-
公开(公告)号:US20170195429A1
公开(公告)日:2017-07-06
申请号:US15041040
申请日:2016-02-11
申请人: Symantec Corporation
发明人: Prasad Bokare , Gary Krall , Nicolas Popp , Kunal Agarwal , Tushar Goyal , Srinath Venkataramani
IPC分类号: H04L29/08
CPC分类号: H04L63/0815 , H04L67/12
摘要: The disclosed computer-implemented method for facilitating single sign-on for multiple devices may include (1) establishing a login session for a user account, (2) in response to establishing the login session, providing, to a device associated with the user account, a session token for the user account, (3) receiving, from at least one client, a request to access resources associated with the user account, (4) determining that the associated device possesses the session token for the user account, and (5) in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09300644B1
公开(公告)日:2016-03-29
申请号:US13773924
申请日:2013-02-22
申请人: Symantec Corporation
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/0815 , H04L63/0838
摘要: A method and apparatus for knowledge-based authentication by a cloud-based authentication service are described. A cloud-based authentication service is to track credential usage of an end-user at the cloud-based authentication service. The authentication service receives a credential request for credentials associated with the end-user from a relying party website. The end-user no longer has authentication credentials for access to the relying party website. The authentication service issues a dynamic knowledge-based (KB) challenge to the end-user, the dynamic KB challenge being based on at least some of the tracked credential usage of the end-user. The processing logic receives a response to the dynamic KB challenge from the end-user and sends temporary credentials to the relying party for the end-user when the response is validated.
摘要翻译: 描述了基于云的认证服务的基于知识的认证的方法和装置。 基于云的认证服务是为了跟踪基于云的身份验证服务的最终用户的凭据使用情况。 认证服务从依赖方网站接收与最终用户相关联的凭证的凭证请求。 最终用户不再具有访问依赖方网站的身份验证凭证。 验证服务向最终用户发出基于动态知识的(KB)挑战,动态KB挑战基于最终用户的跟踪凭证使用中的至少一些。 处理逻辑从最终用户接收对动态KB挑战的响应,并且当响应被验证时,向最终用户发送临时证书给依赖方。
-
公开(公告)号:US09888035B2
公开(公告)日:2018-02-06
申请号:US14824775
申请日:2015-08-12
申请人: Symantec Corporation
CPC分类号: H04L63/1466 , H04L63/0876 , H04L63/18 , H04L67/26 , H04W4/02 , H04W12/06 , H04W12/12
摘要: A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. Various other methods, systems, and computer-readable media are also disclosed.
-
4.发明授权Supporting proximity based security code transfer from mobile/tablet application to access device 有权支持从移动/平板电脑应用程序到访问设备的基于邻近的安全代码传输公开(公告)号:US09104853B2
公开(公告)日:2015-08-11
申请号:US13895478
申请日:2013-05-16
申请人: SYMANTEC CORPORATION
CPC分类号: G06F21/35 , H04L63/0492 , H04L63/0853
摘要: Techniques are disclosed for authenticating users to a computing application. A mobile or tablet device is used to generate a security code. Near field communication (NFC) hardware on the mobile device is used to transfer the security code from the mobile device to a computer. To transfer the one-time value, a user simply taps an NFC enabled mobile device on an NFC enabled computing device (e.g. a laptop running a web browser used to access a web service). In one embodiment, doing so triggers a connection between the two devices and an application running on the mobile device transfers the security code to an NFC receiver application running on the computer. The receiving computer may be configured to auto-fill the received security code in the appropriate form field of the application authentication interface.
摘要翻译: 公开了用于将用户认证给计算应用的技术。 移动或平板设备用于生成安全码。 使用移动设备上的近场通信(NFC)硬件将安全码从移动设备传送到计算机。 为了传送一次性值,用户只需在支持NFC的计算设备(例如,运行用于访问web服务的web浏览器的笔记本电脑上)敲击启用NFC的移动设备。 在一个实施例中,这样做触发了两个设备之间的连接,并且在移动设备上运行的应用将安全代码传送到在计算机上运行的NFC接收机应用。 接收计算机可以被配置为在应用认证接口的适当形式字段中自动填充所接收的安全码。
-
公开(公告)号:US10462113B1
公开(公告)日:2019-10-29
申请号:US15717320
申请日:2017-09-27
申请人: Symantec Corporation
摘要: The disclosed computer-implemented method for securing push authentications may include (i) receiving, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, (ii) forwarding, by the security service, the push authentication to the client device of the user, (iii) receiving, by the security service, a response to the push authentication from the client device of the user, and (iv) forwarding, by the security service, the response to the push authentication from the client device of the user to the security service relying party. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10360366B1
公开(公告)日:2019-07-23
申请号:US15706612
申请日:2017-09-15
申请人: Symantec Corporation
摘要: The disclosed computer-implemented method for providing two-factor authentication with an enterprise gateway when an authentication server is unavailable may include (1) receiving, at a computing device, an authentication request from a client device; (2) determining the authentication server is unavailable; (3) sending, to the client device and in response to determining the authentication server is unavailable, a backup credential stored on the enterprise gateway; (4) receiving, from the client device, a security code generated by the backup credential; (5) authenticating the security code; (6) sending, in response to determining the security code is authentic, access approval to the client device. The provided methods may provide authentication, by an enterprise gateway, of one or more factors in a multi-factor authentication system when an authentication server is unavailable. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10326733B2
公开(公告)日:2019-06-18
申请号:US15041040
申请日:2016-02-11
申请人: Symantec Corporation
发明人: Prasad Bokare , Gary Krall , Nicolas Popp , Kunal Agarwal , Tushar Goyal , Srinath Venkataramani
摘要: The disclosed computer-implemented method for facilitating single sign-on for multiple devices may include (1) establishing a login session for a user account, (2) in response to establishing the login session, providing, to a device associated with the user account, a session token for the user account, (3) receiving, from at least one client, a request to access resources associated with the user account, (4) determining that the associated device possesses the session token for the user account, and (5) in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account. Various other methods, systems, and computer-readable media are also disclosed.
-
8.发明授权公开(公告)号:US10318725B2
公开(公告)日:2019-06-11
申请号:US15238534
申请日:2016-08-16
申请人: Symantec Corporation
摘要: The present disclosure relates to changing a password in a proximity-based authentication system. After a successful proximity-based authentication, a password agent may determine that a password does not comply with an administrative password policy. The password agent may then generate a new password that does comply with the administrative password policy and submit a password change request to an administrator of that password policy, without any input by a user at these steps. The user can then request to view the password for input to a service using the same password, and after passing a biometric challenge may view the password.
-
公开(公告)号:US09571497B1
公开(公告)日:2017-02-14
申请号:US14513897
申请日:2014-10-14
申请人: Symantec Corporation
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/08 , H04L63/0853 , H04L63/101
摘要: The disclosed computer-implemented method for blocking push authentication spam may include (1) detecting an attempt by an unauthenticated source to gain access to a web resource protected by an MFA service, (2) issuing, to a mobile device of an authenticated user of the MFA service, a push authentication request to query the authenticated user about whether to allow the unauthenticated source's attempt, (3) determining, based at least in part on the push authentication request issued to the mobile device, that the authenticated user has not allowed the unauthenticated source's attempt, and (4) in response to determining that the authenticated user has not allowed the unauthenticated source's attempt, blacklisting the unauthenticated source such that the MFA service refuses to issue any subsequent push authentication requests in connection with the unauthenticated source. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 所公开的用于阻止推送认证垃圾邮件的计算机实现的方法可以包括(1)检测未认证源的尝试以获得对由MFA服务保护的web资源的访问,(2)向认证用户的移动设备发布 MFA服务,推送认证请求,用于查询经认证的用户是否允许未认证的源的尝试,(3)至少部分地基于向移动设备发出的推送认证请求确定认证用户不允许 未经认证的源的尝试,以及(4)响应于确定已认证的用户不允许未经认证的源的尝试,将未认证的源黑名单,使得MFA服务拒绝发布与未认证源相关联的任何后续推送认证请求。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US20170006060A1
公开(公告)日:2017-01-05
申请号:US14824775
申请日:2015-08-12
申请人: Symantec Corporation
CPC分类号: H04L63/1466 , H04L63/0876 , H04L63/18 , H04L67/26 , H04W4/02 , H04W12/06 , H04W12/12
摘要: A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于检测中间人攻击的计算机实现的方法可以包括(1)将计算环境内的用户的移动设备注册为对应于用户的认证移动设备,(2)接收认证请求 作为用户登录到安全计算资源中,(3)响应于接收到所述认证请求,通过与所述用户的所述通道不同的信道,向所述注册的用户的移动设备发送带外推送认证提示, 接收到认证请求,(4)将由认证请求指示的地理定位与由注册的移动设备指示的地理位置进行比较,以及(5)响应于基于确定的中间人攻击检测来执行补救动作 由认证请求指示的地理定位和由注册的移动设备指示的地理位置不匹配。 还公开了各种其它方法,系统和计算机可读介质。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.019 秒)
