公开(公告)号：US20210021605A1

公开(公告)日：2021-01-21

申请号：US17063198

申请日：2020-10-05

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/32 ,  G06F21/33 ,  G09C1/00 ,  G06F21/34

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

公开(公告)号：US10277606B2

公开(公告)日：2019-04-30

申请号：US15910127

申请日：2018-03-02

Applicant: Citrix Systems, Inc.

Inventor： Richard Hayton ,  Georgy Momchilov ,  Gary Barton ,  Andrew Innes

IPC: G06F21/00 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F21/10 ,  G06F21/62

Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.

公开(公告)号：US09154488B2

公开(公告)日：2015-10-06

申请号：US13886845

申请日：2013-05-03

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers

IPC: H04L29/06

CPC classification number: H04L63/0884 ,  H04L47/70 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/12

Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.

Abstract translation: 提供了认证和访问资源的方法。 客户端设备可以向代理设备发送请求以访问诸如企业资源的资源。 代理设备可以与与资源相关联的一个或多个服务器认证。 在认证期间，代理设备可以接收由客户端设备控制的签名的请求。 作为响应，代理设备可以向客户端设备发送用于签名的请求。 该请求还可以包括识别在认证会话期间交换（或被交换的）认证信息的数据结构的上下文信息。 如果客户端设备验证上下文信息，则客户端设备可以发送所请求的签名。

公开(公告)号：US09075970B2

公开(公告)日：2015-07-07

申请号：US14013816

申请日：2013-08-29

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes

IPC: G06F21/30 ,  G06F21/31 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/305 ,  G06F9/452 ,  G06F21/31 ,  G06F2221/2115 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L67/08

Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.

Abstract translation: 由受信任的组件将桌面设备的用户认证到远程机器的方法包括由桌面设备执行响应于从用户接收到安全注意序列的用户交互组件。 用户交互组件接收与用户相关联的认证凭证。 桌面设备向代理服务传送接收到的认证凭据。 代理服务根据收到的认证凭证对用户进行认证。 代理服务向远程机器发送与所接收的认证证书相关联的认证数据。 远程机器根据接收到的认证数据对用户进行认证。 远程机器向桌面设备提供对用户请求的资源的访问。 另一方面，受信任的组件向桌面设备的用户提供对远程机器提供的安全桌面功能的访问。

公开(公告)号：US20140331297A1

公开(公告)日：2014-11-06

申请号：US13886845

申请日：2013-05-03

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers

IPC: H04L29/06

CPC classification number: H04L63/0884 ,  H04L47/70 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/12

Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.

Abstract translation: 提供了认证和访问资源的方法。 客户端设备可以向代理设备发送请求以访问诸如企业资源的资源。 代理设备可以与与资源相关联的一个或多个服务器认证。 在认证期间，代理设备可以接收由客户端设备控制的签名的请求。 作为响应，代理设备可以向客户端设备发送用于签名的请求。 该请求还可以包括识别在认证会话期间交换（或被交换的）认证信息的数据结构的上下文信息。 如果客户端设备验证上下文信息，则客户端设备可以发送所请求的签名。

公开(公告)号：US20140007212A1

公开(公告)日：2014-01-02

申请号：US14013765

申请日：2013-08-29

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes

IPC: H04L29/06

CPC classification number: G06F21/305 ,  G06F9/452 ,  G06F21/31 ,  G06F2221/2115 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L67/08

Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.

Abstract translation: 受信任的组件将桌面设备的用户认证到远程机器的方法包括响应于从用户接收到安全注意序列，由桌面设备执行用户交互组件。 用户交互组件接收与用户相关联的认证凭证。 桌面设备向代理服务传送接收到的认证凭据。 代理服务根据收到的认证凭证对用户进行认证。 代理服务向远程机器发送与所接收的认证证书相关联的认证数据。 远程机器根据接收到的认证数据对用户进行认证。 远程计算机向桌面设备提供对用户请求的资源的访问。 另一方面，受信任的组件向桌面设备的用户提供对远程机器提供的安全桌面功能的访问。

公开(公告)号：US20210092101A1

公开(公告)日：2021-03-25

申请号：US17081406

申请日：2020-10-27

Applicant: Citrix Systems, Inc.

Inventor： Simon Frost ,  William Thomas George Charnell ,  Andrew Innes

IPC: H04L29/06

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

公开(公告)号：US10887287B2

公开(公告)日：2021-01-05

申请号：US15976980

申请日：2018-05-11

Applicant: Citrix Systems, Inc.

Inventor： Simon Frost ,  William Thomas George Charnell ,  Andrew Innes

IPC: G06F7/04 ,  H04L29/06

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

公开(公告)号：US20180007059A1

公开(公告)日：2018-01-04

申请号：US15690417

申请日：2017-08-30

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/104 ,  G06F21/33 ,  G06F21/34 ,  G06F21/62 ,  G06F21/6218 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2111 ,  G09C1/00 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/101 ,  H04L63/107

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

公开(公告)号：US20150319174A1

公开(公告)日：2015-11-05

申请号：US14265661

申请日：2014-04-30

Applicant: Citrix Systems, Inc.

Inventor： Richard Hayton ,  Andrew Innes

IPC: H04L29/06

CPC classification number: H04L63/0884 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/205 ,  H04W12/06

Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.

Abstract translation: 公开了用于提供通过网关设备对企业系统中的客户端设备进行认证和授权的方法的方法和系统。 方法和系统可以包括由计算设备向企业设备传递由客户端设备发送的用于访问企业资源的请求，以及由计算设备将与客户端设备相关联的认证凭证与请求 与企业资源相关联的授权信息。 所述方法和系统还可以包括由计算设备接收与企业资源相关联的授权信息，通过计算，通过所接收的与所述企业资源相关联的授权信息来传送客户端设备发送的用于访问企业资源的请求 企业资源，并且通过计算设备向客户端设备传递与所请求的企业资源相关联的信息，基于所接收的与企业资源相关联的授权信息。