公开(公告)号：US11792270B2

公开(公告)日：2023-10-17

申请号：US17735561

申请日：2022-05-03

Applicant: VMware, inc.

Inventor： Adarsh Jain ,  Kalyan Regula ,  Prasad Sawant ,  Ravishankar Chamarajnagar ,  Michael Jones ,  Hai James Le

IPC: H04L67/125 ,  H04L67/303 ,  H04L9/40 ,  H04L67/10 ,  H04W12/08 ,  H04W4/60 ,  H04L67/00 ,  H04W4/50 ,  H04L41/22 ,  H04L41/0806 ,  H04L41/0869 ,  H04L41/08 ,  H04W12/37 ,  H04W76/19 ,  H04W28/08 ,  H04L41/046

CPC classification number: H04L67/125 ,  H04L41/0809 ,  H04L41/0869 ,  H04L41/0886 ,  H04L41/22 ,  H04L63/102 ,  H04L67/10 ,  H04L67/303 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08 ,  H04W12/37 ,  H04W28/0838 ,  H04W28/0925 ,  H04W76/19 ,  H04L41/046 ,  H04L63/20

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

公开(公告)号：US11601476B2

公开(公告)日：2023-03-07

申请号：US17509462

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnagar ,  Devanand Kondur

IPC: H04L41/0803 ,  H04L65/1033 ,  H04L65/1023 ,  H04L41/0604 ,  H04L67/125

Abstract: Disclosed are various examples of an action framework for configuring a gateway to perform actions on the gateway itself or in conjunction with connected IoT devices. In some examples, a command is transmitted from a management service to a gateway device to permit a gateway client application to execute on the gateway device. A command to register an action in association with the gateway client application is also transmitted. The management service then commands the gateway device to perform the action, and receives an action results message with information about the action.

公开(公告)号：US20210194935A1

公开(公告)日：2021-06-24

申请号：US16724782

申请日：2019-12-23

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnagar ,  Devanand Kondur

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/24

Abstract: Disclosed are various examples of an action framework for configuring a gateway to perform actions on the gateway itself or in conjunction with connected IoT devices. In some embodiments,

公开(公告)号：US11689365B2

公开(公告)日：2023-06-27

申请号：US16661198

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

CPC classification number: H04L9/14 ,  G06F3/067 ,  G06F3/0622 ,  G06F3/0653 ,  H04L9/0822 ,  H04L9/0877 ,  H04L9/3234

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some aspects a volume encryption key is generated for a gateway device. A sealing authorization policy is also generated for the gateway device. The sealing authorization policy is generated based on a predetermined platform configuration register (PCR) mask and expected PCR values. The volume encryption key and the sealing authorization policy are transmitted from the management service to the gateway device to provision the gateway device with the volume encryption key.

公开(公告)号：US11349928B2

公开(公告)日：2022-05-31

申请号：US16734016

申请日：2020-01-03

Applicant: VMware, Inc.

Inventor： Adarsh Jain ,  Kalyan Regula ,  Prasad Sawant ,  Ravishankar Chamarajnagar ,  Michael Jones ,  Hai James Le

IPC: H04L67/125 ,  H04L67/303 ,  H04L67/10 ,  H04W12/08 ,  H04W4/60 ,  H04L67/00 ,  H04W4/50 ,  H04L41/22 ,  H04L41/0806 ,  H04L41/0869 ,  H04L41/08 ,  H04W12/37 ,  H04L41/046 ,  H04L9/40

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

公开(公告)号：US20210021418A1

公开(公告)日：2021-01-21

申请号：US16661198

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some aspects a volume encryption key is generated for a gateway device. A sealing authorization policy is also generated for the gateway device. The sealing authorization policy is generated based on a predetermined platform configuration register (PCR) mask and expected PCR values. The volume encryption key and the sealing authorization policy are transmitted from the management service to the gateway device to provision the gateway device with the volume encryption key.

公开(公告)号：US20230261867A1

公开(公告)日：2023-08-17

申请号：US18137494

申请日：2023-04-21

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

CPC classification number: H04L9/14 ,  H04L9/0877 ,  H04L9/3234 ,  G06F3/0653 ,  G06F3/0622 ,  G06F3/067 ,  H04L9/0822

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some examples, a TPM measures platform configuration register (PCR) values during a gateway boot process of a gateway device, including a PCR value for an extractor PCR. The extractor PCR refers to a PCR for an extractor application of the gateway device. The extractor application unseals a volume encryption key using the PCR value for the extractor PCR and a sealing authorization policy. The extractor application itself is verified as a result of measuring and using the PCR value for the extractor PCR.

公开(公告)号：US20220272575A1

公开(公告)日：2022-08-25

申请号：US17735561

申请日：2022-05-03

Applicant: VMware, Inc.

Inventor： Adarsh Jain ,  Kalyan Regula ,  Prasad Sawant ,  Ravishankar Chamarajnagar ,  Michael Jones ,  Hai James Le

IPC: H04W28/08 ,  H04W76/19

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

公开(公告)号：US11190553B2

公开(公告)日：2021-11-30

申请号：US16724782

申请日：2019-12-23

Applicant: VMware, Inc.

Inventor： Ravishankar Chamarajnagar ,  Devanand Kondur

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: Disclosed are various examples of an action framework for configuring a gateway to perform actions on the gateway itself or in conjunction with connected IoT devices. In some embodiments, a gateway client is permitted on a gateway device using a gateway configuration received from a management service. A command callback function is registered in association the gateway client. An action message is received. The action message specifies an action corresponding to the command callback function. The gateway client using the action message. A command object for the gateway client is generated based on the action message. The command callback function is invoked, and the gateway client processes the command object to perform the action.

公开(公告)号：US10530865B2

公开(公告)日：2020-01-07

申请号：US15491973

申请日：2017-04-19

Applicant: VMware, Inc.

Inventor： Adarsh Jain ,  Kalyan Regula ,  Prasad Sawant ,  Ravishankar Chamarajnagar ,  Michael Jones ,  Hai James Le

IPC: H04L29/08 ,  H04L29/06 ,  H04W12/08 ,  H04W4/60

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.