-
公开(公告)号:US09690954B2
公开(公告)日:2017-06-27
申请号:US14855824
申请日:2015-09-16
Applicant: Citrix Systems, Inc.
Inventor: Joseph Nord , Timothy Gaylor , Benjamin Elliot Tucker
IPC: H04L9/14 , G06F21/79 , G06F21/60 , G06F21/78 , G06F21/80 , H04L9/18 , G06F3/06 , H04L9/08 , H04L29/06
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
-
公开(公告)号:US11558372B2
公开(公告)日:2023-01-17
申请号:US16895467
申请日:2020-06-08
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.
-
公开(公告)号:US09166787B2
公开(公告)日:2015-10-20
申请号:US14178598
申请日:2014-02-12
Applicant: Citrix Systems, Inc.
Inventor: Joseph Harry Nord , Timothy Gaylor , Benjamin Elliot Tucker
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中,为用户创建虚拟硬盘,并使用卷密钥进行加密,并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部,从与用户对应的用户标识符创建的保护密钥,对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后,在加密管理员头文件后,保护密钥可能会被破坏,因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置,一个可访问用户,另一个可访问的管理员。 因此,保护密钥可能永远不会被传输或被拦截,并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。
-
公开(公告)号:US20150169892A1
公开(公告)日:2015-06-18
申请号:US14632601
申请日:2015-02-26
Applicant: Citrix Systems, Inc.
Inventor: Joseph Nord , Benjamin Elliot Tucker , Timothy Gaylor
CPC classification number: G06F21/6218 , G06F9/00 , G06F17/30 , G06F21/602 , H04L9/0861 , H04L9/0869 , H04L9/12 , H04L63/064 , H04L63/0807 , H04L63/083 , H04L63/105
Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
Abstract translation: 基于加密的数据访问管理可以包括各种过程。 在一个示例中,设备可以向存储加密数据的数据存储服务器发送用于将加密数据解密的用户认证请求。 然后,计算设备可以接收与用户的认证请求相关联的验证令牌,指示用户被认证到域的验证令牌。 随后,计算设备可以将验证令牌发送到与数据存储服务器不同的第一密钥服务器。 然后,响应于发送验证令牌,计算设备可以从第一密钥服务器接收解密加密数据所需的密钥。 然后,设备可以使用密钥对加密数据的至少一部分进行解密。
-
公开(公告)号:US20140164774A1
公开(公告)日:2014-06-12
申请号:US13712333
申请日:2012-12-12
Applicant: CITRIX SYSTEMS, INC.
Inventor: Joseph Nord , Benjamin Elliot Tucker , Timothy Gaylor
IPC: H04L9/08
CPC classification number: G06F21/6218 , G06F9/00 , G06F17/30 , G06F21/602 , H04L9/0861 , H04L9/0869 , H04L9/12 , H04L63/064 , H04L63/0807 , H04L63/083 , H04L63/105
Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
Abstract translation: 基于加密的数据访问管理可以包括各种过程。 在一个示例中,设备可以向存储加密数据的数据存储服务器发送用于将加密数据解密的用户认证请求。 然后,计算设备可以接收与用户的认证请求相关联的验证令牌,指示用户被认证到域的验证令牌。 随后,计算设备可以将验证令牌发送到与数据存储服务器不同的第一密钥服务器。 然后,响应于发送验证令牌,计算设备可以从第一密钥服务器接收解密加密数据所需的密钥。 然后,设备可以使用密钥对加密数据的至少一部分进行解密。
-
Patent Agency Ranking
公开(公告)号:US10701065B2
公开(公告)日:2020-06-30
申请号:US15710999
申请日:2017-09-21
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.
-
公开(公告)号:US09807086B2
公开(公告)日:2017-10-31
申请号:US14687737
申请日:2015-04-15
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
CPC classification number: H04L63/0846 , G06F21/31 , H04L9/3228 , H04L63/068 , H04L63/083
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.
-
公开(公告)号:US09805210B2
公开(公告)日:2017-10-31
申请号:US14632601
申请日:2015-02-26
Applicant: Citrix Systems, Inc.
Inventor: Joseph Nord , Benjamin Elliot Tucker , Timothy Gaylor
CPC classification number: G06F21/6218 , G06F9/00 , G06F17/30 , G06F21/602 , H04L9/0861 , H04L9/0869 , H04L9/12 , H04L63/064 , H04L63/0807 , H04L63/083 , H04L63/105
Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
-
9.发明申请AUTHENTICATION OF A CLIENT DEVICE BASED ON ENTROPY FROM A SERVER OR OTHER DEVICE 有权根据服务器或其他设备的入侵验证客户端设备公开(公告)号:US20160308858A1
公开(公告)日:2016-10-20
申请号:US14687737
申请日:2015-04-15
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
CPC classification number: H04L63/0846 , G06F21/31 , H04L9/3228 , H04L63/068 , H04L63/083
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.
Abstract translation: 这里描述了使用由服务器和/或与客户端设备配对的设备提供的熵来认证客户端设备的方法和系统。 该系统可以基于来自服务器和/或配对设备的数据产生静态熵和时间限制熵。 静态和时间有限的熵可以用于认证客户端设备(客户端设备的应用程序或用户)以及诸如由用户提供的PIN或密码的认证证书或熵。 时间有限的熵可能有一个到期时间。 如果时间有限的熵过期,则系统可以请求用户与服务器执行硬认证,例如通过提供用户名,密码和/或可选的双因素认证码等信息。
-
公开(公告)号:US20200304492A1
公开(公告)日:2020-09-24
申请号:US16895467
申请日:2020-06-08
Applicant: Citrix Systems, Inc.
Inventor: Ola Nordstrom , Georgy Momchilov , Timothy Gaylor
Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client dvice may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.
-
-
-
-
-
-
-
-
-
Search Results
14
records
(took 0.018 seconds)
