Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: Methods and systems for connecting client devices to anonymous sessions via helpers are described herein. One or more anonymous sessions may be generated on one or more target machines. Configuration information for generating an anonymous session may be used to initiate generation of the anonymous session on a target machine. A helper process may be created and associated with the anonymous session. A request to start a virtual application or desktop may be received from a client device, and the client device may be connected to the anonymous session on the target machine. The helper associated with the anonymous session may retrieve credentials associated with a user of the client device and/or may use the credentials associated with the user to start the virtual application or desktop on the target machine as the user.

Abstract: Systems and methods for automated address failover for a Computing Device (“CD”). The method comprise: accessing the Cloud Service (“CS”) by CD; performing system caching operations by CD to locally store (a) an offline copy of a StoreFront web UI for a main StoreFront provided by CS and (b) a plurality of Cloud Connector addresses; transmitting a silent request from a Receiver of an Application/Desktop delivery solution being executed by CD to each of the CS and the Cloud Connector addresses; operating the Receiver using an address for CS for web API calls to the main StoreFront, if CS responded to the silent request; and operating the Receiver or a Webview using one of the Cloud Connector addresses that is associated with a reachable Cloud Connector for web API calls to a backup StoreFront, if CS did not respond to the silent request.

Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.

Abstract: Systems and methods for automated address failover for a Computing Device (“CD”). The method comprise: accessing the Cloud Service (“CS”) by CD; performing system caching operations by CD to locally store (a) an offline copy of a StoreFront web UI for a main StoreFront provided by CS and (b) a plurality of Cloud Connector addresses; transmitting a silent request from a Receiver of an Application/Desktop delivery solution being executed by CD to each of the CS and the Cloud Connector addresses; operating the Receiver using an address for CS for web API calls to the main StoreFront, if CS responded to the silent request; and operating the Receiver or a Webview using one of the Cloud Connector addresses that is associated with a reachable Cloud Connector for web API calls to a backup StoreFront, if CS did not respond to the silent request.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.

Abstract: Virtual smart card system includes a virtual smart card server (VSS) which controls access to content respectively associated with a plurality of virtual smart cards. A remote client computer system includes a system level agent which establishes the client computer machine to the VSS as a trusted computer system. A user level agent at the client computer system responds to a request for a virtual smart card operation by causing the client computer system to obtain user authentication information, negotiate with the system level agent to obtain a cookie, and initiate a request to the VSS for the virtual smart card operation. The VSS will perform the virtual smart card operation provided that a security policy is satisfied and will communicate the results to the user level agent.

Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.

Abstract: Virtual smart card system includes a virtual smart card server (VSS) which controls access to content respectively associated with a plurality of virtual smart cards. A remote client computer system includes a system level agent which establishes the client computer machine to the VSS as a trusted computer system. A user level agent at the client computer system responds to a request for a virtual smart card operation by causing the client computer system to obtain user authentication information, negotiate with the system level agent to obtain a cookie, and initiate a request to the VSS for the virtual smart card operation. The VSS will perform the virtual smart card operation provided that a security policy is satisfied and will communicate the results to the user level agent.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.

Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.

Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.