Patents by Inventor Richard Hayton
Richard Hayton has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11232190Abstract: A method for providing an attestation for enabling a device to attest to an assertion concerning the device, comprising: generating an attestation identifier and a base-secret code corresponding to the attestation identifier; providing the attestation identifier and a validation-secret code to a validation apparatus for storage in conjunction with the assertion, wherein the validation-secret code is based on the base-secret code; providing the attestation identifier and a device-secret code to a manufacturer or adapter for provision to a device, wherein the device-secret code is based on the base-secret code.Type: GrantFiled: October 4, 2019Date of Patent: January 25, 2022Assignee: Trustonic LimitedInventor: Richard Hayton
-
Patent number: 11153344Abstract: To establish a first protected communication channel between a device D and a first server S, a symmetric key KS is derived at the device D, based on a device identifying key KD and public key information dependent on a first server public key Spublic of the first server S. The symmetric key KS is derived in a corresponding way at a second server T. The symmetric key KS is transmitted from the second server T to the first server S on a second protected communication channel. Communication on the first protected communication channel between the device D and the first server S is protected using a communication key KC which is dependent on the symmetric key KS. This can enable a device D lacking support for asymmetric key cryptography to securely enter into communication with the first server S.Type: GrantFiled: September 12, 2019Date of Patent: October 19, 2021Assignee: TRUSTONIC LIMITEDInventor: Richard Hayton
-
Patent number: 10680812Abstract: A method for validating an electronic device 2 includes receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations. Each event attestation provides a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device. A validation result is determined that indicates whether the attestation information is valid. Providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.Type: GrantFiled: November 21, 2017Date of Patent: June 9, 2020Assignee: Trustonic LimitedInventors: Richard Hayton, Chris Loreskar, Donald Kenneth Felton
-
Publication number: 20200143031Abstract: A method for providing an attestation for enabling a device to attest to an assertion concerning the device, comprising: generating an attestation identifier and a base-secret code corresponding to the attestation identifier; providing the attestation identifier and a validation-secret code to a validation apparatus for storage in conjunction with the assertion, wherein the validation-secret code is based on the base-secret code; providing the attestation identifier and a device-secret code to a manufacturer or adapter for provision to a device, wherein the device-secret code is based on the base-secret code.Type: ApplicationFiled: October 4, 2019Publication date: May 7, 2020Inventor: Richard HAYTON
-
Publication number: 20200092330Abstract: To establish a first protected communication channel between a device D and a first server S, a symmetric key KS is derived at the device D, based on a device identifying key KD and public key information dependent on a first server public key Spublic, of the first server S. The symmetric key KS is derived in a corresponding way at a second server T. The symmetric key KS is transmitted from the second server T to the first server S on a second protected communication channel. Communication on the first protected communication channel between the device D and the first server S is protected using a communication key KC which is dependent on the symmetric key KS. This can enable a device D lacking support for asymmetric key cryptography to securely enter into communication with the first server S.Type: ApplicationFiled: September 12, 2019Publication date: March 19, 2020Inventor: Richard HAYTON
-
Patent number: 10346622Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.Type: GrantFiled: June 27, 2017Date of Patent: July 9, 2019Assignee: Citrix Systems, Inc.Inventors: Gary Barton, Richard Hayton, Andrew Carnegie Innes, Georgy Momchilov
-
Patent number: 10277606Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.Type: GrantFiled: March 2, 2018Date of Patent: April 30, 2019Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Georgy Momchilov, Gary Barton, Andrew Innes
-
Patent number: 10225363Abstract: Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session.Type: GrantFiled: August 23, 2016Date of Patent: March 5, 2019Assignee: Citrix Systems, Inc.Inventors: Joseph Nord, Richard Hayton
-
Patent number: 10050966Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.Type: GrantFiled: September 2, 2016Date of Patent: August 14, 2018Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Ajay Soni, Abhishek Chauhan, Rajiv Sinha, Minoo Gupta
-
Publication number: 20180198604Abstract: A method for validating an electronic device 2 comprises receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations, each event attestation providing a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device, and determining a validation result indicating whether the attestation information is valid. By providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device, this can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.Type: ApplicationFiled: November 21, 2017Publication date: July 12, 2018Inventors: Richard HAYTON, Chris LORESKAR, Donald Kenneth FELTON
-
Publication number: 20180191731Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.Type: ApplicationFiled: March 2, 2018Publication date: July 5, 2018Inventors: Richard Hayton, Georgy Momchilov, Gary Barton, Andrew Innes
-
Patent number: 9948657Abstract: Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for a software application may be received at an application store. Subsequently, the software application may be configured, at the application store, based on a single sign-on credential. The configured software application then may be provided, by the application store, to at least one recipient device associated with the single sign-on credential.Type: GrantFiled: June 22, 2016Date of Patent: April 17, 2018Assignee: Citrix Systems, Inc.Inventors: Kevin Batson, Richard Hayton
-
Patent number: 9942240Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.Type: GrantFiled: July 21, 2015Date of Patent: April 10, 2018Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Georgy Momchilov, Gary Barton, Andrew Innes
-
Patent number: 9860149Abstract: Methods, systems, and computer-readable media for providing monitoring of data servers are presented. In some embodiments, a computing platform may receive, from a computing device, a first polling request associated with a user account, while a client proxy associated with the user account is operating in a passive mode. Subsequently, the computing platform may forward the first polling request to a server associated with the user account. Next, the computing platform may detect that the computing device is asleep. In response to detecting that the computing device is asleep, the computing platform may initiate an active mode of the client proxy. Subsequently, the computing platform may send a second polling request to the server. Thereafter, the computing platform may determine to wake the computing device based on a polling response. In response to determining to wake the computing device, the computing platform may send, to the computing device, a notification.Type: GrantFiled: August 11, 2015Date of Patent: January 2, 2018Assignee: Citrix Systems, Inc.Inventor: Richard Hayton
-
Publication number: 20170293767Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.Type: ApplicationFiled: June 27, 2017Publication date: October 12, 2017Inventors: Gary Barton, Richard Hayton, Andrew Carnegie Innes, Georgy Momchilov
-
Patent number: 9729520Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.Type: GrantFiled: May 5, 2015Date of Patent: August 8, 2017Assignee: Citrix Systems, Inc.Inventors: Gary Barton, Richard Hayton, Andrew Innes, Georgy Momchilov
-
Patent number: 9628448Abstract: Methods and systems for authenticating users of client devices to allow access of resources and services in enterprise systems are described herein. An authentication device may validate a user based on authentication credentials received from a client device. Validation data stored by the authentication device, and a corresponding access token transmitted to the client device, may be used to authenticate the user for future resource access requests. A user secret also may be stored by the authentication device and used to validate the user for future resource access requests. Additionally, after validating a user with a first set of authentication credentials, additional sets of credentials for the user may be retrieved and stored at an access gateway for future requests to access other services or resources in an enterprise system.Type: GrantFiled: August 1, 2015Date of Patent: April 18, 2017Assignee: Citrix Systems, Inc.Inventor: Richard Hayton
-
Patent number: 9584515Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.Type: GrantFiled: April 30, 2014Date of Patent: February 28, 2017Assignee: Citrix Systems, Inc.Inventors: Richard Hayton, Andrew Innes
-
Publication number: 20170048125Abstract: Methods, systems, and computer-readable media for providing monitoring of data servers are presented. In some embodiments, a computing platform may receive, from a computing device, a first polling request associated with a user account, while a client proxy associated with the user account is operating in a passive mode. Subsequently, the computing platform may forward the first polling request to a server associated with the user account. Next, the computing platform may detect that the computing device is asleep. In response to detecting that the computing device is asleep, the computing platform may initiate an active mode of the client proxy. Subsequently, the computing platform may send a second polling request to the server. Thereafter, the computing platform may determine to wake the computing device based on a polling response. In response to determining to wake the computing device, the computing platform may send, to the computing device, a notification.Type: ApplicationFiled: August 11, 2015Publication date: February 16, 2017Inventor: Richard Hayton
-
Publication number: 20170048350Abstract: Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session.Type: ApplicationFiled: August 23, 2016Publication date: February 16, 2017Inventors: Joseph Nord, Richard Hayton