| Entries |
| Document | Title | Date |
|---|
| 20080216164 | METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS - A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value. | 09-04-2008 |
| 20080222713 | SYSTEM AND METHOD FOR AUTHENICATION TO AN APPLICATION - Authenticating a first user in a protected network to an application in a DMZ network shared simultaneously with a second user in an unprotected network. The first user supplies a userID and a password to a first server within the protected network for authentication for the application. The first server checks authentication of the first user based on the userID and password. If the first user is authentic, the first server forwards to the application an authentication key for the first user and a selection by the first user pertaining to the application. The application checks authentication of the key, and if authentic, complies with the selection by the first user. The second user supplies another userID and another password to the application. If the other userID and other password are authentic, the application complies with a selection made by the second user pertaining to the application. | 09-11-2008 |
| 20080235778 | COMMUNICATION NETWORK, AN ACCESS NETWORK ELEMENT AND A METHOD OF OPERATION THEREFOR - An access network element provides user equipment access to a network comprising a centralised authentication server. The access network element comprises an authentication processor which authenticates the access network element at the centralised authentication server. In addition, the access network element authenticates a first user equipment in response to the authentication of the access network element by the centralised authentication server. A communication processor supports a peer-to-peer first communication session for the first user equipment and a peer-to-peer second communication session with a second access network element which supports a peer-to-peer communication session with a second user equipment. Peer-to-peer communication between the first and second user equipments is supported by exchanging data between the first communication session and the second communication session. The invention may allow benefits of de-centralised peer-to-peer communications to be combined with existing centralised network architectures such as the Internet Protocol Multimedia Subsystem, IMS. | 09-25-2008 |
| 20080235779 | TRUSTED LOCAL SINGLE SIGN-ON - A method includes running on a computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured exclusively for interacting with multiple servers in respective secure communication sessions and is isolated from the first operating environment. Multiple server-specific credentials for authenticating a user of the computer to the respective servers, as well as a single set of master credentials for authenticating the user to the second operating environment, are stored in the second operating environment. | 09-25-2008 |
| 20080244718 | Systems and Methods for User Login - Systems and methods for login a user into a computing system are shown and described. The method can include receiving a request for an anonymous user login, creating an identifying tag responsive to the received request, creating a user account incorporating the identifying tag, and providing to the computing system the created user account to log into the computing system. | 10-02-2008 |
| 20080244719 | AUTHENTICATION PROCESSING METHOD AND SYSTEM - A plurality of authentication servers belonging to different domains are connected to achieve a Single Sign-On using two cookies in two management systems. | 10-02-2008 |
| 20080271129 | Single sign-on functionality for secure communications over insecure networks - Techniques for identity techniques for single sign-on functionality for secure communications over insecure networks are provided. A principal achieves single sign-on access to a server via a client by initially authenticating to third-party authentication service. Next, a credentialing service supplies a randomly generated credential to the client and the server unbeknownst to the principal. The principal is then equipped to engage in secure communicates over an insecure network using the credential that is managed by services of the client to authenticate to services of the server in a fashion that the principal is unaware of. | 10-30-2008 |
| 20080282333 | IMAGE FORMING APPARATUS UNIFYING MANAGEMENT FOR USE OF IMAGE FORMING APPARATUS AND USE OF WEB SERVICE - An MFP stores information of a web service for permitting use with respect to each user, and information for limiting a use of its function. When there is a web service allowed to be used by the logged in user, its list is displayed. When a linked function with the selected web service is not allowed to be used, a massage to the effect that is displayed and when the use of the function is limited, limited contents are displayed to confirm the use of the web service. | 11-13-2008 |
| 20080289017 | APPARATUS, METHODS, AND COMPUTER PROGRAMS FOR IDENTIFYING OR MANAGING VULNERABILITIES WITHIN A DATA PROCESSING NETWORK - A system, method, and service associated with a computing grid or a virtual organization include a request for proposal (RFP) generator, where the RFP describes a data processing task. The RFP is provided to multiple resource providers via the computing grid where each of the resource providers is potentially suitable for performing the data processing task on behalf of the resource consumer. An RFP response processor receives and evaluates RFP responses generated by one or more of the resource providers. An exception processor accessible to the RFP response processor evaluates any exception in the RFP to determine if the exception disqualifies the RFP response. The exceptions may include, for example, job time limit exceptions, resource requirement exceptions, hardware/software platform requirement exceptions and others. Exception rules may be defined to guide the evaluation of the exception. | 11-20-2008 |
| 20080320576 | Unified online verification service - A web-based, graphical user interface-driven arrangement for configuring federated access management across a group of federations and associated identity providers is enabled by a centralized server, called a global verification server. The global verification server operates to give service providers who host protected resources (i.e., those that have access restricted to only users having particular attributes, such as being a member of a particular group) a unified view of federations that are typically deployed on a global basis, as well as provides web-based tools to manage federated access. The global verification server also provides a single location on the web where users can go to access protected resources by discovering and using their home identity provider for verified single sign-on. | 12-25-2008 |
| 20090007248 | Single sign-on system and method - A single sign-on (SSO) provider establishes a system by which users authenticate once per session with the provider, then can access multiple sites that require credentials without manually supplying or remembering those other credentials. A browser plug-in on the user's terminal accesses the SSO provider's resources and retrieves relevant credentials for the user's session. The SSO provider contracts with a third-party administrator (TPA) of medical and/or insurance benefits, and provides SSO accounts individuals served by the TPA (usually employees of the TPA's clients). These accounts may be pre-loaded with links to (and even credentials for logging into) network-accessible resources relating to the individuals' insurance and/or medical care. Additional links and credentials might be preloaded based on the goodwill of the SSO provider or affiliate contracts, and the individuals might be enabled to add further links and credentials. | 01-01-2009 |
| 20090013394 | SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated. | 01-08-2009 |
| 20090013395 | METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated. | 01-08-2009 |
| 20090049535 | CONTROLLED DISCOVERY OF SAN-ATTACHED SCSI DEVICES AND ACCESS CONTROL VIA LOGIN AUTHENTICATION - A method for accessing data in a storage area network is provided. The method initiates with receiving a request for a list of targets on the storage area network. All the targets on the storage area network are exposed to the requester and authentication requiring a password is requested from the requester to grant access to the targets on the storage are network. Access to the targets is granted if the password is acceptable, and access to the targets is refused if the password is unacceptable. | 02-19-2009 |
| 20090055915 | SYSTEMS AND METHODS FOR UNIVERSAL ENHANCED LOG-IN, IDENTITY DOCUMENT VERIFICATION, AND DEDICATED SURVEY PARTICIPATION - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server. | 02-26-2009 |
| 20090055916 | SECURE DELEGATION USING PUBLIC KEY AUTHENTICATION - A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers. | 02-26-2009 |
| 20090119763 | METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE - Provided is a method and system for providing an SSO service enabling the use of Web services in different trusted domains through a one-time authentication process. In the method, mutual authentication information is issued from a trusted third party to each of ID-federation service providers managing each of trusted domains, and an ID federation established between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider. The first ID-federation service provider managing the first trusted domain, to which the user belongs to, is confirmed when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain. User authentication and mutual authentication arc performed between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain. The Web service provider authenticates the user in the first trusted domain and provides a corresponding Web service. | 05-07-2009 |
| 20090126000 | SINGLE SIGN-ON METHOD FOR WEB-BASED APPLICATIONS - A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application. | 05-14-2009 |
| 20090133110 | SYSTEM AND METHOD USING GLOBALLY UNIQUE IDENTITIES - Systems and methods are described for creating a globally unique identity for a user or user-container by performing an iterative join where each participating back-end data source. The systems and methods include an ID-Unify (IDU) that performs identity virtualization and creates or generates a globally unique identifier for a user in operational environments in which there is a pre-existing conflict caused by the existence of different identities for a user in different authentication data sources. | 05-21-2009 |
| 20090150985 | Multiple Identity Management in an Electronic Commerce Site - In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site. The method comprises defining the e-commerce site as one or more security domains; and in response to a user's request to invoke an operation of the e-commerce site: determining a one of the one or more security domains to which the operation relates; performing one of a) creating a session and b) reusing a session for the user automatically in accordance with the determined security domain, said session associated with a user identity and a role indicating privileges for invoking operations of the e-commerce site in at least the determined security domain; and persisting said session for reuse. The user's request may be received in association with one or more sessions persisted for the user and a one of the sessions selected in accordance with the determined security domain. In response, either a session may be created or reused. Persisting may comprise providing one or more cookies defining the session to the user for associating with a subsequent request. In accordance with a feature of this aspect, the e-commerce site may define each of the one or more security domains as a hierarchy of organizations and assets owned by the organizations and the determining a one of the one or more security domains to which the operation relates may comprise evaluating the user's request in accordance with the hierarchy. | 06-11-2009 |
| 20090158412 | Secure Automatically Configuring, Self-Authenticating Administrative User Without A Password - A method and apparatus are provided for accessing a server of a computer system. The method includes the steps of providing a startup CONFIG file or database table for use during initialization of the server and a predetermined user identifier within the startup CONFIG file or database table. The method further includes the steps of a user requesting access to the server, the user providing the predetermined user identifier and the server logging the user into the server under the predetermined user identifier without requiring a password. | 06-18-2009 |
| 20090217366 | Method For Implementing Unified Authentication - A method for implementing unified authentication for user logon, the method comprising the steps of: establishing an authentication server; creating a user authentication account number in the authentication server; storing user information which the user uses in a plurality of systems into the authentication server; associating, in the authentication server, the created user authentication account number with the user information which the user uses in the plurality of systems; and providing an authentication flag to the client of the user by the authentication server based on the association between the user authentication account number and the user information which the user uses in the plurality of systems established in the authentication server so that the user can log on the plurality of systems using the authentication flag. The present invention is applied to provide a unified mechanism of user logon authentication in integration and mergence of the service processes provided by a plurality of Internet information systems or Internet providers, and thus the user can access all authorized application systems or service providers with only one logon authentication. | 08-27-2009 |
| 20090217367 | SSO IN VOLATILE SESSION OR SHARED ENVIRONMENT - Apparatus and methods utilize a single-sign-on (SSO) framework on one or more physical or virtual computing devices. During use, it is determined whether SSO credentials are for use in a volatile session and/or for use amongst an application suite or a plurality of applications. In the former, the SSO credentials are either made temporarily available in a memory of the computing devices, if relatively high security is desired, or a credential store and its contents are made available to a disk, if relatively low security is acceptable. In the latter, the SSO credentials are shared during authentication of a single user as individual applications of the application suite or the plurality of applications are used or started independently. Other features contemplate credential lifetime, the destruction of credentials, timing of application usage relative to credentials as well as retrofitting existing SSO services. Computer program products and computing interaction are also disclosed. | 08-27-2009 |
| 20090222899 | SYSTEMS AND METHODS FOR UNIFIED LOGIN TO MULTIPLE NETWORKED SERVICES - Embodiments relate to systems and methods for unified login to multiple networked services. A user operates a browser to access a Web site, such as an email portal. The user is presented with a query box to input login information such as a user name and password to view email from an email account. Upon entry of login information to the email or other site, a login manager captures the login information to automatically transmit that information to a local program and associated networked sites or services, such as messenger or media services, that accept the same login information. The login manager logs the user into that program and additional services without the user having to re-enter the same login information. The additional services can be accessed via an online desktop, and the user can configure the additional local programs or registered services via that desktop or other interface. | 09-03-2009 |
| 20090235346 | System and method for augmented user and site authentication from mobile devices - A system and method for augmented user and site authentication from mobile devices is disclosed herein. The system and method provides for the performing of strong authentication of users, whether human or otherwise, as well as of site authentication, which is optimized for use when such users access a system from a mobile device using a web browser or mini-web browser. In doing so the claimed invention utilizes multiple different heuristic algorithms and/or scoring values for device identification based on the type of mobile device, and may further identify the specific type of device attempting such access. | 09-17-2009 |
| 20090249462 | METHOD, APPARATUS, AND SYSTEM FOR SENDING CREDENTIALS SECURELY - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 10-01-2009 |
| 20090254982 | METHODS, PROGRAMS AND A SYSTEM OF PROVIDING REMOTE ACCESS - The invention relates to a method of providing access to one or more resources accessible via a remote computer. The resources are assigned to a remote security context. Access to at least one of said remote resources within the remote security context is controlled by access rules that are valid for said at least one of said remote resources, on receipt of a terminal services request for a terminal session from a local computer. A user of said local computer has already been authenticated in a local security context by local authentication information. The local computer runs a local agent and contains identification information in addition to the local authentication information. The method involves obtaining at least said identification information from said local agent; performing access control to said at least one of said remote resources using said access rules on the basis of at least said identification information, and providing access for said local computer to said at least one of said remote resources for which said access rules permit access. | 10-08-2009 |
| 20090260070 | Systems and Methods for Secure Sign-Up Procedures for Application Servers in Wired and Wireless Environments - Systems and methods of providing strong authentication for a client device to sign-up with an online service. Authentication can involve verifying user's identity, message authentication, message integrity and nonrepudiation. The security procedures may, in some cases, be sufficient to verify all of these parameters. In other cases, the sign-up procedure needs to be combined with other information in order to verify the user's real identity. | 10-15-2009 |
| 20090276839 | IDENTITY COLLECTION, VERIFICATION AND SECURITY ACCESS CONTROL SYSTEM - A system for collecting personally identifying information from individuals and using that information in verifying their identity and permitting their access to one or more secure systems via a single login authentication system. Based on a series of questions (opinion-based), a database of answers is developed for each user. To access a secure system at a base level of security, a user is asked to answer a group of questions randomly selected from the database and presented to the user for answers. If the questions are correctly answered, the user is permitted access to the secure system. Once access is granted, under certain circumstances, the user can access additional secure systems either as a result of the base level of security previously established, or a higher level of security, which requires the user to correctly answer additional randomly selected questions. | 11-05-2009 |
| 20090282468 | Systems and methods of network operation and information processing, including use of persistent/anonymous identifiers throughout all stages of information processing and delivery - Systems and methods are disclosed for network operation and information processing associated with global unique identifiers (GUIDs). In one exemplary embodiment, there is provided a method of inserting a UID into a web-bound request. Moreover, the method includes, in the context of processing a web-bound request associated with a browsing session, extracting non-personal/device information during MAC/network layer processing, processing an anonymous UID created based on the non-personal/device information, and inserting the UID in the HTTP header or other extensible locations within the web-bound request. Exemplary embodiments may also include enabling global persistence of the UID as a function of extraction of non-personal/device data during MAC/network layer processing. | 11-12-2009 |
| 20090320114 | FEDERATED REALM DISCOVERY - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 12-24-2009 |
| 20090320115 | Secure Network Portal - According to one embodiment, a secure network portal includes a number of application servers coupled to one or more clients through a portal server. The application servers serve a number of secure services that may be consumed by clients. The portal server creates a login session with a graphical user interface in which the login session is associated with a particular authorization level. The portal server then displays a service access point for each of the plurality of secure services and restricts access to each of the secure services according to the authorization level of the login session. | 12-24-2009 |
| 20100024023 | Reactive Biometric Single Sign-on Utility - A computer implemented method, apparatus, and computer usable program code for accessing protected resources. Biometric data for a user is received from a biometric input device and an indication of an application requiring a password. Responsive to receiving the biometric data from the user, the user is authenticated using the biometric data and a profile. Responsive to the user being authenticated, the password is established with the application to allow access to the application, wherein the password is established without user input. | 01-28-2010 |
| 20100031335 | REMOTE PROFILE SECURITY SYSTEM - A method comprises storing, at the server computer system, user profile information for the remote user. The user profile information for the remote user (or a link to the user profile information) is encrypted using authentication information. The user profile information is associated with user identification information, at the server computer system, using the authentication information, which is selectively made available by the remote user via the network to the server computer system in order to enable the server computer system to associate the user profile information with the user identification information. | 02-04-2010 |
| 20100037307 | COMPUTER PROGRAM CODE AND METHOD FOR DELIVERING EXTERNAL DATA TO A PROCESS RUNNING ON A VIRTUAL MACHINE - A method and system for delivering external data to a process running on a virtual machine, the virtual machine running on an operating system. The method includes the steps of executing instructions on the virtual machine that obtain state data related to the process; querying the virtual machine to obtain component data related to the state data; and manipulating the component data to deliver the external data to the process. In one example, the system provides a single sign-on application that passes user credentials to a Java applet running on a Java virtual machine. | 02-11-2010 |
| 20100043065 | SINGLE SIGN-ON FOR WEB APPLICATIONS - Techniques for providing identity and other attributes to sign-on web applications in configurable application specific formats are described herein. In some embodiments, a method for allowing access to a plurality of target applications after single sign-on includes detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie. The method can also comprise determining user attributes from the FSSO attributes cookie and determining a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application. The method can also include creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format and providing the data structure to the target application. | 02-18-2010 |
| 20100050245 | Systems and Methods to Provide Information and Services to Authorized Users - Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses. | 02-25-2010 |
| 20100050246 | TRUSTING SECURITY ATTRIBUTE AUTHORITIES THAT ARE BOTH COOPERATIVE AND COMPETITIVE - A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide. | 02-25-2010 |
| 20100071045 | Information Processing Apparatus and Information Processing Method - An information processing apparatus includes: a first storage module configured to store addresses of websites and pieces of login information being correlated with the addresses, the login information that are required for logging in the respective websites; and a second storage module configured to store the addresses of the websites and command files being correlated with the addresses, the command files containing a login operation procedure to be executed on a login page of a website that includes an entry field for login information. | 03-18-2010 |
| 20100077469 | Single Sign On Infrastructure - One embodiment is a method that uses a Single Sign On (SSO) infrastructure in an application for creating a security context that identifies a user. The application then passes the security context to a second application and to the user as a cookie. The cookie is passed back to applications to enable SSO access to resources. | 03-25-2010 |
| 20100083361 | Managing Web Single Sign-On Applications - A method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs) includes defining a first servlet mapping including a description of a protected URL resource pattern, defining a second servlet mapping including a description of an unprotected URL resource pattern, determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping, configuring the display logic of the web SSO application based on the determination, defining an intercepting filter, and registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern. | 04-01-2010 |
| 20100115598 | METHOD AND ARRANGEMENT FOR INTEGRATION OF DIFFERENT AUTHENTICATION INFRASTRUCTURES - A method is disclosed that provides efficient integration of infrastructure for federated single sign on, e.g. Liberty ID-FP framework, and generic bootstrapping architecture, e.g. 3GPP GAA/GBA architecture. An integrated proxy server (IAP) is inserted in the path between a user and a service provider (SP). The proxy server differentiates type of access and determines corresponding operative state to act as a liberty enabled server or as a GAA/GBA network application function. A Bootstrapping, Identity, Authentication and Session Management arrangement (BIAS) leverages on 3GPP GAA/GBA infrastructure to provide an integrated system for handling Liberty Federated SSO and 3GPP GAA/GBA bootstrapping procedures at the same time. The method and arrangement provides improved use of infrastructure elements and performance for authenticated service access. | 05-06-2010 |
| 20100122333 | METHOD AND SYSTEM FOR PROVIDING A FEDERATED AUTHENTICATION SERVICE WITH GRADUAL EXPIRATION OF CREDENTIALS - The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate. | 05-13-2010 |
| 20100146611 | Credential Sharing Between Multiple Client Applications - Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application. | 06-10-2010 |
| 20100154045 | Mesh Platform Utility Computing Portal - A utility computing portal supports public and private modules for application development in a cloud computing environment. The public modules support downloads, customer support and access to a development community. The private modules are accessible to users with valid login credentials or those authenticated via a related entity, such as a Live ID. The private modules may include modules for testing, analysis, and billing. The utility computing portal also supports access to application configuration, for example, allowing a manager to change the number of front end and backend physical/virtual machines available to various application roles. | 06-17-2010 |
| 20100154046 | SINGLE SIGN-ON METHOD AND SYSTEM FOR WEB BROWSER - A single sign-on methodology across web sites and web services is provided. The method is also a single sign-on (SSO) system, so the user's identification information interacts across the web sites and the back end web services. The user can enter each various web site after taking one entrance procedure, and access surely the back end service of web site by the identity oneself at various web site. The present disclosure can make the web service to identify directly and control the terminal user and achieve the control by the identity authority of the terminal user. This system can be deployed rapidly into a organized system under the prerequisite of reserving prior system as the one to deploy the system which has possessing the SSO system of the web site or web service, because the present disclosure takes the foundation of the prior SSO solution. | 06-17-2010 |
| 20100175118 | ACCESS TO SERVICE - A method is described for providing access to service in an access management system accessible via a data network, in which data network a user is registered and/or authenticated to a service by providing at least one detail related to the user. A user is provided with an option to add a direct view to the service from an external micro application platform and allowed to select the option of adding the direct view and responsively negotiating with the external micro application platform credential information in order to form a trusted relationship for accessing the direct view from the external micro application platform. After recognizing of a show view request from the external micro application platform based on the trusted relationship, the external micro application platform is provided with the view to the service. Corresponding method in a micro platform is described. | 07-08-2010 |
| 20100180329 | Authenticated Identity Propagation and Translation within a Multiple Computing Unit Environment - An authenticated identity propagation and translation technique is provided in a transaction processing environment including distributed and mainframe computing components. Identified and authenticated user identification and authentication information is forwarded in association with transaction requests from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate runtime security context. The forwarded user identification and authentication information contains a plurality of sections with identifying information about an authenticated client end-user identity as known at the initial authentication component and a mask specifying a subset of the sections. The mainframe component generates a hash from the subset of sections specified by the mask and uses that hash as a lookup key to determine whether a local authenticated runtime security context already exists in a local cache for the client end-user initiating the transaction request. | 07-15-2010 |
| 20100192214 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM INCLUDING COMPUTER PROGRAM - An information processing method includes receiving user information from a input unit pre-corresponded to the executer; acquiring the received user information via the corresponded input unit; determining whether the acquired user information matches the user information of the pre-corresponded user; starting a standard operation when the acquired user information is determined to match the user information of the pre-corresponded user; requesting the controller to identify another executer corresponded to the acquired user information when the acquired user information is determined to fail to match the user information of the pre-corresponded user; identifying the other executer corresponded to the user information when the executer requests the other executer corresponded to the user to be identified; and switching between the input unit corresponded to the executer having requested the other executer to be identified and the input unit corresponded to the other executer when the other executer is identified. | 07-29-2010 |
| 20100199340 | SYSTEM FOR INTEGRATING MULTIPLE IM NETWORKS AND SOCIAL NETWORKING WEBSITES - Systems and methods are described herein that provide for the integration of instant messaging applications and social networking websites. In some embodiments, a user can chat with individuals or groups of individuals that are logged in to a variety of different instant messaging applications or social networking websites, of which the user is a member. Thus, the user is able to use a single application to chat with any contact appearing on any of the user's contact lists across multiple different IM or social networks. | 08-05-2010 |
| 20100212003 | SECURE PERSONAL INFORMATION PROFILE - A method, programmed medium and system are provided for implementing a prebuilt and encrypted personal identification information (PII) profile which resides only on a user's computer and is prevented from being permanently stored in a server's database. In an exemplary embodiment, when a user visits a web site and creates a new account, the site submits a request to query the user's profile using an extension to the HTTP protocol. The user is prompted by the user's browser to grant the site permission to do so and the site automatically uploads a non-personal identifying number (ID) to the user's system to create an account. All personal information remains on the user's computer within the user's encrypted PII profile and is not allowed to be stored in the server's storage. Therefore, each time the user purchases something, the site must again request to query the user's profile for the user's name, credit card information and/or billing address or other information, rather than keeping that information in the web site's datastore. | 08-19-2010 |
| 20100263036 | NETWORK-BASED APPLICATION CONTROL - Apparatus, systems, and methods may operate to send, from a central manager to one or more target machines, an access request associated with at least one application selected from a plurality of applications on the target machines, the access request identifying the target machines, the applications, and access customization code corresponding to the applications; and to send access customization code and a script corresponding to the applications from a central repository to the target machines when the customization code is not resident on the target machines. Further activities may include loading the access customization code as a library on the target machines linked to the applications and replaying recorded user intention input according to a script to supply the input to objects associated with the applications to access and otherwise control the applications. Additional apparatus, systems, and methods are disclosed. | 10-14-2010 |
| 20100263037 | CUSTOMIZABLE SIGN-ON SERVICE - Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service. | 10-14-2010 |
| 20100293607 | LINKING WEB IDENTITY AND ACCESS TO DEVICES - Systems and methods are provided for linking a web identity and a portable device to provide web access to a user from a vehicle. An example system includes a presence agent that may be configured to validate the presence of the portable device in the vehicle by recognizing a device identifier saved on the portable device. After the presence of the portable device is validated, a security manager may receive a user identifier, and to verify if the user identifier corresponds with a known user value. Then, the security manager may send a user identity secure proxy to a credential manager. The credential manager may be configured to receive the user identity secure proxy, and in response, pass one or more credentials to a computing device onboard the vehicle. The credentials may indicate that the user is authorized to access one or more web services from the computing device. | 11-18-2010 |
| 20100293608 | EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION - Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold. | 11-18-2010 |
| 20100313257 | Enforcing single stream per sign-on from a content delivery network (CDN) media server - A method for enforcing a media stream delivery restriction uses a stream control service (SCS). The SCS is implemented in a distributed network, such as a CDN, in which a given media stream is delivered to authorized end users from multiple delivery servers, but where an authorized end user is associated with a single log-in identifier that is not intended to be shared with other end users. According to the method, an enforcement server of the SCS identifies first and second copies of the given media stream associated with the single log-in identifier being delivered from multiple delivery servers. It then issues message to terminate delivery of the given media stream from at least one of the multiple delivery servers. | 12-09-2010 |
| 20100319063 | ACCESS CONTROL TO SECURED APPLICATION FEATURES USING CLIENT TRUST LEVELS - Architecture that facilitates the conveyance of a trust level when the caller makes a call, the trust level in dependence on the state of the caller system. The callee (call recipient) receives notification of the trust level and can use this information in the communication such as to request verification from the caller and/or initiate other modes of communication. A caller can authenticate the caller identity in different ways to a communication server. Based on that, the server can assign an appropriate server-verified trust level to the caller. Further, an unsecured phone controller can indicate a lower client-side defined trust level. The server verified and client-side trust levels are then sent to the callee, where the callee determines whether to allow caller access to one or more secured features based on the feature values and the trust level imposed by the callee to access those features. | 12-16-2010 |
| 20100325714 | SYSTEM AND METHOD FOR PROVIDING MOBILITY IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment and includes providing an Internet Protocol (IP) address based on an authentication request associated with a device, the authentication request being associated with a Wi-Fi protocol. The method also includes
| 12-23-2010 |
| 20110016518 | SYSTEM TO ENABLE A SINGLE SIGN-ON BETWEEN A DOCUMENT STORAGE SERVICE AND CUSTOMER RELATIONSHIP MANAGEMENT SERVICE - Described herein is a method for producing a single sign-on between two network accessible software applications using a server apparatus having a processor and a computer readable medium. The method includes calling a new program interface using a first software application, initiating a handshake between a first software application adaptor and the first software application, sending authentication information from the first software application to the first software application adaptor, authenticating the authentication information using a second software application and returning a valid session ID from said second software application to said first software application via the first software application adaptor. | 01-20-2011 |
| 20110030044 | TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating. | 02-03-2011 |
| 20110035792 | CLIENT/SERVER SYSTEM FOR COMMUNICATING ACCORDING TO THE STANDARD PROTOCOL OPC UA AND HAVING SINGLE SIGN-ON MECHANISMS FOR AUTHENTICATING, AND METHOD FOR PERFORMING SINGLE SIGN-ON IN SUCH A SYSTEM - A method and device are provided for integrating single sign-on (SOS) mechanisms in a client/server system using communication according to the standard protocol OPC UA, and for performing SOS for user authentication and authorization in the system. A client is connected to an aggregating server, and the aggregating server is connected to subordinated servers via a communication network. To integrate SOS mechanisms, the aggregating server is provided with an SSO component for mapping user legitimation data used in a service call to identities in the form in which the identities are stored in the subordinate servers. To perform SOS using the SSO component, user legitimation data associated with a service call are used to automatically search for corresponding mapped identities and affected servers, and to call up an active session service for each match in each server via the mapped identity, to establish the desired access to data from the user's service invocation. | 02-10-2011 |
| 20110041175 | SYSTEM AND METHOD FOR INTEGRATING OPERATION OF SYSTEMS EMPLOYING SINGLE SIGN-ON AUTHENTICATION - The subject application is directed to a system and method for integrating operation of systems employing distinct authentication. Department code data is first received from an associated user via a user interface of a document processing device. The received department code data is then communicated from the document processing device to an authentication translation server. A data map of department code data relative to enterprise authentication data is then stored in a memory associated with the authentication translation server. Application authentication data is then received into an enterprise application server corresponding to the received department code. Application authentication data is then retrieved corresponding to the received department code from the memory. The authenticity of the retrieved authentication data is then tested. The enterprise application server is then selectively operated in accordance with the testing. | 02-17-2011 |
| 20110055912 | METHODS AND APPARATUS FOR ENABLING CONTEXT SHARING - Some embodiments relate to processing a web page requested by a web browser. The requested web page is received, and additional code is inserted into the web page that alters and/or augments the functionality of the web page. The web page is then forwarded to the web browser that requested it. The browser executes the code inserted into the web page, thereby augmenting the functionality of the web page. | 03-03-2011 |
| 20110061098 | AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND AUTHENTICATION PROGRAM IMPLEMENTING THE METHOD - For enabling single sign-on among applications, a linkage ID indicating connection between the authentication apparatus | 03-10-2011 |
| 20110072501 | ELECTRONIC APPARATUS AND COMMUNICATION CONTROL METHOD - According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device. | 03-24-2011 |
| 20110099618 | SINGLE SIGN-ON AUTHENTICATION - Apparatus, systems, and methods may operate to receive a request from a node to provide access to a web site, to provide site authenticity information associated with the web site to the node, and to receive single sign-on (SSO) information from the node in response to validation of the site authenticity information by the node, the SSO information enabling the node to automatically log in to the web site. Additional activities include receiving site authenticity information from a node associated with a web site, and automatically transmitting SSO information to the node responsive to validating the site authenticity information. Additional apparatus, systems, and methods are disclosed. | 04-28-2011 |
| 20110107409 | Single Sign On For a Remote User Session - A user accesses a remote session, the connection to which is managed by a connection broker, according to a single sign-on (SSO) process. The SSO process includes the user entering his or her credentials and being authenticated to the connection broker. In addition to user authentication, the SSO process includes connection broker authentication to confirm that the connection broker is trustworthy. When the connection broker is authenticated, the user credentials are transmitted to the connection broker in a secure manner and the connection broker forwards them onto a machine hosting the remote session so that the user can be logged into the remote session without entering his or her credentials again. | 05-05-2011 |
| 20110119747 | SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS - The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials. | 05-19-2011 |
| 20110126275 | SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for discovery enrichment in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing identities and access credentials, which may provide information that can enrich discovery of physical and virtual infrastructure resources. For example, a discovery engine may reference federated identity information stored in an identity vault and enrich a discovered infrastructure model with the federated identity information. Thus, the model may generally include information describing physical and virtualized resources in the infrastructure, applications and services running in the infrastructure, and information derived from the federated identity information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services. | 05-26-2011 |
| 20110138452 | CROSS SECURITY-DOMAIN IDENTITY CONTEXT PROJECTION WITHIN A COMPUTING ENVIRONMENT - Processing within a computing environment is facilitated by: determining by a local security manager of a first system in a first security domain whether a local security context of a user is acceptable to a second system in a second security domain; responsive to the user's security context being unacceptable to the second system, creating by a local security manager of the second system a runtime security context for the user in the second system; and providing the first system with a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system, the reference or the portable representation being subsequently returned to the second system with a request from the first system to process work at the second system. | 06-09-2011 |
| 20110138453 | SINGLE SIGN-ON IN MIXED HTTP AND SIP ENVIRONMENTS - In a first embodiment of the present invention, a method for providing single sign-on in a network having a HyperText Transfer Protocol (HTTP) portion and a Session Initiation Protocol (SIP) portion is provided, the method performed at a gateway and comprising: receiving an HTTP request for an assertion from a requester over the HTTP portion; generating a SIP request using the request for assertion; sending the SIP request to a SIP registrar over the SIP portion; receiving a SIP response including information regarding an assertion from the SIP registrar; and sending the information regarding the assertion in an HTTP response to the requester, such that the requester can use the information regarding the assertion in authenticating the requester to a web server. | 06-09-2011 |
| 20110154464 | SYSTEMS AND METHODS FOR INTERCEPTING AND AUTOMATICALLY FILLING IN FORMS BY THE APPLIANCE FOR SINGLE-SIGN ON - The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources. | 06-23-2011 |
| 20110162057 | ACCESS CONTROL BASED ON USER AND SERVICE - For a particular request to access a resource, both a user associated with the request and a service through which the request is made are identified. Whether requested access to a resource is permitted is determined based on a user associated with the requested access and a service through which the access is requested. This determination can be made based on an access control entry of an access control list corresponding to the resource, the access control entry identifying access to the resource that is permitted to the user when accessing the resource through the service. | 06-30-2011 |
| 20110173688 | INFORMATION PROCESSING APPARATUS AND METHOD - When authentication processing has succeeded between different authentication domains in an information processing apparatus, authentication information between the different authentication domains is registered in association with user-related information. When a data conversion is performed between the different authentication domains, the data conversion of the user-related information is carried out based upon the registered authentication information. | 07-14-2011 |
| 20110173689 | NETWORK ID BASED FEDERATION AND SINGLE SIGN ON AUTHENTICATION METHOD - Provided are methods for network ID based federation and single sign on authentication. A method of federating a service providing site in a service network with an access network for web application service authentication in a next generation network (NGN), the method comprising requesting the user equipment for authentication in correspondence with the federation request and inquiring whether to perform the federation, when a federation request is received from user equipment which has been authenticated by the access network; receiving responses to the authentication request and the inquiry from the user equipment; and registering the access network with a user federation list and notifying the federation to the access network, when authentication is determined to be successful from the response. | 07-14-2011 |
| 20110185414 | System and Method for Single Sign-On Session Management Without Central Server - A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized. | 07-28-2011 |
| 20110202988 | METHOD AND APPARATUS FOR PROVIDING AN AUTHENTICATION CONTEXT-BASED SESSION - An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session. | 08-18-2011 |
| 20110202989 | METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION SESSION SHARING - An approach is provided for providing authentication session sharing between browsers and run time environments in network communication. An interface receives an authentication context associated with a first service. The interface causes, at least in part, storage of the authentication context in a first cache associated with the interface. The interface causes, at least in part, population of the authentication context to a second cache associated with a second service. The second cache is not directly linked to the interface. The authentication context in the second cache authenticates access to the second service. | 08-18-2011 |
| 20110209209 | Method and system for performing an electronic signature approval process - The present invention includes a computer-implemented method and an Enterprise Resource Planning System (ERP). The method and system allows a user to enable an electronic signature approval process for modification of data in a transaction. The method includes accessing a table that corresponds with the transaction and adding a signature field having a property sheet to the table. The method also includes defining a select property in the property sheet with a select parameter. The select property configured to provide approval of modified data in the transaction upon entry of a valid electronic signature. | 08-25-2011 |
| 20110209210 | System and Method for Single Sign-On Session Management Without Central Server - A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized. | 08-25-2011 |
| 20110225640 | CLOUD-BASED DEVICE INFORMATION STORAGE - Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices. | 09-15-2011 |
| 20110231917 | SYSTEM AND METHOD FOR PROVIDING A VIRTUAL PEER-TO-PEER ENVIRONMENT - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables the creation of a virtual endpoint that may operate within a peer-to-peer network to represent a device that is unable to operate as an endpoint. | 09-22-2011 |
| 20110231918 | REMOTE REGISTRATION FOR ENTERPRISE APPLICATIONS - A partner registration module can provide for an automatic registration of partners to a central server. An entire partner registration process can be automated from end to end, providing a unified process for registering partners. The partner registration module can be fully compatible with current registration agents and next generation registration agents. | 09-22-2011 |
| 20110231919 | EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM - Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data. | 09-22-2011 |
| 20110231920 | SERVER APPARATUS AND PROGRAM FOR SINGLE SIGN-ON - A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user. | 09-22-2011 |
| 20110252465 | System and Method for Single Session Sign-On - A method and system for cross-system authentication or credentialing of clients. Credentials from one system (e.g., system | 10-13-2011 |
| 20110265172 | METHOD AND SYSTEM FOR THIRD PARTY CLIENT AUTHENTICATION - Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO). | 10-27-2011 |
| 20110265173 | MOBILE AUTHENTICATION FRAMEWORK - Disclosed are apparatus and methods for associating a mobile device with a web service or a user account. A unique code is displayed on the mobile device. The unique code is associated with a user account or web service to be utilized with the mobile device. Instructions for a user to enter the unique code in an authentication process via an authentication portal of a management device are also displayed. After it is determined that a user has performed the authentication process, any user identification, which has been associated with the unique code, is then obtained from the management device. The obtained user identification is then stored for use by the mobile device. After user identification has been obtained and stored, the stored user identification is used for the mobile device to participate in an authentication process for authorizing the mobile device to utilize a web service or user account associated with the user identification. The authentication process is participated in by the mobile device without requiring input from the user during such authentication process. | 10-27-2011 |
| 20110277025 | METHOD AND SYSTEM FOR PROVIDING MULTIFACTOR AUTHENTICATION - An approach is provided for using multifactor authentication to access multiple services. A determination is made that a user equipment has been authenticated for an access network. An identifier corresponding to the user equipment is received. An alias identifier is generated based on the received user equipment identifier for use in combination with a universal user identifier to authenticate a user corresponding to the user equipment for accessing a plurality of services via the access network. | 11-10-2011 |
| 20110277026 | Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications - The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution | 11-10-2011 |
| 20110277027 | Systems and Methods for Providing a Single Click Access to Enterprise, SAAS and Cloud Hosted Application - The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user. | 11-10-2011 |
| 20110289575 | DIRECTORY AUTHENTICATION METHOD FOR POLICY DRIVEN WEB FILTERING - Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal. | 11-24-2011 |
| 20110314532 | IDENTITY PROVIDER SERVER CONFIGURED TO VALIDATE AUTHENTICATION REQUESTS FROM IDENTITY BROKER - Techniques are disclosed for an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for user authentication. For example, the identity broker may be configured to respond to a user authentication request from a network device formatted as a RADIUS or LDAP message. The identity broker may operate in conjunction with an identity provider to authenticate a user requesting access to a computing resource (e.g., to the network device, system, or hosted application). | 12-22-2011 |
| 20120005739 | LINKED IDENTITIES - Methods and systems to automatically respond to make a Super Identity by linking two identities and methods and systems to use the identities include a transaction authorization module that receives a request associated with a first identity record associated with a user, the request being for information associated with a second identity record. An identity linking module identifies that the second identity record is linked to the first identity record and retrieves the information associated with the second identity record. The transaction authorization module also generates a response including the information associated with the second identity, and transmits the response. | 01-05-2012 |
| 20120011578 | Cross-protocol federated single sign-on (F-SSO) for cloud enablement - A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource. | 01-12-2012 |
| 20120023565 | SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON - Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor. | 01-26-2012 |
| 20120042370 | COMPUTER SYSTEM AND METHOD OF CONTROLLING COMPUTER - A computer system includes a first communication unit which communicates with an authentication module storing preset first authentication information, a second communication unit which is connected with a server through a network, the server storing preset second authentication information, a main board unit which implements a preset first operation of a computer, and a controller which receives the first authentication information from the authentication module through the first communication unit, receives the second authentication information corresponding to the first authentication information from the server through the second communication unit, and controls the main board unit to block implementation of the first operation when at least one of the first authentication information and the second authentication information is not received. | 02-16-2012 |
| 20120047567 | IMAGE FORMING APPARATUS, CONTROLLING METHOD AND PROGRAM - There is provided a system in which, even if cache data of a user is not held in a multifunction machine, the relevant user can log in to the multifunction machine in a case where the relevant user is approved by a user of which the cache data has been held in the multifunction machine. | 02-23-2012 |
| 20120066755 | METHOD AND SYSTEM FOR MANAGING AND MONITORING OF A MULTI-TENANT SYSTEM - Embodiments are described for providing access by application vendors to applications deployed in an enterprise network environment. A package access system defines a support user class in a user profile database for an application executed within organization resources maintained in a multi-tenant data store. The support user is granted read only privileges to metadata of the application. An organization administrator can grant the application vendor access to the application as a support user, allowing the vendor to view and analyze the metadata. The organization administrator can further grant access by a specific support representative to the application as a specific user within the organization user for a limited term. The support representative can then log into the organization and access and use the application in order to diagnose any post-installation usage problems with the application. | 03-15-2012 |
| 20120084850 | TRUSTWORTHY DEVICE CLAIMS FOR ENTERPRISE APPLICATIONS - Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality. | 04-05-2012 |
| 20120096533 | Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 04-19-2012 |
| 20120096534 | Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 04-19-2012 |
| 20120102560 | SYNCHRONIZED SIGN-ON METHODS FOR NON-PROGRAMMATIC INTEGRATION SYSTEMS - Methods and systems for automatically signing a user on to an integration application when a user signs on to another application and signing a user off when the user signs off of the other application. The integration application automatically non-programmatically collects data from a mapped location of a mapped source reference of the other application. The collected data includes a user identifier value. The integration continuously monitors the collected user identifier value for a difference in the collected user identifier value. If the collected user identifier value is recognized by the integration application, the user is signed into the integration application using the collected user identifier value, and if a difference in the collected user identifier value is detected, the user is signed off of the integration application. | 04-26-2012 |
| 20120151568 | Method and system for authenticating a rich client to a web or cloud application - A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data. | 06-14-2012 |
| 20120151569 | Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores. | 06-14-2012 |
| 20120167193 | METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine. | 06-28-2012 |
| 20120198534 | INFORMATION PROCESSING SYSTEM, APPARATUS, METHOD, AND PROGRAM STORAGE MEDIUM - An information processing system includes a plurality of information processing apparatuses, each apparatus including a transmission unit and a verification unit, and a plurality of authentication servers connectable to the plurality of information processing apparatuses via one or more networks. When one information processing apparatus, used as a receiving apparatus, receives a request of executing a processing at the receiving apparatus from other information processing apparatus, used as a requesting apparatus, the transmission unit of requesting apparatus transmits information to the receiving apparatus, and the verification unit of receiving apparatus determines whether the requested processing can be executed at the receiving apparatus for a user of the receiving apparatus based on a comparison of the information transmitted from the requesting apparatus and information settable for the receiving apparatus by using the authentication server useable for user verification of the information processing apparatuses. | 08-02-2012 |
| 20120204248 | PROVISIONER FOR SINGLE SIGN-ON AND NON-SINGLE SIGN-ON SITES, APPLICATIONS, SYSTEMS, AND SESSIONS - A method including receiving an access request to a provisioning system; determining whether to grant access based on receipt of one or more user credentials; determining a level of access to the provisioning system based on user role information, when the one or more user credentials are valid; receiving configuration information by the provisioning system that permits a user to configure an automated sign-on system for single sign-on sites, non-single sign-on sites, mainframe sessions and applications, systems, and user device applications; and configuring the automated sign-on system based on the received configuration information. | 08-09-2012 |
| 20120204249 | TOOLBAR FOR SINGLE SIGN-ON AND NON-SINGLE SIGN-ON SITES, APPLICATIONS, SYSTEMS, AND SESSIONS - A method including receiving a request to connect to a single sign-on site, a non-single sign-on site, a system, a mainframe, or to use a mainframe or user device application; determining, by a toolbar of a user device, whether a user is authorized to connect to, initiate, or use the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or user device application; selecting, by the toolbar, one or more user credentials to allow the user to connect to, initiate, or use the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or the user device application when it is determined that the user is authorized; and signing-on, by the toolbar, to the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or user device application based on the one or more user credentials. | 08-09-2012 |
| 20120210413 | FACILITATING SINGLE SIGN-ON (SSO) ACROSS MULTIPLE BROWSER INSTANCE - Facilitating single sign-on (SSO) across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources (hosted on server systems) from other browser instances. In an embodiment, the different browser instances are executing on different client systems. An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature. After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session). | 08-16-2012 |
| 20120210414 | INFORMATION PROCESSING SYSTEM, METHOD FOR CONTROLLING INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM - An information processing system stores key information for determining an authentication device and information about the authentication device by associating these information pieces with each other and extract the key information from access of an unauthenticated user. Based on the information about the authentication device associated with the key information, the access of the unauthenticated user is redirected. | 08-16-2012 |
| 20120216267 | User Initiated and Controlled Identity Federation Establishment and Revocation Mechanism - A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent. | 08-23-2012 |
| 20120222104 | METHOD AND APPARATUS FOR PROVIDING SINGLE SIGN-ON FOR COMPUTATION CLOSURES - An approach is provided for providing single sign-on for computation closures. A single sign-on management platform determines to create a single sign-on computation closure in response to an initiation of a single sign-on authentication session. The single sign-on management platform also determines one or more computation entities that are to execute at least one other computation closure under the single sign-on authentication session. The single sign-on management platform further causes, at least in part, a transfer of the single sign-on computation closure to the one or more computation entities. | 08-30-2012 |
| 20120227098 | SHARING USER ID BETWEEN OPERATING SYSTEM AND APPLICATION - One or more techniques and/or systems are disclosed for authenticating a user of an application using an operating system. A user can log onto their device, such as at power-up, using a cloud-based ID registered to an online identity service. The user can be authenticated with the operating system on the user's device, using the cloud-based identity for the user, where the operating system may contact the online identity service to authenticate the user. When the user activates an application on the device it may request authentication of the user from the operating system, and an authentication token for the user's cloud-based identity is provided to the application. The application then uses the authentication token to authenticate the user for the application, as long as the application supports the use of the cloud-based ID of the user. In this manner, a subsequent manual user log-in operation is not required. | 09-06-2012 |
| 20120240210 | SERVICE ACCESS CONTROL - The invention enables a user to use single-sign-on methodologies to obtain access to a service where that user has more than one account. In addition to querying an identity provider to obtain user credentials in the usual way, the invention enables an application to request and obtain further credentials for that user in order to enable the user to gain access to the desired user account. The user may then be prompted to select which of the available accounts should be used at the application. | 09-20-2012 |
| 20120246709 | LIGHTWEIGHT AUTHENTICATION FOR ON-PREMISE RICH CLIENTS - The subject disclosure relates to lightweight authentication for on-premise rich clients. The lightweight authentication mitigates the amount of software that is installed on a client machine for authentication purposes. A portion of an external website is hosted on an application executing on the rich client. The user can interact with the portion of the external website in order to enter credentials or other identification information. The entry of the credentials or other identification information is relayed to the external website for verification. If the verification is successful, the user can interact with various external websites utilizing the single verification. | 09-27-2012 |
| 20120254968 | SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY SERVICES - Systems and methods for providing a login context operate a virtual machine, wherein the virtual machine includes an open services platform and an authentication service, wherein the authentication service includes a classloader, and an initial classloader is designated as the classloader of the authentication service, register a login module, receive an authentication request from a first application, and responsive to receiving the authentication request designate a classloader associated with the login module as the classloader of the authentication service, generate a login context of the login module, and provide the login context of the login module to the first application, whereby the first application uses the login context to perform an authentication. | 10-04-2012 |
| 20120254969 | SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY SERVICES - Systems and methods for providing a login context operate a virtual machine, wherein the virtual machine includes an open services platform and an authentication service, wherein the authentication service includes a classloader, and an initial classloader is designated as the classloader of the authentication service, register a login module, receive an authentication request from a first application, and responsive to receiving the authentication request designate a classloader associated with the login module as the classloader of the authentication service, generate a login context of the login module, and provide the login context of the login module to the first application, whereby the first application uses the login context to perform an authentication. | 10-04-2012 |
| 20120266228 | SECURE MANAGEMENT OF USER RIGHTS DURING ACCESSING OF EXTERNAL SYSTEMS - In an external system, a request handler may receive, at the external system, a logon ticket from a proprietary software system, the logon ticket associated with a request from a user of the proprietary system for access to the external system. A ticket handler may provide the logon ticket to an authentication service which is configured to perform a validation of the logon ticket at the proprietary system. A session manager may receive, from the authentication service and based on the validation, a user session and access rights related to the requested access. An access control manager may provide the requested access to the user via the proprietary system, according to the access rights and within the user session. | 10-18-2012 |
| 20120291114 | SINGLE SIGN-ON BETWEEN APPLICATIONS - A single sign-on (SSO) system uses simple one-to-one trust relationships between individual applications and an SSO service to extend log in services from one application to another. Each application retains its own login policies and can separately make a decision whether to trust the SSO request or challenge the user for login credentials. By structuring the SSO system to use simple identity mapping, there is no requirement for consolidating user identity records from multiple applications into a single database with its attendant overhead and dependency risks. | 11-15-2012 |
| 20120297472 | INFORMATION PROCESSING SYSTEM, CONTROL METHOD FOR CONTROLLING THE INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM - A second information processing system to communicate with a first information processing system includes an acquisition unit, an acceptance unit, a confirmation unit, and a setting unit. The acquisition unit acquires authentication information from the first information processing system and from a memory of the second information processing system. The acceptance unit accepts correspondence information indicating correspondence between first authentication information and second authentication information. The confirmation unit confirms, as a condition, whether the acquired authentication information in the first information processing system is identical to the accepted first authentication information and confirms, as a condition, whether the acquired authentication information in the second information processing system is identical to the accepted second authentication information. The setting unit does not set the correspondence information as single sign-on setting information if a condition is not satisfied and sets the correspondence information as single sign-on setting information if both conditions are satisfied. | 11-22-2012 |
| 20120304272 | Accessing A Communication System - Method, user terminal and communication system for authenticating an application for accessing the communication system on behalf of a user, wherein a communication client associated with the communication system is executed at the user terminal, usable by the user, and is authenticated for communicating over the communication system on behalf of the user. The method comprises transmitting authentication data from the application to the communication system. The communication system verifies the authentication data transmitted from the application, and on the basis that the authentication data is verified, the communication system authenticates the application for accessing the communication system on behalf of the user. Prior to the transmitting step the authentication data is provided from the communication system to the client, and then from the client to the application. The verifying step comprises determining that the authentication data transmitted from the application corresponds to the authentication data provided from the communication system to the client, such that the application is authenticated for accessing the communication system on behalf of the user on the basis of the client's authentication with the communication system. | 11-29-2012 |
| 20120311688 | HOSTED MEDIA CONTENT SERVICE SYSTEMS AND METHODS - An exemplary system includes 1) at least one computing device within a first computing subsystem associated with a hosted media content service, the at least one computing device configured to authenticate a user to the hosted media content service and provide at least one encrypted token to a user device associated with the user, and 2) at least one other computing device within a second computing subsystem associated with the hosted media content service, the at least one other computing device configured to store hosted media content associated with the hosted media content service, receive the at least one encrypted token from the user device, validate the at least one encrypted token, and perform, in response to the validation, at least one action on media content as part of the hosted media content service. Corresponding methods and systems are also disclosed. | 12-06-2012 |
| 20120324558 | SYSTEMS AND METHODS OF INTEGRATING OPENID WITH A TELECOMMUNICATIONS NETWORK - A solution is described which allows mobile devices to specify that certain sites are allowed to be logged into based on the device credentials alone. The solution integrates OpenID with a telecommunications network in order to verify the user's identity. This verification is based on the trust that the telecom carrier has to identify the subscriber at the GGSN. The solution splits the OpenID Provider (OP) into two systems—an internal OP and an external OP. The external OP can reside in the public network and can allow the user to authenticate with a password. The internal OP resides in the private network of the carrier and is directly connected to the GGSN such that it is only reachable from the GGSN. | 12-20-2012 |
| 20130007867 | Network Identity for Software-as-a-Service Authentication - Techniques are provided for asserting an identity of a client device with a server. A request is received from a client device to access processes hosted by the server. Network identifier information associated with the client device is obtained from the request. Confirmation of authentication of the client device is requested from an identity authentication server using the network identifier information. Access is provided to the client device for the processes hosted by the server when authentication of the client device is confirmed by the identity authentication server. | 01-03-2013 |
| 20130007868 | ZERO SIGN-ON AUTHENTICATION - A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device. | 01-03-2013 |
| 20130014243 | Cross Domain Single Sign On - The present application provides a method and system for Cross Domain Single Sign On. The method comprises: receiving a request from a user to a service provider; processing the user request prior to relaying the request to the service provider; forwarding the processed request to the corresponding service provider according, to the type of request; in response to receiving a response to the request from the service provider, processing the response, and forwarding the processed response to the user. By adopting the method and system of the present application, a Single Sign On management proxy is introduced as a united management system for a session lifetime of the user. The SSO management proxy manages operations of logging in, checking a session expiration and recovering, logging out, URL mapping, error processing, and access control, and effectively improves the availability, security, functional continuity of the service as well as the user's experience. | 01-10-2013 |
| 20130014244 | TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating. | 01-10-2013 |
| 20130019299 | Distributed Authentication with Data Cloud - A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data. | 01-17-2013 |
| 20130019300 | SYSTEM, CONTROL METHOD THEREFOR, SERVICE PROVIDING APPARATUS, RELAY APPARATUS AND COMPUTER-READABLE MEDIUMAANM Uchida; TakayukiAACI Kawasaki-shiAACO JPAAGP Uchida; Takayuki Kawasaki-shi JP - A system in which a first service providing apparatus, a second service providing apparatus, and at least one authentication apparatus cooperate with each other to provide a service by single sign-on to be used by a user, the second service providing apparatus comprises a management unit that manages belonging information for specifying a group to which the user belongs, and a transmission unit that transmits to the client terminal, when an instruction to provide a service by the first service providing apparatus is accepted from the user while providing a service by the second service providing apparatus, information for accessing the first service providing apparatus and the belonging information if the management unit manages the belonging information of the group to which the user belongs. | 01-17-2013 |
| 20130031619 | REMOTE AUTHENTICATION SCREEN LOCKER FOR A MOBILE DEVICE - Devices, methods and products are described that provide for remote authentication of mobile information handling devices. One aspect provides a method comprising configuring an information handling device operating through a mobile operating system to allow communication with least one remote authentication architecture; denying access to a information handling device of the information handling device responsive to a device lock event; and granting access to the display device responsive to an unlock event comprising entry of logon credentials authenticated at the at least one remote authentication architecture. Other embodiments and aspects are also described herein. | 01-31-2013 |
| 20130036460 | Cross-domain Session Refresh - Various embodiments utilize redirection techniques to refresh an authenticated session for a web-based executable operated across multiple domains. In at least some embodiments, the redirection techniques utilize a hidden inline frame (“i-frame”) to refresh an authenticated session. In some embodiments, polling is utilized to detect the end of a redirection sequence and a refreshed authenticated session while in other embodiments, an authenticated session is assumed to be refreshed after the expiration of a predetermined period of time. | 02-07-2013 |
| 20130047239 | METHOD AND SYSTEM FOR MAINTAINING LOGIN PREFERENCE INFORMATION OF USERS IN A NETWORK-BASED TRANSACTION FACILITY - The present invention relates to various aspects for maintaining and utilizing login preference information of users of a network-based transaction facility. In one embodiment, user interface information is communicated to a client via a communications network. The user interface information includes information concerning a plurality of features within the network-based transaction facility. The user interface information also specifies a login interface that facilitates user input of login preference information pertaining to each of the plurality of features. Further, the login preference information is received from the client via the communications network and utilized to control user access to any of the plurality of features within the network-based transaction facility via the communications network. | 02-21-2013 |
| 20130061308 | COMPUTER PROGRAM CODE AND METHOD FOR DELIVERING EXTERNAL DATA TO A PROCESS RUNNING ON A VIRTUAL MACHINE - A method and system for delivering external data to a process running on a virtual machine, the virtual machine running on an operating system. The method includes the steps of executing instructions on the virtual machine that obtain state data related to the process; querying the virtual machine to obtain component data related to the state data; and manipulating the component data to deliver the external data to the process. In one example, the system provides a single sign-on application that passes user credentials to a Java applet running on a Java virtual machine. | 03-07-2013 |
| 20130074172 | METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine. | 03-21-2013 |
| 20130081125 | User Login With Redirect To Home Network - A login browser form allows a user to securely login to an account and access a web-based service at a server or server farm, referred to as a transaction node, without using a separate authentication or single sign-on server. A user is assigned to one of multiple transaction nodes as its home when the user enrolls in the web-based service. In a subsequent attempt to login, the user may land at the home transaction node or at a non-home transaction node. The transaction node serves the login browser form, including code to cause the web browser to transmit the user login id to the transaction node. If the transaction node determines that it is not the user's home, based on its records of user assignments, it identifies the home and configures the web browser to direct future communications to the home. The user's password is not sent to the non-home. | 03-28-2013 |
| 20130081126 | SYSTEM AND METHOD FOR TRANSPARENT SINGLE SIGN-ON - A method for transparent single sign-on authentication on computers in a networked environment. An embodiment includes receiving an authentication request from an operating system of a first computer, requesting credentials of an application making the authentication request, authenticating the credentials, storing the credentials if the authentication is successful, and transmitting the credentials to a second computer. On subsequent access requests made by the user on the second computer, the credentials can be retrieved from the secure store, eliminating the need to prompt the user to re-enter authentication information. | 03-28-2013 |
| 20130086669 | MOBILE APPLICATION, SINGLE SIGN-ON MANAGEMENT - Techniques for managing single sign-on are provided. in some examples, single sign-on functionality may be provided for use on mobile devices by utilizing mobile applications, cloud applications, and/or other web-based applications. For example, a mobile application or mobile web browser may request to authenticate with or access one or more service providers. Authentication credentials may be requested from a user of the mobile device to facilitate such authentication and/or access. Based at least in part on a successful log-in, access to server resources from other applications on the same mobile device may be provided without successive or repetitive credential requests to the user. | 04-04-2013 |
| 20130086670 | PROVIDING THIRD PARTY AUTHENTICATION IN AN ON-DEMAND SERVICE ENVIRONMENT - A method for logging a user into an online host system begins by receiving a login request from a web browser application of a client device, wherein the login request identifies the online host system. The method continues by initiating a single sign-on routine that involves an online third party system and by obtaining third party user data from the online third party system, wherein the obtained third party user data is associated with the user and is maintained by the online third party system. Host system records maintained by the online host system are modified in accordance with the obtained third party user data. Thereafter, the user is automatically logged into the online host system. | 04-04-2013 |
| 20130097685 | METHOD AND SYSTEM FOR CONTENT DISTRIBUTION MANAGEMENT - A method of managing content related to a plurality of social networking websites. The method comprises accessing a first account that stores user's authentication information of the plurality of the networking websites and connecting to the plurality of social networking websites. Content associated with a second account is obtained from each of the plurality of social networking websites and service capabilities of each of the plurality of social networking websites are tracked. The obtained content from all the social networking websites is displayed on a single page and service information applicable to content is provided. | 04-18-2013 |
| 20130111573 | SINGLE SIGN-ON FOR APPLICATIONS | 05-02-2013 |
| 20130117835 | Image Forming Apparatus, Image Forming System, and Method for Realizing Pseudo Single Sign-On - An image forming apparatus includes: an internal authentication information storage unit that stores user authentication information relating to authentication for the image forming apparatus; an internal user authentication unit; an external authentication information storage unit that stores the user authentication information for external authentication, and a private IP address in association with one another for a plurality of URLs for external authentication; and a pseudo single sign-on unit that when it is determined that a redirection destination URL included in a response message transferred from a cloud server matches one of the stored plurality of URLs for external authentication, reads the user identification information for external authentication relating to the private IP address corresponding to a destination IP address included in a packet of the response message from the external authentication information storage unit, transmits the information for external authentication to the redirection destination URL, and performs the sign-on process. | 05-09-2013 |
| 20130133056 | Single login Identifier Used Across Multiple Shopping Sites - Various methods and systems for facilitating online shopping at multiple retailer websites using a single login identifier are provided. The techniques disclosed herein allow prospective consumers to access various retailer websites on the Internet without the need to remember multiple logins and passwords or log into such retailer websites each time the consumers uses a new electronic device. The prospective consumers may log into a common website, such as a social networking website using a single user identifier and password. An example method for facilitating online shopping at multiple retailer websites using a single login identifier comprises receipt of the login information that corresponds to one or more login websites from a user device. The method may further include retrieving an internal user login identifier based on the received login information. | 05-23-2013 |
| 20130139240 | NETWORK SYSTEM, INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING THE INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - A network system including at least one client and a user account management server is provided. The user account management server includes a user account saving portion for saving a user identifier and a user password for a cooperative server with which at least one client works in coordination for specific processing. Each of the clients includes an application storage portion for storing an application for the specific processing, a reference information storage portion for storing reference information to be referred to when the application is executed, a location information obtaining portion for obtaining location information indicating a saving location of the user identifier and user password, a user account obtaining portion for obtaining, based on the location information, the user identifier and the user password from the user account management server, and an update portion for updating the reference information to indicate the user identifier and the user password. | 05-30-2013 |
| 20130160105 | CONFIGURING IDENTITY FEDERATION CONFIGURATION - A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties. | 06-20-2013 |
| 20130167217 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes following components. An authentication processing unit authenticates a user. A display displays information. An accessing unit accesses an external service. An authenticated-access-information acquiring unit acquires authenticated access information associated with user information for identifying an authenticated user. An unauthenticated-access-information acquiring unit acquires unauthenticated access information having been input by an unauthenticated user when accessing the external service. A controller performs control, when an authenticated user attempts to access the external service, so that the authenticated-access-information acquiring unit acquires authenticated access information associated with user information of the user and the accessing unit accesses the external service by using the acquired authenticated access information, and, when a user attempts to access the external service without being authenticated, so that the unauthenticated-access-information acquiring unit acquires the unauthenticated access information and the display displays the acquired unauthenticated access information. | 06-27-2013 |
| 20130167218 | SINGLE LOGON SYSTEM AND METHOD - The disclosure provides a single logon system for accessing different applications and a method for single logon. Before a client accesses an application, the system determines whether a valid session of the client has been stored. When there is a stored valid session of the client, the client can logon and access the application, or the client must input a legal user name and a legal password to access the application, and the system creates a session and save the session associated with the client. Therefore, when there is a stored valid session, the client can directly access other applications and does not input the user name and the password. | 06-27-2013 |
| 20130205383 | CONSOLIDATING DISPARATE CLOUD SERVICE DATA AND BEHAVIOR BASED ON TRUST RELATIONSHIPS BETWEEN CLOUD SERVICES - A method for consolidating cloud service data and behaviors can begin with the compilation of user/service membership data that associates requesting entities with subscribed cloud services by a trusted cloud service consolidator. A federated trust library housing inter-service trust information for the cloud services contained in the user/service membership data can be created. In response to a service request from a requesting entity, trusted secondary cloud services can be identified for the requesting entity. Identification of the trusted secondary cloud services can be based upon trust factors synthesized from data contained in the federated trust library. Data satisfying the service request and associated behaviors from each trusted secondary cloud service can then be consolidated into a unified data structure. A behavior can be an executable action supported by a trusted secondary cloud service. The unified data structure can be conveyed to the requesting entity in a service response. | 08-08-2013 |
| 20130212665 | SIGNING OFF FROM MULTIPLE DOMAINS ACCESSIBLE USING SINGLE SIGN-ON - An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains. | 08-15-2013 |
| 20130227668 | SECURE SINGLE SIGN-ON - Systems and methods that provide secure single sign-on are described herein. When a user provides credentials to a client device, the credentials may be intercepted and cached at a secure location, such as within a trusted environment. When a client process, such as a remote desktop program running on the client device, requests the credentials for single sign-on to a server providing remote desktop services, the credentials may be secured, such as within an opaque container that may be accessed only components running in trusted environments, and provided to the client process. The client process may be running in an untrusted environment, such as an operating system session. The client device may forward the secured credentials to a trusted environment in the server, effectuating single sign-on. | 08-29-2013 |
| 20130247164 | MULTIPLE ACCESS POINT ZERO SIGN-ON - The ability to connect a device to the Internet or another type of network from various network access points in a convenient manner is contemplated. The device may be conveniently connected to the desired network without requiring user input of a username and password when connecting to the various network access points. | 09-19-2013 |
| 20130263241 | SYSTEMS AND METHODS FOR INTERCEPTING AND AUTOMATICALLY FILLING IN FORMS BY THE APPLIANCE FOR SINGLE-SIGN ON - The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources. | 10-03-2013 |
| 20130269017 | CENTRALIZED SINGLE SIGN ON SERVICE FOR WEBSITES AND ONLINE SERVICES - A system and related operating methods for performing single sign-on across a plurality of different online resources is provided here. The system receives first user credentials for a user, the first user credentials associated with a first online resource. The user is logged into the first online resource, using the first user credentials. While the user remains logged into the online resource, second user credentials for the user are received, wherein the second user credentials are associated with a second online resource. After receiving the second user credentials, a bidirectional single sign-on service is configured for the user. The service enables the user to log into the second online resource using the first user credentials, and enables the user to log into the first online resource using the second user credentials. | 10-10-2013 |
| 20130269018 | METHOD AND SYSTEM FOR PROVIDING USER ACCESS TO A SECURE APPLICATION - Providing remote user access to secure financial applications includes deployment of SSO software to client workstations by receiving a password for collaborating access to a secure server, navigating to the secure server using a web browser on a remote workstation, providing user authorization details and the received password to the secure server, generating a subsequent password at the secure server upon validation of the user authorization details and received password, and downloading an SSO deployment file to the remote workstation. The deployment file includes a subsequent password. The SSO deployment file is executed to install an SSO client application on the remote workstation. Workstation settings and user credentials are read from a secure file or data store. The SSO client application is run on the workstation to employ the user credentials and subsequent password to logon to the secure application. | 10-10-2013 |
| 20130276085 | MULTI-HOP SINGLE SIGN-ON (SSO) FOR IDENTITY PROVIDER (IdP) ROAMING/PROXY - Embodiments of the present disclosure describe methods, apparatuses, and systems related to using an identity provider (IdP) as a proxy for another IdP. Other embodiments may be described and/or claimed. | 10-17-2013 |
| 20130298215 | SINGLE SIGN-ON USER REGISTRATION FOR ONLINE OR CLIENT ACCOUNT SERVICES - Providing for single sign on (SSO) registration for local or network applications in conjunction with a multimedia display device is described herein. By way of example, SSO registration can comprise creating a registration account and linking one or more local or network applications with the registration account. SSO registration can facilitate auto-filling user data requests submitted by registration servers associated with the applications, in conjunction with registering a user for content or services provided by the respective applications. User verification, where requested, can be facilitated by digital certificate or other secure communication. Once registration is completed, a user can access content provided by an application by activating a linked application at the multimedia display device, or a remote device. | 11-07-2013 |
| 20130298216 | SINGLE SIGN-ON ACCOUNT MANAGEMENT FOR A DISPLAY DEVICE - Providing for single sign on functionality implemented for a network-enabled display device is described herein. By way of example, single sign on functionality can comprise accessing stored login credentials for a set of online content or service accounts, and initiating login requests to respective online servers for these accounts in response to a successful user verification or successful login to a subscriber account associated with the network-enabled display device. A user profile created for the network-enabled display device can comprise login credentials for online multimedia television content/services, and include login credentials for one or more other online accounts. Thus, upon successfully logging into a user's television services, other online accounts can be automatically logged in and access provided over the network-enabled display device, significantly reducing overhead involved in accessing online content from multiple service providers. | 11-07-2013 |
| 20130305338 | COMPUTER READABLE STORAGE MEDIA FOR SELECTIVE PROXIFICATION OF APPLICATIONS AND METHOD AND SYSTEMS UTILIZING SAME - Systems and methods for selective proxification of applications are disclosed. One or more computer readable storage media may be encoded with instructions executable by one or more processing units of a computing system. The instructions encoded on the computer readable storage media may comprise authenticating a single sign-on access at a proxy server, receiving a request at the proxy server to access an application on an application server requiring authentication, accessing the application on the application server, authenticating a user to the application without additional authentication input from the user, and selectively providing a proxified session between the user and the application. | 11-14-2013 |
| 20130312075 | WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION - Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website. | 11-21-2013 |
| 20130312076 | DEVICE AND METHOD FOR PROVIDING AUTHENTICATED ACCESS TO INTERNET BASED SERVICES AND APPLICATIONS - Device for providing an authenticated access to the Internet based services, which is remarkable in that it comprises a unified identity management system ( | 11-21-2013 |
| 20130318590 | INFORMATION PROCESSING SYSTEM, CONTROL METHOD THEREOF, AND STORAGE MEDIUM THEREOF - A method for realizing Single Sign-On (SSO) includes verifying, using prior information, whether authorization information issued by a first information processing system in response to successfully authenticating a user satisfies security requirements, providing, in a case where the authorization information is verified as satisfying the security requirements, a service without performing the user authentication, and performing, if an instruction to register a first information processing system that performs user authentication is received from the user, the registration by a method different from a method according to a management method of the prior information in the first information processing system. | 11-28-2013 |
| 20130318591 | Method And Apparatus For Managing Identity For Mobile Terminal - A method and apparatus for managing an identity for a mobile. The method comprises identifying an application sending an identity verification request when receiving the identity verification request from one of multiple applications, sending a request message obtained according to the identity verification request to an identity verification server; and notifying all applications in a related application list comprising the identified application of an identity verification result obtained according to a returned message, when receiving the returned message from the identity verification server. Centralized management is performed for user identity information and user identity verification, development and maintenance cost is reduced, security of the user account is increased, and operations of the user are facilitated. | 11-28-2013 |
| 20130326608 | COOPERATION SYSTEM, COOPERATION METHOD THEREOF, INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM - A client sends a request to start to use a service via an information processing system that is a cooperation source, acquires identification information indicating that authentication has been successfully performed based on group authentication information set for a group to which a user belongs, and then transmits the identification information to an information processing system that is a cooperation destination. | 12-05-2013 |
| 20130340062 | SYSTEM, CONTROL METHOD, AND STORAGE MEDIUM - The present invention performs control to realize an appropriate access by executing mapping processing of single sign-on by associating SP side user information and IdP side user information using a unique AUID. | 12-19-2013 |
| 20140013409 | SINGLE SIGN ON FOR CLOUD - Systems and methods for single sign on to a cloud. The system includes a cloud service provider and a tenant. The cloud service provider has a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal providing a cloud service to the user, the portal has a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant includes the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol. | 01-09-2014 |
| 20140020077 | Unsecured asset detection via correlated authentication anomalies - A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user's account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like. | 01-16-2014 |
| 20140020078 | Confidence-based authentication discovery for an outbound proxy - A confidence-based authentication discovery scheme is implemented at a proxy. The scheme assumes that some level of unauthenticated browsing is allowed prior to enforcing authentication at the proxy. Once a known and trusted set of identity providers has been accessed and the user is required to authenticate at the proxy (e.g., as a result of policy), the proxy initiates Federated Single Sign-On (F-SSO) to one or more (or, preferably, all) known sites accessed by the browser. This F-SSO operation is performed seamlessly, preferably without the user's knowledge (after the user allows an initial trust decision between the proxy acting as a service provider and the external identity provider). The proxy collates the results and, based on the trust it has with those sites, produces a confidence score. That score is then used as input into policy around whether or not a user should be permitted to access a particular site. | 01-16-2014 |
| 20140020079 | METHOD FOR PROVIDING NETWORK SERVICE AND APPARATUS THEREOF - A method for providing network service and apparatus thereof are described. The method includes the following steps: acquiring a network identity information of a user wherein the network identity information stored in a browser is a kind of information with an unique recognition; matching the network identity information with a local identity database to determine whether the local identity database stores a binding relationship between the network identity information and a server account information of the user; querying the server account information stored in the local identity database based on the network identity information of the binding relationship if the network identity information is matched with the local identity database to be found in the local identity database; and automatically logging in the web server based on the server account information of the user. | 01-16-2014 |
| 20140041008 | ESTABLISHING HISTORICAL USAGE-BASED HARDWARE TRUST - Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords. | 02-06-2014 |
| 20140053255 | Secure Non-Geospatially Derived Device Presence Information - This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device. | 02-20-2014 |
| 20140068743 | Secure configuration catalog of trusted identity providers - A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid. | 03-06-2014 |
| 20140082715 | MOBILE MULTIFACTOR SINGLE-SIGN-ON AUTHENTICATION - Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information. | 03-20-2014 |
| 20140082716 | ACCESS CONTROL METHOD, ACCESS CONTROL SYSTEM, COMMUNICATION TERMINAL, AND SERVER - An access control method including: receiving a log information item indicating use history of electrical equipment that is used together with an intended product; receiving product information including information for identifying the intended product; storing the log information item received in the receiving of a log information item and the product information received in the receiving of product information, in association with each other; and controlling whether or not to allow access to the log information item based on the product information associated with the log information item when access to the log information item is attempted. | 03-20-2014 |
| 20140101745 | CUSTOMIZABLE SIGN-ON SERVICE - Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service. | 04-10-2014 |
| 20140123265 | Single Sign-On Access in an Orchestration Framework for Connected Devices - Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store. | 05-01-2014 |
| 20140130144 | Method and System for Obtaining Application Information of Multiple Websites - The present disclosure describes a method and an apparatus for obtaining application information of multiple websites. A corresponding relationship between a main account and multiple pieces of association information is saved in advance. Each piece of association information comprises application authorization information and authentication information of a third-party website. A login request carrying the main account transmitted by a user is received and authenticated. After the user logs in, the multiple pieces of association information is obtained from the corresponding relationship according to the main account carried in the login request. An application information obtaining request is transmitted to multiple third-party websites corresponding to the multiple pieces of association information. A requested result of the application information obtaining request is returned to the user. | 05-08-2014 |
| 20140137225 | SINGLE SIGN-ON FOR NETWORK APPLICATIONS - A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server. | 05-15-2014 |
| 20140137226 | Method and System for Processing Identity Information - A method for processing identity information may include: a first identity for logging into a first website is obtained; a user logs into a second website by using the first identity; a second identity for logging into the second website is obtained; a relation which associates the first identity with the second identity is established. | 05-15-2014 |
| 20140137227 | Systems and Methods for Enhancement of Single Sign-On Protection - Systems and methods are provided for enhancement of single sign-on protection. For example, information associated with one or more executable files related to an application process is acquired at a beginning of the application process; whether the one or more executable files are included in a pre-established white-list database is determined based on at least information associated with the executable files; a target uniform-resource locator (URL) associated with the application process is acquired in response to the one or more executable files being not included in the pre-established white-list database; and in response to the target URL being included in a pre-established log-in URL database on an authentication server, the application process is intercepted, and/or a risk notification is provided to a user. | 05-15-2014 |
| 20140143846 | SYSTEM FOR AND METHOD OF PROVIDING SINGLE SIGN-ON (SSO) CAPABILITY IN AN APPLICATION PUBLISHING ENVIRONMENT - A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process. | 05-22-2014 |
| 20140143847 | SYSTEM FOR AND METHOD OF PROVIDING SINGLE SIGN-ON (SSO) CAPABILITY IN AN APPLICATION PUBLISHING ENVIRONMENT - A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process. | 05-22-2014 |
| 20140150078 | Anonymous Personal Content Access with Content Bridge - An online content publishing and consumption environment can be modeled such that communities of content consumers (users), such as educational institutes and libraries, are categorized as Content Brokers; content providers, such as book, music, and multimedia publishers, and news sources, are categorized as Content Providers; and a Content Bridge, a standalone component providing the functionalities of the presently claimed invention in the online content publishing and consumption environment. The Content Bridge allows a simpler and loosely-coupled integration with lowered integration cost and effort, as the Content Broker is required to integrate once only with the Content Bridge instead of having to integrate individually with every Content Provider. | 05-29-2014 |
| 20140150079 | SYSTEM AND METHOD FOR AUTHENTICATING MULTIPLE DEVICES WITH A SAME CREDENTIAL - A first device implements an application platform that is shared with a second device. The application platform can be implemented so that the first device and the second device operate to have a same identity to at least the network service. The first device provides a user interface in order to receive input for accessing or using the network service. Additionally, the first device communicates input received in response to providing the user interface to the network service. The first device can receive a token from the network service in response to communicating the input. Additionally, the first device can communicate a set of data items to the second device. The set of data items includes the token and one or more identifiers that enable the second device to access and use the network service while appearing as the first device to the network service. | 05-29-2014 |
| 20140165175 | METHOD OF PREVENTING SEQUENTIAL UNAUTHORIZED LOGINS - One object is to restrain unauthorized logins without significantly reducing usability. In accordance with one aspect, a server device according to an embodiment includes: an information storage unit for storing information; a setting unit for setting a value conversion rule used for login authentication; an information generating unit for generating login authentication information in response to a display request for a login screen sent from a terminal device; a sending unit for sending login screen data for displaying the login screen on the terminal device; a receiving unit for receiving login information from the terminal device; a determination unit for determining whether a login is permitted based on the received login information; a monitoring unit for monitoring the situation of unauthorized logins to the server device; and a selection unit for selecting a candidate for a new value conversion rule in accordance with the situation of unauthorized logins. | 06-12-2014 |
| 20140165176 | FILE SHARING SYSTEM AND METHOD - According to the present application, systems, devices and methods for sharing media files may promote sharing of media without permitting the media to be downloaded. Such systems, devices and methods for sharing media may further enable lists of files to be shared and responses to be delivered to the media owner during playback by a user. A local device may be utilized to enable the storing and sharing of media that is hosted off the cloud. Streaming from the file sharing system or the local device is facilitated through the system. | 06-12-2014 |
| 20140173711 | ANTI-PHISHING SYSTEM FOR CROSS-DOMAIN WEB BROWSER SINGLE SIGN-ON - A system and method for cross-domain web browser single sign-on is described. A client accesses a workflow view from a service provider. An identity provider of the service provider generates an authentication process view. The authentication process view has the workflow view provided by the service provider and a logon form view provided by the identity provider. | 06-19-2014 |
| 20140181944 | SINGLE SIGN-ON FOR A NATIVE APPLICATION AND A WEB APPLICATION ON A MOBILE DEVICE - A mobile device includes a session maintainer application, a native application and a shell application and a link to a web application. If a user is seeking to access a native application, and an active session has not been established, user login credential is obtained, a session token is obtained upon verification of the user login credential, and the obtained session token is provided to the native application. If the user is seeking to access a web application, and an active session has not been established, a session token is obtained upon verification of the user login credential and the obtained session token is provided to the shell application. If an active session has been established then the obtained session token is automatically provided to the native or shell application when the user subsequently seeks access to the respective application. | 06-26-2014 |
| 20140181945 | SINGLE-POINT LOGIN SYSTEM AND METHOD - When a server receives a request for accessing a first business system from a client and a first request data packet sent from another business system, the server determines that an access mode of the client is single-point login access. Then the server validates if the client has authority to access the first business system according to data in the first request data packet and data in an information list, and allows the client to access the first business system if the client has the authority, or rejects the client to access the first business system if the client does not have the authority. When receiving a request of switching the client from the first business system to a second business system, the server sends a second request data packet to the second business system. | 06-26-2014 |
| 20140181946 | SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS - The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials. | 06-26-2014 |
| 20140189839 | SINGLE SIGN-ON METHODS AND APPARATUS THEREFOR - Embodiments of the invention employ a KUSO (Kerio Unity Sign On) server to work with different web services (which offer online service via to users via user accounts) to offer single sign-on capability to different services. With the use of the KUSO server, a user only has to authenticate with one of the web services in order to have authenticated access to all web services. After the first successful authentication at one of the web services, the web server that successfully authenticates the user communicates the successful authentication with the KUSO server using a special channel and a special token. Subsequently authentication verification is performed transparently by the KUSO server if the user wishes to access any of the other web services. Safeguards for various edge conditions during sign-on and sign-offs are provided to improve security. | 07-03-2014 |
| 20140208407 | SINGLE SIGN-ON BETWEEN DEVICE APPLICATION AND BROWSER - An aspect provides a method, including: receiving user credentials at a client application via an input device of an information handling device; creating a token using the user credentials; launching a web browser after receiving input at the client application; providing the token to a remote device; and loading, in response to the remote device authenticating the user based on the token, a secure web site in the web browser for presentation on a display device associated with the information handling device. Other aspects are described and claimed. | 07-24-2014 |
| 20140208408 | METHODS AND APPARATUS TO FACILITATE SINGLE SIGN-ON SERVICES - Methods, articles of manufacture and apparatus are disclosed to facilitate single sign-on services. An example method includes monitoring web session activity for an indication of entry of first credentials, identifying an SSO framework associated with the device in response to detecting a context event indicative of web session termination, querying the SSO framework for second credentials associated with the web session, and configuring SSO services on the device when the second credentials are absent from the SSO framework. | 07-24-2014 |
| 20140215595 | SECURITY TOKEN BASED USER AUTHENTICATION IN A MULTI-TENANTED APPLICATION - Systems and methods for security token based user authentication in a multi-tenanted application. An access request, from a user, is received to access at least one user account associated with the user in the multi-tenanted application. Upon receiving the access request, a security token is obtained for the user from a Security Token Service (STS) system. The security token is obtained upon authentication of the user based on login credentials provided by the user. Thereafter, a plurality of user accounts associated with the security token is determined. The plurality of user accounts includes the at least one user account. Further, an access to the plurality of user accounts is provided to the user. | 07-31-2014 |
| 20140237579 | DEVICE FOR CONTROLLING NETWORK USER DATA - This utility model relates to devices for controlling (input, storage and deletion) network user data. | 08-21-2014 |
| 20140282981 | ACCESSING A CLOUD-BASED SERVICE USING A COMMUNICATION DEVICE LINKED TO ANOTHER COMMUNICATION DEVICE VIA A PEER-TO-PEER AD HOC COMMUNICATION LINK - Arrangements described herein relate to accessing a cloud based service. Responsive to a user of a first communication device initiating access to the cloud based service via the first communication device, a prompt for a valid password to be entered to access the cloud based service can be received by the first communication device. Responsive to the valid password required to access the cloud based service not being stored on the first communication device, the first communication device can automatically retrieve the valid password from a second communication device via a peer-to-peer ad hoc communication link between the first communication device and the second communication device. The valid password can be automatically provided, by the first communication device, to a login service for the cloud based service to obtain access by the first communication device to the cloud based service. | 09-18-2014 |
| 20140282982 | Managed Access to Content and Services - Aspects of the disclosure relates to managed access to content and/or services in a network environment. In certain aspects, tokens or other artifacts can be utilized for authentication and authorization. | 09-18-2014 |
| 20140282983 | SINGLE CERTIFICATE SERVICE SYSTEM AND OPERATIONAL METHOD THEREOF - The present invention discloses a single sign-on service system and its respective elements, and an operating method thereof. The single sign-on service system includes a terminal configured to access at least one of a plurality of application service devices according to a request for activating at least one of a plurality of applications, and receive a service token used to operate the application service from each application service device on the basis of a single sign-on token without separately inputting sign-on information, an application service device configured to provide data for operating the application service by the terminal having the service token and when a single sign-on message is received, provide the single sign-on message to a single sign-on service device. | 09-18-2014 |
| 20140289837 | AUTHENTICATING SYSTEM, INFORMATION PROCESSING DEVICE, AUTHENTICATING METHOD AND NON-TRANSITORY COMPUTER READABLE RECORDING MEDIUM - An authenticating system comprises an information processing device and an authentication server connected over a network. The information processing device includes: a storage part for storing user registration information with which the identification information of each user and authentication information other than a password are registered; an authentication information acquiring part for acquiring the authentication information based on receiving a user's instruction; an identification information acquiring part for acquiring the identification information corresponding to the authentication information by running a search through the user registration information; an authentication requesting part for generating the authentication request including the identification information and sending the generated authentication request to the authentication server; a receiving part for receiving the result of the authentication from the authentication server; and a controlling part for putting the information processing device into a logged-in state in accordance with the result of the authentication. | 09-25-2014 |
| 20140298441 | AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, AND SERVICE DELIVERY SERVER - A client terminal transmits a signal related to an authentication request to a service delivery server through a browser every time an application is started by an instruction from a user. Upon receiving the authentication request from the client terminal, an authentication server executes authentication processing in cooperation with the service delivery server based on authentication information of an application of the client terminal, a session of which has been established, and stored in the service delivery server, and user information related to the user stored in the authentication server. | 10-02-2014 |
| 20140298442 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
| 20140304793 | ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A proxy hardware system includes at least one processor configured to initiate and/or perform the following. A login page being sent to a browser executing on a client associated with a user from a back-end server is intercepted. A routine is added to the login page to generate a modified login page. The modified login page is forwarded to the browser. The browser, upon executing the routine, loads an asynchronous engine configured to execute a login process with an authentication profiling service to retrieve login information for the back-end server, and complete an authentication process with the back-end server. | 10-09-2014 |
| 20140304794 | ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A login page being sent to a browser executing on a client associated with a user from a back-end server is intercepted. A routine is added to the login page to generate a modified login page. The modified login page is forwarded to the browser. The browser, upon executing the routine, loads an asynchronous engine configured to execute a login process with an authentication profiling service to retrieve login information for the back-end server, and complete an authentication process with the back-end server. | 10-09-2014 |
| 20140310792 | System and Method for Mobile Single Sign-On Integration - Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services. | 10-16-2014 |
| 20140310793 | APPLICATION LOGIN METHOD AND APPARATUS, AND MOBILE TERMINAL THEREFOR - The present disclosure, pertaining to the field of network applications, discloses an application login method and apparatus, and a mobile terminal therefor. The method includes: verifying an application upon receiving from a user a request for logging in to the application; returning at least one locally stored account if the application is successfully verified; and logging in to the application using an account upon detecting that the user selects the account from the at least one locally stored account. The apparatus includes: a receiving module, a verifying module, a returning module, and a login module. According to the present disclosure, upon receiving from a user a request for logging in to an application, a terminal verifies the application; when the application is successfully verified, the terminal provides a stored account for the application, such that a plurality of applications provided by the same operator share the same account and password. This not only improves utilization rate of resources, but also enhances convenience degree. | 10-16-2014 |
| 20140325631 | METHOD AND SYSTEM FOR MAINTAINING LOGIN PREFERENCE INFORMATION OF USERS IN A NETWORK-BASED TRANSACTION FACILITY - The present invention relates to various aspects for maintaining and utilizing login preference information of users of a network-based transaction facility. In one embodiment, user interface information is communicated to a client via a communications network. The user interface information includes information concerning a plurality of features within the network-based transaction facility. The user interface information also specifies a login interface that facilitates user input of login preference information pertaining to each of the plurality of features. Further, the login preference information is received from the client via the communications network and utilized to control user access to any of the plurality of features within the network-based transaction facility via the communications network. | 10-30-2014 |
| 20140331301 | TOGGLE BETWEEN ACCOUNTS - Techniques are described for enabling administrators of teams that use a particular service to specify which sign-on options, of multiple possible sign-on options, are assigned to the members of the teams to which the administrators belong. For example, an administrator may assign a first sign-on option, which only allows users to use native authentication, to one set of members of the team. At the same time, the administrator may assign a second sign-on option, which only allows users to use third-party single-sign-on authentication, to another set of members of the same team. | 11-06-2014 |
| 20140337953 | Cross-platform authentication from within a rich client - An un-authenticated user attempts to access a protected resource at a Web- or cloud-based application from within a rich client. The client has an associated local HTTP server. Upon being refused access, a browser-based login dialog is opened automatically within an embedded browser panel. After receipt of the user's login credential in the panel, the browser passes the credential server application. If the user is authenticated, the browser-based dialog receives a cookie establishing that the user is authenticated for a session. The browser then automatically makes a request to the HTTP server, passing the cookie. Upon receipt of the request at the rich client HTTP server, the rich client saves the cookie in an associated data store, shuts down the login dialog, and re-issues the original request to the server, this time passing the cookie. The rich client, having provided the cookie, is then permitted to access the resource. | 11-13-2014 |
| 20140337954 | Method and Apparatus for Providing Federated Service Accounts - An approach is provided for determining that a user has been authenticated for an access to at least one service using a federated identity ( | 11-13-2014 |
| 20140344910 | SYSTEM AND METHOD FOR SINGLE-SIGN-ON IN VIRTUAL DESKTOP INFRASTRUCTURE ENVIRONMENT - A system and a method for single-sign-on (SSO) in a virtual desktop infrastructure (VDI) environment are disclosed. The system includes a VDI service server configured to provide a virtual desktop environment to a user terminal according to a request from the user terminal, and a VDI authentication interworking gateway configured to receive VDI environment information of the user terminal from the VDI service server and carry out delegated user authentication for a target system in the virtual desktop environment using the VDI environment information. | 11-20-2014 |
| 20140344911 | MANAGING MULTIPLE LOGINS FROM A SINGLE BROWSER - A method and a system for managing login using a cookie are described. The method includes receiving from a respective client system a request for document information, and receiving from the respective client system a cookie that identifies a plurality of user names logged into the server system from the respective client system. The plurality of logged-in user names includes a first user name and a second user name distinct from the first user name. The method also includes redirecting the received request to a location associated with a selected user name of the plurality of logged-in user names, and receiving the redirected request. The method furthermore includes, in response to the redirected request, processing the request as a request from the selected user name and sending to the respective client system document information corresponding to the request from the selected user name. | 11-20-2014 |
| 20140351915 | METHOD AND APPARATUS FOR PROVIDING AN AUTHENTICATION CONTEXT-BASED SESSION - An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session. | 11-27-2014 |
| 20140373125 | WEB SECURITY PROTECTION METHOD, DEVICE AND SYSTEM - A method, device and system for network security protection comprise: according to a received scan task, a network security device performs a security bug scan of the scan task appointed web site, and when a scan result is obtained, transmits the scan result to a network application firewall, so that the network application firewall can configure a individuality security strategy for the web site according to the received scan result. The problem that it can not he implemented complete individuality security configuration of the web site can be solved in this way. | 12-18-2014 |
| 20140380450 | SYSTEM AND METHOD TO PROVIDE BUILT-IN AND MOBILE VPN CONNECTIVITY - A system and method for facilitating the establishment of a virtual private network between a network and a remote computer, the system having: a mobile device connectable to the remote computer and storing a user profile, virtual private network information, and password information; virtual private network software being located on one of the mobile device and the remote computer; an access point communicating with the network; and communication means for communications between the access point and one of the mobile device and the remote computer, wherein the user profile, virtual private network information, and password information is passed to the virtual private network software upon connection of the mobile device to the remote computer, the virtual private network software using the user profile, virtual private network information, and password information to establish a virtual private network through the communications means and the access point to the network. | 12-25-2014 |
| 20150020184 | CONSOLIDATED AUTHENTICATION - A method and system for authenticating a user at a first computer to first and second applications installed in a second computer. The second computer receives from the user a first request to access the first application, and in response, the second computer redirects the first request to a third computer, and in response, the third computer determines that the user was previously authenticated and so notifies the second computer, and in response, the second computer returns a first session key to the third computer. The first session key enables a session with the first application but not with the second application. The second computer receives from the user a second request with a second session key to access the first and/or second application, and in response the second computer determines that the user is authentic and notifying the first and/or second application that the user is authentic. | 01-15-2015 |
| 20150033315 | AUTHENTICATION AND DIAGNOSTIC FUNCTIONS FOR A DATABASE SYSTEM - A computer system and related features and functionality are presented here. The computer system may be implemented as a multi-tenant database system that supports a number of users via web browser interfaces. The system supports a user authentication method that maintains access tokens at a local client device level for purposes of single sign-on to different tenants or to different native local applications. The system also supports a method of testing computer executable code. The testing procedure defines and tests a plurality of different browser-based functions, and generates a consolidated code coverage report that includes the results of the tests. | 01-29-2015 |
| 20150052596 | NETWORK BASED FIRMWARE FEATURE CONFIGURATION AND FIRMWARE IMAGE GENERATION - A computer-implemented method for modeling a configuration of components connected directly or indirectly to a baseboard of a computer system includes: (a) defining a group of device description files at a network based firmware generator, each device description file describing a component in a set of components which is selectively included in the configuration, and each device description file specifies the identification information associated with the component to which the device description file is associated, (b) providing, at a remote computing device in communication with the firmware generator via a network, a graphical user interface configured to allow a user to visually generate a configuration instruction of baseboard firmware and send the configuration instruction to the firmware generator, and (c) constructing a firmware image at the firmware generator in accordance with the configuration instruction. | 02-19-2015 |
| 20150058960 | Elevating Trust in User Identity During RESTful Authentication and Authorization - Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user's identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource. | 02-26-2015 |
| 20150058961 | AUTHENTICATING USERS BASED UPON AN IDENTITY FOOTPRINT - Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored. | 02-26-2015 |
| 20150067809 | USER IDENTITY AUTHENTICATION AND SINGLE SIGN ON FOR MULTITENANT ENVIRONMENT - Method and Apparatus for rapid scalable unified infrastructure system management platform are disclosed by discovery of compute nodes, network components across data centers, both public and private for a user; assessment of type, capability, VLAN, security, virtualization configuration of the discovered unified infrastructure nodes and components; configuration of nodes and components covering add, delete, modify, scale; and rapid roll out of nodes and components across data centers both public and private. | 03-05-2015 |
| 20150074782 | SECURE METHOD FOR SSO SUBSCRIBER ACCESSING SERVICE FROM OUTSIDE OF HOME NETWORK - When a UE ( | 03-12-2015 |
| 20150074783 | SINGLE SIGN ON FOR APPLICATIONS - Systems and method for providing single sign on access to an application executing at a client device. An API request is intercepted at the client device for signing on a user of the client device for accessing the application. The API request is sent to a remote system where user credentials are determined based on the intercepted API request. The user credentials are returned to the client device where they are used to agnostically sign on the user for accessing the application. | 03-12-2015 |
| 20150089617 | SINGLE SIGN-ON (SSO) FOR MOBILE APPLICATIONS - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-26-2015 |
| 20150089618 | SINGLE SIGN-ON PROCESS - Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of:
| 03-26-2015 |
| 20150089619 | WEB-BASED INTERFACE INTEGRATION FOR SINGLE SIGN-ON - Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently. | 03-26-2015 |
| 20150089620 | VIRTUALIZED DATA STORAGE AND MANAGEMENT OF POLICY AND CREDENTIAL DATA SOURCES - Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently. | 03-26-2015 |
| 20150096005 | MOBILE DEVICE MANAGEMENT PROFILE DISTRIBUTION - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automated mobile device management profile distribution. One of the methods includes receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system, determining that the client device is not enrolled with the mobile device management system, preventing the client device access to the first network resource, providing to the client device a redirect to a mobile device management resource that is different from the first network resource, providing instructions for presentation of a user interface to the client device, and enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device. | 04-02-2015 |
| 20150101032 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - [Object] To reduce the trouble of the authentication process necessary for cooperation between a plurality of devices or network services. | 04-09-2015 |
| 20150101033 | RETRIEVAL OF DATA ACROSS MULTIPLE PARTITIONS OF A STORAGE DEVICE USING DIGITAL SIGNATURES - A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates. | 04-09-2015 |
| 20150106902 | GLOBAL SHARING NETWORK SYSTEM - A unifying and automated access and archiving method and system that permits unification, in one single login procedure, access to all networks and Web portals, and, at the same time, automatic downloading of relevant documents made available in the Web, i.e., by suppliers and Public Administration. The method and system allows creation of a home archive to store all documents, data and contents of interest, both captured from the sources at Web portals and from sharing actions with other users. Documents are organized and stored on the basis of predefined logical criteria so being stored and made available for prompt research and eventual sharing. | 04-16-2015 |
| 20150106903 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM - An information processing system comprises: a management unit that performs management by associating an electronic certificate for a first group with notification destination information regarding a user who belongs to a second group and has a role in managing to allow the service to be used by the user belonging to the first group; and a notification unit that, in response to a remaining period until an expiration date of the electronic certificate falling below a predetermined value, identifies the notification destination information regarding the user belonging to the second group associated with the electronic certificate from among notification destination information, and performs a notification to update the electronic certificate based on the identified notification destination information. | 04-16-2015 |
| 20150106904 | COMMUNICATION TERMINAL AND COMMUNICATION PROCESSING METHOD - A processor stores authentication information managed by a native environment of the communication terminal in a first storage region of the storage device. The processor stores authentication information of an application to be executed on a Web application execution environment of the communication terminal in a second storage region of the storage device. The processor performs a control to write the authentication information stored in the first storage region to the second storage region when authentication information used by the application is not stored in the second storage region and is stored in the first storage region. | 04-16-2015 |
| 20150106905 | LOGIN METHOD FOR CLIENT APPLICATION AND CORRESPONDING SERVER - The present disclosure provides a login method for a client application and a corresponding server. The method includes: sending an access token to a browser of a terminal and creating a corresponding relationship between the access token and user information of a user after the user has successfully logged into a web application via the browser of the terminal; receiving a relationship creating request from the browser and creating a corresponding relationship between device information of the terminal and the access token in accordance with the relationship creating request, wherein the relationship creating request includes the device information of the terminal and the access token; receiving a login request of a client application, the login request including the device information of the terminal that operates the client application; determining the access token corresponding to the device information of the terminal that operates the client application based on the created corresponding relationship between the device information and the access token; and determining the user information which corresponds to the access token based on the created corresponding relationship between the access token and the user information, and performing a login operation of the client application program based on the user information. The technical scheme of the present disclosure can achieve login without re-inputting information such as a user name and a password when a client application is to be logged in after a web application in a terminal has successfully been logged in. | 04-16-2015 |
| 20150113626 | Customized Log-In Experience - Techniques for a customized log-in experience are described in which, script associated with a log-in page is configured to recognize a domain identifier associated with a user log-in attempt via the page. The domain identifier may correspond to a particular customer or company that makes use of web applications and/or other resources from a service provider. The domain identifier may be employed to download or otherwise access data sufficient to implement one or more customizations of the log-in page that correspond to the domain identifier, such as a company logo, a custom background, custom styles, and so forth. The one or more customizations that correlate to the domain identifier are applied to customize the log-in page in a pre-login environment prior to completion of the user log-in attempt. In this way, a tailored user experience is provided even before user authentication to access resources from the service provider. | 04-23-2015 |
| 20150121500 | USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN - In general, in one aspect, embodiments relate to receiving, by a system comprising one or more network devices, a first client authentication information comprising a first indication that a first client device was successfully authenticated by a first authentication server based on credentials provided by the first client device, and forwarding, by the system, the first client authentication information to a second authentication server without determining that the client device was already successfully authenticated by the first authentication server based on the credentials provided by the first client device. The operations further include receiving, by the system from the second authentication server, a second indication that the first client device was successfully authenticated, and based on the second indication received by the system from the second authentication server, granting, by the system, network access to the first client device. | 04-30-2015 |
| 20150121501 | CONNECTED AUTHENTICATION DEVICE USING MOBILE SINGLE SIGN ON CREDENTIALS - Systems and methods for device-based authentication are disclosed. In some implementations, a device receives a Single Sign On PIN from a backend server. The device transmits, to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) to request a token for accessing a network resource via a computer different from the device. The token is associated with a user account. The device receives the token from the token server. The device stores the token at a local memory of the device. | 04-30-2015 |
| 20150121502 | Session Management Technique - A system for managing sessions between a client and multiple servers includes: a receiver for receiving, as a proxy for each of the servers, a request from the client to any of the servers; a determination unit for determining, upon receipt of the request from the client to any of the servers, whether sessions established between the client and the multiple servers are maintained; a disconnection unit for disconnecting, on condition that a session between the client and any of the multiple servers is already disconnected, the sessions established between the client and the servers different from the disconnected server; and a forward unit for forwarding, on condition that the sessions established between the client and all of the multiple servers are maintained, the received request to the destination server for the request. | 04-30-2015 |
| 20150121503 | METHOD, SYSTEM AND STORAGE MEDIUM FOR USER ACCOUNT TO MAINTAIN LOGIN STATE - Provided is a method for maintaining a login state of a user account, including: acquiring a data access request corresponding to a user ID, the data access request includes a session ID corresponding to the user ID; extracting the session ID from the data access request, and acquiring a session corresponding to the session ID; and allocating the session acquired to the data access request. Also provided are a system and a storage medium for a user account to maintain a login state. The aforementioned method, system and storage medium for a user account to maintain a login state can reduce resource overheads. | 04-30-2015 |
| 20150135296 | CATALOG DRIVEN ORDER MANAGEMENT FOR RULE DEFINITION - Centralized single sign-on service for entitlement for multiple different application interface objects to relational database objects is provided as a function of a set of relational extensible mark-up language links. Roles are mapped to a unique user identification by a first extensible mark-up language link. A permission value within a second extensible mark-up language link that specifies a type of access to a unique data object identification is linked to the roles mapped in the first link. An object type and an object name within another extensible mark-up language link are linked to the determined permission value and to the unique data object identification. Access to a data object within a database by different external applications is enabled pursuant to the determined permission value as a function of the data object having the unique data object identification, the first and the second external applications using different application formats. | 05-14-2015 |
| 20150135297 | METHOD AND APPARATUS FOR THE SECURE AUTHENTICATION OF A WEB SITE - Methods for the authentication of a web site by a visitor to the web site. The visitor uses a device, such as a portable device like a cell phone to compute a dynamic identification string and a one-time password. The dynamic identification string is sent to a service provider, such as a certification service server associated with the web site. In response, the server computes a one-time password that is transmitted to the visitor's device. The device computed one-time password can then be compared to the server computed one-time password in order to authenticate the web site. | 05-14-2015 |
| 20150143499 | SINGLE SIGN-ON FOR DISPARATE SERVERS - A system includes authentication of a user with a first server, reception of a request from the user to authenticate the user with a second server, requesting, from the first server, in response to receiving the request, user credentials to access the second server, reception of the user credentials from the first server, and transmission of the user credentials to the second server. | 05-21-2015 |
| 20150150108 | INFORMATION PROCESSING DEVICE, AND METHOD AND COMPUTER-READABLE MEDIUM THEREFOR - An information processing device including a controller configured to accept a selection of a service from among a plurality of services including a first service and a second service, control a display unit to display an authentication screen, when accepting a selection of the first service, control a communication unit to transmit authentication information input on the authentication screen displayed in response to acceptance of the selection of the first service, to a first external device configured to perform authentication for the first service, store into a storage the authentication information transmitted to the first external device, and when accepting a selection of the second service and determining that the authentication information is stored in the storage, control the communication unit to transmit the authentication information stored in the storage, to a second external device configured to perform authentication for the second service. | 05-28-2015 |
| 20150304307 | APPLICATION SIGNING - Systems and methods for application signing are disclosed. In some implementations, an application package identifier and a password may be received at an application signing server. Upon authenticating the application package identifier and the password, a fingerprint identifying the developer is received. Upon receipt of the fingerprint, the application signing server generates a secure key for the application based on the fingerprint, where the secure key is provided to the developer for inclusion within the application. Upon determining that the application package identifier and the secure key included in a request from an operating system of a mobile device matches an authorized application package identifier and an authorized secure key stored at the application signing server, the application signing server provides the requested list of the one or more APIs to the operating system to grant the application access to the APIs in the list. | 10-22-2015 |
| 20150304308 | SECURE IDENTITY FEDERATION FOR NON-FEDERATED SYSTEMS - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. | 10-22-2015 |
| 20150310202 | MOBILE APPLICATION, IDENTITY INTERFACE - Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider. | 10-29-2015 |
| 20150312256 | Inter-Application Delegated Authentication - Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application. | 10-29-2015 |
| 20150334108 | GLOBAL AUTHENTICATION SERVICE USING A GLOBAL USER IDENTIFIER - An authentication device may provide an authentication code to a third party device. The third party device may provide a third party service to which a client device has requested access. The authentication device may receive the authentication code from a mobile device that is different from the client device. The authentication device may determine a third party device identifier included in the authentication code. The third party device identifier may identify the third party device that provides the third party service. The authentication device may determine a transaction identifier included in the authentication code. The authentication device may selectively provide the transaction identifier to the third party device, identified by the third party device identifier, to cause the third party device to selectively permit the client device to access the third party service. | 11-19-2015 |
| 20150347742 | CONFIGURING IDENTITY FEDERATION CONFIGURATION - A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties. | 12-03-2015 |
| 20150350193 | AUTHENTICATION INFORMATION THEFT DETECTION METHOD, AUTHENTICATION INFORMATION THEFT DETECTION DEVICE, AND COMPUTER-READABLE RECORDING MEDIUM STORING PROGRAM FOR THE SAME - The method is for detecting theft of authentication information for a communication device that provides a service for a user. The method includes storing, for each log-in request, a record of information on a log-in request source, authentication information that the log-in request source submits to the communication device when the log-in is performed, and information indicating a success or failure of the log-in using the authentication information; receiving information on an attack source against the communication device, from a management device of a network in which the communication device exists; determining that authentication information in the record is stolen by the attack source when information that indicates success of the log-in is stored in the record, the record including information on the log-in request source which is matched with the information on the attack source; and outputting the authentication information that is determined to be stolen. | 12-03-2015 |
| 20150350194 | SYSTEMS, METHODS, AND SOFTWARE TO PROVIDE ACCESS CONTROL IN CLOUD COMPUTING ENVIRONMENTS - An access control service to provide access control for operations between resources and/or between resources and users in a cloud computing environment. The access control service receives a request to perform an operation. The requested operation could be initiated by a resource with respect to another resource. The requested operation could also be initiated by a user with respect to a resource. The access control service determines whether the requested operation is permitted. If the requested operation is permitted, the access control service provides the credentials required to perform the requested operation. | 12-03-2015 |
| 20150350200 | BIOMETRIC FRAMEWORK ALLOWING INDEPENDENT APPLICATION CONTROL - Generation and segregation of mobile device biometric application template storage is described. Applications request a memory domain within mobile device storage for storing enrolled templates in the domain. The application calls a secure API associated with the biometric driver and software of the mobile device. As a result, the biometric driver and software does not search a number of domains to locate the enrolled templates that correspond to the mobile application or search all enrolled templates stored in memory. The mobile device applications maintain control of the storage domain and the template. The enrolled template may only be deleted through the controlling mobile device application. | 12-03-2015 |
| 20150365399 | METHOD AND APPARATUS FOR SHARING SERVER RESOURCES USING A LOCAL GROUP - A computer implemented method and apparatus for sharing server resources. One or more applications are registered to a first local group on a device, and one or more applications are registered to a second local group on the device. If a user and device have been authenticated, and a device token already acquired for obtaining authorization for a first application of the first local group to access resources from a server, the same device token is available for use in obtaining authorization for a second application of the first group to access (share) resources from the server. Thus, the user need not re-submit authentication credentials to the authorization server. When the user signs out of an application of the same group, the sign out procedure is processed locally for all applications of the group. A device token is surrendered when it is not needed by applications of any other group. | 12-17-2015 |
| 20160006719 | CROSS-NATIVE APPLICATION AUTHENTICATION APPLICATION - A user device stores first authentication information used to grant access to a resource associated with a first application, and configuration information relating to a second application. The user device receives an authentication request from the second application requesting second authentication information. Based on the configuration information relating to the second application, the user device determines whether the first authentication information contains some or all of the requested second authentication information. The user device generates an authentication response to the authentication request, using the first authentication information, and sends the authentication response to the second application in order to permit access to a resource associated with the second application. | 01-07-2016 |
| 20160006720 | DETECTING SHARING OF PASSWORDS FOR PASSWORD PROTECTED USER ACCOUNTS - A method for detecting the sharing of a password related to a password protected user account provided by an organization, by multiple entities of the organization is disclosed. In one embodiment, input associated with a training word is received from a user of a user computing device. In some examples, the input may include a sequence of user input entries related to the training word. In some embodiments, metadata associated with the sequence of user input entries is derived and a user input pattern profile is generated based on the metadata. In some embodiments, an authorized user of the organization is identified based at least in part on comparing the received input to the user input pattern profile. | 01-07-2016 |
| 20160006721 | Providing Social Network Content Based on the Login State of a User - An electronic device includes a display, one or more processors, and memory storing one or more programs. The one or more programs include a first program having a user-logged-in state for a first user and a user-logged-out state for the first user. The device communicates with a social network system; and displays a first user interface on the display. The first user interface includes a first predetermined area that corresponds to the first program. If the first program is in the user-logged-in state for the first user, the device displays in the first predetermined area first content from a plurality of users of the social network system that are connected to the first user. If the first program is in the user-logged-out state, the device displays in the first predetermined area second content that is selected for the first user, without displaying the first content. | 01-07-2016 |
| 20160021097 | FACILITATING NETWORK AUTHENTICATION - Embodiments provide single sign on to enterprise applications through a captive portal. Example embodiments include receiving from a captive portal sign-on user interface, a request for network access from a user, the request including authentication credentials, redirecting the user to an identity server when the user has been authenticated for network access using the authentication credentials. Redirecting may include providing the identity server with the authentication credentials, and generating a single sign on (SSO) token using the authentication credentials, the SSO token allowing the user to access enterprise applications. | 01-21-2016 |
| 20160021098 | SECURE COMMUNICATION DURING PROVISIONING OF A MOBILE DEVICE TO STREAM MEDIA CONTENT FROM A MEDIA CLIENT - A device may be configured to communicate with a mobile device using a short range communication protocol. The device may open a port based on communicating with the mobile device using the short range communication protocol. The device may receive a request from the mobile device via the port. The request may request security information for setting up a secure connection. The device may provide the security information to the mobile device. The device may establish a secure connection with the mobile device based on the security information. The device may provision the mobile device to receive media content from the device based on the secure connection. The device may provide the media content to the mobile device based on provisioning the mobile device. | 01-21-2016 |
| 20160036806 | Automated Password Generation and Change - An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system may also a mobile device management system to configure a client of the user with the new password. | 02-04-2016 |
| 20160057126 | ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A login page is sent, by a backend server system, to a browser executing on a client associated with a user; and an authentication process is performed by the backend server system with the client. The logic page is intercepted by a proxy, and a modified logic page is generated by the proxy by adding a routine to the logic page. The modified logic page is forwarded to the browser, and the routine causes the browser to loads an asynchronous engine configured to execute a login process with an authentication profiling service to retrieve login information for the back-end server, and complete the authentication process. | 02-25-2016 |
| 20160057130 | SINGLE SIGN-ON TO WEB APPLICATIONS FROM MOBILE DEVICES - A mobile device may include an authenticator and a processor. The authenticator may store a first secret corresponding to a second secret stored on a server and generating a key based upon the first secret. The processor may embed the key in data communicated to the server to request access from the server. | 02-25-2016 |
| 20160065559 | Systems and Methods for Verifying Human Interaction with a Computer Interface - Exemplary methods and systems for verifying human interaction with a computer interface are described herein. An exemplary method includes a human-interaction verification system detecting a request by an access device to access network-based content, providing, for display by the access device, a visually dynamic representation of one or more security images associated with a passcode in response to the access request, receiving, by way of the access device, challenge-response input associated with the visually dynamic representation of the one or more security images, and performing an access operation based at least in part on a comparison of the challenge-response input to the passcode. | 03-03-2016 |
| 20160080361 | SINGLE SIGN-ON (SSO) FOR MOBILE APPLICATIONS - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 03-17-2016 |
| 20160087970 | SECURE APPLICATION ACCESS SYSTEM - A proxy server receives a synchronization request from an application program resident on a user device. The proxy server determines that the user device requires removal of application program data and synchronizes the application program resident on the user device with a null account that is associated with application program. | 03-24-2016 |
| 20160094538 | MANAGED CLONE APPLICATIONS - Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management. | 03-31-2016 |
| 20160099931 | Single Sign Off Handling by Network Device in Federated Identity Deployment - In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message. | 04-07-2016 |
| 20160099933 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 04-07-2016 |
| 20160103988 | SECURE AUTOMATIC AUTHORIZED ACCESS TO ANY APPLICATION THROUGH A THIRD PARTY - A method and process for users to have secure access to multiple mobile, embedded or web based applications, is provided whereby each requires different authentication, and access to such applications is automated through the use of a single authenticating and authorizing software; the software thereby securely managing the individual authorizations and, in so doing, the authentication required by any individual application independent of the device used. To protect against any intrusion and manipulation whilst assuring that only legitimate user(s) that are properly authenticated have access to their applications the method secures the secret information required to access these applications and minimizes exposure to any sensitive information. Moreover, any secrets that protect information are themselves secured and made strong and the means of access is simplified and automated as much as possible whilst safeguarding security and confidentiality. | 04-14-2016 |
| 20160105421 | SYSTEM AND METHOD INVOKING SECURITY AND PROFILE UTILITIES FOR GLOBAL ACCOUNT REGISTRATION - Systems and methods are disclosed herein for managing electronic access from remote devices to a plurality of back-end computer platforms. The system includes a front-end computing system connected to the plurality of computerized back-end services by a data network, the front-end computer system including a network interface, a profile utility, and security utility. The network interface is configured to receive a registration request for a user identity. The front-end computer system invokes services of the security utility to verify information concerning the user identity and to register a global user account for the user. The front-end computer system invokes the profile utility to merge or link pre-existing user accounts associated with the user identity for the plurality of computerized back-end services. The front-end computer system also invokes the profile utility to determine roles for the user identity in relation to each of the computerized back-end services. | 04-14-2016 |
| 20160112402 | Single Sign-on via Application or Browser - Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser. | 04-21-2016 |
| 20160112404 | Systems and Methods for Synchronized Sign-on Methods for Non-programmatic Integration systems - Systems and methods for automatically signing a user on to an integration application when a user signs on to another application and signing a user off when the user signs off of the other application. The integration application automatically non-programmatically collects data from a mapped location of a mapped source reference of the other application. The collected data includes a user identifier value. The integration continuously monitors the collected user identifier value for a difference in the collected user identifier value. If the collected user identifier value is recognized by the integration application, the user is signed into the integration application using the collected user identifier value, and if a difference in the collected user identifier value is detected, the user is signed off of the integration application. | 04-21-2016 |
| 20160119323 | SINGLE SIGN ON FOR NATIVE AND WRAPPED WEB RESOURCES ON MOBILE DEVICES - A method includes performing operations as follows on a processor: associating a single sign on module with a native application residing on a mobile device, detecting, using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server, determining, using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server, sending, using the single sign on module, the token to the identity provider server when the token is determined to be stored on the mobile device, receiving, at the single sign on module, an identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server, and providing, using the single sign on module, the identity assertion to the native application. The service provider server is independent of the identity provider server. | 04-28-2016 |
| 20160119324 | Single Sign On Across Multiple Devices Using A Unique Machine Identification - Single sign on technology enables shared access to a protected service, such as an application, from a plurality of dynamically associated computing devices. After logging into the application from one of the computing device, a user may access the application from the other computing devices without re-authentication. A user may also log out from the application from any of the computing device. Unique machine identifications, such as device DNA, for identifying each of the computing devices are used in, for example, a method, apparatus (such as a login server) and computer program product. A single session may be shared across multiple computing devices. The same authentication token, such as a SAML token, may also be used for all of the computing devices having the same user session. | 04-28-2016 |
| 20160119326 | System and Method for Single Sign-On Session Management Without Central Server - A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized. | 04-28-2016 |
| 20160127352 | STEP-UP AUTHENTICATION FOR SINGLE SIGN-ON - A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource. | 05-05-2016 |
| 20160134618 | ANTICIPATORY SINGLE SIGN-ON (SSO) FOR PROXIED WEB APPLICATIONS - One embodiment provides a method, including: receiving, from an end user device, authentication data of a user of a web service; storing, in a single sign-on service, data for authenticating the user to the web service; receiving, at the single sign-on service, one or more initiations for the web service from the user; generating, using a processor, anticipatory sign-on data for the user based on the one or more initiations for the web service; and storing, at the single sign-on service, the anticipatory sign-on data. Other aspects are described and claimed. | 05-12-2016 |
| 20160134619 | System and Method for Single Sign-On Technical Support Access to Tenant Accounts and Data in a Multi-Tenant Platform - Shown is single sign-on support access to tenant accounts in a multi-tenant service platform involving a proxy user account in an identity provider for a tenant account on the service platform having security metadata associated therewith, mapping in the identity provider maps a support user to a proxy user identifier, a corresponding security endpoint in the service platform and mapping of the proxy user account identifier to the tenant account and security metadata. The identity provider authenticates a request to access the tenant account on the service platform, obtains the security credentials for the proxy user identifier, and sends a security assertion with the proxy user identifier and the security metadata to the security endpoint. The endpoint receives and validates the security assertion against the mapping for the proxy user identifier to the tenant account and the security metadata in the service platform, and permits access by the support user to the tenant account in the service platform. | 05-12-2016 |
| 20160149927 | SYSTEM AND METHODS FOR PROTECTING USERS FROM MALICIOUS CONTENT - A method, system and device for allowing the secure collection of sensitive information is provided. The device includes a display, and a user interface capable of receiving at least one user-generated interrupt in response to a stimulus generated in response to content received by the device, wherein the action taken upon receiving the user-generated interrupt depends on a classification of the content, the classification identifying the content as trusted or not trusted. The method includes detecting a request for sensitive information in content, determining if an interrupt is generated, determining if the content is trusted, allowing the collection of the sensitive information if the interrupt is generated and the content is trusted, and performing an alternative action if the interrupt is generated and the content is not trusted. The method may include instructions stored on a computer readable medium. | 05-26-2016 |
| 20160164860 | Single Sign On Availability - Methods and computer program products relate to single sign on (SSO) availability including identifying a set of single sign on applications in a system in which a user authentication for a first application is used for other applications in the set of applications monitoring the set of applications to determine availability of single sign on for each application, and providing an indication of the availability of single sign on for each application. | 06-09-2016 |
| 20160182489 | METHOD AND APPARATUS FOR ENABLING A SINGLE SIGN-ON ENABLED APPLICATION TO ENFORCE AN APPLICATION LOCK | 06-23-2016 |
| 20160191500 | CONSOLIDATED AUTHENTICATION - A method and system for authenticating a user at a first computer to first and second applications installed in a second computer. The second computer receives from the user a first request to access the first application, and in response, the second computer redirects the first request to a third computer, and in response, the third computer determines that the user was previously authenticated and so notifies the second computer, and in response, the second computer returns a first session key to the third computer. The first session key enables a session with the first application but not with the second application. A second session key was sent by the third computer to the first computer after the third computer received the first session key from the second computer. The second session key enables a session with both the first application and the second application. | 06-30-2016 |
| 20160205088 | Transferring Web-Application Prerequisite Files While Authentication Interface Occludes Web-Application Interface | 07-14-2016 |
| 20160255074 | SINGLE SIGN-ON SERVICE SECURITY PROTECTIONS | 09-01-2016 |
| 20170237729 | SECURING USER-ACCESSED APPLICATIONS IN A DISTRIBUTED COMPUTING ENVIRONMENT | 08-17-2017 |
| 20180024824 | MANAGED CLONE APPLICATIONS | 01-25-2018 |
| 20180026964 | LOGIN PROXY FOR THIRD-PARTY APPLICATIONS | 01-25-2018 |
| 20180026966 | METHOD AND SYSTEM FOR CREATING A VIRTUAL SIP USER AGENT BY USE OF A WEBRTC ENABLED WEB BROWSER | 01-25-2018 |
| 20220141209 | WORKFLOW SERVICE BACK END INTEGRATION - Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization. | 05-05-2022 |
