公开(公告)号：US20210336966A1

公开(公告)日：2021-10-28

申请号：US16857987

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  H04L9/32

Abstract: Described embodiments provide systems, methods, computer readable media for accessing services via identity providers. A computing device may transmit, responsive to a request from a client to access a service, a value to the client. The client may be configured to access the service using an access token. The computing device may receive, from the client, a signature, the signature generated using the value, a device identifier, and a first encryption key. The computing device may determine, using the value and a second encryption key, the device identifier from the signature. The computing device may identify a status of the client according to the device identifier. The computing device may provide, responsive to the status, a new access token to permit access to the access and a refresh token to obtain subsequent access tokens.

公开(公告)号：US11128625B2

公开(公告)日：2021-09-21

申请号：US16550656

申请日：2019-08-26

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: G06F21/00 ,  H04L29/06

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US20190384920A1

公开(公告)日：2019-12-19

申请号：US16552180

申请日：2019-08-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas Kludy ,  Ricardo Fernando Feijoo

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L29/06

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US20190230189A1

公开(公告)日：2019-07-25

申请号：US15875424

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Michael Kludy ,  Ayush Jain ,  Ricardo Fernando Feijoo

IPC: H04L29/08 ,  H04W4/02

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

公开(公告)号：US20170026230A1

公开(公告)日：2017-01-26

申请号：US15286731

申请日：2016-10-06

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ashish Gujarathi ,  Felipe Leon ,  Juliano Maldaner ,  Andrew Ogle ,  Ricardo Fernando Feijoo

IPC: H04L12/24 ,  H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  G06F9/44 ,  G06F9/50

CPC classification number: H04L41/08 ,  G06F9/4405 ,  G06F9/4416 ,  G06F9/45558 ,  G06F9/505 ,  G06F9/5083 ,  G06F11/0706 ,  G06F11/0793 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L67/10 ,  H04L67/1023 ,  H04L67/34 ,  H04L67/42

Abstract: One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle.

公开(公告)号：US09471331B2

公开(公告)日：2016-10-18

申请号：US14051664

申请日：2013-10-11

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ashish Gujarathi ,  Felipe Leon ,  Juliano Maldaner ,  Andrew Ogle ,  Ricardo Fernando Feijoo

IPC: G06F9/44 ,  G06F9/50 ,  G06F11/07 ,  G06F15/177 ,  H04L12/24

CPC classification number: H04L41/08 ,  G06F9/4405 ,  G06F9/4416 ,  G06F9/45558 ,  G06F9/505 ,  G06F9/5083 ,  G06F11/0706 ,  G06F11/0793 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L67/10 ,  H04L67/1023 ,  H04L67/34 ,  H04L67/42

Abstract: One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle.

Abstract translation: 本公开的一个或多个方面可以涉及对应用程序，桌面或其他托管资源使用可配置的服务器场偏好。 其他方面可能涉及到基于可配置的服务器场首选项移动服务器场工作负载。 其他方面可能涉及执行重新启动周期，重新启动计划和按需重新启动。 另外的方面可能涉及在特定时间段内交错的单个机器重新引导操作，并执行重新启动操作，使得一些机器在重新启动周期期间可用于用户会话。

公开(公告)号：US11675914B2

公开(公告)日：2023-06-13

申请号：US17355297

申请日：2021-06-23

Applicant: Citrix Systems, Inc.

Inventor： Thomas Kludy ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/40 ,  G06Q20/00 ,  G06Q20/38 ,  G06Q20/36 ,  H04W12/06 ,  H04L67/1097

CPC classification number: G06F21/602 ,  G06F21/6209 ,  G06Q20/00 ,  G06Q20/363 ,  G06Q20/382 ,  G06Q20/3829 ,  H04L9/0825 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/06 ,  H04W12/068 ,  H04L63/0823 ,  H04L67/1097 ,  H04L2209/56

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US11652613B2

公开(公告)日：2023-05-16

申请号：US17012207

申请日：2020-09-04

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Ricardo Fernando Feijoo

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/085 ,  H04L9/0866 ,  H04L9/3213 ,  H04L9/3226

Abstract: Methods, apparatuses, systems, and computer-readable mediums for sharing user credentials in federated authentication are described herein. An identity provider may receive a user credential from a user device. The identity provider may receive, from a relying party, a request for an access token. The identity provider may encrypt the user credential based on a nonce that is uniquely generated for the relying party. The identity provider may send a response to the relying party. The response may include the access token, the encrypted user credential, and the nonce.

公开(公告)号：US11637914B2

公开(公告)日：2023-04-25

申请号：US17722769

申请日：2022-04-18

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Kludy ,  Ayush Jain ,  Ricardo Fernando Feijoo

IPC: H04L67/60 ,  H04L67/1021 ,  H04W4/02 ,  H04L45/00 ,  H04L67/52 ,  H04L67/63 ,  H04L67/568

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

公开(公告)号：US11586685B2

公开(公告)日：2023-02-21

申请号：US16669901

申请日：2019-10-31

Applicant: CITRIX SYSTEMS, INC.

Inventor： Ricardo Fernando Feijoo

IPC: G06F16/951 ,  G06F16/958 ,  G06F16/954

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to receive data from browsers of client devices configured to remotely access different Web applications through the browsers, with the data being indicative of user actions performed within the different Web applications. The processor may also be configured to cooperate with the memory to generate a data structure separately from the different Web applications based upon the received data, determine an action to perform based upon the data structure, and perform the determined action.