-
公开(公告)号:US20240364535A1
公开(公告)日:2024-10-31
申请号:US18309383
申请日:2023-04-28
申请人: Okta, Inc.
CPC分类号: H04L9/3247 , H04L9/0825 , H04L9/3271
摘要: Methods, systems, and devices for process verification are described. An authenticator application of a device may receive, from an authenticating application of the device, a first request to establish a network connection between the authenticator application and the authenticating application. The first request may identify a port associated with the network connection. The authenticator application may receive a second request from the authenticating application to authenticate an identity of a user. The authenticator application may identify a process used to establish the network connection between the authenticator application and the authenticating application on the port. The authenticator application may obtain a signature and a set of data associated with the signature based on the identified process. The authenticator application may authenticate the identity of the user based on the signature and the associated set of data.
-
公开(公告)号:US20220191186A1
公开(公告)日:2022-06-16
申请号:US17118426
申请日:2020-12-10
申请人: Okta, Inc.
摘要: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.
-
公开(公告)号:US20240259371A1
公开(公告)日:2024-08-01
申请号:US18160615
申请日:2023-01-27
申请人: Okta, Inc.
发明人: Johannes Stockmann
IPC分类号: H04L9/40
CPC分类号: H04L63/0869
摘要: Methods, systems, and devices for managing assurance levels are described. An identity provider (IDP) may obtain a request to enroll a first authenticator for accessing a resource via the IDP. The request may use a second authenticator to authorize enrollment of the first authenticator. The IDP may validate the second authenticator in response to the request. The IDP may enable the first authenticator to attest a first characteristic associated with the first authenticator in response to validating the second authenticator. The first authenticator may be enabled to attest the first characteristic based on the first characteristic being common to the first authenticator and the second authenticator. The IDP may enable the first authenticator to attest a second characteristic associated with the first authenticator based on an action that validates the second characteristic.
-
公开(公告)号:US20230328052A1
公开(公告)日:2023-10-12
申请号:US18334292
申请日:2023-06-13
申请人: Okta, Inc.
IPC分类号: H04L9/40 , H04L67/143
CPC分类号: H04L63/0815 , H04L63/0876 , H04L67/143 , H04L63/108 , H04L63/0442 , H04L63/0861
摘要: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.
-
公开(公告)号:US20220210156A1
公开(公告)日:2022-06-30
申请号:US17134540
申请日:2020-12-28
申请人: Okta, Inc.
IPC分类号: H04L29/06
摘要: A process running on client devices intercepts requests destined for an identity provider (“IdP”) system and injects a digital signature corresponding to a user associated with the request. In order to reduce or eliminate the burden on providers of the applications or other resources used by the users, the organization providing the IdP system may also provide components that run locally on the client devices of users and integrate with the users' applications. For example, in one embodiment code of the IdP system is run within a container of an application to handle communication with the IdP system. Additionally, code of the IdP system is run as a local process that handles request interception and digital signature injection. For client devices not supporting the use of the local process, a separate verifier application of the IdP can be run locally and allow interactively performing authentication via a user interface.
-
公开(公告)号:US11991164B2
公开(公告)日:2024-05-21
申请号:US18334292
申请日:2023-06-13
申请人: Okta, Inc.
IPC分类号: H04L9/40 , H04L67/143
CPC分类号: H04L63/0815 , H04L63/0442 , H04L63/0861 , H04L63/0876 , H04L63/108 , H04L67/143
摘要: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.
-
公开(公告)号:US11533309B2
公开(公告)日:2022-12-20
申请号:US17134540
申请日:2020-12-28
申请人: Okta, Inc.
IPC分类号: H04L9/40
摘要: A process running on client devices intercepts requests destined for an identity provider (“IdP”) system and injects a digital signature corresponding to a user associated with the request. In order to reduce or eliminate the burden on providers of the applications or other resources used by the users, the organization providing the IdP system may also provide components that run locally on the client devices of users and integrate with the users' applications. For example, in one embodiment code of the IdP system is run within a container of an application to handle communication with the IdP system. Additionally, code of the IdP system is run as a local process that handles request interception and digital signature injection. For client devices not supporting the use of the local process, a separate verifier application of the IdP can be run locally and allow interactively performing authentication via a user interface.
-
公开(公告)号:US11716316B2
公开(公告)日:2023-08-01
申请号:US17118426
申请日:2020-12-10
申请人: Okta, Inc.
IPC分类号: H04L9/40 , H04L67/143
CPC分类号: H04L63/0815 , H04L63/0442 , H04L63/0861 , H04L63/0876 , H04L63/108 , H04L67/143
摘要: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.
-
公开(公告)号:US20230177132A1
公开(公告)日:2023-06-08
申请号:US17542307
申请日:2021-12-03
申请人: Okta, Inc.
CPC分类号: G06F21/33 , G06F21/44 , G06F21/56 , G06F2221/2129
摘要: An identity provider (IdP) defines an interface for obtaining device posture signals in a flexible manner. Third-party signal providers author plugins that conform to the defined interface and make the plugins available to the organizations that use their services. The plugins incorporate the third-party signals into the authentication logic of the IdP, allowing the authentication logic to obtain organization-defined information about client device posture of the client devices on which user authentication is taking place. This permits different organizations that use the IdP to tailor their authentication processes to the particular types of signals available to them, and to their own particular organization policies. This allows, for example, conformity to organization policies such as user data use policies.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.018 秒)
