公开(公告)号：US09805210B2

公开(公告)日：2017-10-31

申请号：US14632601

申请日：2015-02-26

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Benjamin Elliot Tucker ,  Timothy Gaylor

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  G06F9/00 ,  H04L9/12 ,  G06F17/30 ,  H04L9/08

CPC classification number: G06F21/6218 ,  G06F9/00 ,  G06F17/30 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0869 ,  H04L9/12 ,  H04L63/064 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/105

Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.

公开(公告)号：US20170048350A1

公开(公告)日：2017-02-16

申请号：US15244823

申请日：2016-08-23

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Richard Hayton

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L67/306 ,  H04L41/046 ,  H04L67/06 ,  H04L67/143

Abstract: Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session.

Abstract translation: 将一致的用户配置文件及时传递给重叠的用户会话，其中第一用户会话向服务器代理发出用户简档的第一文件的请求。 在接收到请求之后，服务器代理从基本用户简档中检索第一个文件，并且及时将检索到的第一个文件传递给第一个用户会话。 经由与第一用户会话同时执行的第二用户会话的用户向服务器代理发出用于第一文件的请求和用户简档的第二文件。 在接收到请求之后，服务器代理识别临时用户简档中的第一个文件的修改版本，从临时用户配置文件中检索修改后的第一个文件，从基本用户配置文件中检索第二个文件，并且及时将两个文件传递给 第二个用户会话。

公开(公告)号：US10225363B2

公开(公告)日：2019-03-05

申请号：US15244823

申请日：2016-08-23

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Richard Hayton

IPC: H04L29/08 ,  H04L12/24

Abstract: Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session.

公开(公告)号：US09965622B2

公开(公告)日：2018-05-08

申请号：US14721328

申请日：2015-05-26

Applicant: Citrix Systems, Inc.

Inventor： Vikramjeet Sandhu ,  Joseph Nord

IPC: G06F21/53 ,  G06F9/445 ,  G06F9/455 ,  G06F21/10 ,  G06F9/54 ,  H04L29/06

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/455 ,  G06F9/542 ,  G06F21/105 ,  G06F2009/45587 ,  G06F2221/033 ,  G06F2221/2145 ,  H04L63/08 ,  H04L63/102

Abstract: The present invention is directed towards systems and methods of streaming an application from a remote location to a local machine system, and using local machine system resources in executing that application. In various embodiments, services needed by a streamed application may be started with high local system privileges in their own isolation environment. These service may be started, stopped, and otherwise managed by a Service Control Manager. In order for an application to both access services that operate at high local system privileges and the network so that it can access remotely stored, streaming, information; a streaming application may rely on privileges of the user when accessing network information rather than the higher privileges of the services running in isolation.

公开(公告)号：US20160004885A1

公开(公告)日：2016-01-07

申请号：US14855824

申请日：2015-09-16

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Timothy Gaylor ,  Benjamin Elliot Tucker

IPC: G06F21/79 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/79 ,  G06F3/0623 ,  G06F3/0664 ,  G06F21/602 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/0886 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3234 ,  H04L63/0428

Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.

Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中，为用户创建虚拟硬盘，并使用卷密钥进行加密，并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部，从与用户对应的用户标识符创建的保护密钥，对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后，在加密管理员头文件后，保护密钥可能会被破坏，因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置，一个可访问用户，另一个可访问的管理员。 因此，保护​​密钥可能永远不会被传输或被拦截，并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。

公开(公告)号：US08997197B2

公开(公告)日：2015-03-31

申请号：US13712333

申请日：2012-12-12

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Benjamin Elliot Tucker ,  Timothy Gaylor

IPC: G06F21/00 ,  G06F17/30 ,  G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F9/00 ,  H04L9/12 ,  H04L9/08

CPC classification number: G06F21/6218 ,  G06F9/00 ,  G06F17/30 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0869 ,  H04L9/12 ,  H04L63/064 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/105

Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.

Abstract translation: 基于加密的数据访问管理可以包括各种过程。 在一个示例中，设备可以向存储加密数据的数据存储服务器发送用于将加密数据解密的用户认证请求。 然后，计算设备可以接收与用户的认证请求相关联的验证令牌，指示用户被认证到域的验证令牌。 随后，计算设备可以将验证令牌发送到与数据存储服务器不同的第一密钥服务器。 然后，响应于发送验证令牌，计算设备可以从第一密钥服务器接收解密加密数据所需的密钥。 然后，设备可以使用密钥对加密数据的至少一部分进行解密。

公开(公告)号：US09690954B2

公开(公告)日：2017-06-27

申请号：US14855824

申请日：2015-09-16

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Timothy Gaylor ,  Benjamin Elliot Tucker

IPC: H04L9/14 ,  G06F21/79 ,  G06F21/60 ,  G06F21/78 ,  G06F21/80 ,  H04L9/18 ,  G06F3/06 ,  H04L9/08 ,  H04L29/06

CPC classification number: G06F21/79 ,  G06F3/0623 ,  G06F3/0664 ,  G06F21/602 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/0886 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3234 ,  H04L63/0428

Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.

公开(公告)号：US09049299B2

公开(公告)日：2015-06-02

申请号：US14068614

申请日：2013-10-31

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord

IPC: H04M3/42 ,  H04M3/56 ,  H04L29/06

CPC classification number: H04M3/568 ,  H04L65/403 ,  H04M2203/2094 ,  H04M2203/303

Abstract: A technique manages an online meeting. The technique includes providing an audio output signal to a first client device currently participating in the online meeting. The audio output signal directs the first client device to play a particular sound (e.g., a unique tone or a unique series of tones). The technique further involves receiving an audio input signal from a second client device. The audio input signal includes the particular sound. The technique further involves identifying the second client device as being co-located with the first client device in response to the audio input signal which includes the particular sound. Such operation enables the electronic circuitry (e.g., a processing circuit of an online meeting server) to learn whether any client devices are co-located and accordingly associate multiple devices to a single user connected to the online meeting.

Abstract translation: 一种技术管理在线会议。 该技术包括向当前参与在线会议的第一客户端设备提供音频输出信号。 音频输出信号引导第一客户端设备播放特定的声音（例如，独特的音调或独特的音调系列）。 该技术还涉及从第二客户端设备接收音频输入信号。 音频输入信号包括特定的声音。 该技术还包括响应于包括特定声音的音频输入信号，将第二客户端设备识别为与第一客户端设备共处。 这样的操作使得电子电路（例如，在线会议服务器的处理电路）能够了解任何客户端设备是否位于同一位置，并且因此将多个设备与连接到在线会议的单个用户相关联。

公开(公告)号：US11429753B2

公开(公告)日：2022-08-30

申请号：US16144317

申请日：2018-09-27

Applicant: Citrix Systems, Inc.

Inventor： Jacob Jared Summers ,  Joseph Nord

IPC: G06F21/83 ,  G06F21/60 ,  H04L9/40 ,  H04L9/08 ,  H04L67/10

Abstract: Techniques for encrypting keyboard data prior to its being received by an operating system of an endpoint device, reducing the possibility of unencrypted keyboard data being logged by a keylogger application running on the endpoint device. The techniques employ an encryption filter communicably coupled between a keyboard and the endpoint device. The encryption filter receives unencrypted keyboard data from the keyboard, encrypts the keyboard data, and provides the encrypted keyboard data to the operating system of the endpoint device. The techniques can be employed in association with a back-end data processing center of a security standard compliant organization, which can receive the encrypted keyboard data from the endpoint device, and decrypt the keyboard data for use on a host system. In this way, access and/or storage of unencrypted keyboard data at the endpoint device can be avoided.

公开(公告)号：US20150169892A1

公开(公告)日：2015-06-18

申请号：US14632601

申请日：2015-02-26

Applicant: Citrix Systems, Inc.

Inventor： Joseph Nord ,  Benjamin Elliot Tucker ,  Timothy Gaylor

IPC: G06F21/62 ,  H04L9/08 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F9/00 ,  G06F17/30 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0869 ,  H04L9/12 ,  H04L63/064 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/105

Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.

Abstract translation: 基于加密的数据访问管理可以包括各种过程。 在一个示例中，设备可以向存储加密数据的数据存储服务器发送用于将加密数据解密的用户认证请求。 然后，计算设备可以接收与用户的认证请求相关联的验证令牌，指示用户被认证到域的验证令牌。 随后，计算设备可以将验证令牌发送到与数据存储服务器不同的第一密钥服务器。 然后，响应于发送验证令牌，计算设备可以从第一密钥服务器接收解密加密数据所需的密钥。 然后，设备可以使用密钥对加密数据的至少一部分进行解密。