-
1.
公开(公告)号:US20190199709A1
公开(公告)日:2019-06-27
申请号:US16293435
申请日:2019-03-05
申请人: Zuora, Inc.
CPC分类号: H04L63/0815 , G06F21/41 , H04L63/0884 , H04L67/10 , H04W4/60
摘要: Shown is single sign-on support access to tenant accounts in a multi-tenant service platform involving a proxy user account in an identity provider for a tenant account on the service platform having security metadata associated therewith, mapping in the identity provider maps a support user to a proxy user identifier, a corresponding security endpoint in the service platform and mapping of the proxy user account identifier to the tenant account and security metadata. The identity provider authenticates a request to access the tenant account on the service platform, obtains the security credentials for the proxy user identifier, and sends a security assertion with the proxy user identifier and the security metadata to the security endpoint. The endpoint receives and validates the security assertion against the mapping for the proxy user identifier to the tenant account and the security metadata in the service platform, and permits access by the support user to the tenant account in the service platform.
-
公开(公告)号:US20180375645A1
公开(公告)日:2018-12-27
申请号:US15630642
申请日:2017-06-22
申请人: salesforce.com, inc.
CPC分类号: H04L9/0819 , G06F3/065 , G06F16/23 , G06F21/41 , G06F21/45 , H04L9/0891 , H04L63/083 , H04L63/0846
摘要: Systems and methods for changing database passwords are described. A first server computing system receives an indication to perform a password change process for an administrative account of an associated database. The server generates a vault configured to store a password change status and a password secret associated with the account. The server sets the password change status to a first value to indicate that the server is performing the password change process and then performs the password change process for the account. The server then sets the password change status to a second value to enable a second server computing system to perform a second password change process for a second administrative account of a database associated with the second server system. The database associated with the second server computing system is a standby database of the database associated with the first server system.
-
公开(公告)号:US20180359239A1
公开(公告)日:2018-12-13
申请号:US16013242
申请日:2018-06-20
发明人: Rafi Schwarz , Eli Maccabi , Moti Cohen , Nessi Lahav , Inbal Zilberman Kubovsky , Evgeny Sakirko
CPC分类号: H04L63/083 , G06F21/41 , G06F21/44 , H04L9/3213 , H04L63/0807 , H04L63/0815 , H04L63/0853 , H04L63/10
摘要: The disclosed embodiments include systems and methods for providing security tokens to cloud-based assets on demand. Operations performed in the disclosed embodiments include receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource. Additionally, the operations include extracting information associated with the cloud-based asset by accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, where the trusted cloud platform resource is separate from the cloud-based asset, and authenticating the cloud-based asset based on the extracted information. The operations also include generating a security token for the cloud-based asset, making a first portion of the security token available to be injected into the cloud-based asset, and responding to the prompt with a second portion of the security token.
-
4.
公开(公告)号:US20180332027A1
公开(公告)日:2018-11-15
申请号:US16047654
申请日:2018-07-27
申请人: Google LLC
发明人: Jonathan Nichols , Krista Donaldson
CPC分类号: H04L63/083 , G06F21/41 , G06F21/62 , G06F2221/2107 , G06F2221/2115 , G06F2221/2117 , G06F2221/2119 , G06F2221/2143 , H04L9/3226 , H04L63/0428 , H04L63/06 , H04L63/0815 , H04L63/0861 , H04L67/02 , H04L67/306
摘要: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.
-
公开(公告)号:US20180295123A1
公开(公告)日:2018-10-11
申请号:US16007393
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US20180295122A1
公开(公告)日:2018-10-11
申请号:US16007353
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US20180285590A1
公开(公告)日:2018-10-04
申请号:US15472159
申请日:2017-03-28
发明人: Daniel Cosson , Andrew Kortina
CPC分类号: G06F21/6245 , G06F21/41 , G06F21/6218 , G06F21/6263 , G06F2221/2115 , G06Q10/083 , G06Q30/0617 , H04L63/0428 , H04L63/0815 , H04L63/083 , H04L63/102
摘要: Methods, systems, and apparatus, including computer programs encoded on computer storage media, sharing sensitive information with authorized individuals while reducing the likelihood that the sensitive information will be shared with unauthorized individuals. One of the methods includes receiving from a user an indication that a particular piece of information is sensitive information; automatically individually encrypting the sensitive information; automatically logging each access of the sensitive information; and reporting to the user that the sensitive information has been accessed, wherein the information management system to which the user indicates that a particular piece of information is sensitive information is the same information management system that reports to the user that the encrypted sensitive information has been accessed.
-
公开(公告)号:US10079820B2
公开(公告)日:2018-09-18
申请号:US14493224
申请日:2014-09-22
发明人: Ashish Kolli , Mrudul Uchil , Josh Brunaugh , Dharmvir Singh
CPC分类号: H04L63/0815 , G06F21/41 , H04L63/0838 , H04L63/0884 , H04L63/10 , H04L63/20
摘要: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
-
9.
公开(公告)号:US10055556B2
公开(公告)日:2018-08-21
申请号:US14866950
申请日:2015-09-26
申请人: Intel Corporation
发明人: Ned M. Smith , Nathan Heldt-Sheller , Micah J. Sheller , Kevin C. Wells , Hannah L. Scurfield , Nathaniel J. Goss , Sindhu Pandian , Brad H. Needham
CPC分类号: G06F21/31 , G06F21/41 , G06F21/53 , G06F21/88 , G06F2221/2105 , G06F2221/2111 , G06F2221/2147 , H04L9/3226 , H04L63/0815 , H04L2209/127 , H04L2209/805 , H04W12/00503 , H04W12/00504 , H04W12/00508 , H04W12/06 , H04W88/02
摘要: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.
-
公开(公告)号:US20180218157A1
公开(公告)日:2018-08-02
申请号:US15883589
申请日:2018-01-30
申请人: ZeroFOX, Inc.
CPC分类号: G06F21/577 , G06F21/41 , G06Q50/01 , H04L63/0815 , H04L63/1433 , H04L63/1441
摘要: A computer implemented method including generating, by one or more processors, an activation request, receiving, from a user device, an activation confirmation, configuring a protection account specific to the user, where configuring the protection account comprises, identifying one or more of the user's social network accounts, authenticating one or more of the user's social network accounts, and generating a protection portal for the user, providing a link to the protection portal to the user, and providing one or more alerts to the user on the protection portal, wherein the one or more alerts identify security risks associated with one or more of the user's social network accounts.
-
-
-
-
-
-
-
-
-