Patents by Inventor Tom Kludy
Tom Kludy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838285Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. A hosted desktop may monitor activity on one or more ports on a local host interface. The hosted desktop may detect a call to initiate a single-sign-on from the hosted desktop into a website. The website may be associated with a one-time-use token. A public key of the website may be retrieved based on verification of the one-time-use token. An identity token corresponding to a user may be obtained and the identity token may be encrypted based on the public key of the website. The encrypted identity token may be provided to the website to establish the single-sign-on on behalf of the user with the website.Type: GrantFiled: August 18, 2022Date of Patent: December 5, 2023Assignee: Citrix Systems, Inc.Inventor: Tom Kludy
-
Publication number: 20220394027Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. A hosted desktop may monitor activity on one or more ports on a local host interface. The hosted desktop may detect a call to initiate a single-sign-on from the hosted desktop into a website. The website may be associated with a one-time-use token. A public key of the website may be retrieved based on verification of the one-time-use token. An identity token corresponding to a user may be obtained and the identity token may be encrypted based on the public key of the website. The encrypted identity token may be provided to the website to establish the single-sign-on on behalf of the user with the website.Type: ApplicationFiled: August 18, 2022Publication date: December 8, 2022Inventor: Tom Kludy
-
Patent number: 11470169Abstract: Aspects of the disclosure relate to wrapping continuation tokens to support paging for multiple servers across different geolocations. An enterprise server may receive a first request for a plurality of records, and the first request for the plurality of records may request a quantity of records exceeding a page size limit. In response to receiving the first request, the enterprise server may retrieve a first set of records comprising a first number of records equal to the page size limit. The enterprise server may generate a first wrapped continuation token comprising location information identifying a geographic location of a first server where a next set of records is to be retrieved. Finally, the enterprise server may send, to the client device, the first set of records and the first wrapped continuation token, which may cause the client device to process the first set of records.Type: GrantFiled: May 22, 2020Date of Patent: October 11, 2022Assignee: Citrix Systems, Inc.Inventors: Jose Reyes, Tom Kludy
-
Patent number: 11457007Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.Type: GrantFiled: September 9, 2020Date of Patent: September 27, 2022Assignee: Citrix Systems, Inc.Inventor: Tom Kludy
-
Publication number: 20220200999Abstract: Methods and systems for secure authentication of users based on unique device identifiers are described herein. A computing device may receive, from a user device, a device registration. The device registration may comprise authentication credentials, device information, and/or a public key. Based on the authentication credentials and/or the device information, a unique device identifier may be generated. A token may be generated based on the unique device identifier and sent to the user device. A request for content may be received from the user device. A nonce may be sent to the user device. The token and a signed version of the nonce may be received from the user device. The nonce may have been signed using a private key corresponding to the public key. Access to the content may be provided based on the token, the unique device identifier, and/or the signed version of the nonce.Type: ApplicationFiled: October 6, 2021Publication date: June 23, 2022Inventors: Feng Huang, Ricardo Fernando Feijoo, Tom Kludy, John Gavin Ashman
-
Patent number: 11171964Abstract: Methods and systems for secure authentication of users based on unique device identifiers are described herein. A computing device may receive, from a user device, a device registration. The device registration may comprise authentication credentials, device information, and/or a public key. Based on the authentication credentials and/or the device information, a unique device identifier may be generated. A token may be generated based on the unique device identifier and sent to the user device. A request for content may be received from the user device. A nonce may be sent to the user device. The token and a signed version of the nonce may be received from the user device. The nonce may have been signed using a private key corresponding to the public key. Access to the content may be provided based on the token, the unique device identifier, and/or the signed version of the nonce.Type: GrantFiled: December 23, 2020Date of Patent: November 9, 2021Assignee: Citrix Systems, Inc.Inventors: Feng Huang, Ricardo Fernando Feijoo, Tom Kludy, John Gavin Ashman
-
Patent number: 10885028Abstract: Methods and devices for searching and aggregating data in a distributed cloud computing environment are provided. In some embodiments, a request from a client to perform a data transaction is received by a first server. The first server simultaneously spawns a plurality of threads, each thread sending to a different server of a plurality of servers the request to perform the data transaction. A response indicating whether the data transaction was performed by the server is received by the first server and from each server of the plurality of servers. In response to an indication that the data transaction was performed by one or more servers of the plurality of servers and when the data transaction is a get transaction: data corresponding to the data transaction is received by the first server and from the one more servers, the data received from the one or more servers is aggregated by the first server to form combined data, and the first server sends the combined data to the client.Type: GrantFiled: January 19, 2018Date of Patent: January 5, 2021Assignee: Citrix Systems, Inc.Inventors: Jose Reyes, Tom Kludy, Ricardo Fernando Feijoo
-
Publication number: 20200412710Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.Type: ApplicationFiled: September 9, 2020Publication date: December 31, 2020Inventor: Tom Kludy
-
Patent number: 10805283Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.Type: GrantFiled: June 18, 2018Date of Patent: October 13, 2020Assignee: Citrix Systems, Inc.Inventor: Tom Kludy
-
Publication number: 20200287979Abstract: Aspects of the disclosure relate to wrapping continuation tokens to support paging for multiple servers across different geolocations. An enterprise server may receive a first request for a plurality of records, and the first request for the plurality of records may request a quantity of records exceeding a page size limit. In response to receiving the first request, the enterprise server may retrieve a first set of records comprising a first number of records equal to the page size limit. The enterprise server may generate a first wrapped continuation token comprising location information identifying a geographic location of a first server where a next set of records is to be retrieved. Finally, the enterprise server may send, to the client device, the first set of records and the first wrapped continuation token, which may cause the client device to process the first set of records.Type: ApplicationFiled: May 22, 2020Publication date: September 10, 2020Inventors: Jose Reyes, Tom Kludy
-
Patent number: 10701161Abstract: Aspects of the disclosure relate to wrapping continuation tokens to support paging for multiple servers across different geolocations. An enterprise server may receive a first request for a plurality of records, and the first request for the plurality of records may request a quantity of records exceeding a page size limit. In response to receiving the first request, the enterprise server may retrieve a first set of records comprising a first number of records equal to the page size limit. The enterprise server may generate a first wrapped continuation token comprising location information identifying a geographic location of a first server where a next set of records is to be retrieved. Finally, the enterprise server may send, to the client device, the first set of records and the first wrapped continuation token, which may cause the client device to process the first set of records.Type: GrantFiled: August 28, 2017Date of Patent: June 30, 2020Assignee: Citrix Systems, Inc.Inventors: Jose Reyes, Tom Kludy
-
Publication number: 20190386980Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.Type: ApplicationFiled: June 18, 2018Publication date: December 19, 2019Inventor: Tom Kludy
-
Patent number: 10382293Abstract: Methods, systems, computer-readable media, and apparatuses method for integrating a cloud service under development with a production cloud system that includes at least one production service. A first scope is assigned for use in testing the first cloud service under development with the production cloud system, in which the first scope restricts access of the first cloud service under development to the production cloud system. A first user of the production cloud system is assigned to the first scope. A second scope is assigned to services of the production cloud system, which does not restrict access of the services of the production cloud system. Access to the first cloud service under development and to the at least one production cloud service is provided to the first user. Other users of the production cloud system are not provided access to the first cloud service under development.Type: GrantFiled: May 22, 2017Date of Patent: August 13, 2019Assignee: Citrix Systems, Inc.Inventors: Tom Kludy, Luis Garcia Menchaca, Jose Reyes, Felipe Leon
-
Publication number: 20190228092Abstract: Methods and devices for searching and aggregating data in a distributed cloud computing environment are provided. In some embodiments, a request from a client to perform a data transaction is received by a first server. The first server simultaneously spawns a plurality of threads, each thread sending to a different server of a plurality of servers the request to perform the data transaction. A response indicating whether the data transaction was performed by the server is received by the first server and from each server of the plurality of servers. In response to an indication that the data transaction was performed by one or more servers of the plurality of servers and when the data transaction is a get transaction: data corresponding to the data transaction is received by the first server and from the one more servers, the data received from the one or more servers is aggregated by the first server to form combined data, and the first server sends the combined data to the client.Type: ApplicationFiled: January 19, 2018Publication date: July 25, 2019Applicant: Citrix Systems, Inc.Inventors: Jose Reyes, Tom Kludy, Ricardo Fernando Feijoo
-
Publication number: 20190068725Abstract: Aspects of the disclosure relate to wrapping continuation tokens to support paging for multiple servers across different geolocations. An enterprise server may receive a first request for a plurality of records, and the first request for the plurality of records may request a quantity of records exceeding a page size limit. In response to receiving the first request, the enterprise server may retrieve a first set of records comprising a first number of records equal to the page size limit. The enterprise server may generate a first wrapped continuation token comprising location information identifying a geographic location of a first server where a next set of records is to be retrieved. Finally, the enterprise server may send, to the client device, the first set of records and the first wrapped continuation token, which may cause the client device to process the first set of records.Type: ApplicationFiled: August 28, 2017Publication date: February 28, 2019Inventors: Jose Reyes, Tom Kludy
-
Publication number: 20180337835Abstract: Methods, systems, computer-readable media, and apparatuses method for integrating a cloud service under development with a production cloud system that includes at least one production service. A first scope is assigned for use in testing the first cloud service under development with the production cloud system, in which the first scope restricts access of the first cloud service under development to the production cloud system. A first user of the production cloud system is assigned to the first scope. A second scope is assigned to services of the production cloud system, which does not restrict access of the services of the production cloud system. Access to the first cloud service under development and to the at least one production cloud service is provided to the first user. Other users of the production cloud system are not provided access to the first cloud service under development.Type: ApplicationFiled: May 22, 2017Publication date: November 22, 2018Inventors: Tom Kludy, Luis Garcia Menchaca, Jose Reyes, Felipe Leon
-
Patent number: 9244700Abstract: The present invention is directed towards methods and systems for delivering applications from a desktop operating system. A delivery module may receive a request from a client device of a user for access to an application, and identify that a desktop session can host the requested application. An agent may extract presentation layer elements of the requested application from presentation layer elements of other components of the desktop session, and provide, via a presentation layer protocol, the isolated presentation layer elements in a first application session to the client device for display. The delivery module may receive a second request from the user for the application, identify that the application is hosted by the desktop session and delivered in the first application session, and provide a second application session of the application from the desktop session to the user responsive to the determination.Type: GrantFiled: May 6, 2011Date of Patent: January 26, 2016Assignee: Citrix Systems, Inc.Inventors: Ashish Gujarathi, Thierry Duchastel, Xiaodong Huang, Tom Kludy
-
Publication number: 20110276661Abstract: The present invention is directed towards methods and systems for delivering applications from a desktop operating system. A delivery module may receive a request from a client device of a user for access to an application, and identify that a desktop session can host the requested application. An agent may extract presentation layer elements of the requested application from presentation layer elements of other components of the desktop session, and provide, via a presentation layer protocol, the isolated presentation layer elements in a first application session to the client device for display. The delivery module may receive a second request from the user for the application, identify that the application is hosted by the desktop session and delivered in the first application session, and provide a second application session of the application from the desktop session to the user responsive to the determination.Type: ApplicationFiled: May 6, 2011Publication date: November 10, 2011Inventors: Ashish Gujarathi, Terry Duchastel, Xiaodong Huang, Tom Kludy