Abstract: Techniques are described in which a service store is provided that allows consumers to shop for services online. The service store system architecture includes a service store which interacts over a network with service consumers, service providers, a social single sign-on aggregated identity engine, and various external partners. Through the online service store, complex and customized ordering and fulfillment processes are achieved using the service store environment.

Abstract: Techniques are described in which to access a user's web applications, the user registers and signs on to an aggregator system using any supported login identity provider username and password. When the user registers for the first time, the system collects additional information to verify the user for a subsequent access to the system. The system also automatically creates a system secret username and secret, highly securely generated password, both of which are unknown and inaccessible to the user. The secret username and password are stored in a lightweight directory access protocol (LDAP) server or database or in a distributed cloud database system. The system also maps the login identity provider user name to the secret user name and password for subsequent usage.

Abstract: Store intelligence—in-store analytics (“in-store analytics”) techniques are provided that, by combining analytics with experience, improve the shopping, managing, monitoring, etc., experience of an end user. In-store analytics can be integrated with workflow for optimizing and assisting prioritizing operations.

Abstract: Techniques are described in which for a user to obtain access to or entitlement to objects or locations, such as for example a web application or entry into an accounting office, the system derives a unified risk score associated with the user. The computer compares the unified risk score against a set of rules to determine whether the unified risk score is greater than a particular threshold. Based on such determination, the computer can cause denial of access or entitlement for example by denying entry to the web application or transmitting a denied message to a system that controls the physical lock on the door to the accounting office. In generating the unified risk score, the computer retrieves the most up-to-date identity information about the user by signing on to an aggregator system using any supported login identity provider username and password or other authenticating credentials associated with the user.

Abstract: Store intelligence—in-store analytics (“in-store analytics”) techniques are provided that, by combining analytics with experience, improve the shopping, managing, monitoring, etc., experience of an end user. In-store analytics can be integrated with workflow for optimizing and assisting prioritizing operations.

Abstract: Techniques are described in which to access a user's web applications, the user registers and signs on to an aggregator system using any supported login identity provider username and password. When the user registers for the first time, the system collects additional information to verify the user for a subsequent access to the system. The system also automatically creates a system secret username and secret, highly securely generated password, both of which are unknown and inaccessible to the user. The secret username and password are stored in an lightweight directory access protocol (LDAP) server or database or in a distributed cloud database system. The system also maps the login identity provider user name to the secret user name and password for subsequent usage.

Abstract: Techniques are described in which to access a user's web applications, the user registers and signs on to an aggregator system using any supported login identity provider username and password. When the user registers for the first time, the system collects additional information to verify the user for a subsequent access to the system. The system also automatically creates a system secret username and secret, highly securely generated password, both of which are unknown and inaccessible to the user. The secret username and password are stored in an lightweight directory access protocol (LDAP) server or database or in a distributed cloud database system. The system also maps the login identity provider user name to the secret user name and password for subsequent usage.

Abstract: One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.

Abstract: One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.

Abstract: A system for controlling access to a protected network includes a network access control module coupled to the network and configured to restrict access to the network to an authorized user through a computer coupled to the network. The system also includes a communication device associated with the computer, which automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the network via the computer. When the network access control module receives the unique identifier it is configured to authenticate the communication device, to authenticate the user via the communication device when the communication device is authenticated, and when the user is authenticated, to submit log-on information to a log-on interface of the computer associated with the communication device so that the user can access the network via the computer.

Abstract: A system for controlling access to a protected network includes a network access control module that is coupled to the protected network and which is configured to restrict access to the network to an authorized user through a computer coupled to the protected network. The system also includes a communication device associated with the computer. The communication device automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the protected network via the computer.

Abstract: Exemplary embodiments provide a method and system for providing a hybrid meta-directory for recording a grant of privileges. In one embodiment method and system aspects of the exemplary embodiment include: assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.

Abstract: Exemplary embodiments provide a method and system for self-service resource provisioning having collaborative compliance enforcement. Method and system aspects of the exemplary embodiments include displaying a hierarchical list of resources for selection of at least one privilege associated with the resources; in response to a user selecting least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to enable the user to initiate a request for the privilege; and in response to a user submitting the request cart, automatically invoking a workflow process to approve a request for the privilege, wherein the workflow is dynamically generated at least in part from the structure of the hierarchical list of resources and a location of the privilege within the hierarchical list.

Abstract: Authenticating a user includes providing a plurality of questions based on user related information stored in at least one data source, wherein none of the plurality of questions is password related. At least one of the plurality of questions is presented to the user in response to receiving a request from the user to access one or more protected resources. Access is granted to the authorized set of protected resources if the user correctly answers each of the at least one questions presented. According to the present invention, the user's identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.

Abstract: Exemplary embodiments provide a method and system for self-service resource provisioning having collaborative compliance enforcement. Method and system aspects of the exemplary embodiments include displaying a hierarchical list of resources for selection of at least one privilege associated with the resources; in response to a user selecting least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to enable the user to initiate a request for the privilege; and in response to a user submitting the request cart, automatically invoking a workflow process to approve a request for the privilege, wherein the workflow is dynamically generated at least in part from the structure of the hierarchical list of resources and a location of the privilege within the hierarchical list.

Abstract: A system for controlling access to a protected network includes a network access control module that is coupled to the protected network and which is configured to restrict access to the network to an authorized user through a computer coupled to the protected network. The system also includes a communication device associated with the computer, which automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the protected network via the computer.

Abstract: Exemplary embodiments provide a method and system for providing a hybrid meta-directory for recording a grant of privileges. In one embodiment method and system aspects of the exemplary embodiment include: assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.