公开(公告)号：US11310340B2

公开(公告)日：2022-04-19

申请号：US16923632

申请日：2020-07-08

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Michael Kludy ,  Ayush Jain ,  Ricardo Fernando Feijoo

IPC: H04L29/08 ,  H04W4/02 ,  H04L12/701 ,  H04L67/60 ,  H04L67/1021 ,  H04L67/52 ,  H04L67/568 ,  H04L45/00 ,  H04L67/63

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

公开(公告)号：US20210385222A1

公开(公告)日：2021-12-09

申请号：US17410013

申请日：2021-08-24

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L29/06

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US11080408B2

公开(公告)日：2021-08-03

申请号：US16552180

申请日：2019-08-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas Kludy ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  G06Q20/00 ,  G06Q20/38 ,  G06Q20/36 ,  H04W12/06 ,  H04L29/08

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US10587703B2

公开(公告)日：2020-03-10

申请号：US15875730

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Kenneth Bell ,  Mark Howell ,  Manbir Chauhan

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  H04L12/46

Abstract: Technology for providing communication connectivity between network entities located in different isolated communication networks through a centralized cloud service. A cloud service connector in a source communication network receives an initial connection request from a source end point device in the source communication network, and determines a customer name and requested service associated with the port number indicated in the request. Mappings are established between the source end point device and a destination end point device that provides the requested service from within a destination communication network that is associated with the customer name. Network traffic is conveyed between the source end point device and the destination end point device through the cloud service by tunneling packets over connections between the cloud service connector in the source communication network and the cloud service and between a cloud service connector in the destination communication network and the cloud service.

公开(公告)号：US20190228092A1

公开(公告)日：2019-07-25

申请号：US15875087

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Jose Reyes ,  Tom Kludy ,  Ricardo Fernando Feijoo

IPC: G06F17/30 ,  G06F9/455

Abstract: Methods and devices for searching and aggregating data in a distributed cloud computing environment are provided. In some embodiments, a request from a client to perform a data transaction is received by a first server. The first server simultaneously spawns a plurality of threads, each thread sending to a different server of a plurality of servers the request to perform the data transaction. A response indicating whether the data transaction was performed by the server is received by the first server and from each server of the plurality of servers. In response to an indication that the data transaction was performed by one or more servers of the plurality of servers and when the data transaction is a get transaction: data corresponding to the data transaction is received by the first server and from the one more servers, the data received from the one or more servers is aggregated by the first server to form combined data, and the first server sends the combined data to the client. Finally, the first server sends a notification including information indicating a result of the data transaction to the client.

公开(公告)号：US20190182352A1

公开(公告)日：2019-06-13

申请号：US15834204

申请日：2017-12-07

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Nishil Prajapati

IPC: H04L29/08

CPC classification number: H04L67/327 ,  H04L67/10 ,  H04L67/42

Abstract: Methods and systems for performing multi-geographical processing of user requests are described herein. An order service computing device may receive a user request associated with a user and, based on the user request, may generate a user account associated with the user. The order service computing device may establish the user account at a geographic computing platform which may provide access to one or more computing resources and/or services. The order service computing device may receive one or more access requests corresponding to one or more computing resources and/or services associated with the geographic computing platform and/or other geographic computing platforms. The order service computing device may generate identifiers based on the one or more access requests which identify the one or more computing resources and/or services.

公开(公告)号：US20180295135A1

公开(公告)日：2018-10-11

申请号：US15482904

申请日：2017-04-10

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/0414 ,  H04L63/083 ,  H04L63/102 ,  H04L63/105

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US11962593B2

公开(公告)日：2024-04-16

申请号：US17410013

申请日：2021-08-24

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L9/40

CPC classification number: H04L63/10 ,  H04L63/083 ,  H04L63/0414 ,  H04L63/102 ,  H04L63/105

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US11706205B2

公开(公告)日：2023-07-18

申请号：US16900229

申请日：2020-06-12

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Kludy

IPC: H04L9/40 ,  G06F21/33 ,  G06F21/41 ,  G06F21/40

CPC classification number: H04L63/0815 ,  G06F21/335 ,  G06F21/41 ,  H04L63/0807 ,  G06F21/40

Abstract: Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

公开(公告)号：US20210377252A1

公开(公告)日：2021-12-02

申请号：US17113874

申请日：2020-12-07

Applicant: Citrix Systems, Inc.

Inventor： Robert Monro ,  Feng Huang ,  Aleksis Sideris ,  Nikolay Paskulov ,  Ricardo Fernando Feijoo

IPC: H04L29/06

Abstract: A method of providing access to digital resources using multiple user identities comprises receiving, from a client application, a first set of authentication tokens that authorize a user to acquire target data provided by a server application. The method further comprises receiving, from the client application, a second set of authentication tokens that authorize the same user to access a connected application. The method further comprises sending, to the server application, a first request to acquire the target data provided by the server application, the first request including the first set of authentication tokens and an identifier of the target data. The method further comprises receiving, from the server application, the target data. The method further comprises sending the target data from the application connector to the connected application in a second request that also includes the second set of authentication tokens.