Patents by Inventor Pierre Rafiq
Pierre Rafiq has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9686255Abstract: The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.Type: GrantFiled: July 21, 2010Date of Patent: June 20, 2017Assignee: Citrix Systems, Inc.Inventor: Pierre Rafiq
-
Patent number: 9363292Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.Type: GrantFiled: August 25, 2014Date of Patent: June 7, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Marco Murgia, Larry Tomlin, Ivan Bojer, Jong Kann, Pierre Rafiq
-
Patent number: 9344426Abstract: Techniques for accessing enterprise resources while providing denial-of-service attack protection may include receiving, at a gateway from a client device, a request for a resource, the request including a location identifier associated with the resource. Techniques may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message including the location identifier. Techniques may also include retrieving, after authentication of the credentials, the location identifier from the client device. Techniques may additionally include providing access to the resource based on the location identifier.Type: GrantFiled: December 26, 2013Date of Patent: May 17, 2016Assignee: Citrix Systems, Inc.Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Patent number: 9037712Abstract: The present invention is directed towards systems and methods for self-load balancing access gateways. The systems and methods include a master access gateway that receives load metrics and capabilities from a plurality of access gateways. The master access gateway also receives requests to determine if a request to start a new session is to be redirected to an access gateways. The master access gateways uses the load metrics and capabilities to select an access gateway to service the request.Type: GrantFiled: September 8, 2010Date of Patent: May 19, 2015Assignee: Citrix Systems, Inc.Inventors: Pierre Rafiq, Jong Kann
-
Publication number: 20150046997Abstract: A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.Type: ApplicationFiled: December 26, 2013Publication date: February 12, 2015Applicant: Citrix Systems, Inc.Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Publication number: 20140373090Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.Type: ApplicationFiled: August 25, 2014Publication date: December 18, 2014Applicant: CITRIX SYSTEMS, INC.Inventors: Marco Murgia, Larry Tomlin, Ivan Bojer, Jong Kann, Pierre Rafiq
-
Publication number: 20140366080Abstract: A method for providing secure remote access to an enterprise application store with enterprise applications for a service running on a mobile device includes receiving an authentication request with user credentials from an access manager on the mobile device. Authentication and a valid session cookie are provided if user credentials are valid. An access token request is received and an access token is provided in response to the token request if the token request includes the valid session cookie. An access request from the service is received and access to the enterprise application store by the service is allowed if the request includes the access token. The service may then download applications or receive applications delivered via the enterprise application store. The application management service can also access a publicly available application store.Type: ApplicationFiled: June 5, 2013Publication date: December 11, 2014Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Patent number: 8839346Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.Type: GrantFiled: July 21, 2010Date of Patent: September 16, 2014Assignee: Citrix Systems, Inc.Inventors: Marco Murgia, Larry Tomlin, Ivan Bojer, Jong Kann, Pierre Rafiq
-
Publication number: 20120059934Abstract: The present invention is directed towards systems and methods for self-load balancing access gateways. The systems and methods include a master access gateway that receives load metrics and capabilities from a plurality of access gateways. The master access gateway also receives requests to determine if a request to start a new session is to be redirected to an access gateways. The master access gateways uses the load metrics and capabilities to select an access gateway to service the request.Type: ApplicationFiled: September 8, 2010Publication date: March 8, 2012Inventors: Pierre Rafiq, Jong Kann
-
Publication number: 20120023558Abstract: The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.Type: ApplicationFiled: July 21, 2010Publication date: January 26, 2012Inventor: Pierre Rafiq
-
Publication number: 20120023554Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.Type: ApplicationFiled: July 21, 2010Publication date: January 26, 2012Inventors: Marco Murgia, Larry Tomlin, Ivan Bojer, Jong Kann, Pierre Rafiq