公开(公告)号：US10887180B2

公开(公告)日：2021-01-05

申请号：US16190524

申请日：2018-11-14

Applicant: VMware, Inc.

Inventor： Stephen Turner ,  Daniel E. Zeck ,  Simon Brooks

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F3/0484 ,  G06F3/0482

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

公开(公告)号：US20200092335A1

公开(公告)日：2020-03-19

申请号：US16134542

申请日：2018-09-18

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  G06F21/55 ,  G06F9/54

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US20230231724A1

公开(公告)日：2023-07-20

申请号：US17578198

申请日：2022-01-18

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Stephen Louis Turner ,  Daniel Ochoa

IPC: H04L9/32 ,  H04L9/08 ,  G06Q20/36

CPC classification number: H04L9/3247 ,  H04L9/3236 ,  H04L9/3263 ,  H04L9/0825 ,  G06Q20/3674 ,  H04L2209/38 ,  H04L2209/56

Abstract: Disclosed are various embodiments for replacing hard-coded certificate pinning with blockchain based certificate pinning. A signing device can obtain a public key from an endpoint device, produce a signature for the public key, and store the public key on a distributed data store, such as a blockchain. A client device can obtain and validate the public keys from the distributed data store and use the public keys to establish a secure connection between the client device and the endpoint device.

公开(公告)号：US11689373B2

公开(公告)日：2023-06-27

申请号：US16922551

申请日：2020-07-07

Applicant: VMware, Inc.

Inventor： Siavash James Joorabchian Hawkins ,  Phillip Riscombe-Burton ,  Simon Brooks

IPC: H04L9/32 ,  G06F9/451

CPC classification number: H04L9/3247 ,  G06F9/451

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

公开(公告)号：US20220070002A1

公开(公告)日：2022-03-03

申请号：US17004347

申请日：2020-08-27

Applicant: VMware, Inc.

Inventor： Stephen Louis Turner ,  Simon Brooks

IPC: H04L9/32 ,  H04L9/08

Abstract: Disclosed are various embodiments for implementing an multi-service simple certificate enrollment protocol (SCEP) based authentication system. First, a computing device can send a certificate signing request (CSR) for a token signing certificate to a simple certificate enrollment protocol (SCEP) server. Then the computing device can receive the token signing certificate from the SCEP server. Next, the computing device can generate a authentication token that authenticates a user of the computing device with an authentication service. Subsequently, the computing device can sign the authentication token with the token signing certificate to create a signed authentication token. Finally, the computing device can send the signed authentication token to the authentication service to authenticate the user of the computing device with the authentication service.

公开(公告)号：US20200153697A1

公开(公告)日：2020-05-14

申请号：US16190524

申请日：2018-11-14

Applicant: VMware, Inc.

Inventor： Stephen Turner ,  Daniel E. Zeck ,  Simon Brooks

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

公开(公告)号：US20200092374A1

公开(公告)日：2020-03-19

申请号：US16133159

申请日：2018-09-17

Applicant: VMware, Inc.

Inventor： Nikhil Mehta ,  Sanjay Satagopan ,  Ali Mohsin ,  Simon Brooks ,  Ryan Turner ,  Lucas Chen

IPC: H04L29/08 ,  H04L29/06 ,  G06F11/07 ,  H04L12/24 ,  G06F21/12

Abstract: Examples herein describe systems and methods for on-device, application-specific compliance enforcement. An example method can include receiving, at a user device, an application having a compliance engine. The user device can also store a compliance rule that applies to the received application. The compliance rule can specify a condition and a remedial action for the application. The user device can execute the application. The application can determine, using the compliance engine within the application, whether the condition is present. The determination can be made regardless of whether the device has internet or cellular connectivity. Based on determining that the condition is present, the application can perform the remedial action.

公开(公告)号：US20200007580A1

公开(公告)日：2020-01-02

申请号：US16019950

申请日：2018-06-27

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Stephen Turner ,  Simon Brooks

IPC: H04L29/06

Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The offline restriction policy comprises one or more rules that are associated with one or more actions. The system can cause the one or more actions to be performed during an offline period of time in an instance in which one of the rules is satisfied. The offline period of time representing time periods when the system does not have a network connection with a management system. The system can cause a first authentication action to be performed in an instance in which a first condition of the system satisfies a first rule. The system can also cause a second authentication action to be performed in an instance in which a second condition of the system satisfies a second rule.

公开(公告)号：US11750660B2

公开(公告)日：2023-09-05

申请号：US17470711

申请日：2021-09-09

Applicant: VMware, Inc.

Inventor： Simon Brooks ,  Daniel E. Zeck ,  Xinpi Du ,  Ali Mohsin ,  Kishore Sajja ,  Nikhil Mehta

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/54 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F9/542 ,  G06F21/552 ,  G06F21/554

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

公开(公告)号：US11736529B2

公开(公告)日：2023-08-22

申请号：US17331709

申请日：2021-05-27

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Stephen Turner ,  Simon Brooks

IPC: H04L9/40 ,  H04W12/63 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/629 ,  H04L63/0838 ,  H04L63/0861 ,  H04W12/63

Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time.