公开(公告)号：US20180191701A1

公开(公告)日：2018-07-05

申请号：US15395541

申请日：2016-12-30

Applicant: Google Inc.

Inventor： Guibin Kong ,  Naveen Agarwal

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0807 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/108 ,  H04L67/14

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager will receive an authentication request from a first electronic device that is in a communication range of the virtual session manager's device. The virtual session manager will transmit the authentication request to an endpoint device, and it will either present a grant token to or receive a grant token from the endpoint. The virtual session manager will receive a first access token from the endpoint device. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource without having any access to the grant token.

公开(公告)号：US09571496B1

公开(公告)日：2017-02-14

申请号：US14318308

申请日：2014-06-27

Applicant: Google Inc.

Inventor： Naveen Agarwal ,  Eric Sachs ,  Guibin Kong ,  Mengcheng Duan ,  Brian Eaton

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/10 ,  H04L63/0815 ,  H04L63/102 ,  H04L67/306

Abstract: A system and computer-implemented method including receiving a request from a service provider, at a central account manager, to provide a user account for a user logging into the first service provider, identifying one or more user accounts associated with the user at one or more user account providers maintained at the central account manager, selecting a first user account of the one or more user accounts and providing, using the one or more computing devices, the selected first user account to the first service provider in response to the request.

Abstract translation: 一种系统和计算机实现的方法，包括在中央帐户管理器处接收来自服务提供商的请求，以向登录到第一服务提供商的用户提供用户帐户，识别与一个或多个用户相关联的一个或多个用户帐户， 在中央客户经理处维护的更多的用户帐户提供商，选择一个或多个用户帐户的第一用户帐户，并且响应于该请求，使用所述一个或多个计算设备向所述第一服务提供商提供所选择的第一用户帐户。

公开(公告)号：US20180191700A1

公开(公告)日：2018-07-05

申请号：US15395448

申请日：2016-12-30

Applicant: Google Inc.

Inventor： Guibin Kong ,  Naveen Agarwal

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: A system maintains a web session across multiple web resources and/or devices using a two-token model. A user agent transmits an authentication request to a login endpoint. The user agent have access to a grant token, and it will receive an access token in response to the authentication request. The grant token is relatively long-lived and the first access token is relatively short-lived. The user agent will use the access token to access the first web resource and establish a web session. When the access token expires or is about to expire, the user agent will transmit a re-authentication request with the grant token to a re-authentication endpoint. The user agent will then receive a second access token from the re-authentication endpoint. The user agent will then use the second access token to access the web resource and maintain the web session.

公开(公告)号：US09203829B1

公开(公告)日：2015-12-01

申请号：US13945743

申请日：2013-07-18

Applicant: Google Inc.

Inventor： Jonathan Philip Levine ,  Eric Sachs ,  Guibin Kong ,  Naveen Agarwal

IPC: H04L9/32 ,  H04L29/06 ,  G06F15/16 ,  H04L9/00 ,  G06F21/00

CPC classification number: H04L63/0815 ,  G06F21/00 ,  G06F21/41 ,  G06F2221/2117 ,  H04L9/32 ,  H04L67/02

Abstract: A system and method for enabling, on any website, a unified user login that supports login through multiple known identity providers and, if necessary, the website's legacy login are disclosed. In one example, the system comprises a login receiver module, an identity provider determination module, a legacy account module, a federated account module and a login module. The login receiver module receives a login request associated with a user identifier. The identity provider determination module determines whether the login request is associated with a known identity provider. The legacy account module performs legacy account creation and/or legacy login verification when the address is not associated with any known identity provider. Otherwise, the federated account module performs federated account creation and/or federated login verification. The login module logs the user into the account responsive to one or more of verification and account creation.

Abstract translation: 一种系统和方法，用于在任何网站上启用支持通过多个已知身份提供者进行登录的统一用户登录，并且如果需要，可以公开该网站的遗留登录。 在一个示例中，系统包括登录接收器模块，身份提供者确定模块，旧帐户模块，联合帐户模块和登录模块。 登录接收器模块接收与用户标识符相关联的登录请求。 身份提供者确定模块确定登录请求是否与已知的身份提供者相关联。 当地址与任何已知的身份提供商不相关联时，旧帐户模块执行旧帐户创建和/或旧登录验证。 否则，联合帐户模块执行联合帐户创建和/或联合登录验证。 登录模块响应于一个或多个验证和帐户创建将用户记录到帐户中。

公开(公告)号：US20150341347A1

公开(公告)日：2015-11-26

申请号：US14285744

申请日：2014-05-23

Applicant: Google Inc.

Inventor： Guibin Kong ,  Naveen Agarwal

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/08 ,  H04L67/2842

Abstract: A method of implementing session syndication using a low-latency session syndication framework may include receiving, by an inline frame associated with an authorization provider, a request from a client application for an access token. The inline frame may be embedded in the client application. The method may include sending, by the inline frame, a request for the access token to a computing device associated with the authorization provider, receiving, by the inline frame from the authorization provider, an access token associated with one or more resources of the authorization provider, and providing the access token to the client application.

Abstract translation: 使用低延迟会话聚合框架实现会话聚合的方法可以包括通过与授权提供者相关联的内联帧来接收来自客户端应用的访问令牌的请求。 内联框架可能嵌入在客户端应用程序中。 该方法可以包括通过内联帧向与授权提供者相关联的计算设备发送访问令牌的请求，通过来自授权提供者的内联帧，接收与授权的一个或多个资源相关联的访问令牌 提供者，并向客户端应用程序提供访问令牌。

公开(公告)号：US08789147B1

公开(公告)日：2014-07-22

申请号：US13653325

申请日：2012-10-16

Applicant: Google Inc.

Inventor： Naveen Agarwal ,  Eric Sachs ,  Guibin Kong ,  Mengcheng Duan ,  Brian Eaton

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/10 ,  H04L63/0815 ,  H04L63/102 ,  H04L67/306

Abstract: A system and computer-implemented method including receiving a request from a first service provider, at a central account manager, to provide a user account for a user logging into a first service provider, identifying one or more user accounts at one or more service providers other than the first service provider associated with the user maintained at the central account manager, providing the one or more user accounts for display to the user, receiving a selection of a first user account of the one or more user accounts and providing the selected first user account to the first service provider in response to the request.

Abstract translation: 一种系统和计算机实现的方法，包括在中央帐户管理器处接收来自第一服务提供商的请求，以向登录到第一服务提供商的用户提供用户帐户，识别一个或多个服务提供商处的一个或多个用户帐户 除了与在中央帐户管理器上维护的用户相关联的第一服务提供商之外，向用户提供用于显示的一个或多个用户帐户，接收对该一个或多个用户帐户的第一用户帐户的选择并提供所选择的第一 用户帐户到第一个服务提供商响应请求。