公开(公告)号：US11726987B2

公开(公告)日：2023-08-15

申请号：US16950027

申请日：2020-11-17

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo

IPC: G06F16/23 ,  G06F16/27 ,  G06F16/955 ,  G06F16/2457 ,  G06F21/45 ,  G06F16/215 ,  H04L9/40

CPC classification number: G06F16/2379 ,  G06F16/215 ,  G06F16/24573 ,  G06F16/27 ,  G06F16/955 ,  G06F21/45 ,  H04L63/0815

Abstract: A technique involves normalizing identification of users (e.g., different customer organizations) across disparate local systems (e.g., different electronic platforms that provide different products and/or services). Such normalization of user identification enables a provider to accurately ascertain a particular user of multiple disparate local systems even when the multiple disparate local systems identify that user using different identification schemes. Accordingly, the provider is able to offer enhanced support to that user across the multiple disparate local systems. For example, with such normalization of user identification, the provider may employ a single authentication system across the various local systems thus enabling the user to authenticate via the same authentication process regardless of which local system the user attempts to access. As another example, the provider may collect data among the disparate local systems and apply analytics to identify optimization opportunities for the user that could not be otherwise be conveniently determined.

公开(公告)号：US11658984B2

公开(公告)日：2023-05-23

申请号：US16857987

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L63/108 ,  H04L9/3247 ,  H04L63/0876 ,  H04L2463/082

Abstract: Described embodiments provide systems, methods, computer readable media for accessing services via identity providers. A computing device may transmit, responsive to a request from a client to access a service, a value to the client. The client may be configured to access the service using an access token. The computing device may receive, from the client, a signature, the signature generated using the value, a device identifier, and a first encryption key. The computing device may determine, using the value and a second encryption key, the device identifier from the signature. The computing device may identify a status of the client according to the device identifier. The computing device may provide, responsive to the status, a new access token to permit access to the access and a refresh token to obtain subsequent access tokens.

公开(公告)号：US11171964B1

公开(公告)日：2021-11-09

申请号：US17132172

申请日：2020-12-23

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Ricardo Fernando Feijoo ,  Tom Kludy ,  John Gavin Ashman

IPC: H04L29/06 ,  G06F21/45 ,  H04L9/30

Abstract: Methods and systems for secure authentication of users based on unique device identifiers are described herein. A computing device may receive, from a user device, a device registration. The device registration may comprise authentication credentials, device information, and/or a public key. Based on the authentication credentials and/or the device information, a unique device identifier may be generated. A token may be generated based on the unique device identifier and sent to the user device. A request for content may be received from the user device. A nonce may be sent to the user device. The token and a signed version of the nonce may be received from the user device. The nonce may have been signed using a private key corresponding to the public key. Access to the content may be provided based on the token, the unique device identifier, and/or the signed version of the nonce.

公开(公告)号：US20210073210A1

公开(公告)日：2021-03-11

申请号：US16950027

申请日：2020-11-17

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo

IPC: G06F16/23 ,  G06F16/27 ,  G06F16/955 ,  G06F16/2457 ,  G06F21/45 ,  G06F16/215

Abstract: A technique involves normalizing identification of users (e.g., different customer organizations) across disparate local systems (e.g., different electronic platforms that provide different products and/or services). Such normalization of user identification enables a provider to accurately ascertain a particular user of multiple disparate local systems even when the multiple disparate local systems identify that user using different identification schemes. Accordingly, the provider is able to offer enhanced support to that user across the multiple disparate local systems. For example, with such normalization of user identification, the provider may employ a single authentication system across the various local systems thus enabling the user to authenticate via the same authentication process regardless of which local system the user attempts to access. As another example, the provider may collect data among the disparate local systems and apply analytics to identify optimization opportunities for the user that could not be otherwise be conveniently determined.

公开(公告)号：US10749982B2

公开(公告)日：2020-08-18

申请号：US15875424

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Michael Kludy ,  Ayush Jain ,  Ricardo Fernando Feijoo

IPC: H04L29/08 ,  H04W4/02 ,  H04L12/701

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

公开(公告)号：US20190386997A1

公开(公告)日：2019-12-19

申请号：US16550656

申请日：2019-08-26

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L29/06

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US10438006B2

公开(公告)日：2019-10-08

申请号：US15661290

申请日：2017-07-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  G06Q20/00

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US20190034643A1

公开(公告)日：2019-01-31

申请号：US15661290

申请日：2017-07-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ricardo Fernando Feijoo

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F21/602 ,  G06F21/6209 ,  G06Q20/363 ,  G06Q20/382 ,  G06Q20/3829 ,  H04L9/0825 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0823 ,  H04L67/1097 ,  H04L2209/56 ,  H04W12/0608

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US20140108775A1

公开(公告)日：2014-04-17

申请号：US14051664

申请日：2013-10-11

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ashish Gujarathi ,  Felipe Leon ,  Juliano Maldaner ,  Andrew Ogle ,  Ricardo Fernando Feijoo

IPC: G06F9/44 ,  H04L12/24

CPC classification number: H04L41/08 ,  G06F9/4405 ,  G06F9/4416 ,  G06F9/45558 ,  G06F9/505 ,  G06F9/5083 ,  G06F11/0706 ,  G06F11/0793 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L67/10 ,  H04L67/1023 ,  H04L67/34 ,  H04L67/42

Abstract: One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle.

Abstract translation: 本公开的一个或多个方面可以涉及对应用程序，桌面或其他托管资源使用可配置的服务器场偏好。 其他方面可能涉及到基于可配置的服务器场首选项移动服务器场工作负载。 其他方面可能涉及执行重新启动周期，重新启动计划和按需重新启动。 另外的方面可能涉及在特定时间段内交错的单个机器重新启动操作并且执行重新启动操作，使得一些机器在重新启动周期期间可用于用户会话。

公开(公告)号：US20220078007A1

公开(公告)日：2022-03-10

申请号：US17012207

申请日：2020-09-04

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Ricardo Fernando Feijoo

IPC: H04L9/08 ,  H04L9/32

Abstract: Methods, apparatuses, systems, and computer-readable mediums for sharing user credentials in federated authentication are described herein. An identity provider may receive a user credential from a user device. The identity provider may receive, from a relying party, a request for an access token. The identity provider may encrypt the user credential based on a nonce that is uniquely generated for the relying party. The identity provider may send a response to the relying party. The response may include the access token, the encrypted user credential, and the nonce.