公开(公告)号：US11689581B2

公开(公告)日：2023-06-27

申请号：US16545030

申请日：2019-08-20

Applicant: VMware, Inc.

Inventor： Craig Farley Newell

IPC: H04L65/1033 ,  H04L12/46 ,  H04L45/00 ,  H04L43/062 ,  H04L49/354 ,  H04L47/10 ,  H04L47/2441 ,  H04L47/70 ,  H04L9/40

CPC classification number: H04L65/1033 ,  H04L12/4633 ,  H04L12/4641 ,  H04L43/062 ,  H04L45/00 ,  H04L47/10 ,  H04L47/15 ,  H04L47/2441 ,  H04L47/70 ,  H04L47/824 ,  H04L49/354 ,  H04L63/1408

Abstract: Disclosed are various examples for segregating virtual private network (VPN) traffic based on the originating client application. A network gateway receives network traffic from a tunnel endpoint of an application-specific virtual private network tunnel. The network traffic originates from a client application executed in a client device. The network gateway identifies a particular virtual local area network through which the network traffic is received. The network gateway determines, using an identifier of the particular virtual local area network and a mapping of virtual local area network identifiers, characteristics of the client application or the client device from a set of mobile device management attributes. The network gateway determines whether to route the network traffic to a destination based at least in part on the characteristics.

公开(公告)号：US20230188339A1

公开(公告)日：2023-06-15

申请号：US18163673

申请日：2023-02-02

Applicant: VMware, Inc.

Inventor： John Richards ,  Craig Farley Newell

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/0894 ,  H04L9/3297 ,  H04L63/068 ,  H04L9/0861 ,  H04L63/083

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

公开(公告)号：US10785196B2

公开(公告)日：2020-09-22

申请号：US15913942

申请日：2018-03-07

Applicant: VMWARE, INC.

Inventor： Ramani Panchapakesan ,  Suman Aluvala ,  Niranjan Paramashivaiah ,  Mahesh Kavatage ,  Pavan Rajkumar Rangain ,  Craig Farley Newell

IPC: H04L29/00 ,  H04L29/06 ,  H04L9/08

Abstract: Disclosed are various examples for establishing encrypted channels or tunnels within a TCP or other communication session between a tunnel endpoint and tunnel client on a client device. A tunnel endpoint on the client device can determine an encryption key based upon whether a client device is in compliance with encryption policies of the enterprise.

公开(公告)号：US11849038B2

公开(公告)日：2023-12-19

申请号：US18163673

申请日：2023-02-02

Applicant: VMware, Inc.

Inventor： John Richards ,  Craig Farley Newell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/0894 ,  H04L9/0861 ,  H04L9/3297 ,  H04L63/068 ,  H04L63/083

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

公开(公告)号：US11595208B2

公开(公告)日：2023-02-28

申请号：US17498460

申请日：2021-10-11

Applicant: VMware, Inc.

Inventor： John Richards ,  Craig Farley Newell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

公开(公告)号：US11314878B2

公开(公告)日：2022-04-26

申请号：US16689094

申请日：2019-11-20

Applicant: VMWARE, INC.

Inventor： Rohit Pradeep Shetty ,  Sharun Varghese Samuel ,  Erich Peter Stuntebeck ,  Ramani Panchapakesan ,  Craig Farley Newell

IPC: G06F21/62 ,  H04L29/06 ,  G06F3/0482 ,  H04L67/02 ,  G06F9/445

Abstract: Disclosed are various approaches for sharing uniform resource locators (URLs) and enforcing browser restrictions along with a shared URL. Browser restrictions can be identified by appending commands to the shared URL that instruct the receiving browser to activate certain browser restrictions. Browser restrictions can also be enforced using a URL restriction validator, which is a server process that can facilitate enforcement of browser restrictions along with a shared URL.

公开(公告)号：US20210218567A1

公开(公告)日：2021-07-15

申请号：US16743558

申请日：2020-01-15

Applicant: VMware, Inc.

Inventor： John Richards ,  Craig Farley Newell

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

公开(公告)号：US11792202B2

公开(公告)日：2023-10-17

申请号：US17452854

申请日：2021-10-29

Applicant: VMware, Inc.

Inventor： Sanjay Patil ,  Craig Farley Newell ,  Leung Tao Kwok ,  Amit Kumar Yadav

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/102 ,  G06F21/31 ,  H04L63/029 ,  H04L63/0272 ,  H04L63/166 ,  H04L63/101 ,  H04L63/104

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

公开(公告)号：US11272043B2

公开(公告)日：2022-03-08

申请号：US16815037

申请日：2020-03-11

Applicant: VMWARE, INC.

Inventor： Suman Aluvala ,  Craig Farley Newell ,  Amit Kumar Yadav ,  Pavan Rajkumar Rangain ,  Rohit Pradeep Shetty

IPC: H04L29/06 ,  H04L69/22 ,  H04L69/16 ,  H04L69/326 ,  H04L12/46 ,  H04W88/18

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The method further provides identifying first user information associated with the first connection and adding the first user information to a packet header of one or more first packets associated with the first connection. Also, the method provides transferring the one or more first packets into the network environment.

公开(公告)号：US20220029804A1

公开(公告)日：2022-01-27

申请号：US17498460

申请日：2021-10-11

Applicant: VMware, Inc.

Inventor： John Richards ,  Craig Farley Newell

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.