Global (e.g., Single Sign On (sso), Etc.) Patents (Class 726/8)
  • Patent number: 11397821
    Abstract: A remote access control system includes a remote access control apparatus and a communication relay apparatus. The remote access control apparatus is configured to establish a predetermined communication session with the communication relay apparatus through predetermined connection target information obtaining processing performed by active connection to the remote access control apparatus from the communication relay apparatus, to transmit a secure communication connection start command to the communication relay apparatus, to receive a secure communication connection request from the communication relay apparatus to perform processing for establishing a first secure communication session, and to receive a secure communication connection request from the user apparatus based on the result of the establishment of the first secure communication session to perform processing for establishing a second secure communication session.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: July 26, 2022
    Assignees: KABUSHIKI KAISHA TOSHIBA, TOSHIBA DIGITAL SOLUTIONS CORPORATION
    Inventors: Toshiharu Oya, Tatsuyuki Matsushita, Tatsuro Ikeda, Fangming Zhao
  • Patent number: 11394788
    Abstract: Systems and methods for building a device graph for cooperative device identification are disclosed. Various information is received at a computing system over a communications network, include information defining a relationship between (i) a unique identifier associated with a first device of a user and (ii) a unique identifier associated with the user, and information defining a relationship between (i) a unique identifier associated with a second device of the user and (ii) the unique identifier associated with the user. The unique identifiers associated with the devices are each mapped to the platform-wide identifier based at least in part on the unique user identifier. A device graph comprising a plurality of device nodes is constructed, with related device nodes connected by one or more edges. Nodes representing the devices are linked based on a relationship identified between them using the platform-wide identifier.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: July 19, 2022
    Assignee: Xandr Inc.
    Inventors: Stephen Williams, Scott Menzer
  • Patent number: 11394724
    Abstract: Disclosed herein is an identity network that can provide a universal, digital identity for users that can be used to authenticate the user by an identity provider for relying parties. The identity network receives a request from a relying party that includes deep linking to an identity provider selected by the user. The request specifies the user as well as any other information about the user the relying party is requesting. A service of the identity network launches the application for the identity provider on the user's device using a software development kit. The user can log into the identity provider's application, which validates the user and provides the user authentication/validation and information about the user to the identity network. The identity network can then provide the indication of the user's authentication and the user information to the relying party.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: July 19, 2022
    Inventors: Gregory Slowiak, Eric Woodward, Philip Lam, Jeff Shultz
  • Patent number: 11379574
    Abstract: Techniques for secure mobile device recognition are disclosed. An IOT edge device determines, based on a network message received at the IOT edge device, that a mobile device is not recognized. The IOT edge device transmits a token request to the mobile device. In response, the IOT edge device receives an encrypted token from the mobile device. The IOT edge device transmits the encrypted token to a server. The server is configured to determine an identifier corresponding with the mobile device, based on the encrypted token. A recognition task is initiated for the mobile device, based on the determined identifier.
    Type: Grant
    Filed: January 2, 2020
    Date of Patent: July 5, 2022
    Assignee: Disney Enterprises, Inc.
    Inventors: Scott F. Watson, Steven C. Eaton, Harout Jarchafjian, Thomas C. Arthur, Vinay Moharil, Joshua B. Gorin, Adam S. Parish, Ajay M. Prasad, Joshua Caleb Umstead
  • Patent number: 11374919
    Abstract: A risk management system deploys an anomaly detection method for a target data instance without explicitly storing data processing architectures in memory. The anomaly detection method determines whether the target data instance is an anomaly with respect to a reference set of data instances. In one embodiment, the anomaly detection method mimics traversal through one or more trees in an isolation forest without explicitly constructing or storing the trees of the isolation forest in memory. This allows the risk management system to avoid unnecessary storage and retrieval of parts of each tree that would not be traversed if the tree were constructed. Moreover, the anomaly detection method allows anomaly detection to be efficiently performed within memory-constrained systems.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: June 28, 2022
    Assignee: Okta, Inc.
    Inventor: Christopher Gabriel Leung
  • Patent number: 11368461
    Abstract: Systems and methods for transforming an API authorization to a UX session are provided. An authorization server receives, from a third-party application developed by a third-party, a request to access a user experience (UX) session on behalf of a user. The request comprises an access token previously granted by the authorization server to the third-party application in response to consent, by the user, to allow the third-party application to perform actions on behalf of the user. In one embodiment, this previous authorization comprises an Open Authorization (OAuth). In response to receiving the request the authorization server transforms the access token into a single sign on (SSO) link with a session token. The authorization server then returns the SSO link that includes the session token the third-party application hosted by the third-party. The SSO link causes the third-party application to redirect the user to the UX session corresponding to the SSO link.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: June 21, 2022
    Assignee: eBay Inc.
    Inventors: Gail Anna Rahn Frederick, Tatjana Vlahovic
  • Patent number: 11368841
    Abstract: Embodiments of the prevent disclosure provide a network access authentication method and device. The method includes: receiving an authentication request message sent by a first serving network, the authentication request message carrying a user equipment alias identifier generated by user equipment; determining whether a local user equipment alias identifier is asynchronous with the user equipment alias identifier generated by the user equipment; and when the determination result is positive, obtaining an encrypted International Mobile Subscriber Identification Number IMSI for performing network access authentication on the user equipment.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: June 21, 2022
    Assignee: ZTE Corporation
    Inventors: Shilin You, Hongjun Liu, Jiyan Cai, Zaifeng Zong, Jin Peng, Zhaoji Lin, Yunyin Zhang
  • Patent number: 11360716
    Abstract: An image processing apparatus receives, in a case where a plurality of cloud services is managed in association with one input confirmation code, an input of a display name to be display in the image processing apparatus and an input of an identification code for each cloud service at a time when the cloud service is selected to be used in the image processing apparatus, and stores a display name and an identification code in association with each other for each cloud service.
    Type: Grant
    Filed: June 28, 2021
    Date of Patent: June 14, 2022
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takeshi Hayakawa
  • Patent number: 11356454
    Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.
    Type: Grant
    Filed: November 8, 2019
    Date of Patent: June 7, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Lokesh Gupta, Vadim Lander
  • Patent number: 11347859
    Abstract: Systems and methods are provided that may be implemented during a pre-boot environment to authenticate a user in the basic input/output system (BIOS) of an information handling system, and to securely provision a resulting authentication token to post-boot operating system (OS) login components of the system. In addition, single sign-on user authentication may be performed during a pre-boot BIOS environment and then extended to the post-boot OS environment without requiring exchange of pins or other intermediary authentication factors between the OS and pre-boot authentication (PBA) for the user to gain access to the information handling system or other network resources.
    Type: Grant
    Filed: August 1, 2019
    Date of Patent: May 31, 2022
    Assignee: Dell Products L.P.
    Inventors: Minhaj Ahmed, Daniel L. Hamlin
  • Patent number: 11349830
    Abstract: In an implementation of identifying related computing devices for automatic user account login, a login request to a user account that includes a unique identification (ID) of a user computing device and an internet protocol (IP) address of the user computing device are received. One or more user computing devices that have logged in to the user account using a same IP address as the user computing device are identified based on a user ID of the user account and the unique ID of the user computing device. Whether one or more unique IDs corresponding to the one or more user computing devices that have logged in to the user account are correlated with the unique ID of the user computing device is determined. If yes, data corresponding to login information used by the one or more user computing devices to log in to the user account to the user computing device for automatic account login are sent.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: May 31, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Tengfei Fang
  • Patent number: 11336655
    Abstract: Systems and methods provide multilevel authorization of workspaces using certificates, where all of the authorization levels may be authorized separately or may instead be authorized at once. A measurement of an IHS (Information Handling System) is calculated based on the identity of the IHS and based on firmware of the IHS. A measurement of the configuration of the IHS is calculated based on information for configuring the IHS for supporting workspaces and also based on the IHS measurement. A measurement of a workspace session is calculated based on properties of a session used to remotely support operation of the workspace by the IHS and also based on the configuration measurement. Workspace session data may by authorized at all three levels by evaluating the session measurement against a reference session measurement.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: May 17, 2022
    Assignee: Dell Products, L.P.
    Inventors: Carlton A. Andrews, Girish S. Dhoble, Nicholas D. Grobelny, David Konetski, Joseph Kozlowski, Ricardo L. Martinez, Charles D. Robison
  • Patent number: 11334287
    Abstract: A computer system having a host in communication with a data storage device is coupled to the host via a peripheral bus and a host interface. The data storage device has a controller, non-volatile storage media; and firmware containing instructions configures the operations of the controller. The host transmits a sequence of commands to the storage device to read data items from, or write data items to, the non-volatile storage media. The storage device examines a subset of the commands to determine whether or not data items identified in the subset are addressed sequentially and optimizes processing of at least a portion of the sequence of commands based on a result of a determination of whether or not data items identified in the subset are addressed sequentially.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: May 17, 2022
    Assignee: Micron Technology, Inc.
    Inventor: Alex Frolikov
  • Patent number: 11330441
    Abstract: A system including: a transceiver; a boot processor configured to: capture an image of a container of the system, determine whether the system container image has been modified, and post, to a node of a distributed ledger network, a first attestation based on a determination of whether an anomaly exists in the system container image; a system processor; and a memory storing instructions that instruct the system processor to: receive a request to connect to an external device, request a second attestation from a node of the distributed ledger network as to whether an anomaly exists in the external device container image, determine whether an anomaly exists in the external device container image, and either: establish, in response to determining that an anomaly does not exist, a connection with the external device, or deny the request to connect to the external device in response to determining that an anomaly exists.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: May 10, 2022
    Assignee: T-Mobile USA, Inc.
    Inventor: Ahmad Arash Obaidi
  • Patent number: 11328089
    Abstract: An approach is disclosed that enforces a privacy legal framework filesystem along with an operating system (OS) to enforce the privacy legal framework. An access of a datum in a selected file in the filesystem includes accessing a metadata associated with the selected file where the metadata includes a privacy state and an owner consent-based access policy. The owner consent-based access policy is enforced by the OS via special-purpose support requiring usage of the metadata to access the selected file.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: May 10, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Aris Gkoulalas-Divanis, Corville O. Allen
  • Patent number: 11329970
    Abstract: Systems and methods for sharing authentication between applications include receiving a request to share authentication from a first application with a second application. An account identifier and identity token for a user are obtained from the first application. Access to a communication application associated with the account identifier is verified as available. The account identifier and identity token are sent to a second application server for verification with a first application server. A verification message is received in the communication application from the second application server. The verification message is determined to contain confirmation information and authentication is shared from the first application with the second application. Related systems and methods include retrieving information associated with an operating system to facilitate sharing authentication between applications.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: May 10, 2022
    Assignee: PAYPAL, INC.
    Inventor: Jigar Rajnikant Gosalia
  • Patent number: 11323416
    Abstract: In one embodiment, a method includes receiving an OSPF hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSA comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network.
    Type: Grant
    Filed: November 5, 2019
    Date of Patent: May 3, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Peter Psenak, Paul Wells, Ketan Jivan Talaulikar, Clarence Filsfils
  • Patent number: 11321712
    Abstract: A system and method for issuing an authorization token and performing real time multi-factor authentication using a unique device or devices to enable authorization to perform secure services for an online service based on desired on demand level of assurance. The level of assurance of the authentication may be on a distributed and dynamic authenticated system. This dynamic system delivers on-demand level of assurance depending on the Relying Party's (RP) requirements, orchestrated by policies set by the RP and/or the consumer (or user agent), and possibly augmented by other regulatory requirement based on a fine-grain control requirement of the authentication token(s). The level of assurance throttles up and down depending each transaction authentication requirement.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: May 3, 2022
    Assignee: Acceptto Corporation
    Inventors: Nahal Shahidzadeh, Haitham Akkary
  • Patent number: 11316689
    Abstract: A token relay system is provided that enables a client requester to acquire a properly scoped access token issued by a token issuer authority in a secure manner. The client requestor may be a non-confidential client (e.g., a JavaScript application). The token relay system is a trusted and confidential client of the token issuer authority. Upon receiving an access token request from a client, the token relay system is configured to send a request to the token issuer authority (e.g., OAuth server) requesting an access token on behalf of the requestor. The token issuer authority may then respond by issuing an access token with the appropriate scope to the token relay system. The token relay system may then forward the access token received from the token issuer to the requesting client, who may then use the access token to access a protected resource (e.g., a REST resource).
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: April 26, 2022
    Assignee: Oracle International Corporation
    Inventors: Venkataraman Uppili Srinivasan, Andre Luiz Moreira Correa Neto, Lee David Coller
  • Patent number: 11310256
    Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.
    Type: Grant
    Filed: September 23, 2021
    Date of Patent: April 19, 2022
    Assignee: ExtraHop Networks, Inc.
    Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, Jr., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
  • Patent number: 11297040
    Abstract: This document describes, among other things, security hardening techniques that guard against certain client-side attack vectors. These techniques generally involve the use of an intermediary that detects and handles identity service transactions on behalf of a client. In one embodiment, the intermediary establishes a resource domain session with the client in order to provide the client with desired resource domain content or services from a resource domain host. The intermediary detects when the resource domain host invokes a federated identity service as a condition of client access. The intermediary handles the identity transaction in the identity domain on behalf of the client within the client's resource domain session. Upon successful authentication and/or authorization with an IdP, the intermediary connects the results of the identity services domain transaction to the resource domain.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: April 5, 2022
    Assignee: Akamai Technologies, Inc.
    Inventor: Jason C. Bonci
  • Patent number: 11297057
    Abstract: Embodiments of the present disclosure relate to methods and devices for an authentication of an identity of a user. In example embodiments, the client device reads a digital tag associated with a service to be accessed, the digital tag being encoded with an identifier associated with a service provider that provides the service. The client device then decodes the digital tag to obtain the identifier. Further, the client device determines an authentication proxy associated with the service provider, and sends, to the associated authentication proxy, the identifier and a first request for an authentication of an identity of a user associated with the client device. In this way, the security of the authentication of the identity of the user may be significantly improved.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: April 5, 2022
    Assignee: Nokia Technologies Oy
    Inventor: Zhi Wang
  • Patent number: 11297048
    Abstract: A proxy server receives a synchronization request from an application program resident on a user device. The proxy server determines that the user device requires removal of application program data and synchronizes the application program resident on the user device with a null account that is associated with application program.
    Type: Grant
    Filed: November 9, 2020
    Date of Patent: April 5, 2022
    Assignee: Bitglass, LLC
    Inventors: Anurag Kahol, Anoop Kumar Bhattacharjya, Balas Natarajan Kausik
  • Patent number: 11283787
    Abstract: A method, system, and computer program product for implementing computer resource provisioning is provided. The method includes receiving a first request for identification credentials associated with a user. In response, resource identification credentials for the user are generated and a second request for generating a first computer resource is received in response to analyzing the resource identification credentials. The resource identification credentials are validated with respect to a local ID cache structure and it is determined if the resource identification credentials are available for usage by the user. In response, a resource implementation process is executed.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: March 22, 2022
    Assignee: International Business Machines Corporation
    Inventors: Astha Jain, Zack Traube Grossbart
  • Patent number: 11283612
    Abstract: An information processing device according to the present invention includes: a memory storing instructions; and at least one processor configured to execute the instructions to perform: acquiring a first time; generating, based on the first time, a term of validity of a first access token, and generating a policy including the first access token, the term of validity, and identification information of a receiver of the first access token; generating a digital signature, based on the policy; generating a second access token including the policy and the digital signature; and transmitting the second access token to another device.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: March 22, 2022
    Assignee: NEC CORPORATION
    Inventors: Hikaru Tsuchida, Kengo Mori, Toshiyuki Isshiki
  • Patent number: 11271936
    Abstract: A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: March 8, 2022
    Assignee: Snowflake Inc.
    Inventors: Polita Paulus, Peter Povinec, Saurin Shah, Srinidhi Karthik Bisthavalli Srinivasa
  • Patent number: 11265309
    Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, an event is detected. The event is associated with an enterprise. A workflow action to perform is identified based on event. A user account is identified using at least one of the workflow action and the event. A command to present the workflow action is transmitted to a client device. A user indication to perform the workflow action is identified. Authentication data for the network service is identified based on a single sign-on (SSO) token associated with the user account. The workflow action is automatically performed using the network service. An authentication with the network service is completed based on the authentication data.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: March 1, 2022
    Assignee: VMWARE, INC.
    Inventors: Daniel E. Zeck, David Shaw, Robert Worsnop, John Ryan Bard
  • Patent number: 11265308
    Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: March 1, 2022
    Assignee: VMWARE, INC.
    Inventors: Daniel E. Zeck, David Shaw, Robert Worsnop, John Ryan Bard
  • Patent number: 11258793
    Abstract: The invention discloses a managing system and managing method for managing authentication for a cloud service system. When a user operates a data processing apparatus to execute an unprotected start-up procedure to start up a browser application to access from an unprotected space of a data storage unit and transmits an authentication data including no characteristic data associated with a protected space of the data storage unit to the cloud service system through the browser application, the cloud service system redirects the authentication data to an authentication server. The authentication server judges if the authentication data has the characteristic data associated with the protected space, and if NO, the authentication server transmits an alert message representative of refusal of login to the cloud service system. The cloud service system redirects the alert message to the browser application.
    Type: Grant
    Filed: July 12, 2019
    Date of Patent: February 22, 2022
    Assignee: TRUSTVIEW INC.
    Inventor: Ting-Huang Chen
  • Patent number: 11252142
    Abstract: Systems and methods for continuous secure single sign on for secure access services. A user device stores a first authentication factor associated with a user for authorizing access. An authentication server receives an authentication request by the user to a secure access service and establishes a secure communication channel between the authentication server and the user device. The user device performs a user authentication according to a second authentication factor, generates an authentication response indicating the first authentication factor and confirming the authentication, the authentication response and transmits the response to the authentication server via the secure communication channel.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: February 15, 2022
    Assignee: iDee Limited
    Inventors: Al Lakhani, Dennis Kelechi Okpara
  • Patent number: 11245684
    Abstract: A provider receives a message from a user device requesting that the provider share user credentials associated with a user of the user device with a second provider when the user is attempting to enroll with or access goods or services associated with the second provider via an application on the user device. The message requests that the provider send the user credentials to the user device. The provider determines whether the user has been authenticated by the provider and whether a trust relationship exists between the provider and the second provider. The provider sends the user credentials to the user device when the user has been authenticated by the provider and when the trust relationship exists between the provider and the second provider. The user device forwards the user credentials to the second provider and the second provider authenticates the user based on the user credentials.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: February 8, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Manuel Enrique Caceres, Jyotsna Kachroo, Dayong He
  • Patent number: 11240239
    Abstract: An authentication system for providing shared credential authentication includes a client information handling (IHS) system having a resource service application, and a mobile IHS having a shared authentication application. The shared authentication token indicates that an authenticated state between the client IHS and the mobile IHS exists. The resource service application receives a request to access the resource, and sends an authentication request to an authentication server to authorize access to the resource. The shared authentication application receives a query from the authentication server to verify a status of a shared authentication token, and, when the shared authentication token is valid, responds to the query that the shared authentication token is valid. The resource service application further receives a response to the authentication request, and grants access to the resource when the authentication token indicates that the shared authentication token is valid.
    Type: Grant
    Filed: August 7, 2018
    Date of Patent: February 1, 2022
    Assignee: Dell Products L.P.
    Inventors: Daniel L. Hamlin, Charles D. Robison
  • Patent number: 11233794
    Abstract: Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy.
    Type: Grant
    Filed: June 30, 2019
    Date of Patent: January 25, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Chetan S. Shankar, LiLei Cui, Sandeep Kalarickal S, Thomas Charles Knudson, Pavan Gopal Bandla, Pradeep Ayyappan Nair, Aaron Keith Rosenfeld, Tyler S. Wiegers, Sudharshan Reddy Bommu, Margus Janese, Mario Mett, Chi Zhou
  • Patent number: 11228577
    Abstract: Embodiments are directed to a method of enabling cloud applications to act on behalf of a user, including: providing, by the processor, a plugin integrated with a web browser; configuring, by the processor, a plurality of cloud applications and one or more identity providers in the plugin; wherein the plurality of configured cloud applications are associated with the one or more identity providers; authenticating, by the processor, a user identity through one of the plurality of configured cloud applications; generating, by the one or more identity providers, an identity token responsive to authentication; providing, by the one or more identity providers, each of the plurality of configured cloud applications with the identity token; and acting, by any of the plurality of configured cloud applications, on behalf of the user with the identity token.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: January 18, 2022
    Assignee: International Business Machines Corporation
    Inventor: Stanley K. Jerrard-Dunne
  • Patent number: 11222118
    Abstract: A method for updating a SELinux security policy and a terminal. The method includes receiving, by the terminal, a security policy file sent by a server. The method further includes, performing, by the terminal in a power-on status, storing the security policy file in preset storage space by using a first service or process, modifying, by the terminal, a value of a preset attribute value from a first value to a second value by using the first service or process, reading, when it is detected that the value of the preset attribute value is changed from the first value to the second value, the security policy file from the preset storage space by using a second service or process and writing the security policy file into a memory, and loading, by the terminal, the security policy file in the memory by using the second service or process.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: January 11, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Dengzhou Xia, Fuzhou Xiao, Li Chen
  • Patent number: 11222099
    Abstract: Methods, systems, and media for authenticating users using blockchains are provided. In some embodiments, the method comprises: receiving, at a user device of a user, user credentials for authentication to an application associated with the user device; determining whether the user credentials are valid for the application using a local blockchain stored on the user device; in response to determining that the user credentials are valid, generating a new block to be added to the local blockchain; adding the new block to the local blockchain; and granting access to the application based on the validated user credentials.
    Type: Grant
    Filed: February 8, 2019
    Date of Patent: January 11, 2022
    Assignees: Synergex Group, Pham Holdings, Inc.
    Inventor: Thien Van Pham
  • Patent number: 11206253
    Abstract: Aspects of the disclosure relate to processing systems using improved domain pass-through authentication techniques. A computing platform may send, to an external cloud computing platform, one or more registration requests that each may cause an RLS endpoint corresponding to each of a plurality of resource location connectors to be stored at the external cloud computing host platform. The computing platform may receive one or more requests for a resource location identifier. The computing platform may determine an accessible resource location connector and may send, to the user device, a corresponding resource location identifier. After receiving a pass-through authentication request, the computing platform may receive, from the ticketing service stored on the external cloud computing platform, a one-time ticket. The computing platform may send, to the user device, the one-time ticket, which may allow the user device to perform pass-through authentication with the external cloud computing platform.
    Type: Grant
    Filed: April 24, 2020
    Date of Patent: December 21, 2021
    Assignee: Citrix Systems, Inc.
    Inventor: Feng Huang
  • Patent number: 11206179
    Abstract: At least some embodiments are directed to a system that receives from an online portal loaded in a computing device, a user request to instantiate a server cluster in a hybrid computer network. The system authenticates and redirects the user request via a proxy service to a selected computer network configured in the hybrid computer network. The system instantiates the server cluster in the selected computer network causing the server cluster to initiate a microservice agent during bootup. The system sends a command to the server cluster to initiate the execution of a process and receives from the microservice agent event data associated with the process. The system inputs the event data into a trained machine learning model to determine a first execution state of the process and sends a command to change the first execution state of the process to a second execution state.
    Type: Grant
    Filed: December 16, 2020
    Date of Patent: December 21, 2021
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Pratap Singh Rathore, Arindam Chatterjee, Nitish Sharma, Brian Rosenfield, Shourya Roy, Rahul Ghosh, Krishnaprasad Narayanan
  • Patent number: 11201863
    Abstract: Various embodiments of the present invention relate to a method for managing a companion device, and an electronic device using the same, the electronic device comprising: a communication unit for connecting a communication channel with at least one first external electronic device; and at least one processor functionally connected with the communication unit, wherein the at least one processor requests, from the at least one first external electronic device, information (companion device authentication information) necessary for registering the at least one first external electronic device as a companion device of a second external electronic device, in response to the connection with the at least one first external electronic device, receives and stores the companion device authentication information, registers the electronic device as a companion device of the second external electronic device when the electronic device is connected with the second external electronic device, and transmits the stored compa
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: December 14, 2021
    Assignee: Samsunng Electronics Co., Ltd.
    Inventors: Ji Young Kim, Hakjoo Kim, Yong-Jun Park, Gwiho Lee, Ho-Dong Jwa, Wooyoung Choi
  • Patent number: 11196770
    Abstract: A method and system for password mediation including receiving, within an operating system network stack of a client device, a hypertext transfer protocol (HTTP) request message issued by a client application executing on the client device, the HTTP request message indicating an operation to be performed for a user of the client application at a destination system; requesting, by the client device, security information for the user with respect to the destination system; modifying, by the client device, the received HTTP request message to include the security information; and sending, by the client device, the modified HTTP request message to the destination system.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: December 7, 2021
    Assignee: Red Hat, Inc.
    Inventors: Filip Elias, Filip Nguyen
  • Patent number: 11190527
    Abstract: A login method includes: after a login process of a service apparatus is triggered, acquiring verification information of a target primary account, and sending the verification information to an identity management apparatus; after receiving the verification information by the identity management apparatus, performing identity verification on the target primary account by using an identification information set of a registered primary account, and after the identity verification is passed, acquiring login information of at least one sub-account associated for the service apparatus in advance with the target primary account and sending the login information to the service apparatus; and determining, by the service apparatus, a target sub-account based on the login information and logging in to a server side.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: November 30, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Aihui Zhang
  • Patent number: 11190363
    Abstract: To revoke a digital certificate, activation of the digital certificate is blocked by withholding an activation code from the certificate user. The certificates are generated by a plurality of entities in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: November 30, 2021
    Assignees: LG ELECTRONICS, INC., UNIVERSITY OF SAO PAULO
    Inventors: Marcos A. Simplicio, Jr., Eduardo Lopes Cominetti, Harsh Kupwade Patil, Jefferson E. Ricardini, Marcos Vinicius M. Silva
  • Patent number: 11191093
    Abstract: Provided is a base wireless communication terminal that communicates with a Long Range (LR) wireless communication terminal supporting LR wireless communication. The base wireless communication terminal includes a transceiver and a processor. The processor is configured to set length information included in a non-LR preamble, which is a preamble for a non-LR wireless communication terminal that does not support LR wireless communication, to be longer than a length from a predetermined point in a Physical layer Protocol Data Unit (PPDU) to an end point of the PPDU, and transmits the PPDU including the non-LR preamble to the LR wireless communication terminal using the transceiver. In this case, the length information is information for indicating a length from a predetermined point in the PPDU to an end point of the PPDU.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: November 30, 2021
    Assignees: WILUS INSTITUTE OF STANDARDS AND TECHNOLOGY INC., HUMAX NETWORKS, INC.
    Inventors: Juhyung Son, Jinsam Kwak, Bonho Koo, Kiwon Kang
  • Patent number: 11190502
    Abstract: An identity provider, within a directory service, provides an automatic technique for configuring the single sign-on settings of a service provider. The directory service contains pre-configured templates for each service provider supported by the directory service which include the details of the service provider's SSO configuration settings web page. A configuration sign-on script is generated to automatically fill in the configuration settings so that the principal can perform single sign-on with the service provider's preferred authentication and authorization protocol.
    Type: Grant
    Filed: September 22, 2018
    Date of Patent: November 30, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Jeevan Suresh Desarda, Arvind Harinder, Mayukh Ray
  • Patent number: 11184345
    Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a service request is identified. The service request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. A hosting location of a connector for the network service is identified based on the authentication data. An authentication header is appended to the service request. The service request with the authentication header is transmitted to the connector.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: November 23, 2021
    Assignee: VMWARE, INC.
    Inventors: Daniel E. Zeck, David Shaw, Robert Worsnop, John Ryan Bard
  • Patent number: 11178537
    Abstract: Data item transfer between mobile devices is provided. Network association and proximity of a plurality of mobile devices of a requested data item by a requesting mobile device are determined using a shared ledger of mobile device inventory data, mobile device network connection data, and mobile device geolocation data. A target mobile device that contains the requested data item, is connected to a same local network as the requesting mobile device, and is geographically located proximate with a threshold to the requesting mobile device is identified based on the determined network association and proximity of the plurality of mobile devices and data in the shared ledger. A transfer of the requested data item from the target mobile device to the requesting mobile device is initiated via the same local network based on mobile device management policies.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: November 16, 2021
    Assignee: International Business Machines Corporation
    Inventors: Dusi Sarath Chandra, Sulakshan Vajipayajula, Sreekanth Ramakrishna Iyer, Kartik Srinivasan
  • Patent number: 11171942
    Abstract: Disclosed are various approaches for extending a single sign-on (SSO) session to multiple devices. If a device is enrolled as a managed device with a management service, a SSO session can be extended to the device if the user has previously authenticated with an identity provider from another device. The user is authenticated on the second device using a user-and-device token issued by the management service with which the device is enrolled as a managed device.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: November 9, 2021
    Assignee: VMware, Inc.
    Inventors: Jitender Singh Chauhan, Pinaki Sankar Kabiraj, Sameer Madhu Nadagouda, Mayank Joshi
  • Patent number: 11157610
    Abstract: A method for accessing a secure computer resource by a computer application having no human-machine interaction for inputting authentication information comprises: a) a first initialization step comprising the creation of a temporary cryptographic key consisting of applying a cryptographic process to a plurality of information that is invariant over time and of encrypting, using the thus calculated key, authentication data of an account authorized to access a vault with passwords and b) steps for automatic access by the application to the secure computer resource consisting of creating a temporary cryptographic key consisting of applying a cryptographic process to the plurality of information that is invariant over time, reading the credentials file created during the initialization step and decrypting the credentials file with the temporary cryptographic key calculated in the preceding step, then transferring, to the calling application, the data coming from the computer resource.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: October 26, 2021
    Assignee: WALLIX
    Inventor: Serge Adda
  • Patent number: 11146543
    Abstract: Disclosed are various approaches for retrieving contacts from a plurality of federated services. A query is received from a client application executing on a client device, the query comprising a single sign-on token that identifies a user and a character string. A number of federated services that the user has permission to access are then identified. A plurality of authentication tokens are then retrieved from an authentication service, each of the plurality of authentication tokens identifying the user to a respective one of the plurality of federated services. Next, the authentication token and the character string are provided to a respective connector for each of the plurality of federated services that the user has permission to access. A plurality of responses are received, each of the plurality of responses being received from the respective connector corresponding to each of the plurality of federated services that the user has permission to access.
    Type: Grant
    Filed: July 12, 2018
    Date of Patent: October 12, 2021
    Assignee: VMware, Inc.
    Inventors: William Christian Pinner, David Shaw, Evan Hurst
  • Patent number: 11140145
    Abstract: The disclosed computer-implemented method for providing single sign-on capability may include intercepting, during an authentication session with a network resource, a single sign-on request generated by an application executing on a computing device, redirecting the single sign-on request to a separate computing device for execution, receiving, in response to authentication of at least one user credential from the separate computing device, an authentication decision that the separate computing device obtained from an identity provider (IDP) by executing the single sign-on request and injecting the authentication decision received from the separate computing device into the application where the single sign-on request was originally generated to complete the authentication session.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: October 5, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Ilya Sokolov, Keith Newstadt