Systems and methods for secure handling of secure attention sequences

US 9,075,969 B2
Filed: 08/29/2013
Issued: 07/07/2015
Est. Priority Date: 02/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine, the method comprising:

receiving, by a desktop appliance, a secure attention sequence from a user, wherein the secure attention sequence is one of;

a first key combination of a control key, an alt key, and a delete key, a second key combination including a menu key, or a third key combination including an operating system specific meta key;

invoking, responsive to receiving the secure attention sequence from the user, execution by the desktop appliance of a user interaction component, wherein the desktop appliance passes control over display and input focus to the user interaction component;

receiving, by the invoked user interaction component, via the control passed, authentication credentials associated with the user;

receiving, by the user interaction component executed by the desktop appliance, a request for access to a hosted resource executing remotely from the desktop appliance, the hosted resource presented to the user as a resource executing locally to the desktop appliance;

transmitting, by the desktop appliance, to a broker service, the received authentication credentials;

authenticating, by the broker service, the user, responsive to the received authentication credentials;

transmitting, by the broker service, to a remote machine, authentication data associated with the received authentication credentials;

authenticating, by the remote machine, the user, responsive to the received authentication data; and

providing, by the remote machine, to the desktop appliance, access to the hosted resource.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.

11 Citations

20 Claims

1. A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine, the method comprising:
- receiving, by a desktop appliance, a secure attention sequence from a user, wherein the secure attention sequence is one of;
  
  a first key combination of a control key, an alt key, and a delete key, a second key combination including a menu key, or a third key combination including an operating system specific meta key;
  
  invoking, responsive to receiving the secure attention sequence from the user, execution by the desktop appliance of a user interaction component, wherein the desktop appliance passes control over display and input focus to the user interaction component;
  
  receiving, by the invoked user interaction component, via the control passed, authentication credentials associated with the user;
  
  receiving, by the user interaction component executed by the desktop appliance, a request for access to a hosted resource executing remotely from the desktop appliance, the hosted resource presented to the user as a resource executing locally to the desktop appliance;
  
  transmitting, by the desktop appliance, to a broker service, the received authentication credentials;
  
  authenticating, by the broker service, the user, responsive to the received authentication credentials;
  
  transmitting, by the broker service, to a remote machine, authentication data associated with the received authentication credentials;
  
  authenticating, by the remote machine, the user, responsive to the received authentication data; and
  
  providing, by the remote machine, to the desktop appliance, access to the hosted resource.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising executing, by the desktop appliance, a second user interaction component, responsive to identifying a key combination entered by a user requesting access to a security-critical task.
  - 3. The method of claim 1 further comprising establishing, by the desktop appliance, a connection with the remote machine.
  - 4. The method of claim 1 further comprising providing, by the remote machine, to the desktop appliance, access to a computing environment associated with the user.
  - 5. The method of claim 1 further comprising identifying, by the broker service, a remote machine providing access to secure desktop functionality requested by the user.

6. A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine, the method comprising:
- receiving, by a desktop appliance, a secure attention sequence from a user, wherein the secure attention sequence is one of;
  
  a first key combination of a control key, an alt key, and a delete key, a second key combination including a menu key, or a third key combination including an operating system specific meta key;
  
  invoking, responsive to receiving the secure attention sequence from the user, execution by the desktop appliance of a user interaction component, wherein the desktop appliance passes control over display and input focus to the user interaction component;
  
  receiving, by the invoked user interaction component, via the control passed, authentication credentials associated with the user;
  
  receiving, by the user interaction component executed by the desktop appliance, a request for access to a hosted resource executing remotely and presented to the user as a resource executing locally;
  
  authenticating, by the user interaction component, the user, responsive to the received authentication credentials;
  
  transmitting, by the desktop appliance, to a broker service, authentication data associated with the received authentication credentials;
  
  transmitting, by the broker service, to a remote machine, authentication data associated with the received authentication credentials;
  
  authenticating, by the remote machine, the user, responsive to the received authentication data; and
  
  providing, by the remote machine, to the desktop appliance, access to the hosted resource.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6 further comprising transmitting, to the broker service, an indication that the invoked user interaction component authenticated the user.
  - 8. The method of claim 6 further comprising transmitting, by the desktop appliance, to the remote machine, the authentication data.
  - 9. The method of claim 6 further comprising executing, by the desktop appliance, the user interaction component, responsive to identifying a key combination entered by a user requesting access to a security-critical task.
  - 10. The method of claim 6 further comprising establishing, by the desktop appliance, a connection with the remote machine.
  - 11. The method of claim 6 further comprising providing, by the remote machine, to the desktop appliance, access to a computing environment associated with the user.
  - 12. The method of claim 6 further comprising identifying, by the broker service, a remote machine providing access to secure desktop functionality requested by the user.

13. A system for authenticating, by a trusted component, a user of a desktop appliance to a remote machine comprising:
- a user interaction component executed by a desktop appliance configured to receive a secure attention sequence and, responsive to receiving the secure attention sequence, invoke the user interaction component, wherein the desktop appliance passes control over display and input focus to the user interaction component, and the invoked user interaction component receives authentication credentials associated with a user via the passed control, and wherein the secure attention sequence is one of;
  
  a first key combination of a control key, an alt key, and a delete key, a second key combination including a menu key, or a third key combination including an operating system specific meta key;
  
  a broker service executing on a broker server, configured to receive the authentication credentials and authenticate the user; and
  
  a remote machine configured to receive, from the broker service, authentication data associated with the received authentication credentials, authenticate the user responsive to the received authentication data, establish a connection with the desktop appliance, provide, to the desktop appliance, access to a hosted resource executing remotely from the desktop appliance and presented to the user as though the hosted resource was executing locally to the desktop appliance,wherein the user interaction component directs display, at the desktop appliance, of output data generated by the executed hosted resource executing remotely.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the desktop appliance further comprises a transmitter for transmitting, to the broker service, the received authentication credentials.
  - 15. The system of claim 13, wherein the desktop appliance further comprises a transmitter for transmitting, to the broker service, authentication data associated with the received authentication credentials.
  - 16. The system of claim 13, wherein the user interaction component further comprises means for authenticating the user responsive to the received authentication credentials.
  - 17. The system of claim 16, wherein the desktop appliance further comprises a transmitter transmitting, to the broker service, an indication that the user interaction component authenticated the user.
  - 18. The system of claim 13 further comprising a trusted computing base in an operating system executed by the desktop appliance, the trusted computing base executing the user interaction component, responsive to receiving a secure attention sequence from the user.
  - 19. The system of claim 13 further comprising a broker interaction component executing on the desktop appliance and transmitting the authentication credentials to the broker service.
  - 20. The system of claim 13 further comprising a desktop connection component executing on the desktop appliance communicating with the remote machine across the established connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Innes, Andrew
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/013,765
Publication Number

US 20140007212A1
Time in Patent Office

677 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 67/08   specially adapted for termi...

Systems and methods for secure handling of secure attention sequences

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for secure handling of secure attention sequences

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others