公开(公告)号：US20150067769A1

公开(公告)日：2015-03-05

申请号：US14535597

申请日：2014-11-07

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  G06F21/31 ,  G06F2221/2105 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0815 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

Abstract translation: 本公开的各个方面涉及提供每应用程序策略控制的虚拟专用网（VPN）隧道。 在一些实施例中，票据可以用于提供对企业资源的访问，而不需要对应用的单独认证，并且在某些情况下可以以这样的方式使用，以便在重新建立每个应用程序策略时向用户提供无缝体验 在票的生命周期内控制VPN隧道。 另外的方面涉及提供对移动设备的更新的策略信息和故障单的接入网关。 其他方面涉及从移动设备的安全容器中选择性地擦拭票据。 另外的方面涉及在诸如管理模式和非托管模式的多种模式中的操作应用，以及基于上述方面中的一个或多个来提供与认证相关的服务。

公开(公告)号：US08910239B2

公开(公告)日：2014-12-09

申请号：US14029088

申请日：2013-09-17

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: G06F17/00 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0807 ,  G06F21/31 ,  G06F2221/2105 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0815 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

公开(公告)号：US08881229B2

公开(公告)日：2014-11-04

申请号：US14044972

申请日：2013-10-03

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  James Robert Walker ,  Nitin Desai ,  Zhongmin Lang

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/72 ,  H04W12/08

CPC classification number: H04L63/20 ,  G06F21/604 ,  G06F21/72 ,  G06F2221/2111 ,  H04W12/06 ,  H04W12/08

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

公开(公告)号：US20140298420A1

公开(公告)日：2014-10-02

申请号：US13898167

申请日：2013-05-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Gary Barton ,  Zhongmin Lang ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/102 ,  G06F21/33 ,  G06F21/44 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/033 ,  G06F2221/2103 ,  G06F2221/2115 ,  H04L63/10 ,  H04W12/06 ,  H04W12/08

Abstract: A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource.

Abstract translation: 提供了一种管理企业资源访问的方法。 访问管理器可以在移动设备上操作以验证安装在该移动设备处的移动应用。 如果访问管理器没有成功地验证移动应用程序，则访问管理器可以阻止移动应用程序访问计算资源。 如果访问管理器成功验证移动应用程序，则访问管理器可以将移动应用识别为可信赖的移动应用。 因此，访问管理器可以允许受信任的移动应用访问计算资源。

公开(公告)号：US20140298402A1

公开(公告)日：2014-10-02

申请号：US14022935

申请日：2013-09-10

Applicant: Citrix Systems, Inc.

Inventor： Zhongmin Lang ,  Gary Barton ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L67/10 ,  G06F9/468 ,  G06F21/51 ,  H04L63/105 ,  H04L63/20 ,  H04W12/0027 ,  H04W12/02 ,  H04W12/08

Abstract: A method and system for managing an application with multiple modes are described. A device manager that manages a mobile device may monitor the mobile device. The device manager may detect that a first type of application that runs in a managed mode (or in multiple managed modes) and an unmanaged mode is installed on the mobile device. When the application is executed on the device, the application executes in accordance with the selected application mode, e.g., based on location, user, role, industry presence, or other predefined context.

Abstract translation: 描述用于管理具有多种模式的应用的方法和系统。 管理移动设备的设备管理器可以监视移动设备。 设备管理器可以检测在移动设备上安装以托管模式（或多个管理模式）和非托管模式运行的第一类型的应用。 当应用程序在设备上执行时，应用程序根据所选择的应用程序执行，例如，基于位置，用户，角色，行业存在或其他预定上下文。

公开(公告)号：US08769063B2

公开(公告)日：2014-07-01

申请号：US14045005

申请日：2013-10-03

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  James Robert Walker ,  Nitin Desai ,  Zhongmin Lang

IPC: G06F15/173

CPC classification number: H04L63/20 ,  G06F21/335 ,  G06F21/54 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/72 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2137 ,  G06F2221/2143 ,  H04L41/00 ,  H04L41/28 ,  H04L51/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

公开(公告)号：US08719898B1

公开(公告)日：2014-05-06

申请号：US14041923

申请日：2013-09-30

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L12/12 ,  H04L1/14

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract translation: 本公开的各个方面涉及配置和提供管理移动应用的执行的策略。 在一些实施例中，可以生成允许IT管理员或其他操作者设置，改变和/或添加到策略设置的用户界面。 策略设置可以被格式化为策略文件，并且可用于下载到移动设备，例如通过应用商店，或作为数据推送服务的一部分被推送到移动设备。 移动设备基于包括在策略文件中的各种设置，可以执行各种动作来强制由策略表示的安全约束。 可以包括在策略中的各种设置是众多的，并且结合本文讨论的示例实施例来描述其一些示例和变型。

公开(公告)号：US20140109178A1

公开(公告)日：2014-04-17

申请号：US14041935

申请日：2013-09-30

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F3/0481 ,  G06F9/452 ,  G06F9/45533 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/88 ,  G06F2221/2143 ,  G06Q10/10 ,  H04L41/046 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/205 ,  H04L67/34 ,  H04W8/18 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

公开(公告)号：US20140109173A1

公开(公告)日：2014-04-17

申请号：US14029077

申请日：2013-09-17

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/20 ,  H04W12/0027 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/0802 ,  H04W12/0806

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

公开(公告)号：US20140109072A1

公开(公告)日：2014-04-17

申请号：US14055038

申请日：2013-10-16

Applicant: Citrix Systems, Inc.

Inventor： Zhongmin Lang ,  Gary Barton ,  James Robert Walker ,  Vipin Aravindakshan

IPC: G06F9/445

CPC classification number: G06F8/76 ,  G06F8/52 ,  G06F8/65 ,  G06F8/72 ,  G06F9/45504 ,  G06F9/45516 ,  G06F21/33 ,  G06F21/53 ,  G06F21/57

Abstract: A stub for a proxy of an operating system (OS) application program interface (API) call may be generated. Policy enforcement logic may be inserted into the stub for the proxy of the OS API call. Code of an application may be parsed to identify one or more calls corresponding to the OS API call. The one or more calls corresponding to the OS API call may be replaced with a reference to the stub for the proxy of the OS API call.

Abstract translation: 可以生成用于操作系统（OS）应用程序接口（API）调用的代理的存根。 策略执行逻辑可以插入到用于代理OS API调用的存根中。 可以解析应用程序的代码，以识别与OS API调用相对应的一个或多个调用。 与OS API调用相对应的一个或多个调用可以被替换为对于用于代理OS API调用的存根的引用。