公开(公告)号：US11184346B2

公开(公告)日：2021-11-23

申请号：US16571466

申请日：2019-09-16

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  G06F3/06

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

公开(公告)号：US10469478B2

公开(公告)日：2019-11-05

申请号：US15442239

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L9/08 ,  H04L29/06 ,  G06F3/06

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

公开(公告)号：US11750660B2

公开(公告)日：2023-09-05

申请号：US17470711

申请日：2021-09-09

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/54 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F9/542 ,  G06F21/552 ,  G06F21/554

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US10447681B2

公开(公告)日：2019-10-15

申请号：US15442175

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  G06F3/06 ,  H04L9/08

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.

公开(公告)号：US20210409452A1

公开(公告)日：2021-12-30

申请号：US17470711

申请日：2021-09-09

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  G06F9/54 ,  G06F21/55

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US20200092335A1

公开(公告)日：2020-03-19

申请号：US16134542

申请日：2018-09-18

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  G06F21/55 ,  G06F9/54

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US20180157433A1

公开(公告)日：2018-06-07

申请号：US15442239

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: G06F3/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

公开(公告)号：US11128666B2

公开(公告)日：2021-09-21

申请号：US16134542

申请日：2018-09-18

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  G06F9/54 ,  G06F21/55

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US20200014681A1

公开(公告)日：2020-01-09

申请号：US16571466

申请日：2019-09-16

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  G06F3/06

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

公开(公告)号：US20180159843A1

公开(公告)日：2018-06-07

申请号：US15442175

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0815 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/067 ,  H04L9/0825 ,  H04L9/0894 ,  H04L63/0442

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.