Patents by Inventor Andrew Innes

Andrew Innes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9531714
    Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: December 27, 2016
    Assignee: Citrix Systems, Inc.
    Inventors: Andrew Innes, Chris Mayers, Ajay Soni
  • Patent number: 9509692
    Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.
    Type: Grant
    Filed: August 24, 2015
    Date of Patent: November 29, 2016
    Assignee: Citrix Systems, Inc.
    Inventors: Andrew Innes, Chris Mayers
  • Patent number: 9306737
    Abstract: The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.
    Type: Grant
    Filed: May 18, 2012
    Date of Patent: April 5, 2016
    Assignee: Citrix Systems, Inc.
    Inventors: Richard Hayton, Andrew Innes
  • Publication number: 20160094546
    Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.
    Type: Application
    Filed: September 30, 2015
    Publication date: March 31, 2016
    Inventors: Andrew Innes, Chris Mayers, Hubert Divoux
  • Publication number: 20160094543
    Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.
    Type: Application
    Filed: September 30, 2015
    Publication date: March 31, 2016
    Inventors: Andrew Innes, Chris Mayers
  • Patent number: 9268466
    Abstract: The present disclosure features methods and systems for updating an application-centric interface or dock, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer to provide integration between remote (“published”) applications and their local counterparts. This functionality provides a seamless, unified user experience by allowing hosted applications to appear as if they are running locally in a dock interface, in the same way that local applications appear.
    Type: Grant
    Filed: October 5, 2010
    Date of Patent: February 23, 2016
    Assignee: Citrix Systems, Inc.
    Inventors: Georgy Momchilov, Andrew Innes, Kevin Harvey
  • Publication number: 20150381621
    Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.
    Type: Application
    Filed: June 27, 2014
    Publication date: December 31, 2015
    Inventors: Andrew Innes, Chris Mayers, Ajay Soni
  • Publication number: 20150365412
    Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.
    Type: Application
    Filed: August 24, 2015
    Publication date: December 17, 2015
    Inventors: Andrew Innes, Chris Mayers
  • Publication number: 20150319174
    Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.
    Type: Application
    Filed: April 30, 2014
    Publication date: November 5, 2015
    Applicant: Citrix Systems, Inc.
    Inventors: Richard Hayton, Andrew Innes
  • Publication number: 20150319144
    Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.
    Type: Application
    Filed: May 5, 2015
    Publication date: November 5, 2015
    Inventors: Gary Barton, Richard Hayton, Andrew Innes, Georgy Momchilov
  • Patent number: 9154488
    Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.
    Type: Grant
    Filed: May 3, 2013
    Date of Patent: October 6, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Andrew Innes, Chris Mayers
  • Patent number: 9152401
    Abstract: A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.
    Type: Grant
    Filed: May 3, 2010
    Date of Patent: October 6, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Richard Hayton, Andrew Innes
  • Patent number: 9075969
    Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.
    Type: Grant
    Filed: August 29, 2013
    Date of Patent: July 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventor: Andrew Innes
  • Patent number: 9075970
    Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.
    Type: Grant
    Filed: August 29, 2013
    Date of Patent: July 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventor: Andrew Innes
  • Publication number: 20140331297
    Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.
    Type: Application
    Filed: May 3, 2013
    Publication date: November 6, 2014
    Inventors: Andrew Innes, Chris Mayers
  • Publication number: 20140007212
    Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.
    Type: Application
    Filed: August 29, 2013
    Publication date: January 2, 2014
    Applicant: Citrix Systems, Inc.
    Inventor: Andrew Innes
  • Publication number: 20140007188
    Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user.
    Type: Application
    Filed: August 29, 2013
    Publication date: January 2, 2014
    Applicant: Citrix Systems, Inc.
    Inventor: Andrew Innes
  • Patent number: 8549596
    Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.
    Type: Grant
    Filed: February 13, 2009
    Date of Patent: October 1, 2013
    Assignee: Citrix Systems, Inc.
    Inventor: Andrew Innes
  • Publication number: 20120297189
    Abstract: The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.
    Type: Application
    Filed: May 18, 2012
    Publication date: November 22, 2012
    Applicant: CITRIX SYSTEMS, INC.
    Inventors: Richard Hayton, Andrew Innes
  • Patent number: 8042165
    Abstract: A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.
    Type: Grant
    Filed: January 14, 2005
    Date of Patent: October 18, 2011
    Assignee: Citrix Systems, Inc.
    Inventors: Andrew Innes, Chris Mayers, Mark James Syms, David John Otway