公开(公告)号：EP3241139A1

公开(公告)日：2017-11-08

申请号：EP15826274.1

申请日：2015-12-30

申请人： Citrix Systems Inc.

发明人： MOMCHILOV, Georgy ,  NORDSTROM, Ola

IPC分类号： G06F21/41 ,  H04L29/06 ,  G06F9/54 ,  G06F21/53 ,  G06F21/60 ,  H04L9/08

CPC分类号： G06F21/62 ,  G06F9/544 ,  G06F21/41 ,  G06F21/53 ,  G06F21/602 ,  G06F21/78 ,  H04L9/0822 ,  H04L9/0863 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0861

摘要： Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-keyencrypted vault key, thereby unlocking the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：EP3284236A2

公开(公告)日：2018-02-21

申请号：EP16713717.3

申请日：2016-03-24

申请人： Citrix Systems Inc.

发明人： NORDSTROM, Ola ,  MOMCHILOV, Georgy ,  GAYLOR, Timothy

IPC分类号： H04L29/06

CPC分类号： H04L63/0846 ,  G06F21/31 ,  H04L9/3228 ,  H04L63/068 ,  H04L63/083

摘要： Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

公开(公告)号：EP3702946A1

公开(公告)日：2020-09-02

申请号：EP20171406.0

申请日：2015-12-30

申请人： Citrix Systems Inc.

发明人： MOMCHILOV, Georgy ,  NORDSTROM, Ola

IPC分类号： G06F21/41 ,  H04L29/06 ,  G06F9/54 ,  G06F21/53 ,  G06F21/60 ,  H04L9/08

摘要： Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby "unlocking" the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.