公开(公告)号：US09344426B2

公开(公告)日：2016-05-17

申请号：US14140843

申请日：2013-12-26

Applicant: Citrix Systems, Inc.

Inventor： Punit Gupta ,  Bharat Bhushan ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06 ,  G06F21/31 ,  H04L9/32

CPC classification number: H04L63/083 ,  G06F21/31 ,  H04L9/32 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/1458

Abstract: Techniques for accessing enterprise resources while providing denial-of-service attack protection may include receiving, at a gateway from a client device, a request for a resource, the request including a location identifier associated with the resource. Techniques may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message including the location identifier. Techniques may also include retrieving, after authentication of the credentials, the location identifier from the client device. Techniques may additionally include providing access to the resource based on the location identifier.

Abstract translation: 在提供拒绝服务攻击保护的同时访问企业资源的技术可包括在客户机设备的网关处接收对资源的请求，所述请求包括与资源相关联的位置标识符。 技术可以进一步包括通过重定向消息将请求重定向到请求验证凭证的认证设备，重定向消息包括位置标识符。 技术还可以包括在凭证认证之后从客户端设备检索位置标识符。 技术可以另外包括基于位置标识符提供对资源的访问。

公开(公告)号：US20140366080A1

公开(公告)日：2014-12-11

申请号：US13910680

申请日：2013-06-05

Applicant: Citrix Systems, Inc.

Inventor： Punit Gupta ,  Bharat Bhushan ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0807 ,  H04L63/20 ,  H04W4/60 ,  H04W12/0023 ,  H04W12/0027 ,  H04W12/06

Abstract: A method for providing secure remote access to an enterprise application store with enterprise applications for a service running on a mobile device includes receiving an authentication request with user credentials from an access manager on the mobile device. Authentication and a valid session cookie are provided if user credentials are valid. An access token request is received and an access token is provided in response to the token request if the token request includes the valid session cookie. An access request from the service is received and access to the enterprise application store by the service is allowed if the request includes the access token. The service may then download applications or receive applications delivered via the enterprise application store. The application management service can also access a publicly available application store.

Abstract translation: 用于向企业应用商店提供对用于在移动设备上运行的服务的企业应用的安全远程访问的方法包括从移动设备上的访问管理器接收具有用户凭证的认证请求。 如果用户凭据有效，则提供验证和有效的会话cookie。 如果令牌请求包括有效的会话cookie，则接收访问令牌请求并且响应于令牌请求提供访问令牌。 如果请求包含访问令牌，则接收到来自服务的访问请求，并允许由服务访问企业应用程序存储。 然后，服务可以下载应用程序或接收通过企业应用程序存储提供的应用程序。 应用程序管理服务还可以访问公共可用的应用程序存储。

公开(公告)号：US20140373090A1

公开(公告)日：2014-12-18

申请号：US14467749

申请日：2014-08-25

Applicant: CITRIX SYSTEMS, INC.

Inventor： Marco Murgia ,  Larry Tomlin ,  Ivan Bojer ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06 ,  G06F21/45

CPC classification number: H04L63/20 ,  G06F21/45 ,  H04L63/083 ,  H04L63/102

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract translation: 本发明涉及用于建立和应用策略组以控制用户对所识别的资源的访问的系统和方法。 可以经由策略管理器来建立代表用户访问一个或多个所识别的资源的一个或多个访问配置的集合的策略组。 策略组可以包括表示访问所识别的资源的入口点的登录点组件。 可以通过策略管理器配置登录点，以指定入口点的统一资源定位符。 可以为登录点组件选择一个或多个认证和授权方法。 设备可以接收访问统一资源定位符的请求。 设备可以启动用于评估的策略组。 设备可以与用户一起发起由登录点组件指定的一个或多个认证和授权方法。

公开(公告)号：US09363292B2

公开(公告)日：2016-06-07

申请号：US14467749

申请日：2014-08-25

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Larry Tomlin ,  Ivan Bojer ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06 ,  G06F21/45

CPC classification number: H04L63/20 ,  G06F21/45 ,  H04L63/083 ,  H04L63/102

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract translation: 本发明涉及用于建立和应用策略组以控制用户对所识别的资源的访问的系统和方法。 可以经由策略管理器来建立代表用户访问一个或多个所识别的资源的一个或多个访问配置的集合的策略组。 策略组可以包括表示访问所识别的资源的入口点的登录点组件。 可以通过策略管理器配置登录点，以指定入口点的统一资源定位符。 可以为登录点组件选择一个或多个认证和授权方法。 设备可以接收访问统一资源定位符的请求。 设备可以启动用于评估的策略组。 设备可以与用户一起发起由登录点组件指定的一个或多个认证和授权方法。

公开(公告)号：US20150046997A1

公开(公告)日：2015-02-12

申请号：US14140843

申请日：2013-12-26

Applicant: Citrix Systems, Inc.

Inventor： Punit Gupta ,  Bharat Bhushan ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06

CPC classification number: H04L63/083 ,  G06F21/31 ,  H04L9/32 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/1458

Abstract: A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.

Abstract translation: 一种在提供拒绝服务攻击保护的同时访问企业资源的方法。 该方法可以包括在来自客户机设备的网关处接收对资源的请求，所述请求包括与资源相关联的位置标识符。 该方法还可以包括通过重定向消息将请求重定向到请求认证凭证的认证设备，该重定向消息包括位置标识符。 该方法还可以包括在认证凭证之后从客户端设备检索位置标识符。 该方法可以另外包括基于位置标识符提供对资源的访问。