公开(公告)号：US20230403302A1

公开(公告)日：2023-12-14

申请号：US17835382

申请日：2022-06-08

Applicant: VMware, Inc.

Inventor： Aditya Shrotri ,  Sagar Date ,  Kunal Ghosh ,  Rahul Parwani ,  Ryan Stallings ,  Huseyin Erenoglu

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: Disclosed are various embodiments for managing the state of client devices using device-driven management workflows. The device-driven management workflow can be evaluated to determine a current state of the computing device, install software, and direct the computing device to watch at least one value stored in memory for a modification. When at the at least one value stored in memory is modified, the computing device can execute the device-driven management workflow to resolve a discrepancy between the expected state and the current state or perform a remedial action to prevent unwanted access to secure resources.

公开(公告)号：US20210273817A1

公开(公告)日：2021-09-02

申请号：US16804511

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Sagar Date ,  Rahul Parwani

IPC: H04L9/32 ,  H04L9/08

Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.

公开(公告)号：US20210243085A1

公开(公告)日：2021-08-05

申请号：US17236006

申请日：2021-04-21

Applicant: VMware, Inc.

Inventor： Aditya Shrotri ,  Sagar Date

IPC: H04L12/24 ,  G06F21/60 ,  H04W4/50 ,  G06F21/57 ,  H04L29/08

Abstract: Examples described herein include systems and methods for deploying Data Loss Prevention (DLP) policies to user devices. An example method can include receiving a configuration specifying at least one DLP policy applicable to an application, along with an indication of an assignment group specifying users, or user devices, to which the DLP policy should apply. Information regarding the DLP policy and assignment group can be provided to an identity service and then synchronized with a second server that manages the application. The method can further include provisioning the application to a user device and instructing the user device to retrieve the DLP policy from the second server and implement it when executing the provisioned application.

公开(公告)号：US11438177B2

公开(公告)日：2022-09-06

申请号：US16804511

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Sagar Date ,  Rahul Parwani

IPC: H04L9/32 ,  H04L9/08

Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.

公开(公告)号：US20210273920A1

公开(公告)日：2021-09-02

申请号：US16804824

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Jonathon Deriso ,  Sagar Date ,  Rahul Parwani ,  Jinsong Liu ,  Senthil Parthasarathy ,  Shravan Shantharam

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04L12/66

Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.

公开(公告)号：US20190065725A1

公开(公告)日：2019-02-28

申请号：US15685299

申请日：2017-08-24

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Jonathon Deriso ,  William Thomas Hooper ,  Sagar Date ,  Tejas Mehrotra ,  Stephen Turner ,  Amogh Datar ,  Dipanshu Gupta

IPC: G06F21/34 ,  H04W12/06 ,  H04L29/06 ,  H04L9/32 ,  G06F21/33

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.

公开(公告)号：US11012309B2

公开(公告)日：2021-05-18

申请号：US15997322

申请日：2018-06-04

Applicant: VMware, Inc.

Inventor： Aditya Shrotri ,  Sagar Date

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/60 ,  H04W4/50 ,  G06F21/57 ,  H04L29/08

Abstract: Examples described herein include systems and methods for deploying Data Loss Prevention (DLP) policies to user devices. An example method can include receiving a configuration specifying at least one DLP policy applicable to an application, along with an indication of an assignment group specifying users, or user devices, to which the DLP policy should apply. Information regarding the DLP policy and assignment group can be provided to an identity service and then synchronized with a second server that manages the application. The method can further include provisioning the application to a user device and instructing the user device to retrieve the DLP policy from the second server and implement it when executing the provisioned application.

公开(公告)号：US20190068568A1

公开(公告)日：2019-02-28

申请号：US15685094

申请日：2017-08-24

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Jonathon Deriso ,  William Thomas Hooper ,  Sagar Date ,  Tejas Mehrotra ,  Stephen Turner ,  Amogh Datar ,  Dipanshu Gupta

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.

公开(公告)号：US11743124B2

公开(公告)日：2023-08-29

申请号：US17236006

申请日：2021-04-21

Applicant: VMware, Inc.

Inventor： Aditya Shrotri ,  Sagar Date

IPC: H04L29/06 ,  H04L41/0893 ,  G06F21/60 ,  H04W4/50 ,  G06F21/57 ,  H04L67/00 ,  H04L9/40

CPC classification number: H04L41/0893 ,  G06F21/57 ,  G06F21/60 ,  H04L67/34 ,  H04W4/50 ,  H04L63/20

Abstract: Examples described herein include systems and methods for deploying Data Loss Prevention (DLP) policies to user devices. An example method can include receiving a configuration specifying at least one DLP policy applicable to an application, along with an indication of an assignment group specifying users, or user devices, to which the DLP policy should apply. Information regarding the DLP policy and assignment group can be provided to an identity service and then synchronized with a second server that manages the application. The method can further include provisioning the application to a user device and instructing the user device to retrieve the DLP policy from the second server and implement it when executing the provisioned application.

公开(公告)号：US11443023B2

公开(公告)日：2022-09-13

申请号：US15685299

申请日：2017-08-24

Applicant: VMware, Inc.

Inventor： Eugene Liderman ,  Jonathon Deriso ,  William Thomas Hooper ,  Sagar Date ,  Tejas Mehrotra ,  Stephen Turner ,  Amogh Datar ,  Dipanshu Gupta

IPC: G06F21/34 ,  H04W12/06 ,  H04L9/40 ,  H04L9/32 ,  G06F21/33 ,  H04W12/04

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.