公开(公告)号：US20170048204A9

公开(公告)日：2017-02-16

申请号：US14607593

申请日：2015-01-28

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06 ,  H04L29/08

CPC classification number: G06F21/602 ,  G06F21/60 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2143 ,  H04L63/0428 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

Abstract translation: 本公开的各个方面涉及为一个或多个被管理应用的数据提供安全容器或数据保管库。 在一些实施例中，可以向每个被管理的应用分配其自己的专用数据保险库和/或可以分配可由至少一个其他被管理应用访问的共享数据保险库。 随着托管应用程序的执行，对数据访问的调用可能被拦截并重定向到安全容器。 存储在安全容器中的数据可以根据策略进行加密。 其他方面涉及从安全容器中删除数据，例如经由与被管理应用相关联的数据的选择性擦除。 其他方面涉及配置和创建安全容器，检索加密/解密存储在安全容器中的数据所需的密钥信息，以及发布被管理应用，策略信息和用于下载的移动设备的密钥信息。

公开(公告)号：US20150143120A1

公开(公告)日：2015-05-21

申请号：US14607593

申请日：2015-01-28

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06 ,  H04L29/08

CPC classification number: G06F21/602 ,  G06F21/60 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2143 ,  H04L63/0428 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

Abstract translation: 本公开的各个方面涉及为一个或多个被管理应用的数据提供安全容器或数据保管库。 在一些实施例中，可以向每个被管理的应用分配其自己的专用数据保险库和/或可以分配可由至少一个其他被管理应用访问的共享数据保险库。 随着托管应用程序的执行，对数据访问的调用可能被拦截并重定向到安全容器。 存储在安全容器中的数据可以根据策略进行加密。 其他方面涉及从安全容器中删除数据，例如经由与被管理应用相关联的数据的选择性擦除。 其他方面涉及配置和创建安全容器，检索加密/解密存储在安全容器中的数据所需的密钥信息，以及发布被管理应用，策略信息和用于下载的移动设备的密钥信息。

公开(公告)号：US20150095975A1

公开(公告)日：2015-04-02

申请号：US14508245

申请日：2014-10-07

Applicant: CITRIX SYSTEMS, INC.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06 ,  G06F3/0481 ,  G06Q10/10

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract translation: 本公开的各个方面涉及配置和提供管理移动应用的执行的策略。 在一些实施例中，可以生成允许IT管理员或其他操作者设置，改变和/或添加到策略设置的用户界面。 策略设置可以被格式化为策略文件，并且可用于下载到移动设备，例如通过应用商店，或作为数据推送服务的一部分被推送到移动设备。 移动设备基于包括在策略文件中的各种设置，可以执行各种动作来强制由策略表示的安全约束。 可以包括在策略中的各种设置是众多的，并且结合本文讨论的示例实施例来描述其一些示例和变型。

公开(公告)号：US08887230B2

公开(公告)日：2014-11-11

申请号：US14041935

申请日：2013-09-30

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06 ,  G06F21/62 ,  H04L12/24 ,  G06F21/60 ,  H04W8/18 ,  G06F21/88 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

公开(公告)号：US20140201679A1

公开(公告)日：2014-07-17

申请号：US14211966

申请日：2014-03-14

Applicant: Citrix Systems, Inc.

Inventor： Nitin Desai ,  Georgy Momchilov

IPC: G06F3/0481

CPC classification number: G06F3/0481 ,  G06F9/452

Abstract: A local computing device may use a remote computing device to host various resources on behalf of the local computing device. The local computing device may receive data related to a graphical window of the remotely hosted resource and generate a graphical window on the local desktop environment for the remotely hosted resource. The local computing device may also update a taskbar to include the remote hosted resource. Window previews may also be generated by the local computing device and the window previews may include snapshots or dynamic images of the graphical window for the remotely hosted resource. In some instances, the snapshots may be provided to the local computing device from the remote computing device.

Abstract translation: 本地计算设备可以使用远程计算设备来代表本地计算设备托管各种资源。 本地计算设备可以接收与远程托管资源的图形窗口相关的数据，并且在远程托管的资源的本地桌面环境上生成图形窗口。 本地计算设备还可以更新任务栏以包括远程托管资源。 窗口预览也可以由本地计算设备生成，并且窗口预览可以包括远程托管资源的图形窗口的快照或动态图像。 在某些情况下，快照可以从远程计算设备提供给本地计算设备。

公开(公告)号：US20140109177A1

公开(公告)日：2014-04-17

申请号：US14041923

申请日：2013-09-30

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: G06F21/62

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

公开(公告)号：US20140109175A1

公开(公告)日：2014-04-17

申请号：US14029096

申请日：2013-09-17

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

公开(公告)号：US20140109171A1

公开(公告)日：2014-04-17

申请号：US14027929

申请日：2013-09-16

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/20 ,  H04W12/0027 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/0802 ,  H04W12/0806

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

Abstract translation: 本公开的各个方面涉及提供每应用程序策略控制的虚拟专用网（VPN）隧道。 在一些实施例中，票据可以用于提供对企业资源的访问，而不需要对应用的单独认证，并且在某些情况下可以以这样的方式使用，以便在重新建立每个应用程序策略时向用户提供无缝体验 在票的生命周期内控制VPN隧道。 另外的方面涉及提供对移动设备的更新的策略信息和故障单的接入网关。 其他方面涉及从移动设备的安全容器中选择性地擦拭票据。 另外的方面涉及在诸如管理模式和非托管模式的多种模式中的操作应用，以及基于上述方面中的一个或多个来提供与认证相关的服务。

公开(公告)号：US20140108793A1

公开(公告)日：2014-04-17

申请号：US14039632

申请日：2013-09-27

Applicant: CITRIX SYSTEMS, INC.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: G06F21/60

CPC classification number: G06F21/602 ,  G06F21/60 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2143 ,  H04L63/0428 ,  H04L67/10 ,  H04W12/0027 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

公开(公告)号：US20140108649A1

公开(公告)日：2014-04-17

申请号：US14041946

申请日：2013-09-30

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L12/24

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract translation: 本公开的各个方面涉及配置和提供管理移动应用的执行的策略。 在一些实施例中，可以生成允许IT管理员或其他操作者设置，改变和/或添加到策略设置的用户界面。 策略设置可以被格式化为策略文件，并且可用于下载到移动设备，例如通过应用商店，或作为数据推送服务的一部分被推送到移动设备。 移动设备基于包括在策略文件中的各种设置，可以执行各种动作来强制由策略表示的安全约束。 可以包括在策略中的各种设置是众多的，并且结合本文讨论的示例实施例来描述其一些示例和变型。