公开(公告)号：US11469894B2

公开(公告)日：2022-10-11

申请号：US16739342

申请日：2020-01-10

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/32 ,  G06F9/451 ,  H04L9/08

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.

公开(公告)号：US11012374B2

公开(公告)日：2021-05-18

申请号：US16416481

申请日：2019-05-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L12/911 ,  G06F9/451 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to generate connection leases for published resources selected by client devices. The connection leases may provide instructions for connecting the client devices to virtual computing sessions corresponding to the published resources. Each connection lease may include a published resource lease component unique to the selected published resource, and a common lease component shared by a plurality of different published resources.

公开(公告)号：US10021088B2

公开(公告)日：2018-07-10

申请号：US14870435

申请日：2015-09-30

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers ,  Hubert Divoux

IPC: H04L29/06 ,  G06F21/33 ,  H04L9/32

CPC classification number: H04L63/0823 ,  G06F21/33 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/0853 ,  H04L63/0876

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

公开(公告)号：US20160094546A1

公开(公告)日：2016-03-31

申请号：US14870435

申请日：2015-09-30

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers ,  Hubert Divoux

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/33 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/0853 ,  H04L63/0876

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract translation: 这里描述了用于在远程计算环境中更快更高效地智能卡登录和给予客户端设备完全域访问的方法和系统。 可以使用快速智能卡登录来减少延迟并提高安全性。 例如，系统可以减少用于认证的服务器设备与客户端设备之间的操作次数（例如，交互）。 这些操作可以包括从智能卡获取用户证书或签名数据。 快速智能卡登录还可以通过可选地避免通过网络进行的PIN（或其他凭据）传输，并通过使用认证事件（例如，安全套接字层（SSL）或传输层安全性（TLS）认证）进行单点登录来提高安全性） 一个智能卡到域登录，而不需要使用PIN缓存。

公开(公告)号：US11658907B2

公开(公告)日：2023-05-23

申请号：US17806113

申请日：2022-06-09

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes ,  Leo C. Singleton, IV ,  Paul Browne ,  Kevin Woodmansee

IPC: H04L45/586 ,  H04L45/42 ,  H04L67/141 ,  H04L9/40 ,  H04L67/01

CPC classification number: H04L45/586 ,  H04L45/42 ,  H04L63/0442 ,  H04L63/0876 ,  H04L63/108 ,  H04L67/01 ,  H04L67/141

Abstract: A method may include storing and updating published resource entitlements for a plurality of client devices at a computing device. The method may also include using a plurality of virtual delivery appliances to receive connection requests from the client devices, with the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access, and request validation of the connection leases from the computing device. At the computing device, responsive to validation requests from the virtual delivery appliances, the connection leases may be compared to the updated published resource entitlements and validated based thereon. At the virtual delivery appliances, the client devices may be provided with access to virtual sessions corresponding to the published resource entitlements responsive to the virtual session request validations from the computing device.

公开(公告)号：US11456861B2

公开(公告)日：2022-09-27

申请号：US16878840

申请日：2020-05-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40 ,  H04L9/32 ,  G06F9/455 ,  H04L12/66 ,  H04L12/46 ,  H04L67/02 ,  H04L67/125 ,  H04L67/141 ,  H04L9/14 ,  H04L9/30 ,  H04L67/01 ,  H04L67/63

Abstract: A computing system may include a client device configured to remotely access virtual computing sessions, and a virtual delivery appliance configured to connect the client device to the virtual computing sessions. The client device and the virtual delivery appliance may share a symmetric encryption key and encrypt data communications exchanged therebetween with the symmetric encryption key. The system may further include a gateway appliance configured to relay the encrypted communications between the client device and the virtual delivery appliance, the gateway appliance not having the symmetric key and being unable to decrypt the encrypted communications relayed between the virtual delivery appliance and the client device.

公开(公告)号：US11362943B2

公开(公告)日：2022-06-14

申请号：US16847780

申请日：2020-04-14

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes ,  Leo C. Singleton, IV ,  Paul Browne ,  Kevin Woodmansee

IPC: H04L45/586 ,  H04L45/42 ,  H04L67/141 ,  H04L9/40 ,  H04L67/01

Abstract: A computing system may include a computing device configured to store and update published resource entitlements for a plurality of client devices. The system may further include a plurality of virtual delivery appliances configured to receive connection requests from the client devices, with the connection requests including a connection lease issued based upon the published resource entitlements for the client devices, request validation of the connection leases from the computing device, and provide the client devices with access to virtual sessions corresponding to the published resource entitlements responsive to validation of connection leases from the computing device. The computing device, responsive to validation requests from the virtual delivery appliances, may also compare the connection leases to the updated published resource entitlements and validate virtual session requests based thereon.

公开(公告)号：US11212113B2

公开(公告)日：2021-12-28

申请号：US16416452

申请日：2019-05-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/30

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to receive a connection request from a client device having a public/private encryption key pair associated therewith. The connection request may be based upon a connection lease and the public key for the client device, and the connection lease may be generated based upon an authenticated version of the public key for the client device. The processor may also be configured to verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device and authorize a connection with the client device and provide the client device with access to a virtual computing session via the connection.

公开(公告)号：US11018992B2

公开(公告)日：2021-05-25

申请号：US16421846

申请日：2019-05-24

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L12/911 ,  G06F9/451 ,  G06F9/455 ,  H04L29/08 ,  H04L29/06

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to access a plurality of connection lease templates corresponding to published resources stored in a shared memory. The processor may further be configured to provision connection leases for respective client devices using a connection lease issuing appliance based upon the stored connection lease templates. The connection leases may be provisioned on demand responsive to selection of the published resources by the client devices, and the connection leases may provide instructions for connecting the client devices to virtual computing sessions corresponding to the published resources.

公开(公告)号：US20200374274A1

公开(公告)日：2020-11-26

申请号：US16882856

申请日：2020-05-26

Applicant: CITRIX SYSTEMS, INC.

Inventor： GEORGY MOMCHILOV ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/14

Abstract: A computing system may include a plurality of Point of Presence computing devices (PoPs) configured to provide access to a computing network(s), and a plurality of gateway appliances. The gateway appliances may be configured to relay communications between client devices and virtual delivery appliances to provide the client devices with access to virtual sessions. The gateway appliances may route client device communications through the PoPs based upon gateway connection tickets, and may also generate the gateway connection tickets including a payload encrypted with a symmetric encryption key, and a plurality of different versions of the symmetric key encrypted with different public encryption keys of the PoPs. The PoPs may be further configured to use their private encryption keys to decrypt the encrypted symmetric key, use the decrypted symmetric key to decrypt the payload, and permit routing of the client communications based upon the decrypted payload of the gateway connection tickets.