公开(公告)号：US10725756B2

公开(公告)日：2020-07-28

申请号：US16031205

申请日：2018-07-10

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F8/54 ,  G06F21/54 ,  G06F9/54 ,  G06F21/60 ,  H04W12/02 ,  H04L29/06 ,  H04W12/00 ,  G06F9/445 ,  G06F21/31 ,  G06F21/53 ,  G06F8/61 ,  H04L29/08

Abstract: The present invention involves systems and methods for replacement of function calls. In one embodiment, a function call is intercepted and modified to enforce a policy on a client device. The function call is intercepted by scanning code loaded for a launch of an application. The function call includes a first pointer value. The function call is modified by changing a first pointer value to a second pointer value. The second pointer value points to a customized function.

公开(公告)号：US20180276002A1

公开(公告)日：2018-09-27

申请号：US15466841

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/44

Abstract: Systems and methods are included for causing a computing device to assemble and boot from a managed operating system. When the computing device is powered on, it can execute firmware that specifies a server to contact. The server can identify an operating system (OS) to boot, and the location of a pre-enrollment installer for assembling the OS image. The pre-enrollment installer can download base OS images in one or more pieces from multiple locations determined based on ownership information of the computing device. The multiple OS images can relate to enterprise management and company-specific applications and drivers. Once the pre-enrollment installer has combined the base OS images, the computing device reboots using the combined OS image.

公开(公告)号：US20160057559A1

公开(公告)日：2016-02-25

申请号：US14929027

申请日：2015-10-30

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04W4/00 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract translation: 虚拟商业移动设备可以通过将用于将业务移动设备配置的移动应用绑定到个人移动设备的主机操作系统的特权组件来配置在个人移动设备上，其中绑定启用软件虚拟化层和 移动应用的管理服务组件以特权模式执行。 移动应用然后能够从移动管理服务器下载业务移动设备的虚拟电话图像和与业务移动设备的使用相关的安全相关策略设置，其中软件虚拟化层能够启动用于 基于虚拟手机图像的商业移动设备。 一旦虚拟电话图像被下载，管理服务组件发起定期尝试建立与移动管理服务器的连接以符合下载的安全相关策略设置。

公开(公告)号：US09247042B2

公开(公告)日：2016-01-26

申请号：US13678976

申请日：2012-11-16

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Robert Meyer ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Fanny Strudel

IPC: H04M1/725 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  H04L29/06 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract translation: 移动设备上的商业环境可以由企业服务器通过接收从移动设备发送的标识信息来控制，其中识别信息将该移动设备的用户标识给企业服务器。 虚拟电话模板被发送到移动设备，其中虚拟电话模板（i）对应于识别信息，并且（ii）被配置为将移动设备上的业务环境提供为在安装在虚拟机上的管理程序上运行的虚拟机 移动设备的主机操作系统的顶部。 然后，企业服务器接收来自移动设备的周期性传输，以指示移动设备保持与企业服务器的周期性通信。

公开(公告)号：US09111087B2

公开(公告)日：2015-08-18

申请号：US13756347

申请日：2013-01-31

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/44 ,  G06F21/54 ,  G06F9/445 ,  G06F21/31 ,  G06F21/60 ,  G06F21/53 ,  H04W12/02 ,  H04L29/06 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides a system for facilitating replacement of a system call in an application with a customized function call. During operation, the system re-links the application's executable file with additional code or dynamically injects the additional code to the application's executable file during run time. The additional code can change a pointer in a table which indicates addresses of imported functions so that the pointer indicates an address of the customized function call.

Abstract translation: 本发明的一个实施例提供了一种用于在具有定制的功能呼叫的应用中便于更换系统呼叫的系统。 在运行期间，系统将应用程序的可执行文件与其他代码重新链接，或者在运行时间内将附加代码动态地注入到应用程序的可执行文件中。 附加代码可以更改表中的指针，该指针指示导入的函数的地址，以便指针指示自定义函数调用的地址。

公开(公告)号：US08954050B2

公开(公告)日：2015-02-10

申请号：US13678996

申请日：2012-11-16

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  David Furodet ,  Robert Meyer ,  Craig Newell ,  Claire Reynaud ,  Fanny Strudel ,  Paul Wisner ,  Emil Sit

IPC: H04M3/00 ,  H04L29/06 ,  B32B37/16 ,  C09J7/04 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract translation: 用于在移动设备上提供业务环境的图形用户界面呈现显示虚拟电话模板菜单项和策略设置菜单项的导航面板。 在选择虚拟电话模板菜单项后，呈现模板用户界面，使得管理员可以自定义虚拟电话图像模板，供用户被配置为运行虚拟电话图像模板的移动设备作为移动设备上的虚拟机 设备为了提供商业环境。 在选择策略设置菜单项后，呈现使得管理员能够设置安全策略的策略用户界面，其中每个安全策略指定运行与虚拟电话之一对应的虚拟机的移动设备的时间间隔 图像模板应与企业服务器通信以符合安全策略。

公开(公告)号：US08893261B2

公开(公告)日：2014-11-18

申请号：US13629442

申请日：2012-09-27

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: H04L29/06 ,  B32B37/16 ,  G06F9/445 ,  H04W12/08 ,  C09J7/04 ,  H04W12/06 ,  G06F9/455 ,  H04W4/00

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

Abstract translation: 本发明的一个实施例提供了一种用于提供对授权应用的虚拟专用网（VPN）连接的独占访问的系统。 在操作期间，系统创建一个不同于主机系统的默认网络命名空间的唯一网络命名空间。 然后，系统将与VPN连接相关联的伪网络接口放置到唯一的网络命名空间中。 此外，系统将至少一个用于授权应用程序的套接字放置到唯一网络命名空间中。 该系统还防止主机上的未经授权的应用程序访问唯一的网络命名空间，从而有助于授权应用程序对VPN连接的独占访问。

公开(公告)号：US20130133061A1

公开(公告)日：2013-05-23

申请号：US13629442

申请日：2012-09-27

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: H04L29/06

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provide a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

Abstract translation: 本发明的一个实施例提供了一种用于提供对授权应用的虚拟专用网（VPN）连接的独占访问的系统。 在操作期间，系统创建一个不同于主机系统的默认网络命名空间的唯一网络命名空间。 然后，系统将与VPN连接相关联的伪网络接口放置到唯一的网络命名空间中。 此外，系统将至少一个用于授权应用程序的套接字放置到唯一网络命名空间中。 该系统还防止主机上的未经授权的应用程序访问唯一的网络命名空间，从而有助于授权应用程序对VPN连接的独占访问。

公开(公告)号：US10740109B2

公开(公告)日：2020-08-11

申请号：US15466841

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/44 ,  G06F9/4401 ,  G06F8/61

Abstract: Systems and methods are included for causing a computing device to assemble and boot from a managed operating system. When the computing device is powered on, it can execute firmware that specifies a server to contact. The server can identify an operating system (OS) to boot, and the location of a pre-enrollment installer for assembling the OS image. The pre-enrollment installer can download base OS images in one or more pieces from multiple locations determined based on ownership information of the computing device. The multiple OS images can relate to enterprise management and company-specific applications and drivers. Once the pre-enrollment installer has combined the base OS images, the computing device reboots using the combined OS image.

公开(公告)号：US20180332050A1

公开(公告)日：2018-11-15

申请号：US16044872

申请日：2018-07-25

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04L29/06 ,  H04W8/22 ,  H04L29/08 ,  G06F9/455 ,  G06F21/62

Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.