公开(公告)号：US11716406B2

公开(公告)日：2023-08-01

申请号：US17826746

申请日：2022-05-27

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Duncan Spencer Gabriel ,  Simon Frost ,  Ross Large

IPC: H04L67/5682 ,  G06F12/084 ,  H04L9/40 ,  G06F9/50 ,  G06F12/12 ,  H04L67/1008 ,  H04L67/306 ,  H04L67/51 ,  H04L67/568

CPC classification number: H04L67/5682 ,  G06F9/505 ,  G06F9/5072 ,  G06F12/084 ,  G06F12/12 ,  H04L63/10 ,  H04L67/1008 ,  H04L67/306 ,  H04L67/51 ,  H04L67/568 ,  G06F9/5077 ,  G06F2212/154

Abstract: Methods and systems for caching data for resources using a shared cache are described herein. The data may be stored in a configuration service, in the resources, or in the shared cache. The data stored in the configuration service may be modified. The data stored in the resources and in the shared cache may be updated according to the modified data in the configuration service. The data stored in the configuration service, in the resources, or in the shared cache may be used based on an operation mode.

公开(公告)号：US11363090B2

公开(公告)日：2022-06-14

申请号：US16694260

申请日：2019-11-25

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang

IPC: H04L67/02 ,  H04L67/01 ,  H04L67/1087 ,  H04L9/40

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to load a web application into a browser; generate a random character string; and access a Uniform Resource Identifier (URI) to trigger execution of a protocol handler. The protocol handler is registered with the operating system to handle the URI scheme. The URI includes the random character string. The at least one processor is further configured to cause the protocol handler to start a local client application and provide the random character string to the local client application. The at least one processor is further configured to cause the local client application to start a Hypertext Transfer Protocol (HTTP) listener on a local loopback HTTP endpoint configured for communication between the web application and the local client application. The pathname of the endpoint includes the random character string.

公开(公告)号：US11310034B2

公开(公告)日：2022-04-19

申请号：US16406910

申请日：2019-05-08

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Andy Cooper

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/60 ,  G06F21/62 ,  H04L9/32

Abstract: Described embodiments provide systems and methods for securing offline data for shared accounts of a shared computing device. Cache files can be generated for a plurality of users of an application executable on the device to store user data corresponding to individual users of the application. An encryption key can be generated for one or more of the cache files and the encryption key can be associated with at least one user of the application. The encryption key can be associated with a user identifier so that the encryption key is not accessible by other users of the computing device. The user data can be encrypted in one of the cache files with the encryption key. The encrypted user data can be presented to a user via the shared computing device based on receipt of a user identifier that enables access to the encryption key.

公开(公告)号：US20210377252A1

公开(公告)日：2021-12-02

申请号：US17113874

申请日：2020-12-07

Applicant: Citrix Systems, Inc.

Inventor： Robert Monro ,  Feng Huang ,  Aleksis Sideris ,  Nikolay Paskulov ,  Ricardo Fernando Feijoo

IPC: H04L29/06

Abstract: A method of providing access to digital resources using multiple user identities comprises receiving, from a client application, a first set of authentication tokens that authorize a user to acquire target data provided by a server application. The method further comprises receiving, from the client application, a second set of authentication tokens that authorize the same user to access a connected application. The method further comprises sending, to the server application, a first request to acquire the target data provided by the server application, the first request including the first set of authentication tokens and an identifier of the target data. The method further comprises receiving, from the server application, the target data. The method further comprises sending the target data from the application connector to the connected application in a second request that also includes the second set of authentication tokens.

公开(公告)号：US20210314409A1

公开(公告)日：2021-10-07

申请号：US17353152

申请日：2021-06-21

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Ross Large

IPC: H04L29/08 ,  H04L12/66

Abstract: A client device may, as part of a remote access or cloud-based network environment, access a resource either by using a connection to a gateway or by using a connection that bypasses the gateway. Which connection is used may be based on the network location of the resources provided by the network environment and network location of the client device. For example, if the client device and a resource are located at the same network location or connected to the same local network, the client device may access the resource by using a connection that bypasses the gateway. If the client device and the resource are located at different network locations or are connected to different local networks, the client device may connect to the gateway to access the resource.

公开(公告)号：US11122029B2

公开(公告)日：2021-09-14

申请号：US16246104

申请日：2019-01-11

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Andy Cooper

IPC: G06F21/62 ,  G06F21/45 ,  H04L29/06 ,  G06F9/455 ,  H04L9/32 ,  G06F21/71

Abstract: Methods and systems for securely using a web application to invoke an application to complete a task are described herein. The application may use identity information provided by the web application to determine whether to comply with requests from the web application. The web application may send the request to the application via a browser. The request may include the origin of the request in an origin header to prevent malicious websites from spoofing the origin of the request. The application may exchange information with a trust service to determine whether the web application domain is trusted and/or belongs to the same organization of the user.

公开(公告)号：US20210160303A1

公开(公告)日：2021-05-27

申请号：US16694260

申请日：2019-11-25

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang

IPC: H04L29/08 ,  H04L29/06

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to load a web application into a browser; generate a random character string; and access a Uniform Resource Identifier (URI) to trigger execution of a protocol handler. The protocol handler is registered with the operating system to handle the URI scheme. The URI includes the random character string. The at least one processor is further configured to cause the protocol handler to start a local client application and provide the random character string to the local client application. The at least one processor is further configured to cause the local client application to start a Hypertext Transfer Protocol (HTTP) listener on a local loopback HTTP endpoint configured for communication between the web application and the local client application. The pathname of the endpoint includes the random character string.

公开(公告)号：US11843593B2

公开(公告)日：2023-12-12

申请号：US17113874

申请日：2020-12-07

Applicant: Citrix Systems, Inc.

Inventor： Robert Monro ,  Feng Huang ,  Aleksis Sideris ,  Nikolay Paskulov ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0807 ,  H04L63/0815 ,  H04L63/0884 ,  H04L63/102

Abstract: A method of providing access to digital resources using multiple user identities comprises receiving, from a client application, a first set of authentication tokens that authorize a user to acquire target data provided by a server application. The method further comprises receiving, from the client application, a second set of authentication tokens that authorize the same user to access a connected application. The method further comprises sending, to the server application, a first request to acquire the target data provided by the server application, the first request including the first set of authentication tokens and an identifier of the target data. The method further comprises receiving, from the server application, the target data. The method further comprises sending the target data from the application connector to the connected application in a second request that also includes the second set of authentication tokens.

公开(公告)号：US11206253B2

公开(公告)日：2021-12-21

申请号：US16857390

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang

IPC: H04L29/06 ,  G06F21/33

Abstract: Aspects of the disclosure relate to processing systems using improved domain pass-through authentication techniques. A computing platform may send, to an external cloud computing platform, one or more registration requests that each may cause an RLS endpoint corresponding to each of a plurality of resource location connectors to be stored at the external cloud computing host platform. The computing platform may receive one or more requests for a resource location identifier. The computing platform may determine an accessible resource location connector and may send, to the user device, a corresponding resource location identifier. After receiving a pass-through authentication request, the computing platform may receive, from the ticketing service stored on the external cloud computing platform, a one-time ticket. The computing platform may send, to the user device, the one-time ticket, which may allow the user device to perform pass-through authentication with the external cloud computing platform.

公开(公告)号：US11075999B2

公开(公告)日：2021-07-27

申请号：US16114764

申请日：2018-08-28

Applicant: Citrix Systems, Inc.

Inventor： Feng Huang ,  Ross Large

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/66

Abstract: A client device may, as part of a remote access or cloud-based network environment, access a resource either by using a connection to a gateway or by using a connection that bypasses the gateway. Which connection is used may be based on the network location of the resources provided by the network environment and network location of the client device. For example, if the client device and a resource are located at the same network location or connected to the same local network, the client device may access the resource by using a connection that bypasses the gateway. If the client device and the resource are located at different network locations or are connected to different local networks, the client device may connect to the gateway to access the resource.