公开(公告)号：US10701082B2

公开(公告)日：2020-06-30

申请号：US16567238

申请日：2019-09-11

Applicant: Citrix Systems, Inc.

Inventor： Zhongmin Lang ,  Gary Barton

IPC: H04L29/06 ,  G06F11/30 ,  G06F9/455 ,  H04W12/08 ,  H04W12/00

Abstract: A method and system for operating an application with multiple modes are described. A plurality of applications may be presented to a user on a mobile device and one of the displayed applications may be selected. The selected application may have one or more contexts that are determined based on one or more operational parameters. For example, a context for the selected application may be that the application is configured to access an enterprise account. Based on the context, the selected application may be run on the mobile device in one of a plurality of operations modes. The operation modes may comprise managed, unmanaged, and partially managed modes, among others.

公开(公告)号：US09973489B2

公开(公告)日：2018-05-15

申请号：US15347247

申请日：2016-11-09

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04L63/0807 ,  G06F21/31 ,  G06F2221/2105 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0815 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

公开(公告)号：US20170192763A9

公开(公告)日：2017-07-06

申请号：US14752132

申请日：2015-06-26

Applicant: Citrix Systems, Inc.

Inventor： James Walker ,  Zhongmin Lang ,  Gary Barton ,  Vipin Aravindakshan

IPC: G06F9/445 ,  G06F9/45 ,  G06F9/44 ,  H04W24/02 ,  G06F3/0484

CPC classification number: G06F8/61 ,  G06F3/04842 ,  G06F8/30 ,  G06F8/316 ,  G06F8/34 ,  G06F8/41 ,  G06F8/52 ,  G06F8/62 ,  G06F8/71 ,  G06F8/72 ,  G06F8/76 ,  G06F21/33 ,  G06F21/53 ,  G06F21/57 ,  H04W24/02

Abstract: Methods and systems are disclosed for providing approaches to generating managed applications from unmanaged applications on a mobile device. The methods and systems may include storing, by a mobile device in a memory of the mobile device, one or more unmanaged applications each comprising a corresponding application bundle and decoding, by the mobile device, the retrieved application bundle corresponding to the first unmanaged application. The methods and systems may also include modifying, by the mobile device, the decoded application bundle corresponding to the first unmanaged application by adding a set of one or more policy-based control instructions, compiling, by the mobile device, the modified application bundle to generate a first managed application, the first managed application being configured to operate in accordance with the set of one or more policy-based control instructions, and providing, by the mobile device, the first managed application.

公开(公告)号：US20170063839A1

公开(公告)日：2017-03-02

申请号：US15347247

申请日：2016-11-09

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Zhongmin Lang ,  Nitin Desai ,  James Robert Walker

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  G06F21/31 ,  G06F2221/2105 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0815 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

Abstract translation: 本公开的各个方面涉及提供每应用程序策略控制的虚拟专用网（VPN）隧道。 在一些实施例中，票据可以用于提供对企业资源的访问，而不需要对应用的单独认证，并且在某些情况下可以以这样的方式使用，以便在重新建立每个应用程序策略时向用户提供无缝体验 在票的生命周期内控制VPN隧道。 另外的方面涉及提供对移动设备的更新的策略信息和票据的接入网关。 其他方面涉及从移动设备的安全容器中选择性地擦拭票据。 另外的方面涉及在诸如管理模式和非托管模式的多种模式中的操作应用，以及基于上述方面中的一个或多个提供与认证相关的服务。

公开(公告)号：US09521147B2

公开(公告)日：2016-12-13

申请号：US14340096

申请日：2014-07-24

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  James Robert Walker ,  Nitin Desai ,  Zhongmin Lang

IPC: H04L12/24 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/335 ,  G06F21/54 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/72 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2137 ,  G06F2221/2143 ,  H04L41/00 ,  H04L41/28 ,  H04L51/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Abstract translation: 本文描述了用于在移动设备上管理企业应用的改进的技术。 在移动设备上运行的每个企业移动应用都具有与其环境交互的相关策略。 该策略根据企业规定有选择性地阻止或者允许涉及企业应用的活动。 一起，在移动设备上运行的企业应用程序组成一组受管应用程序。 管理应用程序通常被允许与其他受管应用程序交换数据，但被阻止与其他应用程序（例如用户自己的个人应用程序）交换数据。 可以定义政策来管理数据共享，移动资源管理，应用程序特定信息，网络和数据访问解决方案，设备云和传输，双模式应用软件，企业应用商店访问以及虚拟化应用和资源等。

公开(公告)号：US20160182530A1

公开(公告)日：2016-06-23

申请号：US15057314

申请日：2016-03-01

Applicant: Citrix Systems, Inc.

Inventor： Zhongmin Lang ,  Gary Barton

IPC: H04L29/06 ,  G06F11/30 ,  G06F9/455

CPC classification number: H04L63/107 ,  G06F9/4555 ,  G06F11/3051 ,  G06F2221/2105 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/00503 ,  H04W12/08

Abstract: A method and system for operating an application with multiple modes are described. A plurality of applications may be presented to a user on a mobile device and one of the displayed applications may be selected. The selected application may have one or more contexts that are determined based on one or more operational parameters. For example, a context for the selected application may be that the application is configured to access an enterprise account. Based on the context, the selected application may be run on the mobile device in one of a plurality of operations modes. The operation modes may comprise managed, unmanaged, and partially managed modes, among others.

Abstract translation: 描述用于操作具有多种模式的应用的方法和系统。 可以在移动设备上向用户呈现多个应用，并且可以选择所显示的应用中的一个。 所选择的应用可以具有基于一个或多个操作参数确定的一个或多个上下文。 例如，所选择的应用的上下文可以是应用被配置为访问企业帐户。 基于上下文，所选择的应用可以以多种操作模式之一在移动设备上运行。 操作模式可以包括管理的，非管理的和部分管理的模式等。

公开(公告)号：US20160173503A1

公开(公告)日：2016-06-16

申请号：US14967958

申请日：2015-12-14

Applicant: Citrix Systems, Inc.

Inventor： Jason Knight ,  Nitin Desai ,  Gary Barton ,  Sameer Mehta

IPC: H04L29/06

CPC classification number: H04L63/105 ,  G06F21/54 ,  G06F21/604 ,  H04L63/12

Abstract: Aspects described herein relate to controlling incoming data processing requests or messages and whether the incoming data processing requests are allowed to reach destination applications unmodified. The destination application may be a secure application operating within a secure application wrapper, and the secure application wrapper may determine whether and how much of the request or message is allowed to pass into a managed partition or through the secure application wrapper to reach the secure application for processing.

Abstract translation: 本文描述的方面涉及控制传入数据处理请求或消息以及是否允许传入数据处理请求未修改地到达目的地应用。 目的地应用程序可以是在安全应用程序包装器内运行的安全应用程序，并且安全应用程序包装器可以确定请求或消息是否允许多少或被允许多少进入托管分区或通过安全应用程序包装器到达安全应用程序 用于处理。

公开(公告)号：US09213850B2

公开(公告)日：2015-12-15

申请号：US14044919

申请日：2013-10-03

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  James Robert Walker ,  Nitin Desai ,  Zhongmin Lang

IPC: H04L29/06 ,  G06F12/14 ,  G06F7/04 ,  G06F3/00 ,  G06F21/60 ,  H04L12/24 ,  G06F21/62 ,  H04L12/58 ,  G06F21/72 ,  H04W12/08 ,  G06F21/33 ,  G06F21/54 ,  H04W12/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/335 ,  G06F21/54 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/72 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2137 ,  G06F2221/2143 ,  H04L41/00 ,  H04L41/28 ,  H04L51/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Abstract translation: 本文描述了用于在移动设备上管理企业应用的改进的技术。 在移动设备上运行的每个企业移动应用都具有与其环境交互的相关策略。 该策略根据企业规定有选择性地阻止或者允许涉及企业应用的活动。 一起，在移动设备上运行的企业应用程序组成一组受管应用程序。 管理应用程序通常被允许与其他受管应用程序交换数据，但被阻止与其他应用程序（例如用户自己的个人应用程序）交换数据。 可以定义政策来管理数据共享，移动资源管理，应用程序特定信息，网络和数据访问解决方案，设备云和传输，双模式应用软件，企业应用商店访问以及虚拟化应用和资源等。

公开(公告)号：US20150319144A1

公开(公告)日：2015-11-05

申请号：US14704075

申请日：2015-05-05

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  Richard Hayton ,  Andrew Innes ,  Georgy Momchilov

IPC: H04L29/06 ,  H04L29/08

CPC classification number: G06F21/606 ,  G06F9/485 ,  G06F9/544 ,  G06F21/41 ,  H04L63/0272 ,  H04L63/0428 ,  H04L67/10

Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.

Abstract translation: 介绍了移动应用程序之间传递信息的方法和系统。 在一些实施例中，移动设备可以确定多个应用在移动设备上运行。 移动设备可以确定多个应用的​​每个应用使用共享密码来加密关于持久状态的信息。 移动设备可以生成包括加密的状态信息的信标。 移动设备可以在第一应用的生命周期完成之前，通过在第一应用程序发送信标到第二应用程序之前，跨多个应用程序的任何一个应用程序的生命周期来维护跨越多个应用程序的状态信息。

公开(公告)号：US09111105B2

公开(公告)日：2015-08-18

申请号：US14044946

申请日：2013-10-03

Applicant: Citrix Systems, Inc.

Inventor： Gary Barton ,  James Robert Walker ,  Nitin Desai ,  Zhongmin Lang

IPC: G06F15/16 ,  G06F21/60 ,  H04L12/24 ,  H04L29/06 ,  G06F21/62 ,  H04L12/58 ,  G06F21/72 ,  H04W12/08 ,  G06F21/33 ,  G06F21/54 ,  H04W12/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/335 ,  G06F21/54 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  G06F21/72 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2137 ,  G06F2221/2143 ,  H04L41/00 ,  H04L41/28 ,  H04L51/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L67/10 ,  H04W12/06 ,  H04W12/08

Abstract: Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.