公开(公告)号：US10445106B2

公开(公告)日：2019-10-15

申请号：US15466830

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F15/177 ,  G06F9/4401 ,  G06F9/451 ,  H04L29/08 ,  G06F11/14 ,  G06F8/61

Abstract: Systems and methods are included for causing a computing device to install a management agent prior to an operating system completing its first boot. A bootstrap loader is flashed into firmware, such as the BIOS, of a computing device. The bootstrap loader installs an enroller that identifies a management agent. This can include downloading the management agent from a management server. The enroller can find or contact the management server by contacting an address provided in a WINDOWS Platform Binary Table (WPBT). The management agent is installed prior to the user logging into the operating system to prevent circumvention of management policies.

公开(公告)号：US20180276386A1

公开(公告)日：2018-09-27

申请号：US15466837

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F21/57 ,  H04L29/06 ,  G06F9/44

CPC classification number: G06F21/575 ,  G06F8/61 ,  G06F9/4416 ,  G06F9/452 ,  H04L63/0815 ,  H04L63/102

Abstract: Systems and methods are included for causing a computing device to implement a management policy prior to a user logging into an operating system on initial boot. As part of initial boot, the computing device contacts a management server for enrollment. Installation of the operating system is paused while the management server synchronizes the software and policies on the computing device. To do this prior to login, the management server can create a temporary user account to associate with the computing device and apply a default management policy. After the installation is complete, an installed management agent can gather user inputs made during login. The management agent can send these inputs to the management server for use in creating an actual user account to associate with the computing device.

公开(公告)号：US20180276003A1

公开(公告)日：2018-09-27

申请号：US15466844

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/44 ,  G06F9/445 ,  G06F11/14

Abstract: Systems and methods are included for causing a computing device to assemble and boot from a managed operating system. When the computing device is powered on, it can execute firmware that specifies a server to contact. The server can identify a base operating system (OS) image to boot, and the location of a pre-enrollment installer for installing the base OS image. The pre-enrollment installer can download the base OS image in one or more pieces from multiple locations. This can include base OS images related to enterprise management and company-specific applications and drivers. Once the pre-enrollment OS has combined the base OS images, the computing device reboots using the combined image.

公开(公告)号：US20180276001A1

公开(公告)日：2018-09-27

申请号：US15466835

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/44 ,  G06F9/445

CPC classification number: G06F9/4416 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/4411 ,  G06F9/452 ,  H04L41/046 ,  H04L67/34

Abstract: Systems and methods are included for causing a computing device to request ownership information and configure itself based on which tenant is associated with the computing device. During launch of an operating system, such as WINDOWS, the computing device can contact a server that tracks ownership information. The server can be identified in firmware or an operating system image of the computing device. The server can determine which operating system image and applications to install at the computing device. The server can provide addresses that the computing device can contact to retrieve portions of the operating system or applications.

公开(公告)号：US20180276000A1

公开(公告)日：2018-09-27

申请号：US15466830

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/44 ,  H04L29/08 ,  H04L12/24

CPC classification number: G06F9/4416 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/452 ,  G06F11/14 ,  H04L67/34

Abstract: Systems and methods are included for causing a computing device to install a management agent prior to an operating system completing its first boot. A bootstrap loader is flashed into firmware, such as the BIOS, of a computing device. The bootstrap loader installs an enroller that identifies a management agent. This can include downloading the management agent from a management server. The enroller can find or contact the management server by contacting an address provided in a WINDOWS Platform Binary Table (WPBT). The management agent is installed prior to the user logging into the operating system to prevent circumvention of management policies.

公开(公告)号：US09577985B2

公开(公告)日：2017-02-21

申请号：US14929027

申请日：2015-10-30

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04M3/00 ,  H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04B1/38 ,  H04L29/06 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484 ,  H04M1/725 ,  H04W76/02 ,  H04L12/24 ,  H04W68/12

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract translation: 虚拟商业移动设备可以通过将用于将业务移动设备配置的移动应用绑定到个人移动设备的主机操作系统的特权组件来配置在个人移动设备上，其中绑定启用软件虚拟化层和 移动应用的管理服务组件以特权模式执行。 移动应用然后能够从移动管理服务器下载业务移动设备的虚拟电话图像和与业务移动设备的使用相关的安全相关策略设置，其中软件虚拟化层能够启动用于 基于虚拟手机图像的商业移动设备。 一旦虚拟电话图像被下载，管理服务组件发起定期尝试建立与移动管理服务器的连接以符合下载的安全相关策略设置。

公开(公告)号：US09253309B2

公开(公告)日：2016-02-02

申请号：US14513783

申请日：2014-10-14

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: G06F21/00 ,  H04M1/725 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  H04L29/06 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

Abstract translation: 本发明的一个实施例提供了一种用于提供对授权应用的虚拟专用网（VPN）连接的独占访问的系统。 在操作期间，系统创建一个不同于主机系统的默认网络命名空间的唯一网络命名空间。 然后，系统将与VPN连接相关联的伪网络接口放置到唯一的网络命名空间中。 此外，系统将至少一个用于授权应用程序的套接字放置到唯一网络命名空间中。 该系统还防止主机上的未经授权的应用程序访问唯一的网络命名空间，从而有助于授权应用程序对VPN连接的独占访问。

公开(公告)号：US20140059525A1

公开(公告)日：2014-02-27

申请号：US13756347

申请日：2013-01-31

Applicant: VMWARE, INC.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/445

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides a system for facilitating replacement of a system call in an application with a customized function call. During operation, the system re-links the application's executable file with additional code or dynamically injects the additional code to the application's executable file during run time. The additional code can change a pointer in a table which indicates addresses of imported functions so that the pointer indicates an address of the customized function call.

Abstract translation: 本发明的一个实施例提供了一种用于在具有定制的功能呼叫的应用中便于更换系统呼叫的系统。 在运行期间，系统将应用程序的可执行文件与其他代码重新链接，或者在运行时间内将附加代码动态地注入到应用程序的可执行文件中。 附加代码可以更改表中的指针，该指针指示导入的函数的地址，以便指针指示自定义函数调用的地址。

公开(公告)号：US11792203B2

公开(公告)日：2023-10-17

申请号：US17509405

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Saravanan Pitchaimani ,  Vijay Pitchumani Kodaganallur ,  Craig Newell

IPC: H04L9/40 ,  H04L67/10 ,  H04L67/125 ,  H04L67/146 ,  H04L67/53 ,  H04W12/084 ,  H04W12/37 ,  H04L12/66 ,  H04L51/42

CPC classification number: H04L63/102 ,  H04L63/083 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/18 ,  H04L67/10 ,  H04L67/125 ,  H04L67/146 ,  H04L67/53 ,  H04W12/084 ,  H04W12/37 ,  H04L12/66 ,  H04L51/42

Abstract: Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.

公开(公告)号：US11184360B2

公开(公告)日：2021-11-23

申请号：US16591242

申请日：2019-10-02

Applicant: VMware, Inc.

Inventor： Saravanan Pitchaimani ,  Vijay Pitchumani Kodaganallur ,  Craig Newell

IPC: H04L9/08 ,  H04L9/30 ,  G06Q20/38 ,  H04L9/32 ,  G06F16/182 ,  H04L9/06 ,  H04L29/08 ,  H04L29/06 ,  H04W12/37 ,  H04W12/084 ,  H04L12/58 ,  H04L12/66

Abstract: Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.