-
公开(公告)号:US20180329698A1
公开(公告)日:2018-11-15
申请号:US16031205
申请日:2018-07-10
Applicant: VMware, Inc.
Inventor: Manish Jawa , Haim Tebeka , Craig Newell
IPC: G06F8/54 , G06F9/54 , G06F21/54 , G06F21/60 , G06F21/31 , G06F9/445 , H04L29/08 , H04L29/06 , G06F8/61 , H04W12/02 , H04W12/00 , G06F21/53
CPC classification number: G06F8/54 , G06F8/61 , G06F9/44521 , G06F9/54 , G06F21/31 , G06F21/53 , G06F21/54 , G06F21/602 , G06F21/604 , G06F2221/2107 , G06F2221/2143 , G06F2221/2149 , H04L63/0272 , H04L63/10 , H04L63/20 , H04L67/146 , H04W12/00 , H04W12/0027 , H04W12/02
Abstract: The present invention involves systems and methods for replacement of function calls. In one embodiment, a function call is intercepted and modified to enforce a policy on a client device. The function call is intercepted by scanning code loaded for a launch of an application. The function call includes a first pointer value. The function call is modified by changing a first pointer value to a second pointer value. The second pointer value points to a customized function.
-
公开(公告)号:US10044734B2
公开(公告)日:2018-08-07
申请号:US15401225
申请日:2017-01-09
Applicant: VMware, Inc.
Inventor: Stephen Deasy , Craig Newell , Emil Sit , Paul Wisner , David Furodet , Viktor Gyuris , Robert Meyer , Fanny Strudel
Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.
-
公开(公告)号:US10007782B2
公开(公告)日:2018-06-26
申请号:US15590582
申请日:2017-05-09
Applicant: VMware, Inc.
Inventor: Manish Jawa , Haim Tebeka , Craig Newell
IPC: G06F9/44 , G06F21/53 , G06F21/60 , H04W12/02 , H04L29/06 , H04W12/00 , G06F8/54 , G06F9/54 , G06F8/61 , H04L29/08 , G06F21/54 , G06F9/445 , G06F21/31
CPC classification number: G06F8/54 , G06F8/61 , G06F9/44521 , G06F9/54 , G06F21/31 , G06F21/53 , G06F21/54 , G06F21/602 , G06F21/604 , G06F2221/2107 , G06F2221/2143 , G06F2221/2149 , H04L63/0272 , H04L63/10 , H04L63/20 , H04L67/146 , H04W12/00 , H04W12/0027 , H04W12/02
Abstract: One embodiment of the present invention provides system for facilitating replacement of a system function in an application with a customized function. During operation, the system shifts an existing load command in a file of an application to accommodate an additional load command. The system also adds the additional load command to the file. The additional load command identifies additional instructions that change a pointer of the application from a value that points to a system function to another value that points to a customized function.
-
公开(公告)号:US09985929B2
公开(公告)日:2018-05-29
申请号:US14952255
申请日:2015-11-25
Applicant: VMware, Inc.
Inventor: Stephen Deasy , Robert Meyer , Craig Newell , Emil Sit , Paul Wisner , David Furodet , Viktor Gyuris , Fanny Strudel
IPC: H04M11/04 , H04L29/06 , C09J7/04 , B32B37/16 , H04W12/06 , H04W12/08 , H04W4/00 , G06F9/445 , G06F9/455 , G06F3/0482 , G06F3/0484 , H04M1/725 , H04W76/02 , H04L12/24 , H04W68/12
CPC classification number: H04L63/108 , B32B5/024 , B32B27/12 , B32B27/38 , B32B37/025 , B32B37/12 , B32B37/16 , B32B2037/1253 , C08J5/128 , C08J5/24 , C08J2363/04 , C08J2367/00 , C09J7/21 , C09J7/30 , C09J163/04 , C09J2463/00 , C09J2467/006 , G06F3/0482 , G06F3/04842 , G06F9/445 , G06F9/455 , G06F9/45529 , G06F9/45558 , G06F21/6245 , G06F21/629 , G06F2009/45587 , G06F2009/45595 , H04L41/0853 , H04L63/0272 , H04L63/102 , H04L63/105 , H04L63/20 , H04L67/34 , H04M1/72522 , H04M1/72583 , H04W4/50 , H04W4/60 , H04W8/22 , H04W12/06 , H04W12/08 , H04W68/12 , H04W76/10 , Y10T428/14
Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.
-
Patent Agency Ranking
公开(公告)号:US20170374081A9
公开(公告)日:2017-12-28
申请号:US15401225
申请日:2017-01-09
Applicant: VMware, Inc.
Inventor: Stephen Deasy , Craig Newell , Emil Sit , Paul Wisner , David Furodet , Viktor Gyuris , Robert Meyer , Fanny Strudel
CPC classification number: H04L63/108 , B32B5/024 , B32B27/12 , B32B27/38 , B32B37/025 , B32B37/12 , B32B37/16 , B32B2037/1253 , C08J5/128 , C08J5/24 , C08J2363/04 , C08J2367/00 , C09J7/21 , C09J7/30 , C09J163/04 , C09J2463/00 , C09J2467/006 , G06F3/0482 , G06F3/04842 , G06F9/445 , G06F9/455 , G06F9/45529 , G06F9/45558 , G06F21/6245 , G06F21/629 , G06F2009/45587 , G06F2009/45595 , H04L41/0853 , H04L63/0272 , H04L63/102 , H04L63/105 , H04L63/20 , H04L67/34 , H04M1/72522 , H04M1/72583 , H04W4/50 , H04W4/60 , H04W8/22 , H04W12/06 , H04W12/08 , H04W68/12 , H04W76/10 , Y10T428/14
Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.
-
公开(公告)号:US09524154B2
公开(公告)日:2016-12-20
申请号:US13775047
申请日:2013-02-22
Applicant: VMware, Inc.
Inventor: Manish Jawa , Haim Tebeka , Craig Newell
IPC: G06F9/44 , G06F9/46 , G06F13/00 , G06F9/445 , G06F21/54 , G06F9/54 , G06F21/31 , G06F21/60 , G06F21/53 , H04W12/02 , H04L29/08 , H04L29/06 , H04W12/00
CPC classification number: G06F8/54 , G06F8/61 , G06F9/44521 , G06F9/54 , G06F21/31 , G06F21/53 , G06F21/54 , G06F21/602 , G06F21/604 , G06F2221/2107 , G06F2221/2143 , G06F2221/2149 , H04L63/0272 , H04L63/10 , H04L63/20 , H04L67/146 , H04W12/00 , H04W12/02
Abstract: One embodiment of the system disclosed herein facilitates identifying a system call in an application and replacing the identified system call with a customized function call. During operation, the system executes an executable file of the application, wherein the executable file has been modified to execute a hooking and injection manager at run time. Prior to executing the system call, the system executes the hooking and injection manager. While executing the hooking and injection manager, the system determines, from a symbol table, a symbol table index value corresponding to a symbol associated with the system call. The system further determines an import table entry storing a pointer to the system call based on the symbol table index value, and changes the pointer in the import table entry so that the pointer indicates an address of the customized function call.
Abstract translation: 本文公开的系统的一个实施例有助于在应用程序中识别系统调用,并用定制的功能调用替换所识别的系统调用。 在操作期间,系统执行应用程序的可执行文件,其中可执行文件已被修改以在运行时执行挂钩和注入管理器。 在执行系统调用之前,系统执行挂钩和注入管理器。 在执行挂钩和注入管理器时,系统从符号表确定与系统调用相关联的符号对应的符号表索引值。 系统还基于符号表索引值确定存储指向系统调用的指针的导入表条目,并且改变导入表条目中的指针,使得指针指示定制的函数调用的地址。
-
公开(公告)号:US20160127321A1
公开(公告)日:2016-05-05
申请号:US14994383
申请日:2016-01-13
Applicant: VMware, Inc.
Inventor: Alexander Fainkichen , Craig Newell
CPC classification number: H04L63/108 , B32B5/024 , B32B27/12 , B32B27/38 , B32B37/025 , B32B37/12 , B32B37/16 , B32B2037/1253 , C08J5/128 , C08J5/24 , C08J2363/04 , C08J2367/00 , C09J7/21 , C09J7/30 , C09J163/04 , C09J2463/00 , C09J2467/006 , G06F3/0482 , G06F3/04842 , G06F9/445 , G06F9/455 , G06F9/45529 , G06F9/45558 , G06F21/6245 , G06F21/629 , G06F2009/45587 , G06F2009/45595 , H04L41/0853 , H04L63/0272 , H04L63/102 , H04L63/105 , H04L63/20 , H04L67/34 , H04M1/72522 , H04M1/72583 , H04W4/50 , H04W4/60 , H04W8/22 , H04W12/06 , H04W12/08 , H04W68/12 , H04W76/10 , Y10T428/14
Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.
-
公开(公告)号:US09219813B2
公开(公告)日:2015-12-22
申请号:US13678964
申请日:2012-11-16
Applicant: VMware, Inc.
Inventor: Stephen Deasy , Craig Newell , Emil Sit , Paul Wisner , David Furodet , Viktor Gyuris , Robert Meyer , Fanny Strudel
IPC: H04M1/66 , H04M1/68 , H04M3/00 , H04M3/16 , H04B1/38 , H04M1/00 , H04M1/725 , C09J7/04 , B32B37/16 , H04W12/06 , H04W12/08 , H04W4/00 , H04L29/06 , G06F9/445 , G06F9/455 , G06F3/0482 , G06F3/0484
CPC classification number: H04L63/108 , B32B5/024 , B32B27/12 , B32B27/38 , B32B37/025 , B32B37/12 , B32B37/16 , B32B2037/1253 , C08J5/128 , C08J5/24 , C08J2363/04 , C08J2367/00 , C09J7/21 , C09J7/30 , C09J163/04 , C09J2463/00 , C09J2467/006 , G06F3/0482 , G06F3/04842 , G06F9/445 , G06F9/455 , G06F9/45529 , G06F9/45558 , G06F21/6245 , G06F21/629 , G06F2009/45587 , G06F2009/45595 , H04L41/0853 , H04L63/0272 , H04L63/102 , H04L63/105 , H04L63/20 , H04L67/34 , H04M1/72522 , H04M1/72583 , H04W4/50 , H04W4/60 , H04W8/22 , H04W12/06 , H04W12/08 , H04W68/12 , H04W76/10 , Y10T428/14
Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a hypervisor component and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the hypervisor component is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.
Abstract translation: 虚拟商业移动设备可以通过将移动应用程序绑定到个人移动设备的主机操作系统的特权组件来将用于配置业务移动设备的移动应用程序配置在个人移动设备上,其中绑定启用管理程序组件和管理 移动应用的服务组件以特权模式执行。 移动应用然后能够下载用于商业移动设备的虚拟电话图像和与移动管理服务器的业务移动设备的使用有关的与安全相关的策略设置,其中,管理程序组件能够启动用于 基于虚拟手机图像的商业移动设备。 一旦虚拟电话图像被下载,管理服务组件发起定期尝试建立与移动管理服务器的连接以符合下载的安全相关策略设置。
-
公开(公告)号:US20150033324A1
公开(公告)日:2015-01-29
申请号:US14513783
申请日:2014-10-14
Applicant: VMware, Inc.
Inventor: Alexander Fainkichen , Craig Newell
CPC classification number: H04L63/108 , B32B5/024 , B32B27/12 , B32B27/38 , B32B37/025 , B32B37/12 , B32B37/16 , B32B2037/1253 , C08J5/128 , C08J5/24 , C08J2363/04 , C08J2367/00 , C09J7/21 , C09J7/30 , C09J163/04 , C09J2463/00 , C09J2467/006 , G06F3/0482 , G06F3/04842 , G06F9/445 , G06F9/455 , G06F9/45529 , G06F9/45558 , G06F21/6245 , G06F21/629 , G06F2009/45587 , G06F2009/45595 , H04L41/0853 , H04L63/0272 , H04L63/102 , H04L63/105 , H04L63/20 , H04L67/34 , H04M1/72522 , H04M1/72583 , H04W4/50 , H04W4/60 , H04W8/22 , H04W12/06 , H04W12/08 , H04W68/12 , H04W76/10 , Y10T428/14
Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.
Abstract translation: 本发明的一个实施例提供了一种用于提供对授权应用的虚拟专用网(VPN)连接的独占访问的系统。 在操作期间,系统创建一个不同于主机系统的默认网络命名空间的唯一网络命名空间。 然后,系统将与VPN连接相关联的伪网络接口放置到唯一的网络命名空间中。 此外,系统将至少一个用于授权应用程序的套接字放置到唯一网络命名空间中。 该系统还防止主机上的未经授权的应用程序访问唯一的网络命名空间,从而有助于授权应用程序对VPN连接的独占访问。
-
-
-
-
-
-
-
-
Search Results
39
records
(took 0.023 seconds)
