Cloud-based transactions methods and systems
US-9972005-B2 · May 15, 2018 · US
Computing system and methods providing session access based upon authentication token with different authentication credentials
US11469894B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11469894-B2 |
| Application number | US-202016739342-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 10, 2020 |
| Priority date | May 20, 2019 |
| Publication date | Oct 11, 2022 |
| Grant date | Oct 11, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.
First claim
Opening claim text (preview).
That which is claimed is: 1. A computing device comprising: a memory and a processor connected to the memory, the processor for obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and a Root of Trust (RoT), wherein the public encryption key is signed by the Root of Trust (RoT); obtaining from an identity platform and storing an authentication token in the memory based upon the bearer token and including a user identity of a user and the device identity of the computing device, the authentication token having an expiration; communicating the authentication token to a server; responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential; communicating a user credential to the server to validate that the user is associated with the user identity from the authentication token; accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token; communicating with the identity platform the authentication token after the expiration based upon the bearer token; and wherein the device credential comprises the public encryption key associated with the computing device. 2. The computing device of claim 1 wherein the user credential is stored in the memory at the computing device. 3. The computing device of claim 1 wherein the user credential is stored in a virtual smart card with an authentication service. 4. The computing device of claim 1 wherein the user and device credentials are stored in different locations. 5. The computing device of claim 1 wherein the authentication token comprises a polymorphic authentication token. 6. The computing device of claim 1 wherein the session comprises at least one of a Web application session, Software as a Service (SaaS) application session, virtual application session, and a virtual desktop session. 7. A method comprising: storing an authentication token fora computing device in a memory, the authentication token including a user identity of a user and a device identity of the computing device, and the authentication token having an expiration; and at the computing device, obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and a Root of Trust (RoT), wherein the public encryption key is signed by the Root of Trust (RoT); communicating the authentication token to a server responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential communicating a user credential to the server for validating that the user is associated with the user identity from the authentication token accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token; communicating with the identity platform for renewing the authentication token after the expiration based upon the bearer token; and wherein the device credential comprises the public encryption key associated with the computing device. 8. The method of claim 7 wherein the computing device communicates with the server to access the sessions further based upon a connection lease assigned to the computing device. 9. The method of claim 7 wherein the user and device credentials are stored in different locations. 10. A non-transitory computer-readable medium having computer-executable instructions for causing a computing device to perform steps comprising: obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and a Root of Trust (RoT), wherein the public encryption key is signed by the Root of Trust (RoT); obtaining from an identity platform and storing an authentication token at the computing device including a user identity of a user and a device identity of the computing device; communicating the authentication token to a server; responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential; communicating a user credential to the server to validate that the user is associated with the user identity from the authentication token; accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token; and communicating with the identity platform for renewing the authentication token after the expiration based upon the bearer token; and wherein the device credential comprises the public encryption key associated with the computing device. 11. The non-transitory computer-readable medium of claim 10 wherein the user credential is stored at the computing device. 12. The non-transitory computer-readable medium of claim 10 wherein the user credential is stored in a virtual smart card with an authentication service. 13. The non-transitory computer-readable medium of claim 10 wherein the user and device credentials are stored in different locations. 14. The non-transitory computer-readable medium of claim 10 wherein the authentication token comprises a polymorphic authentication token. 15. The non-transitory computer-readable medium of claim 10 wherein the session comprises at least one of a Web application session, Software as a Service (SaaS) application session, virtual application session, and a virtual desktop session.
Assignees
Inventors
Classifications
- H04L9/3213Primary
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
using challenge-response · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11469894B2 cover?
- A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 11 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).