公开(公告)号：US10104071B2

公开(公告)日：2018-10-16

申请号：US15825523

申请日：2017-11-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ariel Gordon ,  Samuel Devasahayam ,  Lu Zhao ,  Yordan Rouskov ,  Parmeshwar Miguel Sequeira Arewar ,  Venkatesh Gopalakrishnan ,  Sarat Chandra Subramaniam ,  Titus Constantin Miron

IPC: H04L29/06 ,  H04L29/08

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

公开(公告)号：US09843577B2

公开(公告)日：2017-12-12

申请号：US15365726

申请日：2016-11-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ariel Gordon ,  Samuel Devasahayam ,  Lu Zhao ,  Yordan Rouskov ,  Parmeshwar Miguel Sequeira Arewar ,  Venkatesh Gopalakrishnan ,  Sarat Chandra Subramaniam ,  Titus Constantin Miron

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/14 ,  H04L69/28

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

公开(公告)号：US20170149771A1

公开(公告)日：2017-05-25

申请号：US14952180

申请日：2015-11-25

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Benjamin Richard Vincent ,  Venkatesh Gopalakrishnan ,  Jay Fluegel

IPC: H04L29/06 ,  G06Q10/10 ,  H04W76/02 ,  H04W12/06 ,  H04W8/00

CPC classification number: H04L63/0853 ,  G06Q10/1095 ,  H04W8/005 ,  H04W12/06 ,  H04W48/16 ,  H04W76/14

Abstract: Automated device discovery of pairing-eligible devices for authenticating an unidentified user of a computing device is provided. When the user initiates a login on the computing device on which the user's identity is not known, an automated pairing-eligible device discovery authentication system interrogates a resource (e.g., subnetwork router, calendaring server) for identifying pairing-eligible devices that may be used as a second factor for authentication. A list of the pairing-eligible devices is presented to the user on the computing device. Upon selection of a pairing-eligible device to use as a second factor to verify the user's identity, the user's identity is determined, and a notification is sent to the selected pairing-eligible device for enabling the user to verify his/her identity using a second factor. Upon completion of an authentication challenge on the selected pairing-eligible device, authentication of the user is completed, and a signed token is sent to the computing device.

公开(公告)号：US20180139200A1

公开(公告)日：2018-05-17

申请号：US15825523

申请日：2017-11-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ariel Gordon ,  Samuel Devasahayam ,  Lu Zhao ,  Yordan Rouskov ,  Parmeshwar Miguel Sequeira Arewar ,  Venkatesh Gopalakrishnan ,  Sarat Chandra Subramaniam ,  Titus Constantin Miron

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/14 ,  H04L69/28

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

公开(公告)号：US09942223B2

公开(公告)日：2018-04-10

申请号：US14952180

申请日：2015-11-25

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Benjamin Richard Vincent ,  Venkatesh Gopalakrishnan ,  Jay Fluegel

IPC: G06F3/00 ,  H04L29/06 ,  G06Q10/10 ,  H04W8/00 ,  H04W12/06 ,  H04W76/02 ,  H04W48/16

CPC classification number: H04L63/0853 ,  G06Q10/1095 ,  H04W8/005 ,  H04W12/06 ,  H04W48/16 ,  H04W76/14

Abstract: Automated device discovery of pairing-eligible devices for authenticating an unidentified user of a computing device is provided. When the user initiates a login on the computing device on which the user's identity is not known, an automated pairing-eligible device discovery authentication system interrogates a resource (e.g., subnetwork router, calendaring server) for identifying pairing-eligible devices that may be used as a second factor for authentication. A list of the pairing-eligible devices is presented to the user on the computing device. Upon selection of a pairing-eligible device to use as a second factor to verify the user's identity, the user's identity is determined, and a notification is sent to the selected pairing-eligible device for enabling the user to verify his/her identity using a second factor. Upon completion of an authentication challenge on the selected pairing-eligible device, authentication of the user is completed, and a signed token is sent to the computing device.

公开(公告)号：US09537851B2

公开(公告)日：2017-01-03

申请号：US14452726

申请日：2014-08-06

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ariel Gordon ,  Samuel Devasahayam ,  Lu Zhao ,  Yordan Rouskov ,  Parmeshwar Arewar ,  Venkatesh Gopalakrishnan ,  Sarat Chandra Subramaniam ,  Titus Constantin Miron

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/14 ,  H04L69/28

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract translation: 实施例旨在使用信令撤销用户会话。 在一种情况下，在计算机系统上操作的身份平台接收指示用户的登录帐户已经被泄密的指示，其中用户的登录帐户具有相关联的登录会话以及在指定的时间量内有效的对应的会话伪像。 身份平台产生指示登录会话不再被信任的信号，并且用户将被重定向到身份平台以重新认证和更新会话伪像，并将生成的信号提供给各种依赖方，包括至少 一个为用户托管登录会话的依赖方。

公开(公告)号：US20170085553A1

公开(公告)日：2017-03-23

申请号：US15365726

申请日：2016-11-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ariel Gordon ,  Samuel Devasahayam ,  Lu Zhao ,  Yordan Rouskov ,  Parmeshwar Miguel Sequeira Arewar ,  Venkatesh Gopalakrishnan ,  Sarat Chandra Subramaniam ,  Titus Constantin Miron

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/14 ,  H04L69/28

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.