Patents by Inventor Andrew Innes
Andrew Innes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9531714Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.Type: GrantFiled: June 27, 2014Date of Patent: December 27, 2016Assignee: Citrix Systems, Inc.Inventors: Andrew Innes, Chris Mayers, Ajay Soni
-
Patent number: 9509692Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.Type: GrantFiled: August 24, 2015Date of Patent: November 29, 2016Assignee: Citrix Systems, Inc.Inventors: Andrew Innes, Chris Mayers
-
Patent number: 9306737Abstract: The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.Type: GrantFiled: May 18, 2012Date of Patent: April 5, 2016Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Andrew Innes
-
Publication number: 20160094546Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.Type: ApplicationFiled: September 30, 2015Publication date: March 31, 2016Inventors: Andrew Innes, Chris Mayers, Hubert Divoux
-
Publication number: 20160094543Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.Type: ApplicationFiled: September 30, 2015Publication date: March 31, 2016Inventors: Andrew Innes, Chris Mayers
-
Patent number: 9268466Abstract: The present disclosure features methods and systems for updating an application-centric interface or dock, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer to provide integration between remote (“published”) applications and their local counterparts. This functionality provides a seamless, unified user experience by allowing hosted applications to appear as if they are running locally in a dock interface, in the same way that local applications appear.Type: GrantFiled: October 5, 2010Date of Patent: February 23, 2016Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Andrew Innes, Kevin Harvey
-
Publication number: 20150381621Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.Type: ApplicationFiled: June 27, 2014Publication date: December 31, 2015Inventors: Andrew Innes, Chris Mayers, Ajay Soni
-
Publication number: 20150365412Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.Type: ApplicationFiled: August 24, 2015Publication date: December 17, 2015Inventors: Andrew Innes, Chris Mayers
-
Publication number: 20150319174Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.Type: ApplicationFiled: April 30, 2014Publication date: November 5, 2015Applicant: Citrix Systems, Inc.Inventors: Richard Hayton, Andrew Innes
-
Publication number: 20150319144Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.Type: ApplicationFiled: May 5, 2015Publication date: November 5, 2015Inventors: Gary Barton, Richard Hayton, Andrew Innes, Georgy Momchilov
-
Patent number: 9154488Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.Type: GrantFiled: May 3, 2013Date of Patent: October 6, 2015Assignee: Citrix Systems, Inc.Inventors: Andrew Innes, Chris Mayers
-
Patent number: 9152401Abstract: A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.Type: GrantFiled: May 3, 2010Date of Patent: October 6, 2015Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Andrew Innes
-
Patent number: 9075969Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.Type: GrantFiled: August 29, 2013Date of Patent: July 7, 2015Assignee: Citrix Systems, Inc.Inventor: Andrew Innes
-
Patent number: 9075970Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.Type: GrantFiled: August 29, 2013Date of Patent: July 7, 2015Assignee: Citrix Systems, Inc.Inventor: Andrew Innes
-
Publication number: 20140331297Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.Type: ApplicationFiled: May 3, 2013Publication date: November 6, 2014Inventors: Andrew Innes, Chris Mayers
-
Publication number: 20140007212Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.Type: ApplicationFiled: August 29, 2013Publication date: January 2, 2014Applicant: Citrix Systems, Inc.Inventor: Andrew Innes
-
Publication number: 20140007188Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user.Type: ApplicationFiled: August 29, 2013Publication date: January 2, 2014Applicant: Citrix Systems, Inc.Inventor: Andrew Innes
-
Patent number: 8549596Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.Type: GrantFiled: February 13, 2009Date of Patent: October 1, 2013Assignee: Citrix Systems, Inc.Inventor: Andrew Innes
-
Publication number: 20120297189Abstract: The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.Type: ApplicationFiled: May 18, 2012Publication date: November 22, 2012Applicant: CITRIX SYSTEMS, INC.Inventors: Richard Hayton, Andrew Innes
-
Patent number: 8042165Abstract: A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.Type: GrantFiled: January 14, 2005Date of Patent: October 18, 2011Assignee: Citrix Systems, Inc.Inventors: Andrew Innes, Chris Mayers, Mark James Syms, David John Otway