公开(公告)号：US11831758B2

公开(公告)日：2023-11-28

申请号：US17868909

申请日：2022-07-20

Applicant: Citrix Systems, Inc.

Inventor： Ioannis Beredimas ,  Snigdhendu Mukhopadhyay ,  Adam Phillip Schultz

IPC: H04L9/40 ,  H04L9/08 ,  H04L41/0806

CPC classification number: H04L9/0825 ,  H04L9/085 ,  H04L9/0877 ,  H04L41/0806

Abstract: A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.

公开(公告)号：US11431482B2

公开(公告)日：2022-08-30

申请号：US17170175

申请日：2021-02-08

Applicant: Citrix Systems, Inc.

Inventor： Ioannis Beredimas ,  Snigdhendu Mukhopadhyay ,  Adam Phillip Schultz

IPC: G06F21/57 ,  H04L9/08 ,  H04L41/0806

Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.

公开(公告)号：US20220239473A1

公开(公告)日：2022-07-28

申请号：US17170175

申请日：2021-02-08

Applicant: Citrix Systems, Inc.

Inventor： Ioannis Beredimas ,  Snigdhendu Mukhopadhyay ,  Adam Phillip Schultz

IPC: H04L9/08 ,  H04L12/24

Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.

公开(公告)号：US20220224684A1

公开(公告)日：2022-07-14

申请号：US17183882

申请日：2021-02-24

Applicant: Citrix Systems, Inc.

Inventor： Adam Schultz ,  Snigdhendu Mukhopadhyay ,  Ioannis Beredimas

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/707

Abstract: Described embodiments provide systems and methods for validating session tokens using network properties. A first device having one or more processors coupled with memory may identify a session token from an initiation of a session between the first device and a second device via a network path of a plurality of network paths. The first device may determine that the first network path is to be trusted based at least on a property of the network path. The first device may validate the session token for use over the plurality of network paths, responsive to determining that the network path is to be trusted. The first device may provide, responsive to validating, the session token to the second device for use in communications over the plurality of network paths.

公开(公告)号：US20210006596A1

公开(公告)日：2021-01-07

申请号：US16663832

申请日：2019-10-25

Applicant: Citrix Systems, Inc.

Inventor： Ioannis Beredimas ,  Lampros Dounis ,  Panagiotis Matzavinos

IPC: H04L29/06

Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.

公开(公告)号：US10264093B2

公开(公告)日：2019-04-16

申请号：US15911477

申请日：2018-03-05

Applicant: CITRIX SYSTEMS, INC.

Inventor： Kapil Dakhane ,  Ioannis Beredimas ,  Robert Kidd ,  Andrew Michael Penner ,  Nicholas James Stavrakos

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

Abstract: A cache server includes a memory, and a processor to acquire segments of media data associated with a first request, with the first request being generated by a client device. The segments associated with the first request are stored in the memory. Keys for the segments associated with the first request are generated, with each segment having a respective key associated therewith that is a unique identifier for that segment.

公开(公告)号：US09936040B2

公开(公告)日：2018-04-03

申请号：US14577078

申请日：2014-12-19

Applicant: Citrix Systems, Inc.

Inventor： Kapil Dakhane ,  Ioannis Beredimas ,  Robert Kidd ,  Nicholas James Stavrakos ,  Andrew Michael Penner

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/2842 ,  H04L65/605

Abstract: A cache server, a method, and a non-transitory computer-readable medium storing a set of instructions are disclosed. The apparatus comprises a memory and one or more processors configured to acquire one or more segments of media data associated with a first request, the first request being generated by one or more client devices, store the one or more segments associated with the first request, generate a key for each segment of the one or more segments associated with the first request, and generate a first set entry and a first set key for the one or more segments associated with the first request.