Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with the client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. An identifier assigned to the client device is used to identify a user session between the client device and the service provider. Continuous monitoring of the client device is performed to identify any security risks associated with the user session. If a risk is identified, the identifier is used to revoke the user session.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with a client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service. The security state of the client continues to be monitored to determine whether access should continue to be permitted to data associated with a service provider.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device’s location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with a client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service. The security state of the client continues to be monitored to determine whether access should continue to be permitted to data associated with a service provider.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker determines an identity of the client device using a client certificate. The identity broker also determines whether the client device is in a secure state. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker determines an identity of the client device using a client certificate. The identity broker also determines whether the client device is in a secure state. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service.

Abstract: A system and method are presented for providing generic single sign-on in an electronic device. Information is received that identifies one or more applications and associated identity authenticators and a whitelist of the identified applications and authenticators is created. A request for an access token is received from a requesting application. If the requesting application is listed in the whitelist, an authenticator associated with the requesting application is determined and a request for an access token is sent to the associated authenticator. In response to the request, an access token is received from the authenticator and the access token is sent to the requesting application. If the requesting application is not listed in the whitelist, a predefined response message is sent to the requesting application.

Abstract: An apparatus and method to authorize Application Programming Interface (API) or method level access in system and application services are provided. The method includes receiving a request for access to a service from another service or an application via an interface accessible by the other service or the application, and determining whether to authorize the request based at least in part on a specified policy.

Abstract: A system and method are presented for providing generic single sign-on in an electronic device. Information is received that identifies one or more applications and associated identity authenticators and a whitelist of the identified applications and authenticators is created. A request for an access token is received from a requesting application. If the requesting application is listed in the whitelist, an authenticator associated with the requesting application is determined and a request for an access token is sent to the associated authenticator. In response to the request, an access token is received from the authenticator and the access token is sent to the requesting application.

Abstract: An apparatus and method to authorize Application Programming Interface (API) or method level access in system and application services are provided. The method includes receiving a request for access to a service from another service or an application via an interface accessible by the other service or the application, and determining whether to authorize the request based at least in part on a specified policy.