JP6609086B1 - フェデレーテッド・シングル・サインオン(sso)のための非侵入型セキュリティの実施 - Google Patents
フェデレーテッド・シングル・サインオン(sso)のための非侵入型セキュリティの実施 Download PDFInfo
- Publication number
- JP6609086B1 JP6609086B1 JP2019520017A JP2019520017A JP6609086B1 JP 6609086 B1 JP6609086 B1 JP 6609086B1 JP 2019520017 A JP2019520017 A JP 2019520017A JP 2019520017 A JP2019520017 A JP 2019520017A JP 6609086 B1 JP6609086 B1 JP 6609086B1
- Authority
- JP
- Japan
- Prior art keywords
- assertion
- proxy
- idp
- url
- acs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 claims description 133
- 230000002441 reversible effect Effects 0.000 claims description 66
- 230000004044 response Effects 0.000 claims description 17
- 230000000295 complement effect Effects 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 8
- 230000000903 blocking effect Effects 0.000 claims description 5
- 238000011156 evaluation Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 238000003780 insertion Methods 0.000 claims description 3
- 230000037431 insertion Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 33
- 230000006870 function Effects 0.000 description 28
- 230000009471 action Effects 0.000 description 25
- 230000015654 memory Effects 0.000 description 25
- 238000007726 management method Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 13
- 230000008520 organization Effects 0.000 description 13
- 230000008859 change Effects 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 239000008186 active pharmaceutical agent Substances 0.000 description 9
- 238000012423 maintenance Methods 0.000 description 7
- 230000002265 prevention Effects 0.000 description 6
- 102100035606 Beta-casein Human genes 0.000 description 5
- 101000947120 Homo sapiens Beta-casein Proteins 0.000 description 5
- 108010029660 Intrinsically Disordered Proteins Proteins 0.000 description 5
- 102100037845 Isocitrate dehydrogenase [NADP], mitochondrial Human genes 0.000 description 5
- 230000008901 benefit Effects 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 5
- 238000007689 inspection Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 239000002957 persistent organic pollutant Substances 0.000 description 3
- 241000335574 Narayana Species 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 239000000344 soap Substances 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 101000928090 Caenorhabditis elegans Desumoylating isopeptidase 1 homolog Proteins 0.000 description 1
- 241000237074 Centris Species 0.000 description 1
- 101000928089 Homo sapiens Desumoylating isopeptidase 1 Proteins 0.000 description 1
- 102100032211 Solute carrier family 35 member G1 Human genes 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- GJJYZOBRHIMORS-GQOAHPRESA-K aloglutamol Chemical compound OCC(N)(CO)CO.OC[C@@H](O)[C@@H](O)[C@H](O)[C@@H](O)C(=O)O[Al](O)O GJJYZOBRHIMORS-GQOAHPRESA-K 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
[用語]
既存のCASBの限界を克服する目的で、改良されたCASBがネットスコープ,インクによって開発された。この改善されたCASBは、本明細書では「Netskope−CASB(N−CASB)」と呼ばれ、その特徴及び実施態様が以下に説明される。
図2は、サービス・プロバイダ(SP)とアイデンティティ・プロバイダ(IDP)との間の信頼関係を確立する一実施態様を示す。図2に対して補完的に、図3は、図2で確立された信頼に基づくフェデレーテッド・シングル・サインオン(SSO)のメッセージ交換チャートの一実施態様を示す。
[信頼関係の修正]
[システム概要]
[信頼関係の保持]
[アサーション・プロキシでのセキュリティ実行]
[処理]
[特定の実施態様]
[コンピュータ・システム]
Claims (15)
- フェデレーテッド・シングル・サインオン(SSO)の認証中にサービス・プロバイダ(SP)とアイデンティティ・プロバイダ(IDP)間の信頼関係を変更することなく非侵入的にセキュリティを実行するコンピュータによって実行される方法であって、
前記SPにおいて前記IDPのSSO統合リソース・ロケータ(URL)と公開鍵を構成し、前記IDPにおいて前記SPのアサーション・コンシューマ・サービス(ACS)URLを構成することにより、前記SPと前記IDP間の前記信頼関係を確立すること、
ユーザが前記SPにログインする時に前記IDPにおいてアサーションを生成し、前記生成されたアサーション内の前記SPのACS−URLを識別し、且つ、IDP証明書を用いて前記生成されたアサーションにディジタル署名すること、
アサーション・プロキシのプロキシ公開鍵を用いて前記署名されたアサーションを暗号化し、前記SPのACS−URLに代えて前記アサーション・プロキシのプロキシURLに前記暗号化されたアサーションを転送するように前記IDPを構成すること、
補完的プロキシ秘密鍵を用いて前記アサーション・プロキシにおいて前記暗号化されたアサーションを復号化し、前記復号化されたアサーション内で識別された前記SPのACS−URLを用いて前記SPのACSに前記復号化されたアサーションを転送すること、及び、
前記アサーション・プロキシを介してフェデレーテッドSSOの認証されたセッションを確立するために、前記IDPの公開鍵を用いて前記SPにおいて前記復号化されたアサーションを検証することにより前記SPと前記IDP間の前記信頼関係を保持すること、
を含む方法。 - 前記ユーザのクライアントが非管理デバイスであると判断したことに応答して、
前記アサーション・プロキシにおいて追加されたリバース・プロキシ・ドメインを用いて前記SPのACS−URLを符号化し、検証トークンと共に前記ユーザのクライアントを介してリバース・プロキシに前記復号化されたアサーションを転送すること、
前記検証トークンを検証した後、前記リバース・プロキシにおいて前記リバース・プロキシ・ドメインを取り除き、前記復号化されたアサーションをネットワーク・セキュリティ・システムに転送すること、
1以上のセキュリティ・ポリシーに基づいて前記ネットワーク・セキュリティ・システムにおいて前記復号化されたアサーションを評価し、前記評価したアサーションを前記SPのACSに転送すること、及び、
前記リバース・プロキシを介した前記フェデレーテッドSSOの認証されたセッションの間、前記ユーザのクライアントから後続のトラフィックをリダイレクトする書き換えられたURLを用いて、前記リバース・プロキシにおいて、前記SPにより供給されたページ内に含まれるURLを書き換えること、
を更に含む請求項1に記載のコンピュータによって実行される方法。 - 前記アサーション・プロキシにおいて構成された前記IDPの公開鍵に従った前記アサーション・プロキシによるIDPのアイデンティティの前記アサーション及びベリフィケーションにおけるIDPの提供された情報に基づいて、前記SPへのアクセスを許可または阻止することを含んで、前記アサーション・プロキシにおいて前記セキュリティ・ポリシーが実行される請求項2に記載のコンピュータによって実行される方法。
- 前記アサーション・プロキシと前記リバース・プロキシが結合され、単一のプロキシとしてホストされる請求項2または3に記載のコンピュータによって実行される方法。
- 1以上のセキュリティ・ポリシーに基づいて前記リバース・プロキシにおいて前記復号化されたアサーションを評価し、前記評価したアサーションを前記SPのACSに転送することを更に含む請求項2〜4の何れか1項に記載のコンピュータによって実行される方法。
- 前記ユーザのクライアントが非管理デバイスであると判断したことに応答して、
前記SPへの前記ユーザのクライアントのアクセス許可を阻止することを更に含む請求項1〜5の何れか1項に記載のコンピュータによって実行される方法。 - 前記非管理デバイスが、トラフィックがポリシー実行サーバを介してトンネリングされていない個人保有デバイスの持ち込み(BYOD)、及び/または、オフ・ネットワーク・デバイスである請求項2〜6の何れか1項に記載のコンピュータによって実行される方法。
- 前記ユーザのクライアントが管理されていると判断したことに応答して、
前記フェデレーテッドSSOの認証されたセッションを確立するためにフォワード・プロキシを介して、前記アサーション・プロキシから前記SPのACSへ前記復号化されたアサーションを転送することを更に含む請求項1〜7の何れか1項に記載のコンピュータによって実行される方法。 - 前記IDPが、セキュリティ・アサーション・マークアップ言語(SAML)プロトコルを使用する請求項1〜8の何れか1項に記載のコンピュータによって実行される方法。
- 前記ユーザのクライアントを介して前記アサーション・プロキシにおいて前記暗号化されたアサーションを受け取ることを更に含む請求項1〜9の何れか1項に記載のコンピュータによって実行される方法。
- 前記IDPが、アクティブ認証のためにウェブ・サービス(WS)・フェデレーション・プロトコルを使用する請求項1〜10の何れか1項に記載のコンピュータによって実行される方法。
- 前記アサーション・プロキシにおいて前記IDPから前記暗号化されたアサーションを受け取ることを更に含む請求項1〜11の何れか1項に記載のコンピュータによって実行される方法。
- 前記アサーション・プロキシが、クラウド・アクセス・セキュリティ・ブローカ(CASB)によりホストされるクラウド・サービスである請求項1〜12の何れか1項に記載のコンピュータによって実行される方法。
- フェデレーテッド・シングル・サインオン(SSO)の認証中にサービス・プロバイダ(SP)とアイデンティティ・プロバイダ(IDP)間の信頼関係を変更することなく非侵入的にセキュリティを実行するためのコンピュータ・プログラム命令を記憶した非一時的なコンピュータ可読記憶媒体であって、
前記命令がプロセッサ上で実行されることにより、
前記SPにおいて前記IDPのSSO統合リソース・ロケータ(URL)と公開鍵を構成し、前記IDPにおいて前記SPのアサーション・コンシューマ・サービス(ACS)URLを構成することにより、前記SPと前記IDP間の前記信頼関係を確立すること、
ユーザが前記SPにログインする時に前記IDPにおいてアサーションを生成し、前記生成されたアサーション内の前記SPのACS−URLを識別し、且つ、IDP証明書を用いて前記生成されたアサーションにディジタル署名すること、
アサーション・プロキシのプロキシ公開鍵を用いて前記署名されたアサーションを暗号化し、前記SPのACS−URLに代えて前記アサーション・プロキシのプロキシURLに前記暗号化されたアサーションを転送するように前記IDPを構成すること、
補完的プロキシ秘密鍵を用いて前記アサーション・プロキシにおいて前記暗号化されたアサーションを復号化し、前記復号化されたアサーション内で識別された前記SPのACS−URLを用いて前記SPのACSに前記復号化されたアサーションを転送すること、及び、
前記アサーション・プロキシを介してフェデレーテッドSSOの認証されたセッションを確立するために、前記IDPの公開鍵を用いて前記SPにおいて前記復号化されたアサーションを検証することにより前記SPと前記IDP間の前記信頼関係を保持すること、
を含む方法が、前記命令により実行される非一時的なコンピュータ可読記憶媒体。 - フェデレーテッド・シングル・サインオン(SSO)の認証に対し非侵入的にセキュリティを実行するシステムであって、
ユーザがサービス・プロバイダ(SP)にログインする時に生成されたアサーションを転送するために、前記SPのアサーション・コンシューマ・サービス(ACS)URLに代えて、プロキシ統合リソース・ロケータ(URL)を用い、且つ、プロキシ公開鍵を用いて前記アサーションを暗号化するように、アイデンティティ・プロバイダ(IDP)を構成するIDP構成手段、
転送用に前記SPのACS−URLを用いるために、前記プロキシURLにおいてアサーション・プロキシを構成するアサーション・プロキシ構成手段、
前記アサーション・プロキシにおいて前記暗号化されたアサーションを受け取る受信手段、
補完的プロキシ秘密鍵を用いて前記暗号化されたアサーションを復号化する復号化手段、及び、
前記アサーション・プロキシを介してフェデレーテッド・シングル・サインオン(SSO)の認証されたセッションを確立するために、前記SPのACS−URLへ前記復号化されたアサーションを転送することにより、前記ユーザのクライアントと前記SPのACSの間に前記アサーション・プロキシを挿入する挿入手段、
を備えるシステム。
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662417939P | 2016-11-04 | 2016-11-04 | |
US62/417,939 | 2016-11-04 | ||
US15/795,957 US10243946B2 (en) | 2016-11-04 | 2017-10-27 | Non-intrusive security enforcement for federated single sign-on (SSO) |
US15/795,957 | 2017-10-27 | ||
PCT/US2017/060062 WO2018085733A1 (en) | 2016-11-04 | 2017-11-03 | Non-intrusive security enforcement for federated single sign-on (sso) |
Publications (2)
Publication Number | Publication Date |
---|---|
JP6609086B1 true JP6609086B1 (ja) | 2019-11-20 |
JP2020502616A JP2020502616A (ja) | 2020-01-23 |
Family
ID=62065753
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2019520017A Active JP6609086B1 (ja) | 2016-11-04 | 2017-11-03 | フェデレーテッド・シングル・サインオン(sso)のための非侵入型セキュリティの実施 |
Country Status (4)
Country | Link |
---|---|
US (4) | US10243946B2 (ja) |
EP (1) | EP3535949B1 (ja) |
JP (1) | JP6609086B1 (ja) |
WO (1) | WO2018085733A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11546358B1 (en) | 2021-10-01 | 2023-01-03 | Netskope, Inc. | Authorization token confidence system |
Families Citing this family (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9083739B1 (en) | 2014-05-29 | 2015-07-14 | Shape Security, Inc. | Client/server authentication using dynamic credentials |
GB2545818B (en) * | 2015-02-11 | 2017-11-22 | J2 Global Ip Ltd | Access permissions for sensitive information |
US11985129B2 (en) * | 2016-03-28 | 2024-05-14 | Zscaler, Inc. | Cloud policy enforcement based on network trust |
US11210412B1 (en) * | 2017-02-01 | 2021-12-28 | Ionic Security Inc. | Systems and methods for requiring cryptographic data protection as a precondition of system access |
US10757103B2 (en) * | 2017-04-11 | 2020-08-25 | Xage Security, Inc. | Single authentication portal for diverse industrial network protocols across multiple OSI layers |
US10972453B1 (en) * | 2017-05-03 | 2021-04-06 | F5 Networks, Inc. | Methods for token refreshment based on single sign-on (SSO) for federated identity environments and devices thereof |
US11012441B2 (en) * | 2017-06-30 | 2021-05-18 | Open Text Corporation | Hybrid authentication systems and methods |
US11438337B2 (en) * | 2017-12-15 | 2022-09-06 | Sap Se | Multi-tenant support user cloud access |
US11367323B1 (en) | 2018-01-16 | 2022-06-21 | Secureauth Corporation | System and method for secure pair and unpair processing using a dynamic level of assurance (LOA) score |
US10841313B2 (en) * | 2018-02-21 | 2020-11-17 | Nutanix, Inc. | Substituting callback URLs when using OAuth protocol exchanges |
KR102106770B1 (ko) * | 2018-05-28 | 2020-05-07 | (주)유엠로직스 | 4-tier 방식 CASB의 메타데이터 기반 보안정책 동기화 시스템 및 그 방법 |
KR102120225B1 (ko) * | 2018-05-30 | 2020-06-08 | (주)유엠로직스 | 4-tier 방식 CASB의 접근통제 관리 시스템 및 그 방법 |
US11140145B1 (en) * | 2018-06-25 | 2021-10-05 | NortonLifeLock Inc. | Systems and methods for providing single sign-on capability |
US11245683B2 (en) * | 2018-07-06 | 2022-02-08 | Citrix Systems, Inc. | Single-sign-on for third party mobile applications |
US20200028879A1 (en) | 2018-07-17 | 2020-01-23 | Microsoft Technology Licensing, Llc | Queryless device configuration determination-based techniques for mobile device management |
US11184223B2 (en) * | 2018-07-31 | 2021-11-23 | Microsoft Technology Licensing, Llc | Implementation of compliance settings by a mobile device for compliance with a configuration scenario |
US11379263B2 (en) * | 2018-08-13 | 2022-07-05 | Ares Technologies, Inc. | Systems, devices, and methods for selecting a distributed framework |
US10938801B2 (en) | 2018-09-21 | 2021-03-02 | Microsoft Technology Licensing, Llc | Nonce handler for single sign on authentication in reverse proxy solutions |
US10771435B2 (en) * | 2018-11-20 | 2020-09-08 | Netskope, Inc. | Zero trust and zero knowledge application access system |
US11113370B2 (en) | 2018-12-05 | 2021-09-07 | Bank Of America Corporation | Processing authentication requests to secured information systems using machine-learned user-account behavior profiles |
US11159510B2 (en) * | 2018-12-05 | 2021-10-26 | Bank Of America Corporation | Utilizing federated user identifiers to enable secure information sharing |
US11048793B2 (en) | 2018-12-05 | 2021-06-29 | Bank Of America Corporation | Dynamically generating activity prompts to build and refine machine learning authentication models |
US11176230B2 (en) | 2018-12-05 | 2021-11-16 | Bank Of America Corporation | Processing authentication requests to secured information systems based on user behavior profiles |
US11120109B2 (en) | 2018-12-05 | 2021-09-14 | Bank Of America Corporation | Processing authentication requests to secured information systems based on machine-learned event profiles |
US11036838B2 (en) | 2018-12-05 | 2021-06-15 | Bank Of America Corporation | Processing authentication requests to secured information systems using machine-learned user-account behavior profiles |
US10986150B2 (en) * | 2019-03-01 | 2021-04-20 | Netskope, Inc. | Load balancing in a dynamic scalable services mesh |
US11297040B2 (en) | 2019-05-01 | 2022-04-05 | Akamai Technologies, Inc. | Intermediary handling of identity services to guard against client side attack vectors |
US11096059B1 (en) | 2019-08-04 | 2021-08-17 | Acceptto Corporation | System and method for secure touchless authentication of user paired device, behavior and identity |
US11601413B2 (en) * | 2019-10-14 | 2023-03-07 | Netsia, Inc. | Single sign-on control function (SOF) for mobile networks |
US10951606B1 (en) * | 2019-12-04 | 2021-03-16 | Acceptto Corporation | Continuous authentication through orchestration and risk calculation post-authorization system and method |
FR3105849B1 (fr) * | 2019-12-27 | 2022-01-07 | Bull Sas | Procede et systeme de gestion d’autorisation pour une plateforme de gouvernance unifiee d’une pluralite de solutions de calcul intensif |
CN113127821A (zh) * | 2019-12-31 | 2021-07-16 | 远景智能国际私人投资有限公司 | 身份验证方法、装置、电子设备及存储介质 |
US11405427B2 (en) * | 2020-01-23 | 2022-08-02 | Cisco Technology, Inc. | Multi-domain policy orchestration model |
US20220027469A1 (en) * | 2020-07-22 | 2022-01-27 | Zscaler, Inc. | Cloud access security broker systems and methods for active user identification and load balancing |
US11870781B1 (en) * | 2020-02-26 | 2024-01-09 | Morgan Stanley Services Group Inc. | Enterprise access management system for external service providers |
US11140148B1 (en) * | 2020-03-30 | 2021-10-05 | Konica Minolta Business Solution U.S.A., Inc. | Method and system for instant single sign-on workflows |
US11991292B2 (en) * | 2020-04-03 | 2024-05-21 | Mastercard International Incorporated | Systems and methods for use in appending log entries to data structures |
US11032270B1 (en) * | 2020-04-07 | 2021-06-08 | Cyberark Software Ltd. | Secure provisioning and validation of access tokens in network environments |
US11722475B2 (en) * | 2020-07-30 | 2023-08-08 | Rubrik, Inc. | Federated login with centralized control |
US11329998B1 (en) | 2020-08-31 | 2022-05-10 | Secureauth Corporation | Identification (ID) proofing and risk engine integration system and method |
EP3979109A1 (fr) | 2020-10-02 | 2022-04-06 | Evidian | Procédé et système d'authentification d'un utilisateur sur un appareil utilisateur |
US11457008B2 (en) | 2020-10-13 | 2022-09-27 | Cisco Technology, Inc. | Steering traffic on a flow-by-flow basis by a single sign-on service |
US11968201B2 (en) * | 2021-01-04 | 2024-04-23 | Cisco Technology, Inc. | Per-device single sign-on across applications |
US11159419B1 (en) | 2021-01-29 | 2021-10-26 | Netskope, Inc. | Policy-driven data locality and residency |
US20220261761A1 (en) * | 2021-02-17 | 2022-08-18 | Atlassian Pty Ltd. | Displaying content in a collaborative work environment |
US11653206B2 (en) * | 2021-04-20 | 2023-05-16 | Cisco Technology, Inc. | Trusted roaming for federation-based networks |
US11983261B2 (en) | 2021-04-23 | 2024-05-14 | Microsoft Technology Licensing, Llc | Enhance single sign-on flow for secure computing resources |
US11997127B2 (en) | 2021-05-07 | 2024-05-28 | Netskope, Inc. | Policy based vulnerability identification, correlation, remediation, and mitigation |
US11671430B2 (en) | 2021-05-26 | 2023-06-06 | Netskope, Inc. | Secure communication session using encryption protocols and digitally segregated secure tunnels |
US20230078632A1 (en) * | 2021-09-10 | 2023-03-16 | Rockwell Automation Technologies, Inc. | Security and safety of an industrial operation using opportunistic sensing |
US20230099355A1 (en) * | 2021-09-29 | 2023-03-30 | Dell Products L.P. | Single sign-on services for database clusters |
EP4187409A1 (fr) * | 2021-11-29 | 2023-05-31 | Bull SAS | Procédé et système d'authentification d'un utilisateur sur un serveur d'identité as a service |
US11553008B1 (en) | 2021-12-30 | 2023-01-10 | Netskope, Inc. | Electronic agent scribe and communication protections |
Family Cites Families (93)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010011238A1 (en) | 1998-03-04 | 2001-08-02 | Martin Forest Eberhard | Digital rights management system |
US7478434B1 (en) | 2000-05-31 | 2009-01-13 | International Business Machines Corporation | Authentication and authorization protocol for secure web-based access to a protected resource |
JP3526435B2 (ja) | 2000-06-08 | 2004-05-17 | 株式会社東芝 | ネットワークシステム |
US20020093527A1 (en) | 2000-06-16 | 2002-07-18 | Sherlock Kieran G. | User interface for a security policy system and method |
US7305085B2 (en) | 2000-06-30 | 2007-12-04 | Kabushiki Kaisha Toshiba | Encryption apparatus and method, and decryption apparatus and method based on block encryption |
US7587499B1 (en) | 2000-09-14 | 2009-09-08 | Joshua Haghpassand | Web-based security and filtering system with proxy chaining |
US7370351B1 (en) | 2001-03-22 | 2008-05-06 | Novell, Inc. | Cross domain authentication and security services using proxies for HTTP access |
US20030135465A1 (en) | 2001-08-27 | 2003-07-17 | Lee Lane W. | Mastering process and system for secure content |
US7546465B2 (en) | 2002-10-17 | 2009-06-09 | At&T Intellectual Property I, L.P. | Instant messaging private tags |
US7475146B2 (en) | 2002-11-28 | 2009-01-06 | International Business Machines Corporation | Method and system for accessing internet resources through a proxy using the form-based authentication |
US7305708B2 (en) | 2003-04-14 | 2007-12-04 | Sourcefire, Inc. | Methods and systems for intrusion detection |
US20050086197A1 (en) | 2003-09-30 | 2005-04-21 | Toufic Boubez | System and method securing web services |
US8590032B2 (en) | 2003-12-10 | 2013-11-19 | Aventail Llc | Rule-based routing to resources through a network |
US20060048216A1 (en) * | 2004-07-21 | 2006-03-02 | International Business Machines Corporation | Method and system for enabling federated user lifecycle management |
US7698375B2 (en) * | 2004-07-21 | 2010-04-13 | International Business Machines Corporation | Method and system for pluggability of federation protocol runtimes for federated user lifecycle management |
US20060021018A1 (en) * | 2004-07-21 | 2006-01-26 | International Business Machines Corporation | Method and system for enabling trust infrastructure support for federated user lifecycle management |
US20060021017A1 (en) * | 2004-07-21 | 2006-01-26 | International Business Machines Corporation | Method and system for establishing federation relationships through imported configuration files |
US20060075481A1 (en) | 2004-09-28 | 2006-04-06 | Ross Alan D | System, method and device for intrusion prevention |
US7562382B2 (en) * | 2004-12-16 | 2009-07-14 | International Business Machines Corporation | Specializing support for a federation relationship |
US8302178B2 (en) | 2005-03-07 | 2012-10-30 | Noam Camiel | System and method for a dynamic policies enforced file system for a data storage device |
US20060218628A1 (en) * | 2005-03-22 | 2006-09-28 | Hinton Heather M | Method and system for enhanced federated single logout |
US7631346B2 (en) * | 2005-04-01 | 2009-12-08 | International Business Machines Corporation | Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment |
US7624436B2 (en) | 2005-06-30 | 2009-11-24 | Intel Corporation | Multi-pattern packet content inspection mechanisms employing tagged values |
US8151317B2 (en) * | 2006-07-07 | 2012-04-03 | International Business Machines Corporation | Method and system for policy-based initiation of federation management |
US7860883B2 (en) * | 2006-07-08 | 2010-12-28 | International Business Machines Corporation | Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments |
US20080021866A1 (en) * | 2006-07-20 | 2008-01-24 | Heather M Hinton | Method and system for implementing a floating identity provider model across data centers |
US7657639B2 (en) * | 2006-07-21 | 2010-02-02 | International Business Machines Corporation | Method and system for identity provider migration using federated single-sign-on operation |
US8275985B1 (en) * | 2006-08-07 | 2012-09-25 | Oracle America, Inc. | Infrastructure to secure federated web services |
US8543810B1 (en) * | 2006-08-07 | 2013-09-24 | Oracle America, Inc. | Deployment tool and method for managing security lifecycle of a federated web service |
JP5205380B2 (ja) * | 2006-08-22 | 2013-06-05 | インターデイジタル テクノロジー コーポレーション | アプリケーションおよびインターネットベースのサービスに対する信頼されるシングル・サインオン・アクセスを提供するための方法および装置 |
US8914461B2 (en) | 2006-08-23 | 2014-12-16 | Cyberstation, Inc. | Method and device for editing web contents by URL conversion |
US20080320576A1 (en) * | 2007-06-22 | 2008-12-25 | Microsoft Corporation | Unified online verification service |
US20090022319A1 (en) | 2007-07-19 | 2009-01-22 | Mark Shahaf | Method and apparatus for securing data and communication |
US8694787B2 (en) | 2007-08-07 | 2014-04-08 | Christophe Niglio | Apparatus and method for securing digital data with a security token |
US8280986B2 (en) | 2007-11-23 | 2012-10-02 | Lg Electronics Inc. | Mobile terminal and associated storage devices having web servers, and method for controlling the same |
WO2009110622A1 (ja) | 2008-03-05 | 2009-09-11 | 富士フイルム株式会社 | 代理サーバ、その制御方法及びその制御プログラム |
US11864051B2 (en) | 2008-04-01 | 2024-01-02 | Blancco Technology Group IP Oy | Systems and methods for monitoring and managing use of mobile electronic devices |
US8855318B1 (en) | 2008-04-02 | 2014-10-07 | Cisco Technology, Inc. | Master key generation and distribution for storage area network devices |
US9836702B2 (en) * | 2008-10-16 | 2017-12-05 | International Business Machines Corporation | Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment |
US8196177B2 (en) * | 2008-10-16 | 2012-06-05 | International Business Machines Corporation | Digital rights management (DRM)-enabled policy management for a service provider in a federated environment |
US8856869B1 (en) | 2009-06-22 | 2014-10-07 | NexWavSec Software Inc. | Enforcement of same origin policy for sensitive data |
CN101621801B (zh) | 2009-08-11 | 2012-11-28 | 华为终端有限公司 | 无线局域网的认证方法、系统及服务器、终端 |
US8190675B2 (en) | 2010-02-11 | 2012-05-29 | Inditto, Llc | Method and system for providing access to remotely hosted services through a normalized application programming interface |
WO2011126911A1 (en) | 2010-03-30 | 2011-10-13 | Authentic8, Inc | Disposable browsers and authentication techniques for a secure online user environment |
US8452957B2 (en) | 2010-04-27 | 2013-05-28 | Telefonaktiebolaget L M Ericsson (Publ) | Method and nodes for providing secure access to cloud computing for mobile users |
US9189615B2 (en) * | 2010-04-28 | 2015-11-17 | Openlane, Inc. | Systems and methods for system login and single sign-on |
US9461996B2 (en) | 2010-05-07 | 2016-10-04 | Citrix Systems, Inc. | Systems and methods for providing a single click access to enterprise, SAAS and cloud hosted application |
US9455892B2 (en) | 2010-10-29 | 2016-09-27 | Symantec Corporation | Data loss monitoring of partial data streams |
US9596122B2 (en) * | 2010-12-03 | 2017-03-14 | International Business Machines Corporation | Identity provider discovery service using a publish-subscribe model |
US8832271B2 (en) * | 2010-12-03 | 2014-09-09 | International Business Machines Corporation | Identity provider instance discovery |
US9311495B2 (en) | 2010-12-09 | 2016-04-12 | International Business Machines Corporation | Method and apparatus for associating data loss protection (DLP) policies with endpoints |
US9237142B2 (en) * | 2011-01-07 | 2016-01-12 | Interdigital Patent Holdings, Inc. | Client and server group SSO with local openID |
US8800031B2 (en) | 2011-02-03 | 2014-08-05 | International Business Machines Corporation | Controlling access to sensitive data based on changes in information classification |
JP5289480B2 (ja) | 2011-02-15 | 2013-09-11 | キヤノン株式会社 | 情報処理システム、情報処理装置の制御方法、およびそのプログラム。 |
US9647989B2 (en) * | 2011-04-27 | 2017-05-09 | Symantec Corporation | System and method of data interception and conversion in a proxy |
US20130006865A1 (en) | 2011-06-29 | 2013-01-03 | Mckesson Financial Holdings Limited | Systems, methods, apparatuses, and computer program products for providing network-accessible patient health records |
US9727733B2 (en) | 2011-08-24 | 2017-08-08 | International Business Machines Corporation | Risk-based model for security policy management |
US9143530B2 (en) | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US9246907B2 (en) * | 2012-07-12 | 2016-01-26 | International Business Machines Corporation | Confidence-based authentication discovery for an outbound proxy |
US9237170B2 (en) | 2012-07-19 | 2016-01-12 | Box, Inc. | Data loss prevention (DLP) methods and architectures by a cloud service |
US9690920B2 (en) * | 2012-08-30 | 2017-06-27 | International Business Machines Corporation | Secure configuration catalog of trusted identity providers |
US9959420B2 (en) | 2012-10-02 | 2018-05-01 | Box, Inc. | System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment |
US9137131B1 (en) * | 2013-03-12 | 2015-09-15 | Skyhigh Networks, Inc. | Network traffic monitoring system and method to redirect network traffic through a network intermediary |
US8572757B1 (en) | 2012-11-30 | 2013-10-29 | nCrypted Cloud LLC | Seamless secure private collaboration across trust boundaries |
US9276869B2 (en) * | 2013-01-02 | 2016-03-01 | International Business Machines Corporation | Dynamically selecting an identity provider for a single sign-on request |
US9398102B2 (en) * | 2013-03-06 | 2016-07-19 | Netskope, Inc. | Security for network delivered services |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
CA2930106A1 (en) | 2013-11-11 | 2015-05-14 | Adallom, Inc. | Cloud service security broker and proxy |
US9805185B2 (en) * | 2014-03-10 | 2017-10-31 | Cisco Technology, Inc. | Disposition engine for single sign on (SSO) requests |
US9521001B2 (en) | 2014-04-28 | 2016-12-13 | Adobe Systems Incorporated | Privacy preserving electronic document signature service |
US9654507B2 (en) * | 2014-07-31 | 2017-05-16 | Zscaler, Inc. | Cloud application control using man-in-the-middle identity brokerage |
US9825881B2 (en) | 2014-09-30 | 2017-11-21 | Sony Interactive Entertainment America Llc | Methods and systems for portably deploying applications on one or more cloud systems |
US10250584B2 (en) | 2014-10-15 | 2019-04-02 | Zuora, Inc. | System and method for single sign-on technical support access to tenant accounts and data in a multi-tenant platform |
US10904234B2 (en) * | 2014-11-07 | 2021-01-26 | Privakey, Inc. | Systems and methods of device based customer authentication and authorization |
US10305882B2 (en) * | 2015-11-24 | 2019-05-28 | International Business Machines Corporation | Using a service-provider password to simulate F-SSO functionality |
US9807087B2 (en) * | 2015-11-24 | 2017-10-31 | International Business Machines Corporation | Using an out-of-band password to provide enhanced SSO functionality |
EP3394779B1 (en) * | 2015-12-22 | 2021-11-03 | Financial & Risk Organisation Limited | Methods and systems for identity creation, verification and management |
US10341410B2 (en) * | 2016-05-11 | 2019-07-02 | Oracle International Corporation | Security tokens for a multi-tenant identity and data security management cloud service |
US9838376B1 (en) * | 2016-05-11 | 2017-12-05 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
US10425386B2 (en) * | 2016-05-11 | 2019-09-24 | Oracle International Corporation | Policy enforcement point for a multi-tenant identity and data security management cloud service |
US10291636B2 (en) * | 2016-05-23 | 2019-05-14 | International Business Machines Corporation | Modifying a user session lifecycle in a cloud broker environment |
US10516672B2 (en) * | 2016-08-05 | 2019-12-24 | Oracle International Corporation | Service discovery for a multi-tenant identity and data security management cloud service |
US10255061B2 (en) * | 2016-08-05 | 2019-04-09 | Oracle International Corporation | Zero down time upgrade for a multi-tenant identity and data security management cloud service |
US10530578B2 (en) * | 2016-08-05 | 2020-01-07 | Oracle International Corporation | Key store service |
US10735394B2 (en) * | 2016-08-05 | 2020-08-04 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
US10484382B2 (en) * | 2016-08-31 | 2019-11-19 | Oracle International Corporation | Data management for a multi-tenant identity cloud service |
US10594684B2 (en) * | 2016-09-14 | 2020-03-17 | Oracle International Corporation | Generating derived credentials for a multi-tenant identity cloud service |
US10846390B2 (en) * | 2016-09-14 | 2020-11-24 | Oracle International Corporation | Single sign-on functionality for a multi-tenant identity and data security management cloud service |
US10511589B2 (en) * | 2016-09-14 | 2019-12-17 | Oracle International Corporation | Single logout functionality for a multi-tenant identity and data security management cloud service |
US10445395B2 (en) * | 2016-09-16 | 2019-10-15 | Oracle International Corporation | Cookie based state propagation for a multi-tenant identity cloud service |
US10791087B2 (en) * | 2016-09-16 | 2020-09-29 | Oracle International Corporation | SCIM to LDAP mapping using subtype attributes |
WO2018053258A1 (en) * | 2016-09-16 | 2018-03-22 | Oracle International Corporation | Tenant and service management for a multi-tenant identity and data security management cloud service |
-
2017
- 2017-10-27 US US15/795,957 patent/US10243946B2/en active Active
- 2017-11-03 EP EP17807968.7A patent/EP3535949B1/en active Active
- 2017-11-03 JP JP2019520017A patent/JP6609086B1/ja active Active
- 2017-11-03 WO PCT/US2017/060062 patent/WO2018085733A1/en unknown
-
2019
- 2019-03-22 US US16/362,549 patent/US10659450B2/en active Active
-
2020
- 2020-02-04 US US16/782,027 patent/US11057367B2/en active Active
-
2021
- 2021-07-02 US US17/367,232 patent/US11647010B2/en active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11546358B1 (en) | 2021-10-01 | 2023-01-03 | Netskope, Inc. | Authorization token confidence system |
Also Published As
Publication number | Publication date |
---|---|
US11647010B2 (en) | 2023-05-09 |
US20200177578A1 (en) | 2020-06-04 |
WO2018085733A1 (en) | 2018-05-11 |
US20180131685A1 (en) | 2018-05-10 |
EP3535949B1 (en) | 2020-06-24 |
US20210336946A1 (en) | 2021-10-28 |
EP3535949A1 (en) | 2019-09-11 |
US10659450B2 (en) | 2020-05-19 |
US11057367B2 (en) | 2021-07-06 |
JP2020502616A (ja) | 2020-01-23 |
US20190222568A1 (en) | 2019-07-18 |
US10243946B2 (en) | 2019-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6609086B1 (ja) | フェデレーテッド・シングル・サインオン(sso)のための非侵入型セキュリティの実施 | |
US10320801B2 (en) | Identity proxy to provide access control and single sign on | |
CN109155780B (zh) | 基于隧道客户端网络请求的设备认证 | |
US11848962B2 (en) | Device authentication based upon tunnel client network requests | |
JP6348661B2 (ja) | サードパーティの認証サポートを介した企業認証 | |
CN107743702B (zh) | 托管移动设备的单点登录 | |
US20180375648A1 (en) | Systems and methods for data encryption for cloud services | |
US10375055B2 (en) | Device authentication based upon tunnel client network requests | |
US11611541B2 (en) | Secure method to replicate on-premise secrets in a cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20190606 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20190606 |
|
A871 | Explanation of circumstances concerning accelerated examination |
Free format text: JAPANESE INTERMEDIATE CODE: A871 Effective date: 20190606 |
|
A975 | Report on accelerated examination |
Free format text: JAPANESE INTERMEDIATE CODE: A971005 Effective date: 20190912 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20191001 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20191024 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6609086 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |