Patents by Inventor Timothy Gaylor
Timothy Gaylor has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11558372Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.Type: GrantFiled: June 8, 2020Date of Patent: January 17, 2023Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20200304492Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client dvice may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.Type: ApplicationFiled: June 8, 2020Publication date: September 24, 2020Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Patent number: 10701065Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: GrantFiled: September 21, 2017Date of Patent: June 30, 2020Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20180026972Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: ApplicationFiled: September 21, 2017Publication date: January 25, 2018Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Patent number: 9805210Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.Type: GrantFiled: February 26, 2015Date of Patent: October 31, 2017Assignee: CITRIX SYSTEMS, INC.Inventors: Joseph Nord, Benjamin Elliot Tucker, Timothy Gaylor
-
Patent number: 9807086Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: GrantFiled: April 15, 2015Date of Patent: October 31, 2017Assignee: Citrix Systems, Inc.Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Patent number: 9690954Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: GrantFiled: September 16, 2015Date of Patent: June 27, 2017Assignee: Citrix Systems, Inc.Inventors: Joseph Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Publication number: 20160308858Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.Type: ApplicationFiled: April 15, 2015Publication date: October 20, 2016Inventors: Ola Nordstrom, Georgy Momchilov, Timothy Gaylor
-
Publication number: 20160004885Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: ApplicationFiled: September 16, 2015Publication date: January 7, 2016Inventors: Joseph Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Patent number: 9166787Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: GrantFiled: February 12, 2014Date of Patent: October 20, 2015Assignee: Citrix Systems, Inc.Inventors: Joseph Harry Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Publication number: 20150169892Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.Type: ApplicationFiled: February 26, 2015Publication date: June 18, 2015Inventors: Joseph Nord, Benjamin Elliot Tucker, Timothy Gaylor
-
Patent number: 8997197Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.Type: GrantFiled: December 12, 2012Date of Patent: March 31, 2015Assignee: Citrix Systems, Inc.Inventors: Joseph Nord, Benjamin Elliot Tucker, Timothy Gaylor
-
Publication number: 20140164774Abstract: Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.Type: ApplicationFiled: December 12, 2012Publication date: June 12, 2014Applicant: CITRIX SYSTEMS, INC.Inventors: Joseph Nord, Benjamin Elliot Tucker, Timothy Gaylor
-
Publication number: 20140164792Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: ApplicationFiled: February 12, 2014Publication date: June 12, 2014Applicant: CITRIX SYSTEMS, INC.Inventors: Joseph Harry Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Patent number: 8687814Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: GrantFiled: May 18, 2012Date of Patent: April 1, 2014Assignee: Citrix Systems, Inc.Inventors: Joseph Harry Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Publication number: 20120297206Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.Type: ApplicationFiled: May 18, 2012Publication date: November 22, 2012Applicant: CITRIX SYSTEMS, INC.Inventors: Joseph Harry Nord, Timothy Gaylor, Benjamin Elliot Tucker
-
Publication number: 20060242415Abstract: A secure mechanism for transparent key recovery for a user who has changed authentication information is disclosed. A password manager agent intercepts requests by a user to access secure resources that require user credentials. Upon detecting changed authentication information for the user, the password manager agent automatically regenerates the components of a cryptographic key associated with the user that was previously used to encrypt user credentials for the user and then destroyed. After regeneration of the original cryptographic key, the password manager agent uses the key to decrypt the user credentials necessary for the requested application. The regenerated key is then destroyed and the user credentials are re-encrypted by the password manager agent using a new cryptographic key associated with the user made up of multiple components.Type: ApplicationFiled: May 6, 2005Publication date: October 26, 2006Applicant: CITRIX SYSTEMS, INC.Inventor: Timothy Gaylor
-
Publication number: 20060161783Abstract: A mechanism for rapidly authenticating an interactive user in an operating system logon session based on a shared account by using a credential delivery application to enable permission-based access to a user's remote session from the shared account is disclosed. The present invention provides the ability to switch local interactive users, authenticate the new interactive user, and switch the remote session without requiring the client to first establish a new logon session tied to the new local interactive user. The present invention also alters the normal locking mechanism found in operating system logon sessions so as to restrict access to an interactive local user's applications (both local and remote) while still allowing the rapid switching of interactive users at the client device.Type: ApplicationFiled: January 14, 2005Publication date: July 20, 2006Applicant: Citrix Systems, Inc.Inventors: David Aiken, Timothy Gaylor, Thomas Dills