Systems and methods for performing load balancing and message routing for short message peer to peer protocol
US-9538345-B2 · Jan 3, 2017 · US
Systems and methods providing connection lease anti-theft features for virtual computing sessions
US11212113B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212113-B2 |
| Application number | US-201916416452-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 20, 2019 |
| Priority date | May 20, 2019 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computing device may include a memory and a processor cooperating with the memory and configured to receive a connection request from a client device having a public/private encryption key pair associated therewith. The connection request may be based upon a connection lease and the public key for the client device, and the connection lease may be generated based upon an authenticated version of the public key for the client device. The processor may also be configured to verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device and authorize a connection with the client device and provide the client device with access to a virtual computing session via the connection.
First claim
Opening claim text (preview).
That which is claimed is: 1. A computing device comprising: a memory and a processor cooperating with the memory and configured to receive a connection request from a client device having a public/private encryption key pair associated therewith, the connection request based upon a connection lease and the public key for the client device, and the connection lease including an authenticated version of the public key for the client device so that the connection lease is specific to the client device; verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device; and authorize the connection with the client device and provide the client device with access to a virtual computing session via the connection. 2. The computing device of claim 1 wherein the processor is further configured to, prior to authorizing the connection with the client device: initiate a challenge to be signed by the client device with the private key associated with the client device; and validate the signed response with the public key for the client device. 3. The computing device of claim 2 wherein the processor initiates the challenge and validates the signed response prior to verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 4. The computing device of claim 2 wherein, prior to the challenge and response, the processor is further configured to validate a signature and date associated with the connection lease, and validate that the public key is valid. 5. The computing device of claim 2 wherein the processor initiates the challenge and validates the signed response after verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 6. The computing device of claim 1 wherein the connection lease includes a hash of the authenticated version of the public key for the client device. 7. The computing device of claim 1 wherein the public/private key pair is generated at the client device using a hardware-backed key store. 8. The computing device of claim 1 wherein the processor is further configured to drop the connection with the client device based on a failure to verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 9. A method comprising: receiving a connection request at a virtual delivery appliance from a client device having a public/private encryption key pair associated therewith, the connection request being based upon a connection lease and the public key for the client device, and the connection lease including an authenticated version of the public key for the client device so that the connection lease is specific to the client device; verifying at the virtual delivery appliance that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device; and authorizing a connection with the client device and providing the client device with access to a virtual computing session via the connection. 10. The method of claim 9 further comprising, prior to authorizing the connection with the client device: initiating a challenge from the virtual delivery appliance to be signed by the client device with the private key associated with the client device; and validating at the virtual delivery appliance the signed response with the public key for the client device. 11. The method of claim 10 wherein initiating and validating comprise initiating the challenge and validating the signed response prior to verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 12. The method of claim 10 wherein initiating and validating comprise initiating the challenge and validating the signed response after verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 13. The method of claim 9 wherein the public key for the client device is registered with a broker; and further comprising validating, at the virtual delivery appliance, that the public key for the client device is registered with the broker prior to verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 14. The method of claim 9 wherein the connection lease includes a hash of the authenticated version of the public key for the client device. 15. A computing system comprising: a server configured to generate a connection lease for a client device, the client device having a public/private encryption key pair associated therewith, and the connection lease including an authenticated version of the public key for the client device so that the connection lease is specific to the client device; and a virtual delivery appliance configured to receive a connection request from the client device based upon the connection lease and the public key for the client device, verify that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device, authorize a connection with the client device and provide the client device with access to a virtual computing session via the connection. 16. The computing system of claim 15 wherein the virtual delivery appliance is further configured to, prior to authorizing the connection with the client device: initiate a challenge to be signed by the client device with the private key associated with the client device; and validate the signed response with the public key for the client device. 17. The computing system of claim 16 wherein the virtual delivery appliance initiates the challenge and validates the signed response prior to verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 18. The computing system of claim 16 wherein the virtual delivery appliance initiates the challenge and validates the signed response after verifying that the authenticated version of the public key upon which the connection lease was generated matches the public key for the client device. 19. The computing system of claim 15 wherein the server has a public/private key pair associated therewith; wherein generated connection lease is signed with the server private key; wherein the virtual delivery appliance is further configured to, upon receiving the connection lease, verify the connection lease signature and also perform a challenge-response with the client device based upon an authenticated version of the server public key. 20. The computing system of claim 15 wherein the authenticated version of the public key is obtained following authentication from the client device to the server; and wherein the server receives the authenticated version of the public key from the client device and generates the connection lease for the client device responsive thereto. 21. The computing system of claim 15 wherein the connection lease comprises an encrypted payload and an unencrypted manifest; and wherein the authenticated version of the public key is included within the unencrypted manifest
Assignees
Inventors
Classifications
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Remote windowing, e.g. X-Window System, desktop virtualisation (protocols for virtual reality H04L67/131) · CPC title
Session management (for real-time applications in data packet communications networks H04L65/1066) · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212113B2 cover?
- A computing device may include a memory and a processor cooperating with the memory and configured to receive a connection request from a client device having a public/private encryption key pair associated therewith. The connection request may be based upon a connection lease and the public key for the client device, and the connection lease may be generated based upon an authenticated version…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).