公开(公告)号：US20180322298A1

公开(公告)日：2018-11-08

申请号：US16032673

申请日：2018-07-11

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/08 ,  G06F21/41 ,  G06F21/78 ,  G06F21/60 ,  G06F21/53 ,  G06F9/54

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US11558372B2

公开(公告)日：2023-01-17

申请号：US16895467

申请日：2020-06-08

Applicant: Citrix Systems, Inc.

Inventor： Ola Nordstrom ,  Georgy Momchilov ,  Timothy Gaylor

IPC: H04L9/40 ,  G06F21/31 ,  H04L9/32

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

公开(公告)号：US20200252394A1

公开(公告)日：2020-08-06

申请号：US16857750

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  H04W12/00 ,  H04W12/06

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

公开(公告)号：US20160191499A1

公开(公告)日：2016-06-30

申请号：US14983961

申请日：2015-12-30

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: H04L29/06

CPC classification number: G06F21/62 ,  G06F9/544 ,  G06F21/41 ,  G06F21/53 ,  G06F21/602 ,  G06F21/78 ,  H04L9/0822 ,  H04L9/0863 ,  H04L63/061 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0861

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract translation: 本公开的一些方面通常涉及在使用共享保险库的安全环境中在移动应用中提供单点登录功能。 应用可以提示用户提供用户熵，例如密码（例如密码和/或PIN）。 应用程序可以使用用户熵来解密用户熵加密的保管库密钥。 一旦文件库密钥解密，应用程序可能会解密共享保管库的保管库数据库。 共享保管库可以存储共享秘密，例如服务器凭证和解锁密钥。 应用程序可以存储解锁密钥，生成解锁密钥加密的保管库密钥，并使共享保管库存储解锁密钥加密的保管库密钥，从而“解锁”保管库。 然后，应用程序可以使用解锁密钥来解密保管库数据库，而不会提示用户再次提供用户熵。

公开(公告)号：US20200304492A1

公开(公告)日：2020-09-24

申请号：US16895467

申请日：2020-06-08

Applicant: Citrix Systems, Inc.

Inventor： Ola Nordstrom ,  Georgy Momchilov ,  Timothy Gaylor

IPC: H04L29/06 ,  G06F21/31 ,  H04L9/32

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client dvice may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

公开(公告)号：US10673845B2

公开(公告)日：2020-06-02

申请号：US16164258

申请日：2018-10-18

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  H04W12/00 ,  H04W12/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

公开(公告)号：US20180026972A1

公开(公告)日：2018-01-25

申请号：US15710999

申请日：2017-09-21

Applicant: Citrix Systems, Inc.

Inventor： Ola Nordstrom ,  Georgy Momchilov ,  Timothy Gaylor

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/31

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

公开(公告)号：US20160337346A1

公开(公告)日：2016-11-17

申请号：US15150558

申请日：2016-05-10

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  H04W12/06 ,  G06F21/34

CPC classification number: H04L63/0853 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  G06F2221/2139 ,  H04L9/0825 ,  H04L9/3247 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0846 ,  H04L63/0884 ,  H04W12/06

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract translation: 这里描述了用于认证通过设备访问一个或多个资源的用户的方法和系统。 认证可以基于或以其他方式依赖于多个设备。 例如，本文描述的方面针对用于从用户接收经由第一设备访问一个或多个资源的请求的系统和方法。 响应于接收到访问一个或多个资源的请求，第一设备可以例如向第二设备发送用户在第二设备处输入凭证的请求。 第一设备可以从第二设备接收凭证，并且第一设备可以基于所接收的凭证认证用户。 另外或替代地，第二设备可以基于用户凭证的输入来认证用户，并且第二设备可以向第一设备发送成功认证的指示。

公开(公告)号：US20210234853A1

公开(公告)日：2021-07-29

申请号：US16884667

申请日：2020-05-27

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ola Nordstrom

IPC: H04L29/06 ,  G06F21/41 ,  G06F21/62 ,  G06F21/78 ,  H04L9/08 ,  H04W12/06

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

公开(公告)号：US20190052631A1

公开(公告)日：2019-02-14

申请号：US16164258

申请日：2018-10-18

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  G06F21/41 ,  G06F21/83 ,  H04W12/06 ,  G06F21/34 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/0853 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  G06F2221/2139 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/3247 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0846 ,  H04L63/0884 ,  H04W12/0023 ,  H04W12/00403 ,  H04W12/06

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.