公开(公告)号：US11184346B2

公开(公告)日：2021-11-23

申请号：US16571466

申请日：2019-09-16

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  G06F3/06

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

公开(公告)号：US10447681B2

公开(公告)日：2019-10-15

申请号：US15442175

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  G06F3/06 ,  H04L9/08

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.

公开(公告)号：US20180157433A1

公开(公告)日：2018-06-07

申请号：US15442239

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: G06F3/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

公开(公告)号：US11977620B2

公开(公告)日：2024-05-07

申请号：US17648362

申请日：2022-01-19

Applicant: VMware, Inc.

Inventor： Simon Paul Brooks ,  Anuj Panwar ,  Siavash James Joorabchian Hawkins

IPC: H04L29/06 ,  G06F21/44 ,  H04L9/40 ,  H04L67/60

CPC classification number: G06F21/44 ,  H04L63/0823 ,  H04L67/60

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

公开(公告)号：US10469478B2

公开(公告)日：2019-11-05

申请号：US15442239

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L9/08 ,  H04L29/06 ,  G06F3/06

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

公开(公告)号：US20230229752A1

公开(公告)日：2023-07-20

申请号：US17648362

申请日：2022-01-19

Applicant: VMware, Inc.

Inventor： Simon Paul Brooks ,  Anuj Panwar ,  Siavash James Joorabchian Hawkins

IPC: G06F21/44 ,  H04L67/60 ,  H04L9/40

CPC classification number: G06F21/44 ,  H04L67/32 ,  H04L63/0823

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

公开(公告)号：US20200014681A1

公开(公告)日：2020-01-09

申请号：US16571466

申请日：2019-09-16

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  G06F3/06

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

公开(公告)号：US20180159843A1

公开(公告)日：2018-06-07

申请号：US15442175

申请日：2017-02-24

Applicant: VMware, Inc.

Inventor： Kishore Sajja ,  Lucas Chen ,  Raghuram Rajan ,  Anuj Panwar ,  Sandeep Naga Kaipu ,  Rajiv Singh

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0815 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/067 ,  H04L9/0825 ,  H04L9/0894 ,  H04L63/0442

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.