公开(公告)号：US10122709B2

公开(公告)日：2018-11-06

申请号：US15150558

申请日：2016-05-10

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  H04W12/06 ,  H04L9/08

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

公开(公告)号：US10049224B2

公开(公告)日：2018-08-14

申请号：US15455751

申请日：2017-03-10

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/78 ,  G06F21/41 ,  H04L9/08 ,  G06F9/54 ,  G06F21/53 ,  G06F21/60

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US09626525B2

公开(公告)日：2017-04-18

申请号：US14983961

申请日：2015-12-30

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/78 ,  G06F21/41 ,  G06F9/54 ,  G06F21/53 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/62 ,  G06F9/544 ,  G06F21/41 ,  G06F21/53 ,  G06F21/602 ,  G06F21/78 ,  H04L9/0822 ,  H04L9/0863 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0861

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US20220247739A1

公开(公告)日：2022-08-04

申请号：US17681035

申请日：2022-02-25

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L9/40 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  H04W12/30 ,  H04W12/06

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

公开(公告)号：US11297055B2

公开(公告)日：2022-04-05

申请号：US16857750

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  H04W12/30 ,  H04W12/06 ,  H04L9/08 ,  H04L9/32 ,  H04W12/43

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

公开(公告)号：US11288384B2

公开(公告)日：2022-03-29

申请号：US16884667

申请日：2020-05-27

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  G06F21/78 ,  G06F21/41 ,  H04L9/08 ,  H04L29/06 ,  G06F21/53 ,  G06F21/60 ,  H04W12/06 ,  G06F9/54

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US10701065B2

公开(公告)日：2020-06-30

申请号：US15710999

申请日：2017-09-21

Applicant: Citrix Systems, Inc.

Inventor： Ola Nordstrom ,  Georgy Momchilov ,  Timothy Gaylor

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  H04L9/32

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

公开(公告)号：US10699024B2

公开(公告)日：2020-06-30

申请号：US16032673

申请日：2018-07-11

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/78 ,  G06F21/41 ,  H04L9/08 ,  G06F21/53 ,  G06F21/60 ,  H04W12/06 ,  G06F9/54

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US09807086B2

公开(公告)日：2017-10-31

申请号：US14687737

申请日：2015-04-15

Applicant: Citrix Systems, Inc.

Inventor： Ola Nordstrom ,  Georgy Momchilov ,  Timothy Gaylor

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  H04L9/32

CPC classification number: H04L63/0846 ,  G06F21/31 ,  H04L9/3228 ,  H04L63/068 ,  H04L63/083

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

公开(公告)号：US20170185787A1

公开(公告)日：2017-06-29

申请号：US15455751

申请日：2017-03-10

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  G06F21/78 ,  H04L29/06 ,  G06F21/41

CPC classification number: G06F21/62 ,  G06F9/544 ,  G06F21/41 ,  G06F21/53 ,  G06F21/602 ,  G06F21/78 ,  H04L9/0822 ,  H04L9/0863 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0861

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.