Patents by Inventor Jonathon Deriso
Jonathon Deriso has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11954472Abstract: Disclosed are various embodiments for resolving conflicts between workflows in a workflow processing system. A plurality of workflows stored in a workflow queue are evaluated to identify a common dependency of the plurality of workflows. Then, a version hierarchy is created for the common dependency of the plurality of workflows, the version hierarchy identifying multiple versions of the common dependency. In response to execution of a first one of the plurality of workflows stored in the workflow queue, the version hierarchy can be evaluated to identify the most recent version of the common dependency. Then, installation of the most recent version of the common dependency can be initiated.Type: GrantFiled: November 17, 2022Date of Patent: April 9, 2024Assignee: VMware, Inc.Inventors: Nigitha Alugubelli, Jonathon Deriso, Mohan Guttikonda, Suman Rani
-
Publication number: 20230080700Abstract: Disclosed are various embodiments for resolving conflicts between workflows in a workflow processing system. A plurality of workflows stored in a workflow queue are evaluated to identify a common dependency of the plurality of workflows. Then, a version hierarchy is created for the common dependency of the plurality of workflows, the version hierarchy identifying multiple versions of the common dependency. In response to execution of a first one of the plurality of workflows stored in the workflow queue, the version hierarchy can be evaluated to identify the most recent version of the common dependency. Then, installation of the most recent version of the common dependency can be initiated.Type: ApplicationFiled: November 17, 2022Publication date: March 16, 2023Inventors: Nigitha Alugubelli, JONATHON DERISO, MOHAN GUTTIKONDA, SUMAN RANI
-
Patent number: 11526341Abstract: Disclosed are various embodiments for resolving conflicts between workflows in a workflow processing system. A plurality of workflows stored in a workflow queue are evaluated to identify a common dependency of the plurality of workflows. Then, a version hierarchy is created for the common dependency of the plurality of workflows, the version hierarchy identifying multiple versions of the common dependency. In response to execution of a first one of the plurality of workflows stored in the workflow queue, the version hierarchy can be evaluated to identify the most recent version of the common dependency. Then, installation of the most recent version of the common dependency can be initiated.Type: GrantFiled: April 8, 2021Date of Patent: December 13, 2022Assignee: VMWARE, INC.Inventors: Nigitha Alugubelli, Jonathon Deriso, Mohan Guttikonda, Suman Rani
-
Publication number: 20220353327Abstract: Disclosed are various embodiments for recognizing state changes in client devices and managing the state of client devices using device-driven management workflows. A computing device can receive a state of a client device. The computing device can then determine if the received state matches an expected, compliant state of the client device. When the computing device determines that the received state does not match the expected state, the computing device can identify a remedial workflow that would bring the client device into compliance. The computing device can send the remedial workflow and an instruction to run the remedial workflow to the client device.Type: ApplicationFiled: July 15, 2022Publication date: November 3, 2022Inventors: Jonathon Deriso, Saransh Bhatnagar, Rahul Parwani, Brian Link, Mohan Guttikonda, Satish Venkatakrishnan
-
Patent number: 11470149Abstract: Disclosed are various embodiments for managing the state of client devices using device-driven management workflows. A computing device can be evaluated to determine the current state of the computing device. Then, the current state of the computing device is compared to an expected state of the computing device. The expected state of the computing device may be based at least in part on a result of execution of at least one device-driven management workflow by the computing device. In response to a determination that the current state of the computing device fails to match the expected state of the computing device, the device-driven management workflow can be executed to resolve the discrepancy between the expected state and the current state.Type: GrantFiled: April 5, 2021Date of Patent: October 11, 2022Assignee: VMWARE, INC.Inventors: Jonathon Deriso, Saransh Bhatnagar, Rahul Parwani, Brian Link, Mohan Guttikonda, Satish Venkatakrishnan
-
Patent number: 11443023Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.Type: GrantFiled: August 24, 2017Date of Patent: September 13, 2022Assignee: VMware, Inc.Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Patent number: 11438177Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.Type: GrantFiled: February 28, 2020Date of Patent: September 6, 2022Assignee: VMWARE, INC.Inventors: Jonathon Deriso, Sagar Date, Rahul Parwani
-
Publication number: 20220236972Abstract: Disclosed are various embodiments for resolving conflicts between workflows in a workflow processing system. A plurality of workflows stored in a workflow queue are evaluated to identify a common dependency of the plurality of workflows. Then, a version hierarchy is created for the common dependency of the plurality of workflows, the version hierarchy identifying multiple versions of the common dependency. In response to execution of a first one of the plurality of workflows stored in the workflow queue, the version hierarchy can be evaluated to identify the most recent version of the common dependency. Then, installation of the most recent version of the common dependency can be initiated.Type: ApplicationFiled: April 8, 2021Publication date: July 28, 2022Inventors: NIGITHA ALUGUBELLI, JONATHON DERISO, MOHAN GUTTIKONDA, SUMAN RANI
-
Publication number: 20220239735Abstract: Disclosed are various embodiments for managing the state of client devices using device-driven management workflows. A computing device can be evaluated to determine the current state of the computing device. Then, the current state of the computing device is compared to an expected state of the computing device. The expected state of the computing device may be based at least in part on a result of execution of at least one device-driven management workflow by the computing device. In response to a determination that the current state of the computing device fails to match the expected state of the computing device, the device-driven management workflow can be executed to resolve the discrepancy between the expected state and the current state.Type: ApplicationFiled: April 5, 2021Publication date: July 28, 2022Inventors: JONATHON DERISO, SARANSH BHATNAGAR, RAHUL PARWANi, BRIAN LINK, MOHAN GUTTIKONDA, SATISH VENKATAKRiSHNAN
-
Patent number: 11184336Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of a secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.Type: GrantFiled: November 13, 2019Date of Patent: November 23, 2021Assignee: AirWatch LLCInventor: Jonathon Deriso
-
Publication number: 20210273920Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.Type: ApplicationFiled: February 28, 2020Publication date: September 2, 2021Inventors: Jonathon Deriso, Sagar Date, Rahul Parwani, Jinsong Liu, Senthil Parthasarathy, Shravan Shantharam
-
Publication number: 20210273817Abstract: Disclosed are various embodiments for securely distributing certificates or encryption keys. A management service can receive an enrollment request from a client device. The management service can then send a key request to a certificate provider, the key request comprising a user identifier. The management service can also send a skeleton payload to an enterprise gateway. In response, the management service can receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload. Finally, the management service can send the encrypted profile to the client device.Type: ApplicationFiled: February 28, 2020Publication date: September 2, 2021Inventors: Jonathon Deriso, Sagar Date, Rahul Parwani
-
Patent number: 10992656Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.Type: GrantFiled: August 24, 2017Date of Patent: April 27, 2021Assignee: VMWARE, INC.Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Publication number: 20200084190Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of a secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.Type: ApplicationFiled: November 13, 2019Publication date: March 12, 2020Inventor: Jonathon Deriso
-
Patent number: 10587582Abstract: Disclosed are various approaches for implementing certificate pinning in a tunnel client on a client device. A tunnel client receives a connection request from an application executed by the client device to connect to a remote server. The tunnel client determines that the remote server corresponds to a known pinned host and then determines whether the remote server presents a certificate matching a pinned certificate for the known pinned host. If the presented certificate matches the pinned certificate, the tunnel client allows a connection to be established between the application and the remote server through a network tunnel between the tunnel client and a tunnel server.Type: GrantFiled: May 15, 2017Date of Patent: March 10, 2020Assignee: VMWARE, INCInventor: Jonathon Deriso
-
Patent number: 10516653Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of an secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.Type: GrantFiled: June 29, 2016Date of Patent: December 24, 2019Assignee: AirWatch, LLCInventor: Jonathon Deriso
-
Patent number: 10320771Abstract: Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user's credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.Type: GrantFiled: November 30, 2016Date of Patent: June 11, 2019Assignee: Airwatch LLCInventors: Yogesh Govind Hande, Shravan Shantharam, Kalyan Regula, Varun Murthy, Bhuvanesh Shanmuga Sundaram, Jonathon Deriso
-
Patent number: 10262146Abstract: Disclosed are various approaches for a secure communication session between applications installed on a client device. The secure communication session can be provided over an insecure operating system application programming interface (API). By exchanging session information and encryption data, communications over the insecure API can be secured.Type: GrantFiled: December 15, 2016Date of Patent: April 16, 2019Assignee: VMware, INC.Inventors: Yogesh Govind Hande, Shravan Shantharam, Kalyan Regula, Varun Murthy, Bhuvanesh Shanmuga Sundaram, Jonathon Deriso, Raymond Welch
-
Publication number: 20190065725Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.Type: ApplicationFiled: August 24, 2017Publication date: February 28, 2019Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta
-
Publication number: 20190068568Abstract: Disclosed are various examples for distributed profile and key management. In one example, a management service can generate a partially populated device profile and provide the partially populated device profile to a client application executable on a client device. The client application can generate a credential and insert the credential into the partially populated device profile to generate a fully populated device profile. The credential can be shared with at least one other client application on the client device. The management service can use the fully populated device profile to generate multiple profiles that rely on a single credential, such as a single X.509 security certificate.Type: ApplicationFiled: August 24, 2017Publication date: February 28, 2019Inventors: Eugene Liderman, Jonathon Deriso, William Thomas Hooper, Sagar Date, Tejas Mehrotra, Stephen Turner, Amogh Datar, Dipanshu Gupta