Methods and systems for launching applications into existing isolation environments

    公开(公告)号:US08090797B2

    公开(公告)日:2012-01-03

    申请号:US12434629

    申请日:2009-05-02

    IPC分类号: G06F15/16 G06F9/455

    CPC分类号: G06F21/53

    摘要: Methods and systems that can launch applications into existing isolation environments do so by executing a run module on a computing machine to intercept requests to execute an application. A client communicating with the computing machine generates requests to execute an application on the computing machine. A run module identifies a profile associated with the requested application and queries an application delivery service to identify at least one isolation environment that corresponds to the profile. The run module receives from the application delivery service a response that identifies a first isolation environment associated with the application, and issues a command to a launch module to launch the application into the first isolation environment.

    METHODS AND SYSTEMS FOR LAUNCHING APPLICATIONS INTO EXISTING ISOLATION ENVIRONMENTS
    2.
    发明申请
    METHODS AND SYSTEMS FOR LAUNCHING APPLICATIONS INTO EXISTING ISOLATION ENVIRONMENTS 有权
    将应用推广到现有隔离环境的方法和系统

    公开(公告)号:US20100281102A1

    公开(公告)日:2010-11-04

    申请号:US12434629

    申请日:2009-05-02

    IPC分类号: G06F15/16

    CPC分类号: G06F21/53

    摘要: Methods and systems that can launch applications into existing isolation environments do so by executing a run module on a computing machine to intercept requests to execute an application. A client communicating with the computing machine generates requests to execute an application on the computing machine. A run module identifies a profile associated with the requested application and queries an application delivery service to identify at least one isolation environment that corresponds to the profile. The run module receives from the application delivery service a response that identifies a first isolation environment associated with the application, and issues a command to a launch module to launch the application into the first isolation environment.

    摘要翻译: 可以将应用程序启动到现有隔离环境中的方法和系统通过在计算机上执行运行模块来拦截执行应用程序的请求。 与计算机通信的客户端生成在计算机上执行应用的请求。 运行模块识别与所请求的应用相关联的简档,并且查询应用传递服务以识别对应于简档的至少一个隔离环境。 运行模块从应用传送服务接收标识与应用相关联的第一隔离环境的响应,并且向发射模块发出命令以将应用启动到第一隔离环境中。

    METHOD AND SYSTEM FOR COMMUNICATING BETWEEN ISOLATION ENVIRONMENTS
    3.
    发明申请
    METHOD AND SYSTEM FOR COMMUNICATING BETWEEN ISOLATION ENVIRONMENTS 有权
    分离环境之间的通信方法和系统

    公开(公告)号:US20120198468A1

    公开(公告)日:2012-08-02

    申请号:US13434645

    申请日:2012-03-29

    IPC分类号: G06F9/44 G06F9/46

    CPC分类号: G06F8/60 G06F9/5077

    摘要: A method and system for aggregating installation scopes within an isolation environment, where the method includes first defining an isolation environment for encompassing an aggregation of installation scopes. Associations are created between a first application and a first installation scope. When the first application requires the presence of a second application within the isolation environment for proper execution, an image of the required second application is mounted onto a second installation scope and an association between the second application and the second installation scope is created. Another association is created between the first installation scope and the second installation scope, an this third association is created within a third installation scope. Each of the first, second, and third installation scopes are stored and the first application is launched into the defined isolation environment.

    摘要翻译: 一种用于在隔离环境中聚合安装范围的方法和系统,其中该方法包括首先定义用于包含安装范围的聚合的隔离环境。 在第一个应用程序和第一个安装范围之间创建关联。 当第一应用程序需要在隔离环境中存在第二应用以便正确执行时,所需的第二应用的映像被安装到第二安装范围上,并且创建第二应用和第二安装范围之间的关联。 在第一个安装范围和第二个安装范围之间创建另一个关联,第三个关联是在第三个安装范围内创建的。 存储第一,第二和第三安装作用域中的每一个,并将第一个应用程序启动到定义的隔离环境中。

    Methods and Systems for Forcing an Application to Store Data in a Secure Storage Location
    4.
    发明申请
    Methods and Systems for Forcing an Application to Store Data in a Secure Storage Location 有权
    强制应用程序将数据存储在安全存储位置的方法和系统

    公开(公告)号:US20110277013A1

    公开(公告)日:2011-11-10

    申请号:US13098727

    申请日:2011-05-02

    申请人: Madhav Chinta

    发明人: Madhav Chinta

    IPC分类号: H04L9/32

    摘要: The present application is directed to methods and systems for redirecting write requests issued by trusted applications to a secure storage. Upon redirecting the write requests, the data included in those requests can be stored in the secure storage area of a client computer. In some embodiments, the methods and systems can include determining whether an application issuing the request is a trusted application that requires data to be stored in a secure storage repository. Upon making this determination, a filter driver can identify a secure storage area on a client computer and can redirect the write request to this secure storage. In other embodiments, the filter driver may deny requests of trusted applications to write to unsecure storage areas.

    摘要翻译: 本申请涉及用于将由可信应用发出的写请求重定向到安全存储器的方法和系统。 在重定向写请求时,包括在这些请求中的数据可以存储在客户端计算机的安全存储区域中。 在一些实施例中,方法和系统可以包括确定发出请求的应用是否是需要将数据存储在安全存储库中的可信应用。 在进行该确定时,过滤器驱动程序可以识别客户端计算机上的安全存储区域,并且可以将写入请求重定向到该安全存储器。 在其他实施例中,过滤器驱动器可以拒绝可信应用的请求写入不安全的存储区域。

    Method and system for communicating between isolation environments
    5.
    发明授权
    Method and system for communicating between isolation environments 有权
    用于在隔离环境之间进行通信的方法和系统

    公开(公告)号:US09021494B2

    公开(公告)日:2015-04-28

    申请号:US13619294

    申请日:2012-09-14

    IPC分类号: G06F9/46 G06F9/445 G06F9/50

    CPC分类号: G06F8/60 G06F9/5077

    摘要: A method and system for aggregating installation scopes within an isolation environment, where the method includes first defining an isolation environment for encompassing an aggregation of installation scopes. Associations are created between a first application and a first installation scope. When the first application requires the presence of a second application within the isolation environment for proper execution, an image of the required second application is mounted onto a second installation scope and an association between the second application and the second installation scope is created. Another association is created between the first installation scope and the second installation scope, and this third association is created within a third installation scope. Each of the first, second, and third installation scopes are stored and the first application is launched into the defined isolation environment.

    摘要翻译: 一种用于在隔离环境中聚合安装范围的方法和系统,其中该方法包括首先定义用于包含安装范围的聚合的隔离环境。 在第一个应用程序和第一个安装范围之间创建关联。 当第一应用程序需要在隔离环境中存在第二应用以便正确执行时,所需的第二应用的映像被安装到第二安装范围上,并且创建第二应用和第二安装范围之间的关联。 在第一个安装范围和第二个安装范围之间创建另一个关联,第三个关联是在第三个安装范围内创建的。 存储第一,第二和第三安装作用域中的每一个,并将第一个应用程序启动到定义的隔离环境中。

    Methods and systems for forcing an application to store data in a secure storage location
    6.
    发明授权
    Methods and systems for forcing an application to store data in a secure storage location 有权
    强制应用程序将数据存储在安全存储位置的方法和系统

    公开(公告)号:US08707457B2

    公开(公告)日:2014-04-22

    申请号:US13098727

    申请日:2011-05-02

    申请人: Madhav Chinta

    发明人: Madhav Chinta

    IPC分类号: H04L29/06

    摘要: The present application is directed to methods and systems for redirecting write requests issued by trusted applications to a secure storage. Upon redirecting the write requests, the data included in those requests can be stored in the secure storage area of a client computer. In some embodiments, the methods and systems can include determining whether an application issuing the request is a trusted application that requires data to be stored in a secure storage repository. Upon making this determination, a filter driver can identify a secure storage area on a client computer and can redirect the write request to this secure storage. In other embodiments, the filter driver may deny requests of trusted applications to write to unsecure storage areas.

    摘要翻译: 本申请涉及用于将由可信应用发出的写请求重定向到安全存储器的方法和系统。 在重定向写请求时,包括在这些请求中的数据可以存储在客户端计算机的安全存储区域中。 在一些实施例中,方法和系统可以包括确定发出请求的应用是否是需要将数据存储在安全存储库中的可信应用。 在进行该确定时,过滤器驱动程序可以识别客户端计算机上的安全存储区域,并且可以将写入请求重定向到该安全存储器。 在其他实施例中,过滤器驱动器可以拒绝可信应用的请求写入不安全的存储区域。

    Method and system for communicating between isolation environments
    7.
    发明授权
    Method and system for communicating between isolation environments 有权
    用于在隔离环境之间进行通信的方法和系统

    公开(公告)号:US09009720B2

    公开(公告)日:2015-04-14

    申请号:US13434645

    申请日:2012-03-29

    IPC分类号: G06F9/46 G06F9/445

    CPC分类号: G06F8/60 G06F9/5077

    摘要: A method and system for aggregating installation scopes within an isolation environment, where the method includes first defining an isolation environment for encompassing an aggregation of installation scopes. Associations are created between a first application and a first installation scope. When the first application requires the presence of a second application within the isolation environment for proper execution, an image of the required second application is mounted onto a second installation scope and an association between the second application and the second installation scope is created. Another association is created between the first installation scope and the second installation scope, an this third association is created within a third installation scope. Each of the first, second, and third installation scopes are stored and the first application is launched into the defined isolation environment.

    摘要翻译: 一种用于在隔离环境中聚合安装范围的方法和系统,其中该方法包括首先定义用于包含安装范围的聚合的隔离环境。 在第一个应用程序和第一个安装范围之间创建关联。 当第一应用程序需要在隔离环境中存在第二应用以便正确执行时,所需的第二应用的映像被安装到第二安装范围上,并且创建第二应用和第二安装范围之间的关联。 在第一个安装范围和第二个安装范围之间创建另一个关联,第三个关联是在第三个安装范围内创建的。 存储第一,第二和第三安装作用域中的每一个,并将第一个应用程序启动到定义的隔离环境中。

    Methods and systems for launching applications into existing isolation environments
    8.
    发明授权
    Methods and systems for launching applications into existing isolation environments 有权
    将应用程序启动到现有隔离环境中的方法和系统

    公开(公告)号:US08326943B2

    公开(公告)日:2012-12-04

    申请号:US13290621

    申请日:2011-11-07

    IPC分类号: G06F15/16

    CPC分类号: G06F21/53

    摘要: Methods and systems that can launch applications into existing isolation environments do so by executing a run module on a computing machine to intercept requests to execute an application. A client communicating with the computing machine generates requests to execute an application on the computing machine. A run module identifies a profile associated with the requested application and queries an application delivery service to identify at least one isolation environment that corresponds to the profile. The run module receives from the application delivery service a response that identifies a first isolation environment associated with the application, and issues a command to a launch module to launch the application into the first isolation environment.

    摘要翻译: 可以将应用程序启动到现有隔离环境中的方法和系统通过在计算机上执行运行模块来拦截执行应用程序的请求。 与计算机通信的客户端生成在计算机上执行应用的请求。 运行模块识别与所请求的应用相关联的简档,并且查询应用传递服务以识别对应于简档的至少一个隔离环境。 运行模块从应用传送服务接收标识与应用相关联的第一隔离环境的响应,并且向发射模块发出命令以将应用启动到第一隔离环境中。

    Method and system for communicating between isolation environments
    9.
    发明授权
    Method and system for communicating between isolation environments 有权
    隔离环境之间通信的方法和系统

    公开(公告)号:US08171483B2

    公开(公告)日:2012-05-01

    申请号:US11875881

    申请日:2007-10-20

    IPC分类号: G06F9/44 G06F9/46

    CPC分类号: G06F8/60 G06F9/5077

    摘要: A method and system for associating installation scopes within an isolation environment, where the method includes defining an isolation environment for encompassing an aggregation of installation scopes. Associations are created between a first application and a first installation scope. When the first application requires the presence of a second application within the isolation environment for proper execution, an image of the required second application is mounted onto a second installation scope and an association between the second application and the second installation scope is created. Another association is created between the first installation scope and a second installation scope, and this third association is created within a third installation scope. Each of the first, second, and third installation scopes are stored and the first application is launched into the defined isolation environment.

    摘要翻译: 一种用于在隔离环境中关联安装范围的方法和系统,其中该方法包括定义用于包含安装范围的聚合的隔离环境。 在第一个应用程序和第一个安装范围之间创建关联。 当第一应用程序需要在隔离环境中存在第二应用以便正确执行时,所需的第二应用的映像被安装到第二安装范围上,并且创建第二应用和第二安装范围之间的关联。 在第一个安装范围和第二个安装范围之间创建另一个关联,并且第三个关联是在第三个安装范围内创建的。 存储第一,第二和第三安装作用域中的每一个,并将第一个应用程序启动到定义的隔离环境中。

    Creation and delivery of encrypted virtual disks
    10.
    发明授权
    Creation and delivery of encrypted virtual disks 有权
    加密虚拟磁盘的创建和传递

    公开(公告)号:US09311509B2

    公开(公告)日:2016-04-12

    申请号:US13102793

    申请日:2011-05-06

    摘要: The present application is directed to methods and systems for receiving a request for a virtual disk and creating a virtual disk that includes the virtual disk attributes identified in the request or determined by an organization's security policies. The created virtual disk can then be encrypted and in some aspects, an encryption key for the encrypted virtual disk can be stored in an encryption key database. Upon creating and encrypting the virtual disk, the virtual disk can be transmitted to a client. The client, upon receiving the encrypted virtual disk, can mount the virtual disk into the client system. The encrypted virtual disk may be stored as a file within an unencrypted virtual disk, and the unencrypted virtual disk backed up to a local or remote storage location.

    摘要翻译: 本申请涉及用于接收对虚拟磁盘的请求并创建包括在请求中标识或由组织的安全策略确定的虚拟磁盘属性的虚拟磁盘的方法和系统。 然后可以对所创建的虚拟磁盘进行加密,并且在某些方面,加密的虚拟磁盘的加密密钥可以存储在加密密钥数据库中。 在创建和加密虚拟磁盘后,可以将虚拟磁盘传输到客户端。 客户端在收到加密的虚拟磁盘后,可以将虚拟磁盘安装到客户端系统中。 加密的虚拟磁盘可以作为文件存储在未加密的虚拟磁盘中,并且未加密的虚拟磁盘备份到本地或远程存储位置。