公开(公告)号：US20210314312A1

公开(公告)日：2021-10-07

申请号：US17349052

申请日：2021-06-16

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Lloyd Spencer Evans ,  Lakshman Rao Abburi ,  Tomas Boman

IPC: H04L29/06 ,  G06F16/9535 ,  G06F16/2455 ,  G06F21/33 ,  G06F21/73

Abstract: Disclosed are various examples for transferring device identifying information during authentication. An enrollment request is received from a management component executed by a client device. A management service generates a unique device identifier for the client device and embeds it within a certificate to generate a device-identifying certificate. The management service instructs a certificate authority service to generate a public key that includes the unique device identifier and a private key for the client device, and provides the device-identifying certificate and the private key to the client device.

公开(公告)号：US20170223012A1

公开(公告)日：2017-08-03

申请号：US15197997

申请日：2016-06-30

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Lloyd Spencer Evans ,  Lakshman Rao Abburi ,  Tomas Boman

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0823 ,  G06F16/24552 ,  G06F16/9535 ,  G06F21/33 ,  G06F21/73 ,  H04L63/0876

Abstract: Disclosed are various examples for determining whether a client device complies with compliance rules while authenticating a user account. A client certificate can include an identifier corresponding to a client device. An identity provider can extract the identifier while authenticating the user account. The identity provider can determine whether the client device complies with compliance rules prior to authenticating the user account on the client device.

公开(公告)号：US20190281046A1

公开(公告)日：2019-09-12

申请号：US16426383

申请日：2019-05-30

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Lloyd Spencer Evans ,  Lakshman Rao Abburi ,  Tomas Boman

IPC: H04L29/06 ,  G06F16/2455 ,  G06F16/9535 ,  G06F21/33 ,  G06F21/73

Abstract: Disclosed are various examples for transferring device identifying information during authentication. In some examples, an authentication request is transmitted to an identity manager. Instructions to negotiate a ticket are received from the identity manager. A ticket is negotiated from a key distribution center using a certificate comprising a unique device identifier of the client device. The unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid. Authentication of the client device is completed through the identity manager using the ticket.

公开(公告)号：US10171241B2

公开(公告)日：2019-01-01

申请号：US15430748

申请日：2017-02-13

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Shraddha Ladda ,  Dale Robert Olds

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/62 ,  G06F21/31 ,  H04W12/06 ,  H04W12/04 ,  H04W12/12 ,  H04W12/00

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

公开(公告)号：US09723058B2

公开(公告)日：2017-08-01

申请号：US13914366

申请日：2013-06-10

Applicant: VMware, Inc.

Inventor： Emily Hong Xu

IPC: H04L29/08 ,  G06F21/33 ,  G06F21/45

CPC classification number: H04L67/10 ,  G06F21/335 ,  G06F21/45

Abstract: A computer-implemented method for automatically registering an application with an enterprise system. The method includes, obtaining the application associated with the enterprise system, wherein the application is pre-configured for subsequent registration with the enterprise system such that the registration establishes a trust relationship between the application and the enterprise system. The method further includes installing the application on a host device, and in conjunction with installing the application, automatically requesting the registration of the application with the enterprise system.

公开(公告)号：US20170170963A1

公开(公告)日：2017-06-15

申请号：US15430748

申请日：2017-02-13

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Shraddha Ladda ,  Dale Robert Olds

IPC: H04L9/32 ,  H04W12/12 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L9/32 ,  G06F21/31 ,  G06F21/62 ,  G06F2211/003 ,  G06F2211/009 ,  H04L9/3213 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/105 ,  H04L2463/082 ,  H04W12/00 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

公开(公告)号：US11321069B2

公开(公告)日：2022-05-03

申请号：US16655166

申请日：2019-10-16

Applicant: VMware, Inc.

Inventor： Michael L. Hall ,  Sridevi Ravuri ,  Rajesh Agarwalla ,  Emily Hong Xu ,  Venkat Deep Rajan ,  Andrew T. Chin ,  Hasan Mahmood ,  Sushil Shripal Munot ,  Yateendra Kulkarni

IPC: G06F9/44 ,  G06F8/65 ,  G06F9/455 ,  H04L29/06

Abstract: A system and method for supplying on-premise hyper-converged systems uses a cloud service to receive orders for the on-premise hyper-converged systems from customers and to request a system integrator to procure hardware components of the on-premise hyper-converged systems and to assemble hardware components to produce assembled systems. Software components are remotely installed and configured in the assembled systems from the cloud service using bring-up appliances in virtual private clouds created for the on-premise hyper-converged systems to deploy software-defined data centers (SDDCs) in the on-premise hyper-converged systems. The resulting on-premise hyper-converged systems with the deployed SDDCs can then used by the customers.

公开(公告)号：US10484462B2

公开(公告)日：2019-11-19

申请号：US16056945

申请日：2018-08-07

Applicant: VMware, Inc.

Inventor： Emily Hong Xu

IPC: H04L29/08 ,  G06F21/33 ,  G06F21/45 ,  H04W12/08 ,  H04L29/06

Abstract: A computer-implemented method for automatically registering an application with an enterprise system is disclosed. The method accesses an application utilizable with the enterprise system. Generates an application access template for the application, including: generating information specific to the application that is able to be utilized with the enterprise system, and generating parameters specific to the application that is able to be utilized with the enterprise system. The method defines, in the application access template, a basic authorization protocol information; and utilizes the application access template for a subsequent dynamic registration of the application with the enterprise system.

公开(公告)号：US20240412158A1

公开(公告)日：2024-12-12

申请号：US18330153

申请日：2023-06-06

Applicant: VMware, Inc.

Inventor： Emily Hong Xu ,  Rama Koteswari Sudireddi ,  Arabinda Das ,  Shrinivas Patil

IPC: G06Q10/087

Abstract: An example method of managing hardware capacity in a multi-cloud computing system includes: obtaining, by a hardware inventory service executing in the multi-cloud computing system, hardware information for physical servers, in a public cloud, for which a customer has a subscription entitling bare-metal management of the physical servers; maintaining, by the hardware inventory service, an inventory of hardware capacity comprising a physical server pool that includes the physical servers; receiving, at the hardware inventory service, a request to consume the hardware capacity; and providing, by the hardware inventory service, a response to the request that identifies the physical server pool for deploying software to execute therein.

公开(公告)号：US10735400B2

公开(公告)日：2020-08-04

申请号：US15895844

申请日：2018-02-13

Applicant: VMware, Inc.

Inventor： Mark Benson ,  Emily Hong Xu ,  Brett Schoppert

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/32

Abstract: Disclosed is a system and technique for validating a user for a single sign on without exposing secure information about the user to any part of the system except the connection server and the identity provider. In the technique, instead of relying directly on a SAML assertion, the technique uses an artifact representing the assertion and wraps the artifact in an access token. The access token is able to carry the artifact through one or more gateways on its way to a connection server without revealing any security information. Upon the access token being verified by either the gateway or the connection server, the artifact can be extracted from the access token and verification of the user for the single sign on can proceed between only the connection server and the identity provider.