Patents by Inventor Hassen Karaa
Hassen Karaa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10470040Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.Type: GrantFiled: August 27, 2017Date of Patent: November 5, 2019Assignee: OKTA, INC.Inventors: Thomas M. Belote, Hassen Karaa, Christine Wang, Vinoth Jayaraman, Marc Powell, Shaolin Shen, Naveed Makhani, Ankit Garg
-
Publication number: 20190069168Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.Type: ApplicationFiled: August 27, 2017Publication date: February 28, 2019Inventors: Thomas M. Belote, Hassen Karaa, Christine Wang, Vinoth Jayaraman, Marc Powell, Shaolin Shen, Naveed Makhani, Ankit Garg
-
Patent number: 10097533Abstract: An identity management system provides single sign-on (SSO) services to clients, logging the clients into a variety of third-party services for which the clients have accounts. An SSO integration is stored for each of the third-party services, the SSO integration including information that allows the identity management system to automate the login for the corresponding third-party service, such as locations of the login pages, and/or identities of username and password fields. The identity management system uses different techniques in different embodiments to detect that a given SSO integration is broken (i.e., no longer permits login for its corresponding third-party service) and/or to repair the SSO integration.Type: GrantFiled: September 4, 2015Date of Patent: October 9, 2018Assignee: OKTA, INC.Inventors: Reman P. Child, Hassen Karaa, Xin Gu, Hector Aguilar-Macias, Andrew P. Drozdov
-
Patent number: 9805189Abstract: Registering a computer system for use in an enterprise. A method includes receiving, from a device management infrastructure of the enterprise, an executable system management component (SMC), and installing the SMC at a storage device. The method also includes executing the SMC, causing the computer system to register with the device management infrastructure, including applying a device settings policy to a configuration of the computer system. Executing the SMC also causes the computer system to configure itself to periodically execute a maintenance task received from the device management infrastructure.Type: GrantFiled: January 25, 2016Date of Patent: October 31, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Hassen Karaa, Michael Healy, Brett D. A. Flegg, Gaurav Dhawan, Jeffrey Sutherland
-
Patent number: 9548976Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.Type: GrantFiled: May 4, 2015Date of Patent: January 17, 2017Assignee: Okta, Inc.Inventors: Thomas M. Belote, Hassen Karaa, Christine Wang, Vinoth Jayaraman
-
Publication number: 20160300055Abstract: Registering a computer system for use in an enterprise. A method includes receiving, from a device management infrastructure of the enterprise, an executable system management component (SMC), and installing the SMC at a storage device. The method also includes executing the SMC, causing the computer system to register with the device management infrastructure, including applying a device settings policy to a configuration of the computer system. Executing the SMC also causes the computer system to configure itself to periodically execute a maintenance task received from the device management infrastructure.Type: ApplicationFiled: January 25, 2016Publication date: October 13, 2016Inventors: Hassen Karaa, Michael Healy, Brett D.A. Flegg, Gaurav Dhawan, Jeffrey Sutherland
-
Patent number: 9361083Abstract: Installing apps on a device. The device is generally configured to be used in a closed market environment that only allows generally available apps of the closed market to be installed. The method includes determining that the device has been authorized to install apps outside of a set of apps generally available from the closed market and from a set of apps available only to users of a particular enterprise. The method further includes determining that an app, that is not generally available from the closed market, has been verified by a central authority. The method further includes installing the app on the device in spite of the fact that the device is generally configured to be used in a closed market environment.Type: GrantFiled: March 6, 2013Date of Patent: June 7, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Hassen Karaa, Michael Healy, Brett D. A. Flegg, Gaurav Dhawan, Jeffrey Sutherland
-
Publication number: 20160080360Abstract: An identity management system provides single sign-on (SSO) services to clients, logging the clients into a variety of third-party services for which the clients have accounts. An SSO integration is stored for each of the third-party services, the SSO integration including information that allows the identity management system to automate the login for the corresponding third-party service, such as locations of the login pages, and/or identities of username and password fields. The identity management system uses different techniques in different embodiments to detect that a given SSO integration is broken (i.e., no longer permits login for its corresponding third-party service) and/or to repair the SSO integration.Type: ApplicationFiled: September 4, 2015Publication date: March 17, 2016Inventors: Reman P. Child, Hassen Karaa, Xin Gu, Hector Aguilar-Macias, Andrew P. Drozdov
-
Patent number: 9245128Abstract: Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.Type: GrantFiled: March 6, 2013Date of Patent: January 26, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Hassen Karaa, Michael Healy, Brett D. A. Flegg, Gaurav Dhawan, Jeffrey Sutherland
-
Publication number: 20150326562Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.Type: ApplicationFiled: May 4, 2015Publication date: November 12, 2015Inventors: Thomas M. Belote, Hassen Karaa, Christine Wang, Vinoth Jayaraman
-
Publication number: 20140259007Abstract: Installing apps on a device. The device is generally configured to be used in a closed market environment that only allows generally available apps of the closed market to be installed. The method includes determining that the device has been authorized to install apps outside of a set of apps generally available from the closed market and from a set of apps available only to users of a particular enterprise. The method further includes determining that an app, that is not generally available from the closed market, has been verified by a central authority. The method further includes installing the app on the device in spite of the fact that the device is generally configured to be used in a closed market environment.Type: ApplicationFiled: March 6, 2013Publication date: September 11, 2014Applicant: Microsoft CorporationInventors: Hassen Karaa, Michael Healy, Brett D. A. Flegg, Gaurav Dhawan, Jeffrey Sutherland
-
Publication number: 20140259178Abstract: Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.Type: ApplicationFiled: March 6, 2013Publication date: September 11, 2014Applicant: Microsoft CorporationInventors: Hassen Karaa, Michael Healy, Brett D.A. Flegg, Gaurav Dhawan, Jeffrey Sutherland