公开(公告)号：US20220353327A1

公开(公告)日：2022-11-03

申请号：US17866053

申请日：2022-07-15

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Saransh Bhatnagar ,  Rahul Parwani ,  Brian Link ,  Mohan Guttikonda ,  Satish Venkatakrishnan

IPC: H04L67/1074 ,  H04L41/0604 ,  H04L67/306 ,  H04L67/01 ,  H04L67/104

Abstract: Disclosed are various embodiments for recognizing state changes in client devices and managing the state of client devices using device-driven management workflows. A computing device can receive a state of a client device. The computing device can then determine if the received state matches an expected, compliant state of the client device. When the computing device determines that the received state does not match the expected state, the computing device can identify a remedial workflow that would bring the client device into compliance. The computing device can send the remedial workflow and an instruction to run the remedial workflow to the client device.

公开(公告)号：US20240146534A1

公开(公告)日：2024-05-02

申请号：US17975309

申请日：2022-10-27

Applicant: VMware, Inc.

Inventor： Rahul Parwani ,  Evan H. Hurst ,  Maxim J. Blinder ,  Gazal Makkar ,  Rijul Nirwal

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3228 ,  H04L9/0863 ,  H04L9/0869

Abstract: Disclosed are various embodiments for conditional time-based one time password token issuance based on locally aggregated device risk. Embodiments of this application can evaluate the security of the client device using mobile threat defense signals or a device posture summary before generating a seed on the client device to ensure the security of all the connected systems as a whole. Additionally, embodiments of this application can evaluate the security of the client device to determine if changes have been made that require a remedial action to be taken. In some embodiments, the client device may be completely disconnected from the network and capable of generating time-based one time passwords, while remaining offline. However, offline attacks may still occur; in such a situation, the client device can determine the security of the device and perform the remedial actions independent of other devices, systems, computing environments, or networks. In at least another embodiment, when the client device is determined to not be secure, the client device can inform the authentication service over a connected network that security issues may exist in the client device and actions may need to be taken at the authentication service to ensure the client does not further compromise the account.

公开(公告)号：US20220231921A1

公开(公告)日：2022-07-21

申请号：US17153272

申请日：2021-01-20

Applicant: VMware, Inc.

Inventor： Brian Link ,  Rahul Parwani

IPC: H04L12/24 ,  H04L29/06

Abstract: Examples of device-driven management are described. A management console can include a set of workflow objects to use in a workflow creation user interface. Workflow objects can be positioned in the workflow creation user interface area based on user manipulation. A device state criteria overlay can be painted on a connector workflow object to indicates that a branch of executable instructions corresponding to the connector workflow object is performed where a client device corresponds to the specified device state criteria.

公开(公告)号：US20220029990A1

公开(公告)日：2022-01-27

申请号：US17495239

申请日：2021-10-06

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Rahul Parwani ,  Kiran Rohankar ,  Keith Robertson

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/54

Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.

公开(公告)号：US11855833B2

公开(公告)日：2023-12-26

申请号：US17225216

申请日：2021-04-08

Applicant: VMWARE, INC.

Inventor： Rahul Parwani ,  Brian Link ,  Satish Venkatakrishnan ,  Mohan Guttikonda ,  Amogh Datar

IPC: H04L41/0631 ,  H04L9/40 ,  H04L41/22 ,  H04L41/12

CPC classification number: H04L41/065 ,  H04L41/12 ,  H04L41/22 ,  H04L63/20

Abstract: Examples of device-driven management are described. A management service can transmit a device-driven management workflow to a number of client devices. The device-driven management workflow can include workflow objects that define a branching sequence of instructions. The client devices can provide a corresponding plurality of completion statuses for a step of the device-driven management workflow. The management service can identify a failure of the step according to a set of failure rules, and visually emphasize the failure within a representation of the device-driven management workflow.

公开(公告)号：US11184250B1

公开(公告)日：2021-11-23

申请号：US17153270

申请日：2021-01-20

Applicant: VMware, Inc.

Inventor： Brian Link ,  Rahul Parwani

IPC: H04L12/24 ,  H04L29/06 ,  G06F8/76

Abstract: Examples of device-driven management is described. A management service can generate a management console that includes a set of workflow objects to use in a workflow creation user interface. A management workflow can be retrieved from a network service and translated to be formatted into the workflow objects. A user can select the management workflow, and the management console can be updated to show graphical representations of the workflow objects. The management service can transmit a device-driven management workflow that includes a translated version of the management workflow.

公开(公告)号：US11438177B2

公开(公告)日：2022-09-06

申请号：US16804511

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Sagar Date ,  Rahul Parwani

IPC: H04L9/32 ,  H04L9/08

Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.

公开(公告)号：US20220231922A1

公开(公告)日：2022-07-21

申请号：US17509527

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Brian Link ,  Rahul Parwani

IPC: H04L12/24 ,  H04L29/06 ,  G06F8/76

Abstract: Examples of device-driven management are described. A management service can generate a management console that includes a set of workflow objects to use in a workflow creation user interface. A device-driven management workflow is defined through the workflow creation user interface. The management service identifies that device-driven management workflow lacks a condition specified in a comprehensiveness definition. A workflow object for the condition specified in a comprehensiveness definition is generated for display. A user interaction incorporates the workflow object into the device-driven management workflow so that device-driven management workflow considers the specified condition.

公开(公告)号：US11165774B2

公开(公告)日：2021-11-02

申请号：US16220657

申请日：2018-12-14

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Rahul Parwani ,  Kiran Rohankar ,  Keith Robertson

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/54

Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A first request for a certificate is received from a client device. Then a certificate request can be created. The certificate request may include a credential identifier for a certificate authority. The credential identifier may uniquely identify an authentication credential to use to request the certificate from certificate authority. The certificate request can then be added to a message queue. Later, a second request from another computing device is received and the message stored in the message queue is provided in response. A certificate is then received from the other computing device and is provided to the client device in response to the first request.

公开(公告)号：US20210273920A1

公开(公告)日：2021-09-02

申请号：US16804824

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Sagar Date ,  Rahul Parwani ,  Jinsong Liu ,  Senthil Parthasarathy ,  Shravan Shantharam

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04L12/66

Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.