing, by the application, the runtime engine to execute the virtualized application file; and
  
  executing, by the runtime engine, the virtualized application file in response to the instruction to do so only when the digital signature of the session ticket is valid and a current date is not later than the expiration date.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the runtime engine has a copy of a public key, and the method further comprises:
    - determining, by the runtime engine, the digital signature of the session ticket is valid by decrypting the digital signature using the copy of the public key, and comparing the decrypted digital signature to a second value determined based on a portion of the session ticket.
  - 8. The method of claim 6, further comprising:
    - terminating, by the runtime engine, execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.
  - 9. The method of claim 6, further comprising:
    - displaying, by the runtime engine, an error before terminating execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.

10. A computer-implemented method for use with a server computing device and a runtime engine having a copy of a public key, the method comprising:
- receiving, by an application executing on at least one computing device, a ticket and a first instruction to execute a virtualized application file from the server computing device, the ticket comprising a digital signature and an expiration date;
  
  storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and
  
  sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date, the runtime engine determining the digital signature of the ticket is valid by decrypting the digital signature using the copy of the public key, and comparing the decrypted digital signature to a second value determined based on a portion of the ticket.
- View Dependent Claims (11, 12, 13)
- - 11. The computer-implemented method of claim 10, further comprising:
    - at least partially downloading the virtualized application file from the server computing device.
  - 12. The computer-implemented method of claim 10, wherein the runtime engine is operable to terminate execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.
  - 13. The computer-implemented method of claim 12, wherein the runtime engine is operable to display an error before terminating execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.

14. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
- receiving, by an application executing on at least one computing device, a ticket and a first instruction to execute a virtualized application file from the server computing device, the ticket comprising a digital signature and an expiration date;
  
  storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and
  
  sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date, the runtime engine being operable to terminate execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.
- View Dependent Claims (15, 16)
- - 15. The computer-implemented method of claim 14, further comprising:
    - at least partially downloading the virtualized application file from the server computing device.
  - 16. The computer-implemented method of claim 14, wherein the runtime engine is operable to display an error before terminating execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Code Systems Incorporated (VOXX International Corporation)
Original Assignee
Code Systems Incorporated (VOXX International Corporation)
Inventors
Murphey, C. Michael, Obata, Kenji C., Zeller, Mark Jeremy, Larimore, Stefan I.
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/789,813
Publication Number

US 20150302183A1
Time in Patent Office

790 Days
Field of Search

713178, 713170
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

Method and system for restricting execution of virtual application to a managed process environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for restricting execution of virtual application to a managed process environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links