公开(公告)号：US12101319B2

公开(公告)日：2024-09-24

申请号：US17448536

申请日：2021-09-23

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Santosh Gummunur Chiranjeevi Sampath ,  Leo C. Singleton, IV

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0884 ,  H04L63/0838 ,  H04L63/0846 ,  H04L63/0861 ,  H04L2463/082

Abstract: A computing device includes a memory and a processor configured to cooperate with the memory to receive a connection lease and a token from a client device, with the token being generated responsive to the client device completing multi-factor authentication (MFA) with a provider of MFA. The processor further verifies, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token, and connect the client device to a computing session with use of the connection lease and responsive to the verification that the client device has performed MFA.

公开(公告)号：US12034845B2

公开(公告)日：2024-07-09

申请号：US17447713

申请日：2021-09-15

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/08 ,  G06F12/0802 ,  G06K19/07 ,  H04L9/40 ,  H04L67/141 ,  H04L67/568

CPC classification number: H04L9/088 ,  G06F12/0802 ,  G06K19/0723 ,  H04L63/0815 ,  H04L67/141 ,  H04L67/568 ,  G06F2212/60

Abstract: A smart card may include a memory configured to store a user connection lease and user interface (UI) cache for a user and a private/public key pair of the smart card, with the user connection lease being bound to the private/public key pair of the smart card. The smart card may further include a processor coupled to the memory and configured to establish a communications link with a kiosk device to be shared by a plurality of different users, initiate a virtual session for the user at the kiosk device based upon the user connection lease and the private key responsive to establishing the communications link (with the smart card defining an endpoint for the virtual session authorization), and cause the kiosk device to launch the virtual session based upon the user UI cache.

公开(公告)号：US11474840B1

公开(公告)日：2022-10-18

申请号：US17447838

申请日：2021-09-16

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Santosh Gummunur Chiranjeevi Sampath ,  Deepak Sharma

IPC: G06F15/16 ,  G06F9/451 ,  G06F16/958 ,  G06F16/957 ,  H04L65/401

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to run a browser configured to perform a sequence to obtain an asset and display a user interface for launching a virtual session using the asset. The processor may further run code configured to determine a failure of the browser to complete the sequence, and cause the browser to display the user interface for launching the virtual session using a previously cached version of the asset responsive to the failure of the browser to complete the sequence.

公开(公告)号：US10958640B2

公开(公告)日：2021-03-23

申请号：US16111328

申请日：2018-08-24

Applicant: Citrix Systems, Inc.

Inventor： Hubert Divoux ,  David Williams

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/34

Abstract: Methods and systems for faster and more efficient smart card logon in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. A remoting channel may be established between the server device and the client device. The server may receive, from the client device and/or via a personal computer/smart card (PC/SC) protocol, a message comprising an identifier for a smart card. The server device may replace the identifier for the smart card with a substitute identifier. Based on the substitute identifier, the server may determine one or more cryptographic service providers to use for one or more cryptographic operations associated with the smart card. One or more requests for cryptographic operations involving the smart card may be transmitted to the client device, such as via the cryptographic service provider and/or via the remoting channel.

公开(公告)号：US12177119B2

公开(公告)日：2024-12-24

申请号：US18319535

申请日：2023-05-18

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes ,  Leo C. Singleton, IV ,  Paul Browne ,  Kevin Woodmansee

IPC: H04L45/586 ,  H04L9/40 ,  H04L45/42 ,  H04L67/01 ,  H04L67/141

Abstract: A method may include storing and updating published resource entitlements for a plurality of client devices at a computing device. The method may also include using a plurality of virtual delivery appliances to receive connection requests from the client devices, with the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access, and request validation of the connection leases from the computing device. At the computing device, responsive to validation requests from the virtual delivery appliances, the connection leases may be compared to the updated published resource entitlements and validated based thereon. At the virtual delivery appliances, the client devices may be provided with access to virtual sessions corresponding to the published resource entitlements responsive to the virtual session request validations from the computing device.

公开(公告)号：US12126723B2

公开(公告)日：2024-10-22

申请号：US17448218

申请日：2021-09-21

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/32 ,  G06F8/65 ,  G06F9/451 ,  H04L9/30 ,  H04L9/40

CPC classification number: H04L9/3215 ,  G06F8/65 ,  G06F9/452 ,  H04L9/30 ,  H04L63/029

Abstract: A computing appliance may include a memory and a processor configured to cooperate with the memory to establish a first virtual session for an endpoint device over a first network connection. The endpoint device may have an endpoint public/private key pair associated therewith and configured to store a plurality of connection leases generated based upon the endpoint public key, and the first virtual session may be established responsive to a first one of the connection leases and authentication based upon the endpoint private key. The processor may further establish a second virtual session for the endpoint device to access through the first virtual session with another computing appliance over a second network connection responsive to a second one of the connection leases and authentication based upon the endpoint private key.

公开(公告)号：US11695757B2

公开(公告)日：2023-07-04

申请号：US17176011

申请日：2021-02-15

Applicant: Citrix Systems, Inc.

Inventor： Hubert Divoux ,  David Williams

IPC: H04L9/40 ,  G06F21/60 ,  G06F21/34

CPC classification number: H04L63/0853 ,  G06F21/34 ,  G06F21/602 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/0876

Abstract: Methods and systems for faster and more efficient smart card logon in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server used for authentication and the client device. A virtual channel may be established between the server and the client device. The server may receive, from the client device a message including answer to reset (ATR) data of a smart card associated with the client device. The server may substitute the ATR data of the smart card with proxy ATR data of a proxy smart card. The server may determine, based on the proxy ATR data, a cryptographic service provider. The server may transmit, via the cryptographic service provider, via the virtual channel, and to the client device, one or more requests for a cryptographic operation involving the smart card.

公开(公告)号：US11483255B2

公开(公告)日：2022-10-25

申请号：US17316821

申请日：2021-05-11

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L47/70 ,  H04L67/1097 ,  H04L67/142 ,  H04L67/01 ,  G06F9/451 ,  G06F9/455 ,  H04L67/141 ,  H04L67/146 ,  H04L67/55

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to receive connection leases providing instructions for connecting to computing sessions, and request connections to the computing sessions including the connection leases. Each connection lease may comprise a first component unique to a published resource, and a second component referenced by the first component and shared in common with a plurality of different published resources in other connection leases, with the second component being updateable independent of the first component.

公开(公告)号：US20210168136A1

公开(公告)日：2021-06-03

申请号：US17176011

申请日：2021-02-15

Applicant: Citrix Systems, Inc.

Inventor： Hubert Divoux ,  David Williams

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/34

Abstract: Methods and systems for faster and more efficient smart card logon in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server used for authentication and the client device. A virtual channel may be established between the server and the client device. The server may receive, from the client device a message including answer to reset (ATR) data of a smart card associated with the client device. The server may substitute the ATR data of the smart card with proxy ATR data of a proxy smart card. The server may determine, based on the proxy ATR data, a cryptographic service provider. The server may transmit, via the cryptographic service provider, via the virtual channel, and to the client device, one or more requests for a cryptographic operation involving the smart card.

公开(公告)号：US11509465B2

公开(公告)日：2022-11-22

申请号：US17448219

申请日：2021-09-21

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/08 ,  H04L67/141 ,  H04L9/40 ,  G06K19/07 ,  H04L67/568 ,  G06F12/0802

Abstract: A computing device may include a memory configured to store a group connection lease and a group user interface (UI) cache shared by different users within a user delivery group. The computing device may also include a processor coupled to the memory and configured to establish communications links with a plurality of smart card devices associated with different users within the user delivery group, initiate virtual sessions for the different users based upon the group connection lease responsive to establishing the communications links with the smart card devices, and launch the virtual sessions for the different users based upon the group UI cache.