公开(公告)号：US09577985B2

公开(公告)日：2017-02-21

申请号：US14929027

申请日：2015-10-30

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04M3/00 ,  H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04B1/38 ,  H04L29/06 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484 ,  H04M1/725 ,  H04W76/02 ,  H04L12/24 ,  H04W68/12

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract translation: 虚拟商业移动设备可以通过将用于将业务移动设备配置的移动应用绑定到个人移动设备的主机操作系统的特权组件来配置在个人移动设备上，其中绑定启用软件虚拟化层和 移动应用的管理服务组件以特权模式执行。 移动应用然后能够从移动管理服务器下载业务移动设备的虚拟电话图像和与业务移动设备的使用相关的安全相关策略设置，其中软件虚拟化层能够启动用于 基于虚拟手机图像的商业移动设备。 一旦虚拟电话图像被下载，管理服务组件发起定期尝试建立与移动管理服务器的连接以符合下载的安全相关策略设置。

公开(公告)号：US20180060595A1

公开(公告)日：2018-03-01

申请号：US15252638

申请日：2016-08-31

Applicant: VMware, Inc.

Inventor： Dale Olds ,  Fanny Strudel ,  Brad Neighbors

IPC: G06F21/60 ,  H04L29/06 ,  G06F3/12

Abstract: A system and method for granting a user access to one or more resources managed by one or more resource servers may include authenticating a user of an application. An application scope associated with the application may represent resource server(s) and respective resources that the application is configured to access or otherwise consume. A management role associated with the user may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume. An access token may be determined using the application scope and the management role. The access token may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume via the application.

公开(公告)号：US09544274B2

公开(公告)日：2017-01-10

申请号：US14582705

申请日：2014-12-24

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  David Furodet ,  Robert Meyer ,  Craig Newell ,  Claire Reynaud ,  Fanny Strudel ,  Paul Wisner ,  Emil Sit

IPC: H04M3/00 ,  H04L29/06 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484 ,  H04M1/725 ,  H04W76/02 ,  H04L12/24 ,  H04W68/12

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract translation: 用于在移动设备上提供业务环境的图形用户界面呈现显示虚拟电话模板菜单项和策略设置菜单项的导航面板。 在选择虚拟电话模板菜单项后，呈现模板用户界面，使管理员可以自定义虚拟电话图像模板，供用户被配置为运行虚拟电话图像模板的移动设备，作为移动设备上的虚拟机 设备为了提供商业环境。 在选择策略设置菜单项后，呈现使得管理员能够设置安全策略的策略用户界面，其中每个安全策略指定运行与虚拟电话之一对应的虚拟机的移动设备的时间间隔 图像模板应与企业服务器通信以符合安全策略。

公开(公告)号：US20160057559A1

公开(公告)日：2016-02-25

申请号：US14929027

申请日：2015-10-30

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04W4/00 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract translation: 虚拟商业移动设备可以通过将用于将业务移动设备配置的移动应用绑定到个人移动设备的主机操作系统的特权组件来配置在个人移动设备上，其中绑定启用软件虚拟化层和 移动应用的管理服务组件以特权模式执行。 移动应用然后能够从移动管理服务器下载业务移动设备的虚拟电话图像和与业务移动设备的使用相关的安全相关策略设置，其中软件虚拟化层能够启动用于 基于虚拟手机图像的商业移动设备。 一旦虚拟电话图像被下载，管理服务组件发起定期尝试建立与移动管理服务器的连接以符合下载的安全相关策略设置。

公开(公告)号：US09247042B2

公开(公告)日：2016-01-26

申请号：US13678976

申请日：2012-11-16

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Robert Meyer ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Fanny Strudel

IPC: H04M1/725 ,  C09J7/04 ,  B32B37/16 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  H04L29/06 ,  G06F9/445 ,  G06F9/455 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract translation: 移动设备上的商业环境可以由企业服务器通过接收从移动设备发送的标识信息来控制，其中识别信息将该移动设备的用户标识给企业服务器。 虚拟电话模板被发送到移动设备，其中虚拟电话模板（i）对应于识别信息，并且（ii）被配置为将移动设备上的业务环境提供为在安装在虚拟机上的管理程序上运行的虚拟机 移动设备的主机操作系统的顶部。 然后，企业服务器接收来自移动设备的周期性传输，以指示移动设备保持与企业服务器的周期性通信。

公开(公告)号：US08954050B2

公开(公告)日：2015-02-10

申请号：US13678996

申请日：2012-11-16

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  David Furodet ,  Robert Meyer ,  Craig Newell ,  Claire Reynaud ,  Fanny Strudel ,  Paul Wisner ,  Emil Sit

IPC: H04M3/00 ,  H04L29/06 ,  B32B37/16 ,  C09J7/04 ,  H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  G06F9/445 ,  G06F9/455

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract translation: 用于在移动设备上提供业务环境的图形用户界面呈现显示虚拟电话模板菜单项和策略设置菜单项的导航面板。 在选择虚拟电话模板菜单项后，呈现模板用户界面，使得管理员可以自定义虚拟电话图像模板，供用户被配置为运行虚拟电话图像模板的移动设备作为移动设备上的虚拟机 设备为了提供商业环境。 在选择策略设置菜单项后，呈现使得管理员能够设置安全策略的策略用户界面，其中每个安全策略指定运行与虚拟电话之一对应的虚拟机的移动设备的时间间隔 图像模板应与企业服务器通信以符合安全策略。

公开(公告)号：US11595379B2

公开(公告)日：2023-02-28

申请号：US16918709

申请日：2020-07-01

Applicant: VMware, Inc.

Inventor： Michal A. Jankowski ,  Mark Johnson ,  Fanny Strudel ,  Zachary James Shepherd

IPC: H04L9/40

Abstract: This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

公开(公告)号：US10708656B2

公开(公告)日：2020-07-07

申请号：US16044872

申请日：2018-07-25

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04N21/443 ,  H04W4/60 ,  G06F9/445 ,  G06F9/455 ,  G06F9/46 ,  H04L29/06 ,  H04W8/22

Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.

公开(公告)号：US20170244724A1

公开(公告)日：2017-08-24

申请号：US15401225

申请日：2017-01-09

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Robert Meyer ,  Fanny Strudel

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/62 ,  H04W8/22 ,  H04L29/08

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

公开(公告)号：US20160080546A1

公开(公告)日：2016-03-17

申请号：US14952255

申请日：2015-11-25

Applicant: VMware, Inc.

Inventor： Stephen Deasy ,  Robert Meyer ,  Craig Newell ,  Emil Sit ,  Paul Wisner ,  David Furodet ,  Viktor Gyuris ,  Fanny Strudel

IPC: H04M1/725 ,  H04W68/12 ,  H04L29/06 ,  H04L12/24 ,  H04W12/06 ,  H04W4/00

CPC classification number: H04L63/108 ,  B32B5/024 ,  B32B27/12 ,  B32B27/38 ,  B32B37/025 ,  B32B37/12 ,  B32B37/16 ,  B32B2037/1253 ,  C08J5/128 ,  C08J5/24 ,  C08J2363/04 ,  C08J2367/00 ,  C09J7/21 ,  C09J7/30 ,  C09J163/04 ,  C09J2463/00 ,  C09J2467/006 ,  G06F3/0482 ,  G06F3/04842 ,  G06F9/445 ,  G06F9/455 ,  G06F9/45529 ,  G06F9/45558 ,  G06F21/6245 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L41/0853 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04L67/34 ,  H04M1/72522 ,  H04M1/72583 ,  H04W4/50 ,  H04W4/60 ,  H04W8/22 ,  H04W12/06 ,  H04W12/08 ,  H04W68/12 ,  H04W76/10 ,  Y10T428/14

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.