公开(公告)号：US10409619B2

公开(公告)日：2019-09-10

申请号：US15466835

申请日：2017-03-22

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F15/177 ,  G06F1/24 ,  G06F9/4401 ,  G06F8/61 ,  H04L29/08 ,  G06F9/451 ,  H04L12/24

Abstract: Systems and methods are included for causing a computing device to request ownership information and configure itself based on which tenant is associated with the computing device. During launch of an operating system, such as WINDOWS, the computing device can contact a server that tracks ownership information. The server can be identified in firmware or an operating system image of the computing device. The server can determine which operating system image and applications to install at the computing device. The server can provide addresses that the computing device can contact to retrieve portions of the operating system or applications.

公开(公告)号：US09544274B2

公开(公告)日：2017-01-10

申请号：US14582705

申请日：2014-12-24

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  David Furodet ,  Robert Meyer ,  Craig Newell ,  Claire Reynaud ,  Fanny Strudel ,  Paul Wisner ,  Emil Sit

IPC: H04M3/00 ,  H04L29/06 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484 ,  H04M1/725 ,  H04W76/02 ,  H04L12/24 ,  H04W68/12

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract translation: 用于在移动设备上提供业务环境的图形用户界面呈现显示虚拟电话模板菜单项和策略设置菜单项的导航面板。 在选择虚拟电话模板菜单项后，呈现模板用户界面，使管理员可以自定义虚拟电话图像模板，供用户被配置为运行虚拟电话图像模板的移动设备，作为移动设备上的虚拟机 设备为了提供商业环境。 在选择策略设置菜单项后，呈现使得管理员能够设置安全策略的策略用户界面，其中每个安全策略指定运行与虚拟电话之一对应的虚拟机的移动设备的时间间隔 图像模板应与企业服务器通信以符合安全策略。

公开(公告)号：US20140059573A1

公开(公告)日：2014-02-27

申请号：US13775047

申请日：2013-02-22

Applicant: VMWARE, INC.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/445

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the system disclosed herein facilitates identifying a system call in an application and replacing the identified system call with a customized function call. During operation, the system executes an executable file of the application, wherein the executable file has been modified to execute a hooking and injection manager at run time. Prior to executing the system call, the system executes the hooking and injection manager. While executing the hooking and injection manager, the system determines, from a symbol table, a symbol table index value corresponding to a symbol associated with the system call. The system further determines an import table entry storing a pointer to the system call based on the symbol table index value, and changes the pointer in the import table entry so that the pointer indicates an address of the customized function call.

Abstract translation: 本文公开的系统的一个实施例有助于在应用程序中识别系统调用，并用定制的功能调用替换所识别的系统调用。 在操作期间，系统执行应用程序的可执行文件，其中可执行文件已被修改以在运行时执行挂钩和注入管理器。 在执行系统调用之前，系统执行挂钩和注入管理器。 在执行挂钩和注入管理器时，系统从符号表确定与系统调用相关联的符号对应的符号表索引值。 系统还基于符号表索引值确定存储指向系统调用的指针的导入表条目，并且改变导入表条目中的指针，使得指针指示定制的函数调用的地址。

公开(公告)号：US11709684B2

公开(公告)日：2023-07-25

申请号：US16987876

申请日：2020-08-07

Applicant: VMware, Inc.

Inventor： Jason Roszak ,  Craig Newell ,  Shravan Shantharam ,  Varun Murthy ,  Kalyan Regula ,  Blake Watts

IPC: G06F9/4401 ,  G06F8/61

CPC classification number: G06F9/4416 ,  G06F9/4406 ,  G06F8/63

Abstract: Systems and methods are included for causing a computing device to assemble and boot from a managed operating system. When the computing device is powered on, it can execute firmware that specifies a server to contact. The server can identify an operating system (OS) to boot, and the location of a pre-enrollment installer for assembling the OS image. The pre-enrollment installer can download base OS images in one or more pieces from multiple locations determined based on ownership information of the computing device. The multiple OS images can relate to enterprise management and company-specific applications and drivers. Once the pre-enrollment installer has combined the base OS images, the computing device reboots using the combined OS image.

公开(公告)号：US10708656B2

公开(公告)日：2020-07-07

申请号：US16044872

申请日：2018-07-25

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04N21/443 ,  H04W4/60 ,  G06F9/445 ,  G06F9/455 ,  G06F9/46 ,  H04L29/06 ,  H04W8/22

Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.

公开(公告)号：US09769120B2

公开(公告)日：2017-09-19

申请号：US14994383

申请日：2016-01-13

Applicant: VMware, Inc.

Inventor： Alexander Fainkichen ,  Craig Newell

IPC: G06F21/00 ,  H04L29/06 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484 ,  H04M1/725 ,  H04W76/02 ,  H04L12/24 ,  H04W68/12

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.

公开(公告)号：US20170244724A1

公开(公告)日：2017-08-24

申请号：US15401225

申请日：2017-01-09

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/62 ,  H04W8/22 ,  H04L29/08

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

公开(公告)号：US20170243001A1

公开(公告)日：2017-08-24

申请号：US15590582

申请日：2017-05-09

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F21/53 ,  H04W12/02 ,  H04L29/06 ,  G06F21/31 ,  G06F9/445 ,  G06F9/54 ,  H04L29/08 ,  G06F21/54 ,  G06F21/60 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides system for facilitating replacement of a system function in an application with a customized function. During operation, the system shifts an existing load command in a file of an application to accommodate an additional load command. The system also adds the additional load command to the file. The additional load command identifies additional instructions that change a pointer of the application from a value that points to a system function to another value that points to a customized function.

公开(公告)号：US20160080546A1

公开(公告)日：2016-03-17

申请号：US14952255

申请日：2015-11-25

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Robert Meyer ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Fanny Strudel

IPC: H04M1/725 ,  H04W68/12 ,  H04L29/06 ,  H04L12/24 ,  H04W12/06 ,  H04W4/00

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

公开(公告)号：US20200036719A1

公开(公告)日：2020-01-30

申请号：US16591242

申请日：2019-10-02

Applicant: VMware, Inc.

Inventor： Saravanan Pitchaimani ,  Vijay Pitchumani Kodaganallur ,  Craig Newell

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/08 ,  H04W12/00

Abstract: Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.