公开(公告)号：US11456860B2

公开(公告)日：2022-09-27

申请号：US16878172

申请日：2020-05-19

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40 ,  H04L9/32 ,  G06F9/455 ,  H04L12/66 ,  H04L12/46 ,  H04L67/02 ,  H04L67/125 ,  H04L67/141 ,  H04L9/14 ,  H04L9/30 ,  H04L67/01 ,  H04L67/63

Abstract: A method may include establishing a transport layer session between a gateway appliance and at least one virtual delivery appliance, establishing a presentation layer session between the gateway appliance and the at least one virtual delivery appliance via the transport layer session, and establishing a connection lease exchange tunnel between the gateway appliance and the at least one virtual delivery appliance via the presentation layer session. The method further include receiving, at the at least one virtual delivery appliance, a connection lease from a client device via the gateway appliance through the connection lease exchange tunnel and validating the connection lease, and issuing a resource connection ticket at the at least one virtual delivery appliance to the client device through the connection lease exchange tunnel responsive to the validation.

公开(公告)号：US20200374239A1

公开(公告)日：2020-11-26

申请号：US16421846

申请日：2019-05-24

Applicant: CITRIX SYSTEMS, INC.

Inventor： GEORGY MOMCHILOV ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L12/911 ,  G06F9/451 ,  G06F9/455 ,  H04L29/08

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to access a plurality of connection lease templates corresponding to published resources stored in a shared memory. The processor may further be configured to provision connection leases for respective client devices using a connection lease issuing appliance based upon the stored connection lease templates. The connection leases may be provisioned on demand responsive to selection of the published resources by the client devices, and the connection leases may provide instructions for connecting the client devices to virtual computing sessions corresponding to the published resources.

公开(公告)号：US12177119B2

公开(公告)日：2024-12-24

申请号：US18319535

申请日：2023-05-18

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes ,  Leo C. Singleton, IV ,  Paul Browne ,  Kevin Woodmansee

IPC: H04L45/586 ,  H04L9/40 ,  H04L45/42 ,  H04L67/01 ,  H04L67/141

Abstract: A method may include storing and updating published resource entitlements for a plurality of client devices at a computing device. The method may also include using a plurality of virtual delivery appliances to receive connection requests from the client devices, with the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access, and request validation of the connection leases from the computing device. At the computing device, responsive to validation requests from the virtual delivery appliances, the connection leases may be compared to the updated published resource entitlements and validated based thereon. At the virtual delivery appliances, the client devices may be provided with access to virtual sessions corresponding to the published resource entitlements responsive to the virtual session request validations from the computing device.

公开(公告)号：US12126723B2

公开(公告)日：2024-10-22

申请号：US17448218

申请日：2021-09-21

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/32 ,  G06F8/65 ,  G06F9/451 ,  H04L9/30 ,  H04L9/40

CPC classification number: H04L9/3215 ,  G06F8/65 ,  G06F9/452 ,  H04L9/30 ,  H04L63/029

Abstract: A computing appliance may include a memory and a processor configured to cooperate with the memory to establish a first virtual session for an endpoint device over a first network connection. The endpoint device may have an endpoint public/private key pair associated therewith and configured to store a plurality of connection leases generated based upon the endpoint public key, and the first virtual session may be established responsive to a first one of the connection leases and authentication based upon the endpoint private key. The processor may further establish a second virtual session for the endpoint device to access through the first virtual session with another computing appliance over a second network connection responsive to a second one of the connection leases and authentication based upon the endpoint private key.

公开(公告)号：US11483255B2

公开(公告)日：2022-10-25

申请号：US17316821

申请日：2021-05-11

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L47/70 ,  H04L67/1097 ,  H04L67/142 ,  H04L67/01 ,  G06F9/451 ,  G06F9/455 ,  H04L67/141 ,  H04L67/146 ,  H04L67/55

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to receive connection leases providing instructions for connecting to computing sessions, and request connections to the computing sessions including the connection leases. Each connection lease may comprise a first component unique to a published resource, and a second component referenced by the first component and shared in common with a plurality of different published resources in other connection leases, with the second component being updateable independent of the first component.

公开(公告)号：US11509465B2

公开(公告)日：2022-11-22

申请号：US17448219

申请日：2021-09-21

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/08 ,  H04L67/141 ,  H04L9/40 ,  G06K19/07 ,  H04L67/568 ,  G06F12/0802

Abstract: A computing device may include a memory configured to store a group connection lease and a group user interface (UI) cache shared by different users within a user delivery group. The computing device may also include a processor coupled to the memory and configured to establish communications links with a plurality of smart card devices associated with different users within the user delivery group, initiate virtual sessions for the different users based upon the group connection lease responsive to establishing the communications links with the smart card devices, and launch the virtual sessions for the different users based upon the group UI cache.

公开(公告)号：US11469894B2

公开(公告)日：2022-10-11

申请号：US16739342

申请日：2020-01-10

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/32 ,  G06F9/451 ,  H04L9/08

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.

公开(公告)号：US11012374B2

公开(公告)日：2021-05-18

申请号：US16416481

申请日：2019-05-20

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L12/911 ,  G06F9/451 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06

Abstract: A computing device may include a memory and a processor cooperating with the memory and configured to generate connection leases for published resources selected by client devices. The connection leases may provide instructions for connecting the client devices to virtual computing sessions corresponding to the published resources. Each connection lease may include a published resource lease component unique to the selected published resource, and a common lease component shared by a plurality of different published resources.

公开(公告)号：US12034845B2

公开(公告)日：2024-07-09

申请号：US17447713

申请日：2021-09-15

Applicant: CITRIX SYSTEMS, INC.

Inventor： Georgy Momchilov ,  Hubert Divoux ,  Roberto Valdes

IPC: H04L9/08 ,  G06F12/0802 ,  G06K19/07 ,  H04L9/40 ,  H04L67/141 ,  H04L67/568

CPC classification number: H04L9/088 ,  G06F12/0802 ,  G06K19/0723 ,  H04L63/0815 ,  H04L67/141 ,  H04L67/568 ,  G06F2212/60

Abstract: A smart card may include a memory configured to store a user connection lease and user interface (UI) cache for a user and a private/public key pair of the smart card, with the user connection lease being bound to the private/public key pair of the smart card. The smart card may further include a processor coupled to the memory and configured to establish a communications link with a kiosk device to be shared by a plurality of different users, initiate a virtual session for the user at the kiosk device based upon the user connection lease and the private key responsive to establishing the communications link (with the smart card defining an endpoint for the virtual session authorization), and cause the kiosk device to launch the virtual session based upon the user UI cache.

公开(公告)号：US11469896B2

公开(公告)日：2022-10-11

申请号：US17351888

申请日：2021-06-18

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Roberto Valdes

IPC: H04L9/32 ,  H04L45/02 ,  H04L45/42 ,  H04L45/00

Abstract: Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.