公开(公告)号：US11588806B2

公开(公告)日：2023-02-21

申请号：US17106878

申请日：2020-11-30

Applicant: VMware, Inc.

Inventor： David Shaw ,  Daniel E. Zeck ,  Robert Worsnop

IPC: H04L9/40 ,  H04L9/32 ,  H04L9/08 ,  H04L43/10 ,  H04L67/568

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

公开(公告)号：US20220174057A1

公开(公告)日：2022-06-02

申请号：US17673087

申请日：2022-02-16

Applicant: VMware, Inc.

Inventor： Daniel E. Zeck ,  David Shaw ,  Robert Worsnop ,  John Ryan Bard

IPC: H04L9/40

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a command is transmitted causing a client device to present a workflow action to perform. A user command to perform the workflow action is identified using the client device. Authentication data including user credentials and a navigation action for a visual user interface is identified. The user credentials are transmitted to the network service and an emulation of the navigation action is performed. A command that performs the workflow action is transmitted to the network service.

公开(公告)号：US11265309B2

公开(公告)日：2022-03-01

申请号：US16369498

申请日：2019-03-29

Applicant: VMware, Inc.

Inventor： Daniel E. Zeck ,  David Shaw ,  Robert Worsnop ,  John Ryan Bard

IPC: H04L29/06 ,  H04L67/51 ,  G06F3/04817 ,  G06F3/0482

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, an event is detected. The event is associated with an enterprise. A workflow action to perform is identified based on event. A user account is identified using at least one of the workflow action and the event. A command to present the workflow action is transmitted to a client device. A user indication to perform the workflow action is identified. Authentication data for the network service is identified based on a single sign-on (SSO) token associated with the user account. The workflow action is automatically performed using the network service. An authentication with the network service is completed based on the authentication data.

公开(公告)号：US20210084026A1

公开(公告)日：2021-03-18

申请号：US17106878

申请日：2020-11-30

Applicant: VMware, Inc.

Inventor： David Shaw ,  Daniel E. Zeck ,  Robert Worsnop

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L29/08 ,  H04L12/26

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

公开(公告)号：US11750660B2

公开(公告)日：2023-09-05

申请号：US17470711

申请日：2021-09-09

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/54 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F9/542 ,  G06F21/552 ,  G06F21/554

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US11509537B2

公开(公告)日：2022-11-22

申请号：US17140593

申请日：2021-01-04

Applicant: VMware, Inc.

Inventor： Stephen Turner ,  Daniel E. Zeck ,  Simon Brooks

IPC: H04L41/12 ,  H04L9/40 ,  H04L67/12 ,  G06F3/0484 ,  G06F3/0482

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

公开(公告)号：US11184345B2

公开(公告)日：2021-11-23

申请号：US16369492

申请日：2019-03-29

Applicant: VMware, Inc.

Inventor： Daniel E. Zeck ,  David Shaw ,  Robert Worsnop ,  John Ryan Bard

IPC: H04L29/06 ,  H04L29/08 ,  G06F3/0482 ,  G06F3/0481

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a service request is identified. The service request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. A hosting location of a connector for the network service is identified based on the authentication data. An authentication header is appended to the service request. The service request with the authentication header is transmitted to the connector.

公开(公告)号：US10855670B2

公开(公告)日：2020-12-01

申请号：US15970026

申请日：2018-05-03

Applicant: VMware, Inc.

Inventor： David Shaw ,  Daniel E. Zeck ,  Robert Worsnop

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  H04L12/26

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

公开(公告)号：US11588688B2

公开(公告)日：2023-02-21

申请号：US17509474

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Karen J. Brems ,  Pedha Venka Reddy Gade ,  Jong Ho Won ,  Qiuxi Zhu ,  Nandakishore Mallapragada ,  Daniel E. Zeck

IPC: G06F15/177 ,  H04L41/0813 ,  H04L67/02

Abstract: Disclosed are various examples of device and management service integration using a device connector service that acts as a proxy. The device connector service can receive a device communication that is relayed by a device connector client executed on an edge device. The device communication includes device connector authentication data, and a device identifier for a device. The device communication is modified into a modified device communication that includes management service authentication data, and a management unique device identifier (UDID) that is different from the device identifier. The device connector service transmits the modified device communication to a management service.

公开(公告)号：US11184231B1

公开(公告)日：2021-11-23

申请号：US17244093

申请日：2021-04-29

Applicant: VMware, Inc.

Inventor： Karen J. Brems ,  Pedha Venka Reddy Gade ,  Jong Ho Won ,  Qiuxi Zhu ,  Nandakishore Mallapragada ,  Daniel E. Zeck

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/08

Abstract: Disclosed are various examples of device and management service integration using a device connector service that acts as a proxy. The device connector service can receive a device identifier for a device, and an enterprise identifier, and generate a management unique device identifier (UDID) using these values. The management UDID can be used in an enrollment request that enrolls the device with the management service. Device data including a device configuration can be received from the management service, and the device configuration can be relayed to a device connector client to apply the device configuration to the device.