-
公开(公告)号:US11212291B2
公开(公告)日:2021-12-28
申请号:US16453929
申请日:2019-06-26
发明人: Jonathan Kozolchyk , Darin Keith McAdams , Jeffrey J. Fielding , Vaibhav Mallya , Darren E. Canavor
IPC分类号: H04L29/06
摘要: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
-
公开(公告)号:US11196732B2
公开(公告)日:2021-12-07
申请号:US16817562
申请日:2020-03-12
摘要: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.
-
公开(公告)号:US20170331629A1
公开(公告)日:2017-11-16
申请号:US15668644
申请日:2017-08-03
发明人: Jonathan Kozolchyk , Darren E. Canavor , Jeffrey J. Fielding , Vaibhav Mallya , Darin Keith McAdams
CPC分类号: H04L9/3213 , H04L9/3239 , H04L29/06 , H04L63/0428 , H04L63/102 , H04L67/1097
摘要: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
-
公开(公告)号:US11451392B2
公开(公告)日:2022-09-20
申请号:US16029358
申请日:2018-07-06
发明人: Jonathan Kozolchyk , Darren E. Canavor , Jeffrey J. Fielding , Vaibhav Mallya , Darin Keith McAdams
IPC分类号: H04L29/00 , H04L9/32 , H04L9/40 , H04L67/1097
摘要: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
-
公开(公告)号:US10374809B1
公开(公告)日:2019-08-06
申请号:US15377895
申请日:2016-12-13
摘要: A server obtains response data for an asynchronous response to a request from a client. The server generates, in response to obtaining the response data, a digital signature for the response data. The server makes available the response data, the digital signature, and location information that indicates a location from which a digital certificate usable to verify the digital signature can be obtained.
-
公开(公告)号:US10356104B2
公开(公告)日:2019-07-16
申请号:US15990389
申请日:2018-05-25
发明人: Jonathan Kozolchyk , Darin Keith McAdams , Jeffrey J. Fielding , Vaibhav Mallya , Darren E. Canavor
IPC分类号: H04L29/06
摘要: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
-
公开(公告)号:US10007779B1
公开(公告)日:2018-06-26
申请号:US14869185
申请日:2015-09-29
发明人: Jon Arron McClintock , Yogesh Vilas Golwalkar , Bharath Kumar Bhimanaik , Darin Keith McAdams , Tushaar Sethi
摘要: Methods and systems are provided to enable gradual expiration of credentials. Instead of depriving a user of all his access rights upon expiration of his credential (e.g., password), the user's access rights may be gradually restricted during a grace period after an expected or initial expiration time and/or before a final expiration time. The access right may be determined based on a duration from a time of the access request to the final expiration time or to the initial expiration time.
-
公开(公告)号:US10020942B2
公开(公告)日:2018-07-10
申请号:US15668644
申请日:2017-08-03
发明人: Jonathan Kozolchyk , Darren E. Canavor , Jeffrey J. Fielding , Vaibhav Mallya , Darin Keith McAdams
CPC分类号: H04L9/3213 , H04L9/3239 , H04L29/06 , H04L63/0428 , H04L63/102 , H04L67/1097
摘要: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
-
公开(公告)号:US09923927B1
公开(公告)日:2018-03-20
申请号:US14869344
申请日:2015-09-29
发明人: Jon Arron McClintock , Yogesh Vilas Golwalkar , Bharath Kumar Bhimanaik , Darin Keith McAdams , Tushaar Sethi
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/0846 , H04L63/105 , H04L63/108
摘要: Methods and systems are provided to enable access control based on credential properties. Besides authenticating a credential, an authentication service can provide additional credential-related information with respect to a credential such as last updated time. An entity receiving such additional credential-related information can implement access control policies based on the credential-related information. For instance, a user's access rights may be gradually restricted after an initial expiration time and towards a final expiration time. In an example, such access control may be implemented by a client application or client website of the authentication service. Alternatively or additionally, such access control may be implemented by an authorization service used by the client application or client website.
-
公开(公告)号:US09805215B1
公开(公告)日:2017-10-31
申请号:US14828276
申请日:2015-08-17
发明人: Jesper Mikael Johansson , Dominique Imjya Brezinski , Darren Ernest Canavor , Darin Keith McAdams , Jon Arron McClintock , Brandon William Porter
CPC分类号: G06F21/6245 , G06F21/6227 , H04L67/42
摘要: A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.021 秒)
