US 7519814

Analysis of U.S. Patent 7,519,814: System for Containerization of Application Sets

Date of Analysis: April 26, 2026

This report provides a summary of U.S. Patent No. 7,519,814, including its key bibliographic details and a plain-language explanation of its independent claims. The patent has recently been the subject of legal proceedings.

Bibliographic Information:

• Title: System for containerization of application sets
• Assignee: The current assignee is listed as Virtamove Corp. The original assignee was Trigence Corp.
• Inventors: Donn Rochette, Paul O'Leary, Dean Huffman
• Filing Date: September 13, 2004
• Issue Date: April 14, 2009
• Abstract: "A system is disclosed having servers with operating systems that may differ, operating in disparate computing environments, wherein each server includes a processor and an operating system including a kernel a set of associated local system files compatible with the processor. This invention discloses a method of providing at least some of the servers in the system with secure, executable, applications related to a service, wherein the applications may be executed in a secure environment, wherein the applications each include an object executable by at least some of the different operating systems for performing a task related to the service. The method of this invention requires storing in memory accessible to at least some of the servers a plurality of secure containers of application software. Each container includes one or more of the executable applications and a set of associated system files required to execute the one or more applications, for use with a local kernel residing permanently on one of the servers. The set of associated system files are compatible with a local kernel of at least some of the plurality of different operating systems. The containers of application software exclude a kernel; and some or all of the associated system files within a container stored in memory are utilized in place of the associated local system files resident on the server."

Legal Status and Recent Proceedings:

The patent is currently active. In January 2026, the U.S. Court of Appeals for the Federal Circuit (CAFC) denied a petition from Google LLC that challenged the validity of this patent. This ruling upheld a prior decision by the U.S. Patent and Trademark Office (USPTO), which had denied Google's request for an inter partes review (IPR), citing the "strong settled expectations" for a patent that has been in force for over 14 years. The case is identified in CAFC dockets as 26-111.

Plain-Language Overview of Independent Claims

U.S. Patent 7,519,814 has two independent claims. Below is a simplified explanation of the core concepts they protect.

Independent Claim 1:

This claim describes a method for running software applications securely on multiple servers, even if those servers have different operating systems. The core idea is to package an application, along with all the specific system files (like libraries and configuration files) it needs to run, into a "secure container."

Key steps of this method are:

• Storing multiple "secure containers" in a memory location accessible by the servers.
• Each container holds one or more applications and the necessary system files, but importantly, it does not include its own operating system kernel.
• When an application in a container runs on a server, it uses the server's own resident kernel to execute.
• The system files inside the container are used instead of the server's own local system files. This prevents conflicts, allowing different applications in different containers to use different versions of system files on the same machine without interfering with each other or the underlying operating system.

In essence, claim 1 protects a method of creating portable, isolated application environments that share the host server's core operating system kernel but bring their own specific dependencies with them.

Independent Claim 2:

This claim describes the system itself, rather than the method. It outlines a computer system designed to perform tasks using these secure containers.

The key components of this system are:

• A collection of "secure stored containers" that are accessible to one or more servers.
• Each container is isolated and self-contained ("mutually exclusive"), meaning its internal files cannot be shared with other containers.
• Each container is given its own unique identity on the network, such as its own IP address, host name, or MAC address.
• Like the method in claim 1, each container includes applications and their necessary system files but lacks its own kernel, instead relying on the server's underlying operating system kernel.
• The system includes a "run time module" that monitors "system calls" (requests from an application to the operating system's kernel). This module controls the applications, for example, by providing the container's unique identity information to the application instead of the server's actual identity, a process the patent refers to as "spoofing."

In short, claim 2 protects the architecture of a system that manages and runs these kernel-less, isolated application containers, giving each its own unique network identity and controlling its interaction with the host operating system.