Composing a virtual disk using application delta disk images
US-2015089172-A1 · Mar 26, 2015 · US
Enabling persistence in a volatile secure workspace
US12248592B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12248592-B2 |
| Application number | US-202218052286-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 3, 2022 |
| Priority date | Nov 3, 2022 |
| Publication date | Mar 11, 2025 |
| Grant date | Mar 11, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Persistence can be enabled in a volatile secure workspace. A management service may be configured to provide a managed application image containing a managed application to a host agent on a user computing device. When a secure workspace is deployed on the user computing device, the host agent can attach the managed application image to the secure workspace to create an injected volume. The host agent can also provide image details of the managed application image to a file system filter in the secure workspace. The file system filter may cause the managed application to be loaded from the managed application image and may then redirect I/O performed by the managed application to the injected volume which in turn will cause such I/O to be persisted in the managed application image. In this way, the managed application, any files it creates or modifies, and any state will be persisted even though the secure workspace is volatile.
First claim
Opening claim text (preview).
What is claimed: 1. A method for enabling persistence in a volatile secure workspace, the method comprising: obtaining, by a host agent executing on a user computing device, a managed application image that is associated with a volatile secure workspace, the managed application image including a managed application; in response to the volatile secure workspace being deployed on the user computing device, mounting, by the host agent which executes on the user computing device outside of the volatile secure workspace, the managed application image to the volatile secure workspace to create an injected volume within the volatile secure workspace; sharing, by the host agent, image details for the managed application image with a file system filter running in the volatile secure workspace; using, by the file system filter, the image details to cause the managed application to be loaded in the volatile secure workspace from the managed application image; receiving, by the file system filter, I/O requests associated with the managed application; using, by the file system filter, the image details to redirect the I/O requests associated with the managed application to the managed application image to thereby create or update one or more artifacts on the managed application image that is stored outside the volatile secure workspace; and persisting the managed application image with the one or more artifacts when the volatile secure workspace is stopped. 2. The method of claim 1 , further comprising: in response to the volatile secure workspace being subsequently deployed on the user computing device, mounting the managed application image with the one or more artifacts to the volatile secure workspace. 3. The method of claim 1 , wherein the managed application image is obtained in response to a user logging into the user computing device. 4. The method of claim 1 , wherein the managed application image is obtained in response to the volatile secure workspace being deployed. 5. The method of claim 1 , wherein the file system filter creates a merged view of the injected volume and a system volume of the volatile secure workspace. 6. The method of claim 1 , wherein redirected the I/O requests comprises reparsing the I/O requests. 7. The method of claim 1 , further comprising: passing, by the file system filter, I/O requests that are not associated with the managed application to a system volume. 8. The method of claim 1 , wherein the one or more artifacts include one or more files. 9. The method of claim 1 , wherein the one or more artifacts include one or more registry entries. 10. One of more computer storage media storing computer executable instructions which when executed implement a method for enabling persistence in a volatile secure workspace, the method comprising: obtaining, by a host agent executing on a user computing device, a managed application image that is associated with a volatile secure workspace, the managed application image including a managed application; in response to the volatile secure workspace being deployed on the user computing device, mounting, by the host agent which executes on the user computing device outside of the volatile secure workspace, the managed application image to the volatile secure workspace to create an injected volume within the volatile secure workspace; sharing, by the host agent, image details for the managed application image with a file system filter running in the volatile secure workspace; using, by the file system filter, the image details to cause the managed application to be loaded in the volatile secure workspace from the managed application image; receiving, by the file system filter, I/O requests associated with the managed application; using, by the file system filter, the image details to redirect the I/O requests associated with the managed application to the managed application image to thereby create or update one or more artifacts on the managed application image that is stored outside the volatile secure workspace; and persisting the managed application image with the one or more artifacts when the volatile secure workspace is stopped. 11. The computer storage media of claim 10 , wherein the managed application image is obtained in response to a user logging into the user computing device. 12. The computer storage media of claim 10 , wherein the image details define a path to an executable of the managed application. 13. The computer storage media of claim 10 , wherein persisting the managed application image with the one or more artifacts comprises sending the managed application image with the one or more artifacts to a management server for storage. 14. The computer storage media of claim 13 , wherein the method further comprises: subsequently obtaining the managed application image with the one or more artifacts from the management server; and in response to the volatile secure workspace being subsequently deployed on the user computing device, mounting the managed application image with the one or more artifacts to the volatile secure workspace to create the injected volume within the volatile secure workspace. 15. A system comprising: a management server having a management service; and at least one user computing device that includes one or more processors and computer storage media storing computer executable instructions which when executed by the one or more processors implement a method for enabling persistence in a volatile secure workspace, the method comprising: obtaining, by a host agent executing on the user computing device and from the management server, a managed application image that is associated with a volatile secure workspace, the managed application image including a managed application; in response to the volatile secure workspace being deployed on the user computing device, mounting, by the host agent which executes on the user computing device outside of the volatile secure workspace, the managed application image to the volatile secure workspace to create an injected volume within the volatile secure workspace; sharing, by the host agent, image details for the managed application image with a file system filter running in the volatile secure workspace; using, by the file system filter, the image details to cause the managed application to be loaded in the volatile secure workspace from the managed application image; receiving, by the file system filter, I/O requests associated with the managed application; using, by the file system filter, the image details to redirect the I/O requests associated with the managed application to the managed application image to thereby create or update one or more artifacts on the managed application image that is stored outside the volatile secure workspace; and persisting, on the management server, the managed application image with the one or more artifacts when the volatile secure workspace is stopped. 16. The system of claim 15 , wherein the method further comprises: in response to the volatile secure workspace being subsequently deployed on the user computing device, mounting the managed application image with the one or more artifacts to the volatile secure workspace. 17. The system of claim 15 , wherein the file system filter creates a merged view of the injected volume and a system volume of the volatile secure workspace.
Assignees
Inventors
Classifications
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12248592B2 cover?
- Persistence can be enabled in a volatile secure workspace. A management service may be configured to provide a managed application image containing a managed application to a host agent on a user computing device. When a secure workspace is deployed on the user computing device, the host agent can attach the managed application image to the secure workspace to create an injected volume. The hos…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).