公开(公告)号：WO2018234885A9

公开(公告)日：2018-12-27

申请号：PCT/IB2018/053433

申请日：2018-05-16

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  GIRAUD, Jean-Luc

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  G06F21/31

Abstract: Systems and methods for secure storage and transmission of sensitive information in a cloud environment. The methods comprise: receiving sensitive information corresponding to a first resource associated with a first cloud, generating an encryption key for encrypting the sensitive information, encrypting the sensitive information using the encryption key, transmitting the encrypted sensitive information to a cloud connector via a first communication channel, and transmitting the encryption key to a configuration service. The configuration service is associated with a second cloud. The method may further comprise, by a cloud connector: receiving the encryption key from the second resource associated with the second cloud and using the encryption key to decrypt the encrypted sensitive information.

公开(公告)号：WO2021247451A1

公开(公告)日：2021-12-09

申请号：PCT/US2021/035051

申请日：2021-05-30

Applicant: CITRIX SYSTEMS, INC.

Inventor： MONRO, Robert ,  HUANG, Feng ,  SIDERIS, Aleksis ,  PASKULOV, Nikolay ,  FEIJOO, Ricardo Fernando

IPC: H04L29/06 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/102

Abstract: A method of providing access to digital resources using multiple user identities comprises receiving, from a client application, a first set of authentication tokens that authorize a user to acquire target data provided by a server application. The method further comprises receiving, from the client application, a second set of authentication tokens that authorize the same user to access a connected application. The method further comprises sending, to the server application, a first request to acquire the target data provided by the server application, the first request including the first set of authentication tokens and an identifier of the target data. The method further comprises receiving, from the server application, the target data. The method further comprises sending the target data from the application connector to the connected application in a second request that also includes the second set of authentication tokens.

公开(公告)号：WO2020033020A8

公开(公告)日：2020-02-13

申请号：PCT/US2019/029604

申请日：2019-04-29

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  GIRAUD, Jean-Luc

IPC: H04L29/06 ,  H04W12/04

Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.

公开(公告)号：WO2018234885A1

公开(公告)日：2018-12-27

申请号：PCT/IB2018/053433

申请日：2018-05-16

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  GIRAUD, Jean-Luc

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  G06F21/31

Abstract: Systems and methods for secure storage and transmission of sensitive information in a cloud environment. The methods comprise: receiving sensitive information corresponding to a first resource associated with a first cloud, generating an encryption key for encrypting the sensitive information, encrypting the sensitive information using the encryption key, transmitting the encrypted sensitive information to a cloud connector via a first communication channel, and transmitting the encryption key to a configuration service. The configuration service is associated with a second cloud. The method may further comprise, by a cloud connector: receiving the encryption key from the second resource associated with the second cloud and using the encryption key to decrypt the encrypted sensitive information.

公开(公告)号：WO2022140716A1

公开(公告)日：2022-06-30

申请号：PCT/US2021/072267

申请日：2021-11-05

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  FEIJOO, Ricardo Fernando ,  KLUDY, Tom ,  ASHMAN, John Gavin

IPC: G06F21/33 ,  H04L9/30 ,  H04L9/40

Abstract: Methods and systems for secure authentication of users based on unique device identifiers are described herein. A computing device may receive, from a user device, a device registration. The device registration may comprise authentication credentials, device information, and/or a public key. Based on the authentication credentials and/or the device information, a unique device identifier may be generated. A token may be generated based on the unique device identifier and sent to the user device. A request for content may be received from the user device. A nonce may be sent to the user device. The token and a signed version of the nonce may be received from the user device. The nonce may have been signed using a private key corresponding to the public key. Access to the content may be provided based on the token, the unique device identifier, and/or the signed version of the nonce.

公开(公告)号：WO2020146291A1

公开(公告)日：2020-07-16

申请号：PCT/US2020/012441

申请日：2020-01-07

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  COOPER, Andy

IPC: H04L29/06 ,  H04L29/12 ,  G06F21/57 ,  H04L29/08

Abstract: Methods and systems for securely using a web application to invoke an application to complete a task are described herein. The application may use identity information provided by the web application to determine whether to comply with requests from the web application. The web application may send the request to the application via a browser. The request may include the origin of the request in an origin header to prevent malicious websites from spoofing the origin of the request. The application may exchange information with a trust service to determine whether the web application domain is trusted and/or belongs to the same organization of the user.

公开(公告)号：WO2020102497A1

公开(公告)日：2020-05-22

申请号：PCT/US2019/061422

申请日：2019-11-14

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  COOPER, Andrew David

IPC: G06F21/30 ,  G06F21/33 ,  G06F21/62 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08

Abstract: A technique for performing authentication to a hybrid-cloud service includes selectively applying varying authentication requirements based on whether a client device can be confirmed to be connected to a private intranet. The technique includes operating a set of local agents on one or more computing machines on the intranet. When a client device requests access to the hybrid-cloud service, the client device attempts to contact one or more of the local agents. If the client device succeeds in contacting a local agent, then the client device is confirmed to be connected to the private intranet and receives relatively trusting treatment during authentication. However, if the client device fails to contact at least one local agent, the client device is not confirmed to be connected to the private intranet and receives relatively less trusting treatment.

公开(公告)号：WO2020046856A1

公开(公告)日：2020-03-05

申请号：PCT/US2019/048230

申请日：2019-08-27

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  LARGE, Ross

IPC: H04L29/08 ,  G06F9/455 ,  G06F9/50 ,  H04L12/46 ,  H04L29/06 ,  H04W8/08

Abstract: A client device may, as part of a remote access or cloud-based network environment, access a resource either by using a connection to a gateway or by using a connection that bypasses the gateway. Which connection is used may be based on the network location of the resources provided by the network environment and network location of the client device. For example, if the client device and a resource are located at the same network location or connected to the same local network, the client device may access the resource by using a connection that bypasses the gateway. If the client device and the resource are located at different network locations or are connected to different local networks, the client device may connect to the gateway to access the resource.

公开(公告)号：WO2017156004A1

公开(公告)日：2017-09-14

申请号：PCT/US2017/021166

申请日：2017-03-07

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  COOPER, Andrew David

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/44

Abstract: A computer in an untrusted cloud network functions as a cloud-based enterprise application store via which a client computer establishes a connection to an enterprise application in a trusted enterprise network. User authentications are performed in a login phase and subsequent application launch phase, each authentication receiving from the client and transmitting to the enterprise network an encrypted password and encrypted key, where the encrypted password is a user password encrypted under a first one-use symmetric key, and the encrypted key is the first symmetric key encrypted under a public key of a private/public key pair. The enterprise network decrypts the encrypted key and encrypted password to obtain the user password for authenticating the user. Launch-phase authentication includes use of a login ticket including a second one-use symmetric key under which the user password is encrypted and stored in encrypted form in the enterprise network.

Abstract translation: 不受信任的云网络中的计算机用作基于云的企业应用程序商店，客户端计算机通过该商店建立与可信企业网络中的企业应用程序的连接。 用户认证在登录阶段和随后的应用启动阶段执行，每次认证从客户端接收并且向企业网络发送加密的密码和加密的密钥，其中加密的密码是在第一次使用对称密钥下加密的用户密码 ，并且加密密钥是在私钥/公钥对的公钥下加密的第一对称密钥。 企业网络对加密的密钥和加密的密码进行解密，以获得用于对用户进行认证的用户密码。 启动阶段认证包括使用包含第二个一次性使用对称密钥的登录凭证，用户密码在该对称密钥下以加密形式加密并存储在企业网络中。

公开(公告)号：WO2018234886A1

公开(公告)日：2018-12-27

申请号：PCT/IB2018/053436

申请日：2018-05-16

Applicant: CITRIX SYSTEMS, INC.

Inventor： HUANG, Feng ,  GIRAUD, Jean-Luc

IPC: G06F21/31 ,  H04L9/08 ,  H04L29/06 ,  H04L29/08 ,  G06F9/50 ,  H04W12/06

Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.