Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.

Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.

Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.

Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: A processor-implemented method manages an identification document (ID) that is displayed on an electronic device. One or more processors (e.g., within an identity document manager) receive a set of profile details about an entity. The processor(s) send the set of profile details about the entity to a blockchain system that generates a blockchain from the set of profile details about the entity. The processor(s) generate a barcode from a hash of the blockchain, and transmit the barcode to an entity device. The processor(s) subsequently receive a new barcode from an entity verification device. The processor(s) compare information in the new barcode that is received from the entity verification device to information in the blockchain that the identity document manager received from the blockchain system. In response to the two sets of information matching, the processor(s) transmit entity authorization instructions to the entity verification device.

Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.

Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.

Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.

Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.

Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.