-
公开(公告)号:US20180026972A1
公开(公告)日:2018-01-25
申请号:US15710999
申请日:2017-09-21
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.
-
公开(公告)号:US20160004885A1
公开(公告)日:2016-01-07
申请号:US14855824
申请日:2015-09-16
Applicant: Citrix Systems, Inc.
Inventor: Joseph Nord , Timothy Gaylor , Benjamin Elliot Tucker
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中,为用户创建虚拟硬盘,并使用卷密钥进行加密,并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部,从与用户对应的用户标识符创建的保护密钥,对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后,在加密管理员头文件后,保护密钥可能会被破坏,因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置,一个可访问用户,另一个可访问的管理员。 因此,保护密钥可能永远不会被传输或被拦截,并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。
-
公开(公告)号:US08997197B2
公开(公告)日:2015-03-31
申请号:US13712333
申请日:2012-12-12
Applicant: Citrix Systems, Inc.
Inventor: Joseph Nord , Benjamin Elliot Tucker , Timothy Gaylor
CPC classification number: G06F21/6218 , G06F9/00 , G06F17/30 , G06F21/602 , H04L9/0861 , H04L9/0869 , H04L9/12 , H04L63/064 , H04L63/0807 , H04L63/083 , H04L63/105
Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
Abstract translation: 基于加密的数据访问管理可以包括各种过程。 在一个示例中,设备可以向存储加密数据的数据存储服务器发送用于将加密数据解密的用户认证请求。 然后,计算设备可以接收与用户的认证请求相关联的验证令牌,指示用户被认证到域的验证令牌。 随后,计算设备可以将验证令牌发送到与数据存储服务器不同的第一密钥服务器。 然后,响应于发送验证令牌,计算设备可以从第一密钥服务器接收解密加密数据所需的密钥。 然后,设备可以使用密钥对加密数据的至少一部分进行解密。
-
公开(公告)号:US20140164792A1
公开(公告)日:2014-06-12
申请号:US14178598
申请日:2014-02-12
Applicant: CITRIX SYSTEMS, INC.
Inventor: Joseph Harry Nord , Timothy Gaylor , Benjamin Elliot Tucker
IPC: H04L9/14
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中,为用户创建虚拟硬盘,并使用卷密钥进行加密,并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部,从与用户对应的用户标识符创建的保护密钥,对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后,在加密管理员头文件后,保护密钥可能会被破坏,因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置,一个可访问用户,另一个可访问的管理员。 因此,保护密钥可能永远不会被传输或被拦截,并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。
-
-
-
Search Results
14
records
(took 0.018 seconds)
