Patents by Inventor Ola Nordstrom
Ola Nordstrom has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11558372Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.Type: GrantFiled: June 8, 2020Date of Patent: January 17, 2023Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20220247739Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.Type: ApplicationFiled: February 25, 2022Publication date: August 4, 2022Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Patent number: 11297055Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.Type: GrantFiled: April 24, 2020Date of Patent: April 5, 2022Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Patent number: 11288384Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: GrantFiled: May 27, 2020Date of Patent: March 29, 2022Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Ola Nordstrom
-
Publication number: 20210234853Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: ApplicationFiled: May 27, 2020Publication date: July 29, 2021Inventors: Georgy Momchilov, Ola Nordstrom
-
Publication number: 20200304492Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client dvice may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.Type: ApplicationFiled: June 8, 2020Publication date: September 24, 2020Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20200252394Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.Type: ApplicationFiled: April 24, 2020Publication date: August 6, 2020Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Patent number: 10701065Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: GrantFiled: September 21, 2017Date of Patent: June 30, 2020Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Patent number: 10699024Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: GrantFiled: July 11, 2018Date of Patent: June 30, 2020Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Ola Nordstrom
-
Patent number: 10673845Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.Type: GrantFiled: October 18, 2018Date of Patent: June 2, 2020Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Publication number: 20190052631Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.Type: ApplicationFiled: October 18, 2018Publication date: February 14, 2019Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Publication number: 20180322298Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: ApplicationFiled: July 11, 2018Publication date: November 8, 2018Inventors: Georgy Momchilov, Ola Nordstrom
-
Patent number: 10122709Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.Type: GrantFiled: May 10, 2016Date of Patent: November 6, 2018Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Patent number: 10049224Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: GrantFiled: March 10, 2017Date of Patent: August 14, 2018Assignee: Citrix Systems, Inc.Inventors: Georgy Momchilov, Ola Nordstrom
-
Publication number: 20180026972Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: ApplicationFiled: September 21, 2017Publication date: January 25, 2018Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Patent number: 9807086Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: GrantFiled: April 15, 2015Date of Patent: October 31, 2017Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20170185787Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: ApplicationFiled: March 10, 2017Publication date: June 29, 2017Inventors: Georgy Momchilov, Ola Nordstrom
-
Patent number: 9626525Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.Type: GrantFiled: December 30, 2015Date of Patent: April 18, 2017Assignee: CITRIX SYSTEMS, INC.Inventors: Georgy Momchilov, Ola Nordstrom
-
Publication number: 20160337346Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.Type: ApplicationFiled: May 10, 2016Publication date: November 17, 2016Inventors: Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
-
Publication number: 20160308858Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: ApplicationFiled: April 15, 2015Publication date: October 20, 2016Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor