Patent application number | Description | Published |
20090210934 | Systems and Methods for Secure Handling of Secure Attention Sequences - A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine. | 08-20-2009 |
20100107113 | METHODS AND SYSTEMS FOR PROVIDING A MODIFIABLE MACHINE BASE IMAGE WITH A PERSONALIZED DESKTOP ENVIRONMENT IN A COMBINED COMPUTING ENVIRONMENT - A method and system for modifying, in a combined computing environment, a machine base image having a personalized desktop environment includes executing an operating system associated with a base disk; intercepting, by a filter driver, an instruction from at least one of a plurality of resources to modify a setting stored in at least one of a file system and a registry, the plurality of resources executing inside an isolation environment; storing, in a delta disk, a copy of the modified setting; restarting the operating system; replacing the setting stored in the at least one of the file system and the registry with the copy of the modified setting stored on the delta disk; and restarting at least one operating system process incorporating the modified setting. | 04-29-2010 |
20100281528 | METHODS AND SYSTEMS FOR GENERATING AND DELIVERING AN INTERACTIVE APPLICATION DELIVERY STORE - A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application. | 11-04-2010 |
20110138295 | METHODS AND SYSTEMS FOR UPDATING A DOCK WITH A USER INTERFACE ELEMENT REPRESENTATIVE OF A REMOTE APPLICATION - The present disclosure features methods and systems for updating an application-centric interface or dock, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer to provide integration between remote (“published”) applications and their local counterparts. This functionality provides a seamless, unified user experience by allowing hosted applications to appear as if they are running locally in a dock interface, in the same way that local applications appear. | 06-09-2011 |
20120297189 | Systems and Methods for Secure Handling of Data - The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file. | 11-22-2012 |
20130179673 | METHODS AND SYSTEMS FOR PROVIDING A MODIFIABLE MACHINE BASE IMAGE WITH A PERSONALIZED DESKTOP ENVIRONMENT IN A COMBINED COMPUTING ENVIRONMENT - A method and system for modifying, in a combined computing environment, a machine base image having a personalized desktop environment includes executing an operating system associated with a base disk; intercepting, by a filter driver, an instruction from at least one of a plurality of resources to modify a setting stored in at least one of a file system and a registry, the plurality of resources executing inside an isolation environment; storing, in a delta disk, a copy of the modified setting; restarting the operating system; replacing the setting stored in the at least one of the file system and the registry with the copy of the modified setting stored on the delta disk; and restarting at least one operating system process incorporating the modified setting. | 07-11-2013 |
20140007188 | SYSTEMS AND METHODS FOR SECURE HANDLING OF SECURE ATTENTION SEQUENCES | 01-02-2014 |
20140007212 | SYSTEMS AND METHODS FOR SECURE HANDLING OF SECURE ATTENTION SEQUENCES | 01-02-2014 |
20150319144 | Facilitating Communication Between Mobile Applications - Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed. | 11-05-2015 |
20150319174 | Enterprise System Authentication and Authorization via Gateway - Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource. | 11-05-2015 |
20150381621 | Enterprise Authentication Via Third Party Authentication Support - Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential. The methods and systems may also include transmitting, by the computing device and in response to a successful validation of the first authentication credential, an approval of the request made by the client device application to authenticate via the forms login protocol. | 12-31-2015 |
Patent application number | Description | Published |
20140331297 | SECURED ACCESS TO RESOURCES USING A PROXY - A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature. | 11-06-2014 |
20150365412 | SECURED ACCESS TO RESOURCES USING A PROXY - A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature. | 12-17-2015 |
20160094543 | FEDERATED FULL DOMAIN LOGON - Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level. The virtual smart card may be created locally at the authentication server or on a separate server that may be highly protected. | 03-31-2016 |
20160094546 | FAST SMART CARD LOGON - Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching. | 03-31-2016 |