-
公开(公告)号:US09350726B2
公开(公告)日:2016-05-24
申请号:US14483216
申请日:2014-09-11
发明人: Christopher J. Hockings , Trevor S. Norvill , Philip A. Nye , Asha Shivalingaiah , Patrick R. Wardrop , Shane B. Weeden
CPC分类号: H04L63/10 , G06F21/6236 , G06F2221/2137 , H04L9/0894 , H04L9/3213 , H04L9/3297 , H04L63/068 , H04L63/0846 , H04W12/04 , H04W12/06
摘要: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
摘要翻译: 从滚动安全性令牌丢失中恢复的一个方面包括在服务器计算机可访问的存储设备中存储发送到客户机设备的令牌对(B)。 令牌对(B)包括访问令牌(a2)和刷新令牌(r2),并且作为刷新操作的一部分被生成。 一个方面还包括在存储器装置中存储在生成令牌对B之前由服务器计算机产生的刷新令牌(r1)。刷新令牌(r1)和刷新令牌(r2)被标记为 有效的刷新令牌。 一方面还包括在服务器计算机处接收访问包括访问令牌(a2)的网络资源的请求,使刷新令牌(r1)无效,以及向客户端设备提供对网络资源的访问。
-
公开(公告)号:US20190281051A1
公开(公告)日:2019-09-12
申请号:US16426034
申请日:2019-05-30
IPC分类号: H04L29/06
摘要: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.
-
公开(公告)号:US10063593B2
公开(公告)日:2018-08-28
申请号:US14982405
申请日:2015-12-29
发明人: Scott M. Andrews , Timothy J. Ashton , Leigh Doddy , Christopher J. Hockings , Trevor S. Norvill
CPC分类号: H04L63/20 , H04L63/08 , H04L63/10 , H04L63/102 , H04L63/1425 , H04L67/025 , H04L67/16
摘要: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.
-
公开(公告)号:US20170187708A1
公开(公告)日:2017-06-29
申请号:US14982116
申请日:2015-12-29
IPC分类号: H04L29/06
CPC分类号: H04L63/0838 , H04L63/0807 , H04L63/0815 , H04L63/10
摘要: An indication is received that a user has initiated an access to a website hosted by a service provider. Access to the website requires an authorization of a user identification associated with the user and a password associated with the user. A token is requested. The token provides access to an application programming interface. The token is received. The token is stored by the service provider.
-
公开(公告)号:US20190158491A1
公开(公告)日:2019-05-23
申请号:US15817607
申请日:2017-11-20
IPC分类号: H04L29/06
摘要: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.
-
公开(公告)号:US20170187751A1
公开(公告)日:2017-06-29
申请号:US14982405
申请日:2015-12-29
发明人: Scott M. Andrews , Timothy J. Ashton , Leigh Doddy , Christopher J. Hockings , Trevor S. Norvill
CPC分类号: H04L63/20 , H04L63/08 , H04L63/10 , H04L63/102 , H04L63/1425 , H04L67/025 , H04L67/16
摘要: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.
-
公开(公告)号:US09350739B2
公开(公告)日:2016-05-24
申请号:US14683266
申请日:2015-04-10
发明人: Christopher J. Hockings , Trevor S. Norvill , Philip A. Nye , Asha Shivalingaiah , Patrick R. Wardrop , Shane B. Weeden
CPC分类号: H04L63/10 , G06F21/6236 , G06F2221/2137 , H04L9/0894 , H04L9/3213 , H04L9/3297 , H04L63/068 , H04L63/0846 , H04W12/04 , H04W12/06
摘要: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.
-
公开(公告)号:US10685107B2
公开(公告)日:2020-06-16
申请号:US15791509
申请日:2017-10-24
摘要: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.
-
公开(公告)号:US20190190941A1
公开(公告)日:2019-06-20
申请号:US15846381
申请日:2017-12-19
CPC分类号: H04L63/1433 , G06N20/00 , H04L63/1441
摘要: A method for managing quarantines. A quarantine triggered by a network access policy is detected by a computer system. A determination is made by the computer system of whether to enforce a quarantine rule for the quarantine utilizing a quarantine enforcement model trained utilizing a machine-learning process to classify quarantine rules in response to detecting the quarantine rule. The quarantine is deactivated by the computer system when the quarantine rule is classified as inappropriate such that a risk of a threat is balanced with a group of operational considerations.
-
公开(公告)号:US10171457B2
公开(公告)日:2019-01-01
申请号:US14982116
申请日:2015-12-29
IPC分类号: H04L29/06
摘要: An indication is received that a user has initiated an access to a website hosted by a service provider. Access to the website requires an authorization of a user identification associated with the user and a password associated with the user. A token is requested. The token provides access to an application programming interface. The token is received. The token is stored by the service provider.
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.017 秒)
