-
公开(公告)号:US20230336536A1
公开(公告)日:2023-10-19
申请号:US18343345
申请日:2023-06-28
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
IPC分类号: H04L9/40
CPC分类号: H04L63/0815 , H04L63/108 , H04L63/0853
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
公开(公告)号:US11736469B2
公开(公告)日:2023-08-22
申请号:US17684949
申请日:2022-03-02
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
CPC分类号: H04L63/0815 , H04L63/0853 , H04L63/108
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
公开(公告)号:US11050730B2
公开(公告)日:2021-06-29
申请号:US15987631
申请日:2018-05-23
IPC分类号: H04L29/06
摘要: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
-
公开(公告)号:US20140208304A1
公开(公告)日:2014-07-24
申请号:US13749509
申请日:2013-01-24
IPC分类号: G06F9/445
CPC分类号: G06F8/65 , G06F9/44505 , H04W4/50
摘要: Methods and systems are described for upgrading an access manager framework. In response to an upgrade request from a client, current and new versions of the access manager framework are identified. Upon successful identification of the current version, one or more supported upgrade paths are determined for the upgrade process. An appropriate upgrade path from the current version to the new version is determined upon successful identification of the current and/or new version of the access manager framework. In response to determination of the appropriate upgrade path, a version specific program upgrade component and a version specific upgrade program are associated with the determined upgrade path. In addition, a set of information may be extracted from the access manager framework, transformed, and imported to the upgraded access manager framework based at least in part upon the determined version specific upgrade program and the version specific program upgrade component.
摘要翻译: 描述了升级访问管理器框架的方法和系统。 响应于来自客户端的升级请求,识别当前和新版本的访问管理器框架。 在成功识别当前版本后,为升级过程确定一个或多个受支持的升级路径。 通过成功识别当前和/或新版本的访问管理器框架,确定从当前版本到新版本的适当升级路径。 响应于确定适当的升级路径,特定于版本的程序升级组件和特定于版本的升级程序与确定的升级路径相关联。 此外,可以至少部分地基于所确定的版本特定升级程序和特定于版本的程序升级组件,从访问管理器框架中提取一组信息,将其转换并导入升级的访问管理器框架。
-
公开(公告)号:US20220191188A1
公开(公告)日:2022-06-16
申请号:US17684949
申请日:2022-03-02
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
IPC分类号: H04L9/40
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
公开(公告)号:US11265329B2
公开(公告)日:2022-03-01
申请号:US16867243
申请日:2020-05-05
发明人: Vipin Koottayi , Vikas Pooven Chathoth , Aarathi Balakrishnan , Madhu Martin , Deepak Ramakrishanan
摘要: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
-
公开(公告)号:US10721239B2
公开(公告)日:2020-07-21
申请号:US15940604
申请日:2018-03-29
发明人: Vipin Koottayi , Vikas Pooven Chathoth , Aarathi Balakrishnan , Madhu Martin , Deepak Ramakrishanan
摘要: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
-
公开(公告)号:US20170118223A1
公开(公告)日:2017-04-27
申请号:US15294381
申请日:2016-10-14
发明人: Stephen Mathew , Ramya Subramanya , Aarathi Balakrishnan , Vipin Anaparakkal Koottayi , Madhu Martin
CPC分类号: H04L63/105 , G06F21/31 , G06F21/45 , G06F21/554 , G06F21/6218 , H04L63/0815 , H04L63/083 , H04L63/102
摘要: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.
-
公开(公告)号:US20160219040A1
公开(公告)日:2016-07-28
申请号:US15005365
申请日:2016-01-25
IPC分类号: H04L29/06
CPC分类号: H04L63/0815 , G06F21/41 , H04L63/08 , H04L63/10 , H04L63/20 , H04L65/1066 , H04L65/1069 , H04L67/141
摘要: Systems and methods are disclosed for a single sign-on (SSO) enterprise system with multiple data centers that use a lightweight cookie on a user's client device. The lightweight cookie includes a reference to a data center in which the user is already authenticated, and a new data center contacts the old data center for creating a session for the user on the new data center. If the old data center is unavailable, then the new data center may fall back to accessing a local security store, a backup of keys, security tokens, and/or other security data, in order to create a local session for the user on the new data center.
-
公开(公告)号:US09104451B2
公开(公告)日:2015-08-11
申请号:US13685360
申请日:2012-11-26
发明人: Ramya Subramanya , Madhu Martin , Stephen Mathew
CPC分类号: G06F9/45512 , G06F9/4552
摘要: A method of dynamically communicating a parameter during runtime may include providing a script to a command-line scripting module that uses the parameter, where the parameter is to be provided during runtime by a user and the script is configured to generate an exception including an identifier associated with the parameter. The method may also include generating byte code based on the script, executing the byte code on a virtual machine until the exception is generated, passing the exception to the command-line scripting module, causing, by the command-line scripting module, receiving a parameter value from the user through an input device, passing the parameter value to the virtual machine, and continuing execution of the byte code on the virtual machine.
摘要翻译: 在运行时期间动态地传送参数的方法可以包括向使用该参数的命令行脚本模块提供脚本,其中在运行时由用户提供该参数,并且脚本被配置为生成包括标识符的异常 与参数相关联。 该方法还可以包括基于脚本生成字节代码,在虚拟机上执行字节码直到产生异常,将异常传递到命令行脚本编写模块,由命令行脚本编写模块接收 用户通过输入设备的参数值,将参数值传递给虚拟机,并继续执行虚拟机上的字节码。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.022 秒)
