Patents by Inventor Eugene Liderman
Eugene Liderman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11848931Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.Type: GrantFiled: October 6, 2021Date of Patent: December 19, 2023Assignee: VMWARE, INC.Inventors: Eugene Liderman, Rahul Parwani, Kiran Rohankar, Keith Robertson
-
Patent number: 11736529Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time.Type: GrantFiled: May 27, 2021Date of Patent: August 22, 2023Assignee: VMware, Inc.Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
-
Publication number: 20230016488Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.Type: ApplicationFiled: September 29, 2022Publication date: January 19, 2023Inventors: LUCAS CHEN, GAURAV ARORA, EVAN HURST, NICHOLAS GRIVAS, NICHOLAS BROUILLETTE, JUBIN BENNY, JASON RUBY, EUGENE LIDERMAN, HEMANT SAHANI
-
Patent number: 11461451Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.Type: GrantFiled: August 12, 2019Date of Patent: October 4, 2022Assignee: VMware, Inc.Inventors: Lucas Chen, Gaurav Arora, Evan Hurst, Nicholas Grivas, Nicholas Brouillette, Jubin Benny, Jason Ruby, Eugene Liderman, Hemant Sahani
-
Patent number: 11443023Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.Type: GrantFiled: August 24, 2017Date of Patent: September 13, 2022Assignee: VMware, Inc.Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Patent number: 11275858Abstract: Disclosed are various approaches for encrypting documents using mobile devices. A first application receives, from a second application a file and an identifier of a user account. The first application then sends a request for a certificate to a certificate authority and receives a certificate in response. The file is then encrypted using the certificate, and the encrypted file is returned to the second application. The second application can identify the user account as the recipient of a file. Then, the second application can send an encryption request that includes the identifier of the user account and the file to the first application. In response to the request, the second application receives the encrypted file and then provides the encrypted file to the recipient.Type: GrantFiled: August 12, 2019Date of Patent: March 15, 2022Assignee: VMWARE, INC.Inventors: Lucas Chen, Gaurav Arora, Evan Hurst, Nicholas Grivas, Nicholas Brouillette, Jubin Benny, Jason Ruby, Eugene Liderman, Hemant Sahani
-
Publication number: 20220029990Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.Type: ApplicationFiled: October 6, 2021Publication date: January 27, 2022Inventors: Eugene Liderman, Rahul Parwani, Kiran Rohankar, Keith Robertson
-
Publication number: 20210377022Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.Type: ApplicationFiled: August 10, 2021Publication date: December 2, 2021Inventors: Eugene Liderman, Stephen Louis Turner, Simon Brooks
-
Patent number: 11165774Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A first request for a certificate is received from a client device. Then a certificate request can be created. The certificate request may include a credential identifier for a certificate authority. The credential identifier may uniquely identify an authentication credential to use to request the certificate from certificate authority. The certificate request can then be added to a message queue. Later, a second request from another computing device is received and the message stored in the message queue is provided in response. A certificate is then received from the other computing device and is provided to the client device in response to the first request.Type: GrantFiled: December 14, 2018Date of Patent: November 2, 2021Assignee: VMWARE, INC.Inventors: Eugene Liderman, Rahul Parwani, Kiran Rohankar, Keith Robertson
-
Publication number: 20210289002Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time.Type: ApplicationFiled: May 27, 2021Publication date: September 16, 2021Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
-
Patent number: 11108556Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.Type: GrantFiled: June 8, 2018Date of Patent: August 31, 2021Assignee: VMware, Inc.Inventors: Eugene Liderman, Stephen Louis Turner, Simon Brooks
-
Patent number: 11050791Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The offline restriction policy comprises one or more rules that are associated with one or more actions. The system can cause the one or more actions to be performed during an offline period of time in an instance in which one of the rules is satisfied. The offline period of time representing time periods when the system does not have a network connection with a management system. The system can cause a first authentication action to be performed in an instance in which a first condition of the system satisfies a first rule. The system can also cause a second authentication action to be performed in an instance in which a second condition of the system satisfies a second rule.Type: GrantFiled: June 27, 2018Date of Patent: June 29, 2021Assignee: VMware, Inc.Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
-
Patent number: 10992656Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.Type: GrantFiled: August 24, 2017Date of Patent: April 27, 2021Assignee: VMWARE, INC.Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Publication number: 20200410123Abstract: Disclosed are various approaches for encrypting documents using mobile devices. A first application receives, from a second application a file and an identifier of a user account. The first application then sends a request for a certificate to a certificate authority and receives a certificate in response. The file is then encrypted using the certificate, and the encrypted file is returned to the second application. The second application can identify the user account as the recipient of a file. Then, the second application can send an encryption request that includes the identifier of the user account and the file to the first application. In response to the request, the second application receives the encrypted file and then provides the encrypted file to the recipient.Type: ApplicationFiled: August 12, 2019Publication date: December 31, 2020Inventors: LUCAS CHEN, Gaurav Arora, Evan Hurst, Nicholas Grivas, Nicholas Brouillette, Jubin Benny, Jason Ruby, Eugene Liderman, Hemant Sahani
-
Publication number: 20200412553Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.Type: ApplicationFiled: August 12, 2019Publication date: December 31, 2020Inventors: Lucas Chen, Gaurav Arora, Evan Hurst, Nicholas Grivas, Nicholas Brouillette, Jubin Benny, Jason Ruby, Eugene Liderman, Hemant Sahani
-
Publication number: 20200195642Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A first request for a certificate is received from a client device. Then a certificate request can be created. The certificate request may include a credential identifier for a certificate authority. The credential identifier may uniquely identify an authentication credential to use to request the certificate from certificate authority. The certificate request can then be added to a message queue. Later, a second request from another computing device is received and the message stored in the message queue is provided in response. A certificate is then received from the other computing device and is provided to the client device in response to the first request.Type: ApplicationFiled: December 14, 2018Publication date: June 18, 2020Inventors: Eugene Liderman, Rahul Parwani, Kiran Rohankar, Keith Robertson
-
Publication number: 20200007580Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The offline restriction policy comprises one or more rules that are associated with one or more actions. The system can cause the one or more actions to be performed during an offline period of time in an instance in which one of the rules is satisfied. The offline period of time representing time periods when the system does not have a network connection with a management system. The system can cause a first authentication action to be performed in an instance in which a first condition of the system satisfies a first rule. The system can also cause a second authentication action to be performed in an instance in which a second condition of the system satisfies a second rule.Type: ApplicationFiled: June 27, 2018Publication date: January 2, 2020Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
-
Publication number: 20190379540Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.Type: ApplicationFiled: June 8, 2018Publication date: December 12, 2019Inventors: Eugene Liderman, Stephen Louis Turner, Simon Brooks
-
Publication number: 20190065725Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.Type: ApplicationFiled: August 24, 2017Publication date: February 28, 2019Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Publication number: 20190068568Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.Type: ApplicationFiled: August 24, 2017Publication date: February 28, 2019Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta