Method and system for restricting execution of virtual application to a managed process environment
First Claim
1. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
- at least partially downloading, by at least one computing device, a virtualized application file from the server computing device;
storing, by the at least one computing device, the virtualized application file locally;
receiving, by an application executing on the at least one computing device, a ticket and a first instruction from the server computing device, the ticket comprising a digital signature and an expiration date, the first instruction indicating the virtualized application file is to be executed;
storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and
sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for restricting the launch of virtual application files. In one embodiment, a launching application is signed with a digital signature. When the launching application launches a runtime engine and instructs it to execute an application file, the runtime engine determines whether an entity identifier associated with the launching application identifies an authorized entity. If the entity identifier identifies an authorized entity and the digital signature is valid, the runtime engine executes the application file. In another embodiment, a ticket is transmitted to the launching application along with an instruction to launch the application file. The ticket includes a digital signature and an expiration date. The launching application communicates the ticket to the runtime engine, which will execute the application file only if the digital signature is valid and a current date is not later than the expiration date.
-
Citations
16 Claims
-
1. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
-
at least partially downloading, by at least one computing device, a virtualized application file from the server computing device; storing, by the at least one computing device, the virtualized application file locally; receiving, by an application executing on the at least one computing device, a ticket and a first instruction from the server computing device, the ticket comprising a digital signature and an expiration date, the first instruction indicating the virtualized application file is to be executed; storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving, by a server computing device, a selection of a virtualized application file; creating, by the server computing device, a login session and a session ticket, the session ticket having information related to the login session, a digital signature, and an expiration date; transmitting, by the server computing device, the session ticket and a request to download and launch the selected virtualized application file to an application executing on at least one computing device; downloading, by the application, the virtualized application file; storing, by the application, the session ticket in a shared memory location accessible by both a runtime engine and the application; instructing, by the application, the runtime engine to execute the virtualized application file; and executing, by the runtime engine, the virtualized application file in response to the instruction to do so only when the digital signature of the session ticket is valid and a current date is not later than the expiration date. - View Dependent Claims (7, 8, 9)
-
-
10. A computer-implemented method for use with a server computing device and a runtime engine having a copy of a public key, the method comprising:
-
receiving, by an application executing on at least one computing device, a ticket and a first instruction to execute a virtualized application file from the server computing device, the ticket comprising a digital signature and an expiration date; storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date, the runtime engine determining the digital signature of the ticket is valid by decrypting the digital signature using the copy of the public key, and comparing the decrypted digital signature to a second value determined based on a portion of the ticket. - View Dependent Claims (11, 12, 13)
-
-
14. A computer-implemented method for use with a server computing device and a runtime engine, the method comprising:
-
receiving, by an application executing on at least one computing device, a ticket and a first instruction to execute a virtualized application file from the server computing device, the ticket comprising a digital signature and an expiration date; storing, by the application, the ticket in a shared memory location accessible by both the runtime engine and the application; and sending, by the application, a second instruction to the runtime engine instructing the runtime engine to execute the virtualized application file, the runtime engine being operable to execute the virtualized application file in response to the second instruction to do so only when the digital signature of the ticket is valid and a current date is not later than the expiration date, the runtime engine being operable to terminate execution of the virtualized application file when the digital signature of the ticket is invalid or the current date is later than the expiration date. - View Dependent Claims (15, 16)
-
Specification