US20130086669A1 - Mobile application, single sign-on management - Google Patents

Mobile application, single sign-on management Download PDF

Info

Publication number
US20130086669A1
US20130086669A1 US13/485,283 US201213485283A US2013086669A1 US 20130086669 A1 US20130086669 A1 US 20130086669A1 US 201213485283 A US201213485283 A US 201213485283A US 2013086669 A1 US2013086669 A1 US 2013086669A1
Authority
US
United States
Prior art keywords
application
user
computer
mobile device
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/485,283
Other languages
English (en)
Inventor
Ajay Sondhi
Clayton Donley
Shivaram Bhat
Wai William Wong
Kwok Lun Alex Yiu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oracle International Corp filed Critical Oracle International Corp
Priority to US13/485,283 priority Critical patent/US20130086669A1/en
Publication of US20130086669A1 publication Critical patent/US20130086669A1/en
Assigned to ORACLE INTERNATIONAL CORPORATION reassignment ORACLE INTERNATIONAL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DONLEY, Clayton, SONDHI, AJAY, YIU, KWOK LUN ALEX, WONG, Wai William, BHAT, SHIVARAM
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Definitions

  • Mobile devices are often configured with multiple different applications, including web browsers, native mobile applications, and the like.
  • each application may request individual authentication credentials from users of the mobile devices.
  • each application may individually authenticate itself with a server prior to being given access to an account of the server.
  • logging in multiple times from the same device, in order to utilize more than one of the multiple different applications may be tedious, time consuming, and unpleasant for the users.
  • multiple log-in requests may make users less alert and aware of which applications are regularly requesting credentials. In some instances, this may make password phishing techniques more likely to succeed. As such, finding ways to implement single sign-on for applications of mobile devices continues to be a priority.
  • single sign-on functionality may be provided for use on mobile devices by utilizing mobile applications, cloud applications, and/or other web-based applications.
  • a mobile application or mobile web browser may request to authenticate with or access one or more service providers.
  • Authentication credentials may be requested from a user of the mobile device to facilitate such authentication and/or access.
  • access to server resources from other applications on the same mobile device may be provided without successive or repetitive credential requests to the user.
  • a computer readable memory may store instructions that, when executed by one or more processors, cause the one or more processors to receive one or more requests to access a service provider.
  • the requests may be received from a first application of the mobile device.
  • the instructions may also cause the one or more processors to log in a user associated with the first application.
  • the instructions may further cause the one or more processors to provide a token for accessing the service provider to the first application. A second token may then be provided to a second application.
  • the first application may be configured as an application agent for providing single sign-on functionality for the second application.
  • the second application may be configured as a web browser application or a native application.
  • the first application may be configured as a browser application associated with a web service while the second application may be configured as a native application associated with an application service provider.
  • the browser application and the native application may be executed or otherwise hosted by a mobile device.
  • the first application may be configured as a native application of a mobile device.
  • the native application may be associated with an application service provider.
  • the second application may be configured as a browser application associated with a web application.
  • the browser application may be executed or otherwise hosted by a mobile device.
  • the second application may be configured as a second native application associated with a second application service.
  • the second native application may also be executed or otherwise hosted by the mobile device.
  • a log-in of the user may include an authentication of the user with an authentication service that utilizes a representational state transfer (REST) call.
  • a second token provided to a second application may enable the second application to log in to an application service provider associated with the second application without the user providing log-in credentials to the application service provider associated with the second application.
  • identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications.
  • a mobile client may request to perform one or more identity management operations associated with an account of a service provider.
  • an application programming interface API may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider.
  • a system may receive a request to perform a function associated with a service provider.
  • the request may be received from a client application and may be formatted as a representational state transfer (REST) call. Additionally, the system may also determine an access management service call corresponding to the service provider for which performance of the function is being requested. Further, the system may perform the access management service call.
  • REST representational state transfer
  • the client application from which the request is received may be implemented as a mobile application of a mobile device, a software as a service (SaaS) application, and/or a Rich Internet Application (RIA).
  • the request to perform the function associated with the service provider may include an authorization request.
  • the authentication request may include a user identifier (ID) of a user of the client application.
  • the authentication request may also include a password of the user and/or a client token used to indicate that the client application has been authenticated.
  • the user ID and the password may, in some cases, be used to authenticate the user with the access management service.
  • the access management service call performed by the system may include a method call to implement a token exchange.
  • the request to perform the function associated with the service provider may include an access request.
  • the access request may, in some cases, include a client token indicating that the client is authenticated, a user token indicating that the user is authenticated, and/or an indication of the service provider for which access is being requested.
  • the system may receive an indication that the user and/or the client application have been granted access to the service provider by the access management service. In this case, the system may then provide an access token to the client application.
  • service calls f)cu first access management service may be different from service calls for a second access management service.
  • the access management service to be utilized may be specified by the service provider, but not indicated to the client application. In this way, the client application can make REST calls independent of the API or other configuration of the service provider.
  • a system may receive an instruction to manage an identity.
  • the system may also be configured to model an identity relationship, associated with the identity that is to be managed, as a uniform resource identifier (URI).
  • the system may also map the URI to a schema associated with a service provider and/or transmit the schema to the service provider for managing the identity as requested.
  • URI uniform resource identifier
  • the received instruction to manage an identity may be received by a mobile client application, an RIA, or a SaaS application.
  • the received instruction may also be formatted as a REST call.
  • the modeled identity relationship may include the identity to be managed and/or an association between the identity and another entity. Further, the identity relationship may be modeled as a based at least in part on a string of characters including the identity and the association.
  • resource management advice and/or instructions may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications.
  • a mobile client may request to perform one or more resource management operations associated with a service provider. Based at least in part on the requested operation and/or the particular, service provider, advice and/or instructions for managing the resource may be provided.
  • a computer readable memory may store instructions that, when executed by one or more processors, cause the one or more processors to receive a request to manage a secure resource of a service provider.
  • the request may be received from a client application and may be formatted as a representational state transfer (REST) call.
  • the instructions may also cause the one or more processors to determine an acquisition path for performing the management of the secure resource.
  • the instructions may further cause the one or more processors to generate an instruction set for following the acquisition path.
  • the instruction set may include at least one instruction. Further, the instructions may cause the one or more processors to transmit the instruction set to the client application.
  • the client application from which the request is received may be implemented as a mobile application of a mobile device, a software as a service (SaaS) application, and/or a Rich Internet Application (RIA).
  • the request to manage the secure resource may include a request to access the secure resource, a request to update the secure resource, or a request to delete the secure resource.
  • the secure resource may include profile information associated with a user of the client application, payroll information associated with a user of the client application, or social information associated with a user of the client application.
  • the generated instruction may, in some cases, be protected by a security filter.
  • the acquisition path may be determined dynamically based at least in part on the secure resource and/or a change associated with the secure resource.
  • the instructions may cause the one or more processors to receive, based at least in part on the transmitted instruction set, an authentication request from the client application.
  • the instructions may also cause the one or more processors to provide, based at least in part on the authentication request, an authentication token to the client application.
  • the instructions may cause the one or more processors to determine a second acquisition path for performing the management of the secure resource, generate a second instruction set, and transmit the second instruction set to the client.
  • FIG. 1 is a simplified block diagram illustrating an example architecture for managing single sign-on for mobile devices that includes one or more REST service computers, one or more user devices, and one or more application provider computers connected via one or more networks, according to at least one example.
  • FIG. 2 is a simplified block diagram illustrating at least some features of the single sign-on management described herein, according to at least one example.
  • FIG. 3 is a simplified block diagram illustrating at least some additional features of the single sign-on management described herein, according to at least one example.
  • FIGS. 4-7 are simplified process flow diagrams illustrating at least some features of the single sign-on management described herein, according to at least a few examples.
  • FIGS. 8-10 are simplified flow diagrams illustrating example processes for implementing at least some features of the single sign-on management described herein, according to at least a few examples.
  • FIG. 11 is a simplified block diagram illustrating components of a system environment that may be used in accordance with an embodiment of the single sign-on management described herein, according to at least one example.
  • FIG. 12 is a simplified block diagram illustrating a computer system that may be used in accordance with embodiments of the single sign-on management described herein, according to at least one example.
  • an identity interface service may include one or more computing systems for managing single sign-on and/or authentication requests, client tokens, application tokens, user tokens, or the like. Additionally, the identity interface service may be configured to provide a pluggable interface layer between client applications and other service providers. For example an identity interface service may receive identity management instructions from client applications (e.g., mobile applications of mobile devices, SaaS applications, RIAs, combinations of the foregoing, or the like) and provide appropriately translated instructions to one or more service providers, identity providers, and/or access management providers.
  • client applications e.g., mobile applications of mobile devices, SaaS applications, RIAs, combinations of the foregoing, or the like
  • mobile applications may include, but are not limited to, native applications (e.g., mobile device applications configured to execute on specific mobile devices, in some instances, without interpretation by other software), web browser applications (e.g., for displaying web pages to users of the mobile device), security agent applications, helper applications, and/or authentication delegation applications.
  • native applications e.g., mobile device applications configured to execute on specific mobile devices, in some instances, without interpretation by other software
  • web browser applications e.g., for displaying web pages to users of the mobile device
  • security agent applications e.g., security agent applications, helper applications, and/or authentication delegation applications.
  • the identity interface service may provide the ability for mobile applications of a mobile device to perform log-in operations (e.g., authentication, authorization, etc.) on behalf of other mobile applications of the mobile device.
  • log-in operations e.g., authentication, authorization, etc.
  • a user may provide log-in information to one of the mobile applications a single time.
  • the mobile application may then log in the user and provide access tokens or other access functionality to other mobile applications associated with the log-in, the user, the mobile device, or other group or sub-group of applications and/or services.
  • the log-in operations and/or requests may be provided to the identity interface service in REST style.
  • the mobile application making the log-in operation requests may be a native mobile application, a browser application, and/or a security agent application.
  • a security agent application may be a helper application, an authentication delegation application, or other application designated to help or otherwise facilitate the single sign-on described herein. That is, a security agent application may be configured to act as a single sign-on application for native applications, groups of native applications, browser applications, other groups of native and/or browser applications, sub-groups of mobile applications (native and/or browser), or the like. Alternatively, or in addition, a browser application or a native application may be designated and configured to act as the security agent application for other mobile applications, groups of mobile applications, etc.
  • the identity service may provide authentication, authorization, auditing, token services, user profile management, password management, and/or ID management. Additionally, these services may be exposed or otherwise provided to the mobile applications that may not natively be able to interact with such services (e.g., services deployed by or within an enterprise solution).
  • the identity interface service may provide a REST interface to the mobile applications to allow the communication of identity management requests to an identity service. In this way, the mobile applications may utilize native Internet-based operations such as those utilizing, but not limited to, the JavaScript Object Notation (JSON) data format, the hypertext transfer protocol (HTTP), and/or the hypertext markup language (HTML).
  • JSON JavaScript Object Notation
  • HTTP hypertext transfer protocol
  • HTML hypertext markup language
  • the identity interface service may allow plug-in capabilities for service providers including, but not limited to, enterprise solutions, identity services, access management services, and/or other identity-related solutions.
  • service providers including, but not limited to, enterprise solutions, identity services, access management services, and/or other identity-related solutions.
  • an identity service of an enterprise solution may plug in to the identity interface service to allow for secure interaction with a client application from which it would not ordinarily be able to receive instructions and/or requests.
  • RESTful APIs may be provided for such service providers and, in some examples, security models may be provided for securing the RESTful APIs.
  • a security agent application of a mobile device may receive one more log-in requests from a mobile application of the mobile device.
  • the requests may be received in any format, may include user log-in information, and may identify one or more service providers, application providers, or other computing devices associated with the mobile applications.
  • the security agent application may transmit one or more log-in requests, authentication requests, authorization requests, or the like to the identity interface service. These requests may be sent to the identity interface service in REST style.
  • Client tokens, user tokens, and/or access tokens may then be received, by the security agent application, from the identity interface service. In some examples, these tokens may be for providing access to the requested service providers, application providers, or other servers.
  • the security agent application may determine which mobile applications are within a security group, a circle of trust, or other single sign-on group (hereinafter, referred to as a circle of trust) and share received user tokens therewith. Additionally, in some examples, the security agent application may request specific access tokens for each mobile application within the group. In this way, when the user attempts to use different mobile applications within the same circle of trust, user information may not need to be requested again. Further, mobile applications of a mobile device may be given a priority or other level to indicate that, when present, the highest priorities mobile applications may act as the security agent application. In this way, the single sign-on management described herein need not rely on a dedicated security agent application. Rather, any browser application or native application of the mobile device may perform the sing e sign-on operations for other mobile application of a circle of trust.
  • the identity interface service may be configured to receive log-in requests (sometimes, as REST calls) from a dedicated security agent application, a browser application acting as a security agent application, and/or a native application acting as a security agent application.
  • the identity interface service may then respond to the requesting application with user tokens, client tokens, and/or access tokens that may be shared with other applications of the mobile device.
  • the identity interface service may receive one or more identity propagation and/or token exchange requests from a mobile application attempting to access a service provider.
  • the request may be received in REST style (i.e., as a REST call) and may indicate that the client application, the user, or the mobile device has been authenticated or is requesting to be authenticated.
  • the identity interface service may determine, based at least in part on the service provider (e.g., an access management service of an enterprise solution), an appropriate identity propagation and/or token exchange instruction to be performed. The identity interface service may then perform the instruction in order to provide appropriate tokens (e.g., an access token, a user token, or a client token) to the mobile application. Alternatively, or in addition, the identity interface service may format the instruction, based at least in part on an API of the service provider, in such a way that the service provider may be able to perform the instruction. The identity interface service may then transmit the formatted instruction or instructions to the service provider. The service provider may then perform the instructions and, in sonic cases, provide the appropriate access token to the identity interface service.
  • the service provider e.g., an access management service of an enterprise solution
  • the identity interface service may then perform the instruction in order to provide appropriate tokens (e.g., an access token, a user token, or a client token) to the mobile application.
  • the identity interface service may format the
  • the mobile application may be provided with appropriate access tokens for accessing the service provider (e.g., assuming the mobile application and the user are granted access) even without directly communicating with the service provider, and/or without knowledge of particular and/or proprietary APIs of the service provider.
  • the identity interface service may be configured, as described above, for implementing other services as well, including, but not limited to, authentication, authorization, auditing, profile management, password management, ID management, etc.
  • FIG. 1 depicts a simplified example system or architecture 100 in which techniques for managing single sign-on for mobile applications may be implemented.
  • one or more users 102 i.e., account holders
  • user computing devices 104 1 )-(N) (collectively, user devices 104 ) to access one or more browser applications 106 or native applications 108 in communication with one or more web applications 110 and/or application services 112 , respectively, via one or more networks 114 .
  • the web application 110 and/or application service may be hosted, managed, and/or provided by a computing resources service or service provider, such as by utilizing one or more application provider computers 116 .
  • the one or more application provider computers 116 may, in some examples, provide computing resources and/or services such as, but not limited, web services, data storage, email, identity management, authorization and/or authentication services, or the like.
  • the one or more application provider computers 116 may also be operable to provide web hosting, application development platforms, implementation platforms, or the like to the one or more users 102 .
  • the browser application 106 may be any type of web browser configured to retrieve, present, and/or traverse web content on behalf of or for the user 102 via the user device 104 .
  • the browser applications 106 may access the web application 110 or other web page via the networks 114 .
  • the native applications 108 may, in some examples, be any type of mobile application designed and/or configured to be executed by the user device 104 including, but not limited to, tax applications, directory applications, expense report applications, log-in applications, library applications, customer relationship management (CRM) software, or the like.
  • the native applications 108 may access data and/or other resources stored and/or provided by the application services 112 via the networks 114 .
  • a native application may be configured as a directory application that access a directory service or server of an application provider computer 114 for directory information and/or any data not stored locally at the user device 104 .
  • the users 102 may also access one or more security agent applications 118 in communication with an identity service or other service provider that may be executed or otherwise hosted by the identity interface service computers 120 , via the networks 114 .
  • a security agent application 118 may be a helper application, authentication delegation application, a single sign-on (SSO) mobile application, a security agent, an application agent, or the like (hereinafter, “security agent application”).
  • the security agent application 118 may be configured to perform single sign-on functionality and/or operations on behalf of other mobile applications (e.g., browser applications 106 and/or native applications 108 ) of user devices 104 or on behalf of users 102 of the user devices 104 .
  • the security agent application 118 may transmit and/or receive log-in credentials, security information, tokens, etc., to and/or from a REST module 122 of the identity interface service computers 120 , for performing the single sign-on functionality described herein.
  • the security agent application 118 may communicate with one or more other modules of the identity interface service computers 120 and/or of other computing devices that may facilitate single sign-on operations for mobile devices.
  • the networks 114 may include any one or a combination of multiple different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, intranet systems, and/or other private and/or public networks. While the illustrated example represents the users 102 accessing the web application 110 , the application service 112 , and/or the REST module 122 over the networks 114 , the described techniques may equally apply in instances where the users 102 interact with one or more service provider computers via the one or more user devices 104 over a landline phone, via a kiosk, or in any other manner. It is also noted that the described techniques may apply in other client/server arrangements (e.g., set-top boxes, etc.), as well as in non-client/server arrangements (e.g., locally stored applications, etc.).
  • client/server arrangements e.g., set-top boxes, etc.
  • non-client/server arrangements e.g., locally stored applications, etc.
  • the browser applications 106 and/or the native applications 108 may allow the users 102 to interact with the application provider computers 116 , such as to store, access, and/or manage data, develop and/or deploy computer applications, and/or host web content.
  • the user devices 104 may he any type of computing device such as, but not limited to, a mobile phone, a smart phone, a personal digital assistant (PDA), a laptop computer, a desktop computer, a thin-client device, a tablet PC, etc.
  • the user devices 104 may be in communication with the application provider computers 116 and/or the identity interface service computers 120 via the networks 114 , or via other network connections.
  • the user devices 104 may also be configured to implement one or more mobile applications, RIAs, or SaaS applications. In some examples, however, these mobile applications may not be programmed with, or otherwise aware of, instructions for interacting with the application provider computers 116 to log in or otherwise access the web applications 110 and/or application services 112 . However, in some cases, the mobile applications (e.g., the security agent application 118 , the browser applications 106 , and/or the native applications 108 ) may be able to communicate or otherwise interact with the identity interface service computers 120 . In this way, the identity interface service computers 120 may act as an interface layer between the mobile applications and the application provider computers 116 . Additionally, the identity interface service computers 120 may provide the appropriate instructions and/or code to the security agent application 118 for communicating with or otherwise providing log in functionality and/or access to the web applications 110 and/or the application services 112 .
  • the identity interface service computers 120 may act as an interface layer between the mobile applications and the application provider computers 116 .
  • the identity interface service computers 120 may provide
  • the user devices 104 may include at least one memory 124 and one or more processing units (or processor(s)) 126 .
  • the processor(s) 126 may be implemented as appropriate in hardware, computer-executable instructions, firmware, or combinations thereof.
  • Computer-executable instructions or firmware implementations of the processor(s) 1126 may include computer-executable or machine-executable instructions written in any suitable programming language to perform the various functions described.
  • the memory 124 may store program instructions that are loadable and executable on the processor(s) 126 , as well as data generated during the execution of these programs.
  • the memory 124 may be volatile (such as random access memory (RAM)) and/or non-volatile (such as read-only memory (ROM), flash memory, etc.).
  • the user device 104 may also include additional storage (e.g., removable and/or non-removable storage) 128 including, but not limited to, magnetic storage, optical disks, and/or tape storage.
  • the disk drives and their associated computer-readable media may provide non-volatile storage of computer-readable instructions, data structures, program modules, and other data for the computing devices.
  • the memory 114 may include multiple different types of memory, such as static random access memory (SRAM), dynamic random access memory (DRAM), or ROM.
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • ROM read-only memory
  • the memory 124 , the additional storage 128 , both removable and non-removable, are all examples of computer-readable storage media.
  • computer-readable storage media may include volatile or non-volatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.
  • the memory 124 and the additional storage 128 are all examples of computer storage media.
  • the user devices 104 may also contain communications connection(s) 130 that allow the user devices 104 to communicate with a stored database, another computing device or server (e.g., the application provider computers 116 , the identity interface service computers 120 , etc.), user terminals, and/or other devices on the networks 114 .
  • the user devices 104 may also include input/output (I/O) device(s) 132 , such as a keyboard, a mouse, a pen, a voice input device, a touch input device, a display, speakers, a printer, etc.
  • I/O input/output
  • the memory 124 may include an operating system 134 and one or more application programs or services for implementing the features disclosed herein including at least the browser applications 106 , native applications 108 (e.g., a tax application, a directory application, a CRM application, etc.), and/or the security agent application 118 .
  • the security agent application 118 may be a stand-alone application for facilitating single sign-on for the other mobile applications.
  • the memory 124 may store access credentials and/or other user information such as, but not limited to, user IDs, passwords, other user information, and/or log-in requests to be sent to the identity interface service computers 120 .
  • the other client information may include information for authenticating an account access request such as, but not limited to, a device ID, a cookie, an IP address, a location, or the like.
  • the other client information may include a user 102 provided response to a security question or a geographic location obtained by the user device 104 .
  • the identity interface service computers 120 may also be any type of computing devices such as, but not limited to, mobile, desktop, thin-client, and/or cloud computing devices, such as servers.
  • the identity interface service computers 120 may be in communication with the user devices 104 via. the networks 114 , or via other network connections.
  • the identity interface service computers 120 may include one or more servers, perhaps arranged in a cluster, as a server farm, or as individual servers not associated with one another. These servers may be configured to perform or otherwise host features described herein including, but not limited to, the single sign-on service and/or the identity interface service. Additionally, in some aspects, the identity interface service computers 120 may be configured as part of an integrated, distributed computing environment.
  • the identity interface service computers 120 may include at least one memory 136 and one or more processing units (or processor(s)) 138 .
  • the processor(s) 138 may be implemented as appropriate in hardware, computer-executable instructions, firmware, or combinations thereof.
  • Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable instructions written in any suitable programming language to perform the various functions described.
  • the memory 136 may store program instructions that are loadable and executable on the processor(s) 138 , as well as data generated during the execution of these programs.
  • the memory 136 may be volatile (such as random access memory (RAM)) and/or non-volatile (such as read-only memory (ROM), flash memory, etc.).
  • the identity interface service computers 120 or servers may also include additional storage 140 , which may include removable storage and/or non-removable storage.
  • the additional storage 140 may include, but is not limited to, magnetic storage, optical disks, and/or tape storage.
  • the disk drives and their associated computer-readable media may provide non-volatile storage of computer-readable instructions, data structures, program modules, and other data for the computing devices.
  • the memory 136 may include multiple different types of memory, such as static random access memory (SRAM), dynamic random access memory (DRAM), or ROM.
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • ROM read-only memory
  • the memory 136 , the additional storage 140 , both removable and non-removable, are all examples of computer-readable storage media.
  • computer-readable storage media may include volatile or non-volatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.
  • the memory 136 and the additional storage 140 are all examples of computer storage media.
  • the identity interface service computers 114 may also contain communications connection(s) 142 that allow the identity interface computers 120 to communicate with a stored database, another computing device or server, user terminals, and/or other devices on the networks 114 .
  • the identity interface service computers 120 may also include input/output (I/O) device(s) 1344 , such as a keyboard, a mouse, a pen, a voice input device, a touch input device, a display, speakers, a printer, etc.
  • I/O input/output
  • the memory 136 may include an operating system 146 and one or more application programs or services for implementing the features disclosed herein including a REST interface module 122 .
  • the REST interface module 122 may be configured to provide a REST API, receive REST API calls, determine appropriate identity service and/or log-in method calls (i.e., API calls), provide the method calls, and/or perform instructions associated with the method calls.
  • the REST interface module 122 may be utilized for interacting with the security agent application 118 of the user devices 104 .
  • a security agent application 118 of a user device 104 may transmit a REST API call for performing a particular identity management operation (e.g., a user log-in).
  • the REST interface module 122 may receive the API call and determine an appropriate method call for the application provider computers it 116 .
  • the REST interface module 122 may be configured to provide access tokens (e.g., user tokens, client tokens, and/or access tokens) to the security agent application 118 . These tokens may then be appropriately shared with other mobile applications of the user device 104 such that the user 102 may not need to log in multiple times for mobile applications within a trusted group.
  • access tokens e.g., user tokens, client tokens, and/or access tokens
  • Additional types of computer storage media (which may also be non-transitory) that may be present in the identity interface service computers 120 and/or user devices 104 may include, but are not limited to, programmable random access memory (PRAM), SRAM, DRAM, RAM, ROM, electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the identity interface service computers 120 and/or user devices 104 . Combinations of any of the above should also be included within the scope of computer-readable media.
  • PRAM programmable random access memory
  • SRAM programmable random access memory
  • DRAM dynamic random access memory
  • RAM random access memory
  • ROM electrically erasable programmable read-only memory
  • flash memory or other memory technology
  • CD-ROM compact disc read-only memory
  • computer-readable communication media may include computer-readable instructions, program modules, or other data transmitted within a data signal, such as a carrier wave, or other transmission.
  • computer-readable storage media does not include computer-readable communication media.
  • FIG. 2 depicts a simplified example system or architecture 200 in which additional techniques for managing single sign-on for mobile applications may be implemented.
  • a user device 202 e.g., a mobile device at least similar to user device 104
  • a browser application 204 may be configured with a browser application 204 , one or more native applications (e.g., native application one 206 and native application two 208 ), and a security agent application 210 for interacting with one or more service provider computers 212 and/or one or more identity service computers 214 via one or more networks 216 .
  • native applications e.g., native application one 206 and native application two 208
  • a security agent application 210 for interacting with one or more service provider computers 212 and/or one or more identity service computers 214 via one or more networks 216 .
  • each mobile application at least the browser application 204 and/or native applications 206 , 208 may include software development kit (SDK) information 218 , 220 , 222 for appropriately interacting with a web application 224 , application service one 226 , and application service two 228 , respectively.
  • SDKs 218 , 220 , 222 may be configured to provide development information for appropriately interacting with the identity service computers 214 , or more particularly, with a REST module 230 of the identity service computers 21 . 4 .
  • the security agent application 210 may be coupled with a wallet 232 .
  • the wallet 232 may be a location in memory or a separate memory device for storing user credentials and/or log-in information associated with a user of the user device 202 .
  • the networks 216 may include any one or a combination of multiple different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, intranet systems, and/or other private and/or public networks. While the illustrated example represents the user device 202 accessing the web application 224 , the application services 226 , 228 , and/or the REST module 230 over the networks 216 , the described techniques may equally apply in instances where the user device 202 interacts with such applications and/or modules over a landline phone, via a kiosk, or in any other manner. It is also noted that the described techniques may apply in other client/server arrangements (e.g., set- op boxes, etc. as well as in non-client/server arrange e s (e.g., locally stored applications, etc.).
  • client/server arrangements e.g., set- op boxes, etc. as well as in non-client/server arrange e s (e.g., locally stored applications, etc.).
  • the browser application 204 and native application one 206 may be included in a circle of trust, or other trusted group of mobile applications residing on the user device 202 .
  • native application two 208 may not be a member of the group. That is, the circle of trust may have been defined to include only the browser application 204 and native application one 206 for some particular reason. As such, single sign-on functionality may only be performed for members of the group (i.e., the circle of trust). However, in other examples, more or less mobile applications of the user device 202 may be included in the trusted group.
  • the security agent application 210 may receive a request from the browser application 204 to log in to the web application 224 .
  • the security agent application 210 may request log-in credentials from a user of the user device 202 such as, but not limited to, a user name, password, etc.
  • the security agent application 210 may then transmit user and/or context information 234 to the REST module 230 via the networks 216 . This information 234 may be transmitted in REST style.
  • the REST module 230 may then translate the REST calls into log-in instructions for authenticating a user of the user device 202 , the user device 202 , and/or the browser application 204 .
  • the identity service computers 214 may perform or instruct other computing devices or modules to perform the authentication instructions.
  • the REST module 230 may provide user tokens and/or client tokens back to the security agent application 210 .
  • the user tokens and/or client tokens may signify that the user of the user device 202 and/or the user device itself 202 have been authenticated.
  • the user tokens and/or client tokens may signify or otherwise indicate that the requesting application (in this case, the browser application 204 ) has been authenticated.
  • the security application may also receive an access token for accessing the appropriate service of the application provider computers 212 (e.g., the web application 224 and/or application services 226 , 228 ).
  • the access tokens can be identified by the striped diamond-type shapes.
  • the security agent application 210 may request an access token (e.g., the token with diagonal stripes) for the browser application 204 based at least in part on the initial request to log in to the web application 224 .
  • the security agent application 210 may then provide the access token to the browser application 204 , which may then provide the access token (again, the token with diagonal stripes)to the web application 224 .
  • This access token may indicate to the web application that the browser application 204 of the user device 202 has been authenticated with the identity service computers 214 .
  • the web application 224 may then safely interact with the browser application.
  • the security agent application 210 may later receive a request from native application one 206 to access application service one 226 .
  • native application one 206 is in the same circle of trust as the browser application 204 , and since the security agent application 210 has already authenticated the user and/or the user device 202 (i.e., user and/or client tokens have already been received), the security agent application 210 may be able to request an access token (this time, the token with horizontal stripes) from the identity service computers 214 without re-requesting the user credentials of the user of the user device 202 .
  • the security agent application 210 may be able to perform single sign-on functionality for other applications of the circle of trust. However, if the user requested to log in to application service two 228 via native application two 208 (assuming, as noted above, that native application two 208 may not be in the circle of trust), the security agent application 210 would not be able to request and/or receive an access token for that operation.
  • the user device 202 may not be configured with a dedicated security agent application 210 .
  • one or more of the mobile applications i.e., the browser application 204 and/or native applications 206 , 208
  • the security agent application 210 may act as the security agent application 210 . That is, once a circle of trust is formed, each application of the circle of trust may be given a priority. The priority may determine or otherwise indicate which mobile application should act as the single sign-on helper (or security) application for the group. In one non-limiting example, all three mobile applications 204 , 206 , 208 shown in FIG. 2 may be part of a circle of trust. Additionally, native application two 208 may be given the highest priority followed by the browser application 204 .
  • the user device may first check whether the highest priority application (in this example, native application two 208 ) is installed on the user device 202 . If so, native application two 208 may act as the security agent application 210 and send REST requests to the identity service computers 214 or otherwise perform authentication for the circle of trust and/or receive and share access tokens. Alternatively, if native application two 208 is not installed on the user device, the browser application 204 may act as the security agent application 210 to perform the single sign-on operations for the circle of trust. Either way, once a user has logged in to one application of the circle of trust, user credentials will not be needed for accessing other applications of the circle of trust.
  • the highest priority application in this example, native application two 208
  • FIG. 3 depicts a simplified architecture 300 illustrating additional aspects and/or features of the identity service computers 120 , 214 of FIGS. 1 and 2 .
  • an identity interface service may actually implement REST service as one of its many services.
  • FIG. 3 illustrates an identity interface service 302 , such as that implemented by the identity service computers 120 of FIG. 1 and/or the identity service computers 214 of FIG.
  • client applications such as, but not limited to, SaaS applications 304 , mobile applications 306 , and/or RIAs 308 .
  • these requests may be formatted, by the client applications 304 , 306 , 308 , as REST calls and may be based at least in part on a REST API provided by the identity interface service 302 .
  • the identity interface service 302 may be in communication with one or more service providers/data repositories 310 and/or a data tier 312 via a pluggable layer 314 .
  • the one or more service may be added and/or removed to the service 302 on the fly and/or independent of the type of client application with which it may interact. In this way, the service 302 may maintain flexibility.
  • the service providers/data repositories 310 may include one or more security policy services 316 , access management services 318 , directory services 320 , databases 322 , and/or identity stores 324 (e.g., lightweight directory access protocol (MAP) servers). Additionally, according to some aspects, the service providers/data repositories 310 may be in communication with one or more pluggable services such as, but not limited to, an access software development kit (SDK) 326 , a trust service 328 , and/or an identity library 330 .
  • SDK access software development kit
  • the access SDK 326 , the trust service 328 , and/or the identity library 330 may collectively make up the interface layer for plugging the service providers/data repositories 310 into the identity interface service 302 via the pluggable layer 314 .
  • the access SDK 326 may be responsible for plugging the access management service 318 into the service 302 .
  • the identity interface service 302 may also include an administration module 332 for controlling, managing, or otherwise communicating with one or more runtime data stores 334 , audit data stores 336 , and/or configuration data stores 338 of the data tier 312 .
  • the data tier 312 may be in communication with the service 302 via an infrastructure platform 340 which may be configured to attach the data tier 312 as well as perform internal file management, logging, monitoring, and/or other administrative tasks.
  • the administration module 332 and the data tier 312 may be responsible for controlling, configuring, managing, and/or otherwise administering the services and/or data associated with the identity interface service 302 .
  • the identity interface service 302 may also include a security filter 342 , a request/response handler 344 , one or more REST service engines 346 , and/or a service provider interface (SPI) framework 348 .
  • SPI service provider interface
  • the security filter 342 may he configured to maintain the security of the REST API that is provided by the identity interface service 302 . In this way, only authorized and/or authenticated client applications may he provided with the REST APIs and/or only API calls from authorized and/or authenticated client applications may be processed.
  • the request/response handler 344 may be configured to receive requests from, and provide responses to, the client applications 304 , 306 , 308 , etc.
  • the REST service engines 346 may be configured to govern policies of the identity interface service 302 such as, but not limited to, enforcing compliance with rules, enhancing infrastructure security, and/or streamlining service operations of the identity interface service 302 .
  • the SPI framework 348 may translate, map, or otherwise determine appropriate method calls and/or instructions for the service providers/data repositories 310 . These method calls and/or instructions may be based at least in part on the REST API call received and/or the service provider with which the request is associated.
  • the request/response handler 344 may receive a request to update an identity relationship. The response may he formatted as a REST call from one of the client applications 304 , 306 , 308 . The request/response handler 344 may forward the request to the SPI framework 348 where one or more different instructions or sets of instructions may be determined.
  • the instructions may be different depending on the service provider/data repository 310 for which the request was intended. That is, if the request was for a database 320 , the SPI framework 348 may determine a different instruction (or set of instructions) for updating identity relationship than if the request was for an LDAP identity store 324 .
  • implementation of the SPI framework 348 may include utilizing one or more Sins such as, but not limited to, an authentication SPI 350 , an authorization SPI 352 , a profile SPI 354 , and/or other ID SPIs 356 .
  • the authentication SPI 350 may be configured to provide interaction with one or more access management providers 358 and/or one or more trust service providers 360 .
  • the authorization SPI 352 may be configured to provide interaction with the one or more access management providers 358 .
  • the profile SPI 354 may be configured to provide interaction with one or more identity service providers 362 and/or directory service providers 364 .
  • the other ID SPI 356 may be configured to provide interaction with one or more other service providers 366 such as, but not limited to, password management services, policy management services, token exchange services, and/or user provisioning services.
  • one or more individual SPIs may be responsible for communicating with the service providers/data repositories 310 via the pluggable layer 314 . That is, the SPI framework 348 may act as a proxy between the client applications 304 , 306 , 308 and the one or more service providers 310 .
  • FIGS. 1-3 are provided by way of example only. Numerous other operating environments, system architectures, and device configurations are possible. Accordingly, embodiments of the present disclosure should not be construed as being limited to any particular operating environment, system architecture, or device configuration.
  • FIG. 4 depicts a simplified process flow 400 of an example device registration performed in conjunction with the single sign-on (SSO) management as described above.
  • the simplified process flow 400 may be performed by one or more computing devices such as, but not limited to, the user devices 104 and/or the identity interface service computers 120 of FIG. 1 .
  • a mobile user 402 may access a mobile device such as, but not limited to, the user device 104 of FIG. 1 and/or the user device 202 of FIG. 2 .
  • the mobile device may include a business application 404 (e.g., a browser application, a native application, etc.) and/or an SSO application 406 (e.g., the security agent application discussed above at least with reference to FIGS.
  • a business application 404 e.g., a browser application, a native application, etc.
  • SSO application 406 e.g., the security agent application discussed above at least with reference to FIGS.
  • the mobile device may interact with a REST server 408 (or other identity service) and/or one or more service providers 410 (e.g., an access management service and/or servers hosting data for the mobile applications of the mobile device via one or more networks 412 .
  • a REST server 408 or other identity service
  • service providers 410 e.g., an access management service and/or servers hosting data for the mobile applications of the mobile device via one or more networks 412 .
  • any number and/or combination of networks may be suitable.
  • the process flow 400 may begin when the mobile user 402 attempts to access the business application 404 , at 414 .
  • the business application 404 may attempt to get (e.g., make a request for) session and/or access tokens from the security agent application 406 , at 416 .
  • the security agent application 406 may present a log-in page to the mobile user 402 in order to request user credentials (e.g., user identifier (ID), password, etc).
  • the mobile user 402 may provide such user credentials to the security agent application 406 , at 420 .
  • the security agent application 406 may then attempt to register the device of the mobile user 402 by providing the user credentials, attributes, and/or context information (e.g., the security agent application ID) to the REST server 408 via the networks 412 , at 422 .
  • the REST server 408 may transmit an authentication request including the at least the user credentials to the service provider 410 .
  • an SSO application handle may be generated at 426 to indicate a log-in and/or registration session, in some examples, in conjunction with the REST service 408 providing attributes and/or SSO application ID to the service provider 410 , at 428 .
  • the service provider 410 may return a device handle for indicating the registration session for the mobile device.
  • the REST server 408 may transmit the SSO application handle and the device handle to the security agent application 406 , thus indicating that the mobile device has been registered. That is, the process 400 may provide a device token to the mobile device which can be used to indicate that the mobile device has been registered for the SSO service.
  • FIG. 5 depicts a simplified process flow 500 of an example application registration performed in conjunction with the single sign-on (SSO) management as described above.
  • the simplified process flow 500 may be performed by one or more computing devices such as, but not limited to, the user devices 104 and/or the identity interface service computers 120 of FIG. 1 .
  • a mobile user 502 may access a mobile device such as, but not limited to, the user device 104 of FIG. 1 and/or the user device 202 of FIG. 2 .
  • the mobile device may include a business application 504 (e.g., a browser application, a native application, etc.) and/or an SSO application 506 (e.g., the security agent application discussed above at least with reference to FIGS.
  • a business application 504 e.g., a browser application, a native application, etc.
  • SSO application 506 e.g., the security agent application discussed above at least with reference to FIGS.
  • the mobile device may interact with a REST server 508 (or other identity service) and/or one or more service providers 510 (e.g., an access management service and/or servers hosting data for the mobile applications of the mobile device) via one or more networks 512 .
  • a REST server 508 or other identity service
  • service providers 510 e.g., an access management service and/or servers hosting data for the mobile applications of the mobile device
  • networks 512 any number and/or combination of networks (wired and/or wireless) may be suitable.
  • the process flow 500 may begin when the mobile user 502 attempts to access the business application 504 , at 514 .
  • the business application 504 may attempt to get (e.g., make a request for) session and/or access tokens from the security agent application 506 , at 516 .
  • the security agent application 506 may present a log-in page to the mobile user 502 in order to request user credentials (e.g., user ID, password, etc.).
  • the mobile user 502 may provide such user credentials to the security agent application 506 , at 520 .
  • the security agent application 506 may then attempt to register the business application by providing the user credentials, attributes, and/or context information (e.g., the security agent application ID) to the REST server 508 via the networks 512 , at 522 .
  • the REST server 508 may transmit an authentication request including the at least the user credentials to the service provider 510 .
  • an SSO application handle may be generated, at 526 to indicate a log-in and/or registration session, in some examples, in conjunction with the REST service 508 providing attributes and/or SSO application ID to the service provider 510 , at 528 .
  • the service provider 510 may return a device handle for indicating the registration session for the business application.
  • the REST server 508 may transmit the SSO application handle and the device handle to the security agent application 506 , thus indicating that the business application has been registered.
  • the security agent application 506 may then transmit the application handle to the business application at 534 . That is, the process 500 may provide an application (or client) token to the business application which can be used to indicate that the application has been registered for the SSO service.
  • the business application 504 may transmit a request to get an access token from the REST server 508 .
  • the REST server may provide the access token and/or may forward the request to the appropriate service provider 510 , at 538 .
  • FIG. 6 depicts a simplified process flow 600 of an example user log-in performed in conjunction with the single sign-on (SSO) management as described above.
  • the simplified process flow 600 may be performed by one or more computing devices such as, but not limited to, the user devices 104 and/or the identity interface service computers 120 of FIG. 1 .
  • a mobile user 602 may access a mobile device such as, but not limited to, the user device 104 of FIG. 1 and/or the user device 202 of FIG. 2 .
  • the mobile device may include a business application 604 (e.g., a native application including, but not limited to, a tax application, a directory application, an expense report application, etc.) and/or an security agent application 606 (e.g., the security agent application discussed above at least with reference to FIGS. 1 , 2 ).
  • the mobile device may interact with a REST server 608 (or other identity service) and/or one or more service providers 610 (e.g., an access management service, an identity service, and/or servers hosting data for the mobile applications of the mobile device) via one or more networks 612 .
  • a REST server 608 or other identity service
  • service providers 610 e.g., an access management service, an identity service, and/or servers hosting data for the mobile applications of the mobile device
  • networks 612 any number and/or combination of networks (wired and/or wireless) may be suitable.
  • the process flow 600 may describe a scenario when the mobile user 602 specifically uses a business application 604 of the mobile device a native application of the mobile device is used as opposed to a browser application of the mobile device).
  • the process flow 600 may begin when the mobile user 602 attempts to access the business application 604 , at 614 .
  • the business application 604 may attempt to get (e.g., make a request for) session and/or access tokens from the security agent application 606 , at 616 .
  • the security agent application 606 may present a log-in page to the mobile user 602 in order to request user credentials (e.g., user ID, password, etc.).
  • the mobile user 602 may provide such user credentials to the security agent application 606 , at 620 .
  • the security agent application 606 may then attempt to register and/or authenticate the business application 604 by providing the user credentials, attributes, and/or context information (e.g., the security agent application ID) to the REST server 608 via the networks 612 , at 622 .
  • the REST server 608 may authenticate the mobile user 602 , at 623 , and generate or otherwise obtain user and/or access tokens for the mobile device and/or mobile user 602 .
  • any other service provider such as the service provider 610 may perform the authentication.
  • the REST server 608 may receive user and/or access tokens from the service provider 610 , at 626 . Either way, at the REST server 608 may provide the user and/or access tokens to the security agent application 606 via the networks 612 . At 630 , the security agent application 606 may provide the user and/or access tokens to the business application 604 and/or to the mobile user 602 . The business application 604 may then provide application content (e.g., a page from a server or a page containing local content) to the mobile user 602 , at 632 .
  • application content e.g., a page from a server or a page containing local content
  • FIG. 7 depicts a simplified process flow 700 of an example user log-in performed in conjunction with the single sign-on (SSO) management as described above.
  • the simplified process flow 700 may be performed by one or more computing devices such as, but not limited to, the user devices 104 and/or the identity interface service computers 120 of FIG. 1 .
  • a mobile user 702 may access a mobile device such as, but not limited to, the user device 104 of FIG. 1 and/or the user device 202 of FIG. 2 .
  • the mobile device may include a browser application 704 (e.g., a web browser) and/or an security agent application 706 (e.g., the security agent application discussed above at least with reference to FIGS. 1 , 2 ).
  • a browser application 704 e.g., a web browser
  • an security agent application 706 e.g., the security agent application discussed above at least with reference to FIGS. 1 , 2 ).
  • the mobile device may interact with a web server 707 (e.g., the web application 110 of FIG. 1 configured to serve web pages), a REST server 708 (or other identity service), and/or one or more service providers 710 (e.g., an access management service, an identity service, and/or servers hosting data for the mobile applications of the mobile device) via one or more networks 712 .
  • a web server 707 e.g., the web application 110 of FIG. 1 configured to serve web pages
  • a REST server 708 or other identity service
  • service providers 710 e.g., an access management service, an identity service, and/or servers hosting data for the mobile applications of the mobile device
  • networks 712 e.g., any number and/or combination of networks (wired and/or wireless) may be suitable.
  • the process flow 700 may describe a scenario when the mobile user 702 specifically uses a browser application 704 of the mobile device (i.e., a web browser of the mobile device is used as opposed to a native and/or business application of the mobile device).
  • the process flow 700 may begin when the mobile user 702 attempts to access the browser application 704 , at 714 .
  • the browser application 704 may communicate this access attempt to the web server 707 via the networks 712 , at 716 .
  • the web server 708 may provide the access request information to the service providers 710 (e.g., an identity management application or service), at 718 , to indicate to the service provider 710 that authentication may be requested in a future communication.
  • the service providers 710 e.g., an identity management application or service
  • the service provider 710 may indicate or otherwise instruct the browser application 704 , via the networks 712 , to request user credentials from the mobile user 702 .
  • the browser application 704 may redirect the user credential request to the security agent application 706 , at 722 .
  • the security agent application 706 may present a log-in page to the mobile user 702 in order to request user credentials (e.g., user ID, password, etc. response, the mobile user 702 may provide such user credentials to the security agent application 706 , at 726 .
  • the security agent application 706 may then attempt to register and/or authenticate the browser application 704 by providing the user credentials, attributes, and/or context information (e.g., the security agent application ID) to the REST server 708 via the networks 712 , at 728 .
  • the REST server 708 may authenticate the mobile user 702 and generate or otherwise obtain user and/or access tokens for the mobile device and/or mobile user 702 .
  • any other service provider such as the service provider 710 may perform the authentication.
  • the REST server 708 may transmit the credentials to the service provider 710 , at 730 , and receive user and/or access tokens from the service provider 710 , at 732 .
  • the REST server 708 may provide the user and/or access tokens to the security agent application 706 via the networks 712 .
  • the security agent application 706 may make a Web View or other method call to the service provider 710 in order to inject a cookie.
  • the security agent application 706 may also redirect appropriate information to the browser application, at 738 , indicating which web pages should be served to the mobile user 702 .
  • the browser application 704 may redirect this information to the web server 707 .
  • the web server 707 may serve the requested web pages to the mobile user 702 .
  • FIGS. 8-10 illustrate simplified example flow diagrams showing respective processes 800 , 900 , and 1000 for providing single sign-on management. These processes are illustrated as logical flow diagrams, each operation of which represents a sequence of operations that can be implemented in hardware, computer instructions, or a combination thereof.
  • the operations represent computer-executable instructions stored on one or more computer-readable storage media that, when executed by one or more processors, perform the recited operations.
  • computer-executable instructions include routines, programs, objects, components, data structures, and the like that perform particular functions or implement particular data types.
  • the order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be combined in any order and/or in parallel to implement the processes.
  • any, or all of the processes may be performed under the control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) executing collectively on one or more processors, by hardware, or combinations thereof.
  • the code may be stored on a computer-readable storage medium, for example, in the form of a computer program comprising a plurality of instructions executable by one or more processors.
  • the computer-readable storage medium may be non-transitory.
  • the process 800 of FIG. 8 may be performed by the one or more user devices 102 and/or identity interface service computers 120 of FIG. 1 .
  • the process 800 may begin at 802 by receiving a request to access a service provider.
  • the request may be received from a first application of a mobile device.
  • the first application may be a native application or a browser application.
  • the request may be received by a security agent application (e.g., a helper application and/or authentication delegation application) of the mobile device.
  • the process 800 may log in a user associated with the first application (e.g., the user of the mobile device).
  • the process 800 may provide a token for accessing the service provider to the first application, at 806 .
  • the process 800 may end, at 808 , by providing a second token to a second application of the mobile device that is associated with the user. In this way, single sign-on may be achieved and the user does not need to be authenticated multiple times to access multiple service providers via multiple applications.
  • FIG. 9 illustrates a simplified example flow diagram showing the process 900 for providing features of single sign-on management.
  • the process 900 of FIG. 9 may be performed by the one or more user devices 102 and/or identity interface service computers 120 of FIG. 1 .
  • the process 900 may begin at 902 by receiving a request to access a first remote application.
  • the remote application may be a server or other computer configured to provide application functionality to a mobile application or mobile device.
  • the request may be received from a first local application of a mobile device, the local application configured to communicate or otherwise receive content from the remote application.
  • the first local application may be “local” in that it is executed by or otherwise resides on the mobile device.
  • the process 900 may provide an authentication request (e.g., based at least in part on the access request) to a remote authentication provider.
  • the process 900 may also receive a first access token for accessing the first remote application, at 906 .
  • the first access token may be received from the remote authentication provider.
  • the process 900 may provide the first access token to the first local application.
  • the process 900 may end by providing a second access token to a second local application of the mobile device. This second access token may be for allowing the second local application to access a second remote application.
  • the process 900 may provide the first and/or second access tokens to the first and/or second local applications, respectively, based at least in part on a successful log-in of a user, of the mobile device, and/or of the first and/or second local application.
  • FIG. 10 illustrates a simplified example flow diagram showing the process 1000 for providing features of single sign-on management.
  • the process 1000 of FIG. 10 may be performed by the one or more user devices 102 and/or identity interface service computers 120 of FIG. 1 .
  • the process 1000 may begin by receiving, from a first local application of a mobile device, a request to request to access a first remote application.
  • the remote application may be a web service, a web server, and/or any service configured to provide data, processing, and/or services to the local application.
  • the process 1000 may provide an authentication request to a remote authentication provider.
  • the process 1000 may also receive, from the remote authentication provider, a first access token for accessing the first remote application.
  • the process 1000 may provide the first access token to the first local application.
  • the process 1000 may also receive, at 1010 , from the remote authentication provider, a second access token for accessing a second remote application. That is, since the user, mobile device, and/or local application have already been authenticated, the remote authentication device may proactively provide access tokens for accessing other remote applications that are within a particular trusted group (e.g., a circle of trust or circle of trust).
  • the process 1000 may receive, from a second local application of the mobile device, a request to access the second remote application. In this example, the process 1000 has already received the access token for accessing the second remote application.
  • the process 1000 may end, at 1014 , by providing the second access token to the second local application.
  • FIG. 11 is a simplified block diagram illustrating components of a system environment 1100 that may be used in accordance with an embodiment of the present disclosure.
  • system environment 1100 includes one or more client computing devices 1102 , 1104 , 1106 , 1108 , which are configured to operate a client application such as a web browser, proprietary client (e.g., Oracle Forms), or the like.
  • client computing devices 1102 , 1104 , 1106 , and 1108 may interact with a server 1112 .
  • Client computing devices 1102 , 1104 , 1106 , 1108 may be general purpose personal computers (including, by way of example, personal computers and/or laptop computers running various versions of Microsoft Windows and/or Apple Macintosh operating systems), cell phones or PDAs (running software such as Microsoft Windows Mobile and being Internet, e-mail, SMS, Blackberry, or other communication protocol enabled), and/or workstation computers running any of a variety of commercially-available UNIX or UNIX-like operating systems (including without limitation the variety of GNU/Linux operating systems).
  • general purpose personal computers including, by way of example, personal computers and/or laptop computers running various versions of Microsoft Windows and/or Apple Macintosh operating systems), cell phones or PDAs (running software such as Microsoft Windows Mobile and being Internet, e-mail, SMS, Blackberry, or other communication protocol enabled), and/or workstation computers running any of a variety of commercially-available UNIX or UNIX-like operating systems (including without limitation the variety of GNU/Linux operating systems).
  • client computing devices 1102 , 1104 , 1106 , and 1108 may be any other electronic device, such as a thin-client computer, Internet-enabled gaming system, and/or personal messaging device, capable of communicating over a network (e.g., network 1110 described below).
  • network 1110 e.g., network 1110 described below.
  • client computing devices 1102 , 1104 , 1106 , and 1108 may be any other electronic device, such as a thin-client computer, Internet-enabled gaming system, and/or personal messaging device, capable of communicating over a network (e.g., network 1110 described below).
  • network 1110 e.g., network 1110 described below.
  • System environment 1100 may include a network 1110 .
  • Network 11 0 may be any type of network familiar to those skilled in the art that can support data communications using any of a variety of commercially-available protocols, including without limitation TCP/IP, SNA, IPX, AppleTalk, and the like.
  • network 1110 can be a local area network (LAN), such as an Ethernet network, a Token-Ring network and/or the like; a wide-area network; a virtual network, including without limitation a virtual private network (VPN); the Internet; an intranet; an extranet; a public switched telephone network (PSTN); an infra-red network; a wireless network (e.g., a network operating under any of the IEEE 802.11 suite of protocols, the Bluetooth protocol known in the art, and/or any other wireless protocol); and/or any combination of these and/or other networks.
  • LAN local area network
  • VPN virtual private network
  • PSTN public switched telephone network
  • wireless network e.g., a network operating under any of the IEEE 802.11 suite of protocols, the Bluetooth protocol known in the art, and/or any other wireless protocol
  • System environment 1100 also includes one or more server computers 1112 which may be general purpose computers, specialized server computers including, by way of example, PC servers, UNIX servers, mid-range servers, mainframe computers, rack-mounted servers, etc.), server farms, server clusters, or any other appropriate arrangement and/or combination.
  • server 1112 may be adapted to run one or more services or software applications described in the foregoing disclosure.
  • server 1112 may correspond to a server for performing processing described above according to an embodiment of the present disclosure.
  • Server 1112 may run an operating system including any of those discussed above, as well as any commercially available server operating system. Server 1112 may also run any of a variety of additional server applications and/or mid-tier applications, including HTTP servers, FTP servers, GCI servers, Java servers, database servers, and the like. Exemplary database servers include without limitation those commercially available from Oracle, Microsoft, Sybase, IBM and the like.
  • System environment 1100 may also include one or more databases 1114 , 1116 , Databases 1114 , 1116 may reside in a variety of locations.
  • databases 1114 , 1116 may reside on a non-transitory storage medium local to (and/or resident in) server 1112 .
  • databases 1114 , 1116 may be remote from server 1112 , and in communication with server 1112 via a network-based or dedicated connection.
  • databases 1114 , 1116 may reside in a storage-area network (SAN) familiar to those skilled in the art.
  • SAN storage-area network
  • any necessary files tier performing the functions attributed to server 1112 may be stored locally on server 1112 and/or remotely, as appropriate.
  • databases 1114 , 1116 may include relational databases, such as databases provided by Oracle, that are adapted to store, update, and retrieve data in response to SQL-formatted commands.
  • FIG. 12 is a simplified block diagram of a computer system 1200 that may be used in accordance with embodiments of the present disclosure.
  • servers 122 and/or 1212 may be implemented using a system such as system 1200 .
  • Computer system 1200 is shown comprising hardware elements that may be electrically coupled via a bus 1224 .
  • the hardware elements may include one or more central processing units (CPUs) 1202 , one or more input devices 1204 (e.g., a mouse, a keyboard, etc.), and one or more output devices 1206 (e.g., a display device, a printer, etc.).
  • Computer system 1200 may also include one or more storage devices 1208 .
  • the storage device(s) 1208 may include devices such as disk drives, optical storage devices, and solid-state storage devices such as a random access memory (RAM) and/or a read-only memory (ROM), which can be programmable, flash-updateable and/or the like.
  • RAM random access memory
  • ROM read-only memory
  • Computer system 11200 may additionally include a computer-readable storage media reader 1212 , a communications subsystem 1214 (e.g., a modem, a network card (wireless or wired), an infra-red communication device, etc.), and working memory 1218 , which may include RAM and ROM devices as described above.
  • computer system 1200 may also include a processing acceleration unit 1216 , which can include a digital signal processor (DSP), a special-purpose processor, and/or the like.
  • DSP digital signal processor
  • Computer-readable storage media reader 1212 can further be connected to a computer-readable storage medium 1210 , together (and, optionally, in combination with storage device(s) 1208 ) comprehensively representing remote, local, fixed, and/or removable storage devices plus storage media for temporarily and/or more permanently containing computer-readable information.
  • Communications system 1214 may permit data to be exchanged with network 1212 and/or any other computer described above with respect to system environment 1200 .
  • Computer system 1200 may also comprise software elements, shown as being currently located within working memory 1218 , including an operating system 1220 and/or other code 1222 , such as an application program (which may be a client application, Web browser, mid-tier application, RDBMS, etc.).
  • working memory 1218 may include executable code and associated data structures used for relying party and open authorization-related processing as described above.
  • alternative embodiments of computer system 1200 may have numerous variations from that described above. For example, customized hardware might also be used and/or particular elements might be implemented in hardware, software (including portable software, such as applets), or both, Further, connection to other computing devices such as network input/output devices may be employed.
  • Storage media and computer readable media for containing code, or portions of code can include any appropriate media known or used in the art, including storage media and communication media, such as but not limited to, volatile and non-volatile (non-transitory), removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, data signals, data transmissions, or any other medium which can be used to store or transmit the desired information and which can be accessed by a computer.
  • storage media and communication media such as but not limited to, volatile and non-volatile (non-transitory), removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEP

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
US13/485,283 2011-09-29 2012-05-31 Mobile application, single sign-on management Abandoned US20130086669A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/485,283 US20130086669A1 (en) 2011-09-29 2012-05-31 Mobile application, single sign-on management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161541034P 2011-09-29 2011-09-29
US13/485,283 US20130086669A1 (en) 2011-09-29 2012-05-31 Mobile application, single sign-on management

Publications (1)

Publication Number Publication Date
US20130086669A1 true US20130086669A1 (en) 2013-04-04

Family

ID=47023095

Family Applications (7)

Application Number Title Priority Date Filing Date
US13/485,283 Abandoned US20130086669A1 (en) 2011-09-29 2012-05-31 Mobile application, single sign-on management
US13/485,509 Active 2032-11-23 US9081951B2 (en) 2011-09-29 2012-05-31 Mobile application, identity interface
US13/485,569 Active US9965614B2 (en) 2011-09-29 2012-05-31 Mobile application, resource management advice
US13/485,420 Active 2033-05-14 US9495533B2 (en) 2011-09-29 2012-05-31 Mobile application, identity relationship management
US14/791,733 Active US9600652B2 (en) 2011-09-29 2015-07-06 Mobile application, identity interface
US15/934,544 Active US10325089B2 (en) 2011-09-29 2018-03-23 Mobile application, resource management advice
US16/392,398 Active US10621329B2 (en) 2011-09-29 2019-04-23 Mobile application, resource management advice

Family Applications After (6)

Application Number Title Priority Date Filing Date
US13/485,509 Active 2032-11-23 US9081951B2 (en) 2011-09-29 2012-05-31 Mobile application, identity interface
US13/485,569 Active US9965614B2 (en) 2011-09-29 2012-05-31 Mobile application, resource management advice
US13/485,420 Active 2033-05-14 US9495533B2 (en) 2011-09-29 2012-05-31 Mobile application, identity relationship management
US14/791,733 Active US9600652B2 (en) 2011-09-29 2015-07-06 Mobile application, identity interface
US15/934,544 Active US10325089B2 (en) 2011-09-29 2018-03-23 Mobile application, resource management advice
US16/392,398 Active US10621329B2 (en) 2011-09-29 2019-04-23 Mobile application, resource management advice

Country Status (6)

Country Link
US (7) US20130086669A1 (enrdf_load_stackoverflow)
EP (1) EP2761527B1 (enrdf_load_stackoverflow)
JP (1) JP6096200B2 (enrdf_load_stackoverflow)
CN (2) CN103930897B (enrdf_load_stackoverflow)
IN (1) IN2014CN02442A (enrdf_load_stackoverflow)
WO (1) WO2013049392A1 (enrdf_load_stackoverflow)

Cited By (108)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130086211A1 (en) * 2011-09-29 2013-04-04 Oracle International Corporation Mobile application, resource management advice
US20130340048A1 (en) * 2012-06-18 2013-12-19 Infosys Limited Mobile application management framework
US20140074490A1 (en) * 2012-09-12 2014-03-13 Oracle International Corporation Self-service account enrollment system
US20140109194A1 (en) * 2013-12-05 2014-04-17 Sky Socket, Llc Authentication Delegation
US8745718B1 (en) * 2012-08-20 2014-06-03 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme
US20140181944A1 (en) * 2012-12-26 2014-06-26 Cellco Partnership D/B/A Verizon Wireless Single sign-on for a native application and a web application on a mobile device
US8769651B2 (en) * 2012-09-19 2014-07-01 Secureauth Corporation Mobile multifactor single-sign-on authentication
US20140250508A1 (en) * 2013-03-04 2014-09-04 Dell Products, Lp System and Method for Creating and Managing Object Credentials for Multiple Applications
US20140289528A1 (en) * 2013-03-22 2014-09-25 Davit Baghdasaryan System and method for privacy-enhanced data synchronization
US20140298441A1 (en) * 2013-03-28 2014-10-02 DeNA Co., Ltd. Authentication method, authentication system, and service delivery server
US20140298484A1 (en) * 2013-03-26 2014-10-02 Jvl Ventures Llc Systems, methods, and computer program products for managing access control
US8881247B2 (en) * 2010-09-24 2014-11-04 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
WO2014186882A1 (en) * 2013-05-24 2014-11-27 Passwordbox Inc. Secure automatic authorized access to any application through a third party
WO2015042349A1 (en) 2013-09-20 2015-03-26 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US20150089622A1 (en) * 2011-09-29 2015-03-26 Oracle International Corporation Mobile oauth service
US8997187B2 (en) 2013-03-15 2015-03-31 Airwatch Llc Delegating authorization to applications on a client device in a networked environment
US20150113608A1 (en) * 2012-09-12 2015-04-23 Capital One, Na System and method for providing controlled application programming interface security
US20150149530A1 (en) * 2013-11-27 2015-05-28 Adobe Systems Incorporated Redirecting Access Requests to an Authorized Server System for a Cloud Service
CN104683334A (zh) * 2015-02-11 2015-06-03 百度在线网络技术(北京)有限公司 登录数据的处理方法及装置
US9053302B2 (en) 2012-06-08 2015-06-09 Oracle International Corporation Obligation system for enterprise environments
US9065819B1 (en) * 2013-12-23 2015-06-23 Cellco Partnership Single sign on (SSO) authorization and authentication for mobile communication devices
US9069979B2 (en) 2012-09-07 2015-06-30 Oracle International Corporation LDAP-based multi-tenant in-cloud identity management system
US20150188907A1 (en) * 2013-12-31 2015-07-02 Cellco Partnership D/B/A Verizon Wireless Remote authentication method with single sign on credentials
JP2015122049A (ja) * 2014-05-07 2015-07-02 株式会社 ディー・エヌ・エー 所定のサーバに対してログインを要求するログイン要求装置及び方法、並びにこれらに用いられるプログラム
US9088564B1 (en) * 2013-02-07 2015-07-21 Intuit Inc. Transitioning a logged-in state from a native application to any associated web resource
US20150244706A1 (en) * 2014-02-26 2015-08-27 Secureauth Corporation Security object creation, validation, and assertion for single sign on authentication
US20150326562A1 (en) * 2014-05-06 2015-11-12 Okta, Inc. Facilitating single sign-on to software applications
US9197408B2 (en) 2013-05-10 2015-11-24 Sap Se Systems and methods for providing a secure data exchange
US9197501B2 (en) 2013-08-09 2015-11-24 Sap Se Zero-step auto-customization of mobile applications
US20150341334A1 (en) * 2013-09-11 2015-11-26 Amazon Technologies, Inc. Synchronizing authentication sessions between applications
US20150339473A1 (en) * 2014-05-23 2015-11-26 Blackberry Limited Security apparatus session sharing
US9208298B2 (en) 2012-06-18 2015-12-08 Google Inc. Pass through service login to application login
WO2015195180A1 (en) * 2014-06-16 2015-12-23 Ebay Inc. Systems and methods for authenticating a user based on a computing device
US9225711B1 (en) 2015-05-14 2015-12-29 Fmr Llc Transferring an authenticated session between security contexts
US9258274B2 (en) * 2014-07-09 2016-02-09 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs
US9276942B2 (en) 2012-09-07 2016-03-01 Oracle International Corporation Multi-tenancy identity management system
US20160142408A1 (en) * 2014-11-14 2016-05-19 Martin Raepple Secure identity propagation in a cloud-based computing environment
US9369286B2 (en) 2013-11-27 2016-06-14 Tata Consultancy Services Limited System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
US9374361B2 (en) * 2014-07-03 2016-06-21 Verizon Patent And Licensing Inc. Cross-native application authentication application
US9450963B2 (en) 2013-09-20 2016-09-20 Oraclle International Corporation Multiple resource servers interacting with single OAuth server
US9460288B2 (en) 2014-12-08 2016-10-04 Shape Security, Inc. Secure app update server and secure application programming interface (“API”) server
US9467355B2 (en) 2012-09-07 2016-10-11 Oracle International Corporation Service association model
WO2016205195A1 (en) * 2015-06-15 2016-12-22 Airwatch, Llc Single sign-on for managed mobile devices
US9544295B2 (en) 2013-10-14 2017-01-10 Alibaba Group Holding Limited Login method for client application and corresponding server
US9577999B1 (en) 2014-05-02 2017-02-21 Nok Nok Labs, Inc. Enhanced security for registration of authentication devices
US20170053028A1 (en) * 2012-01-03 2017-02-23 Google Inc. Sharing a process in a web client
US9609541B2 (en) 2014-12-31 2017-03-28 Motorola Solutions, Inc. Method and apparatus for device collaboration via a hybrid network
US9654469B1 (en) 2014-05-02 2017-05-16 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US9720750B1 (en) * 2016-09-23 2017-08-01 International Business Machines Corporation Invoking a restricted access service through a restful interface
US9729506B2 (en) 2014-08-22 2017-08-08 Shape Security, Inc. Application programming interface wall
US9736154B2 (en) 2014-09-16 2017-08-15 Nok Nok Labs, Inc. System and method for integrating an authentication service within a network architecture
US9749131B2 (en) 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US9800602B2 (en) 2014-09-30 2017-10-24 Shape Security, Inc. Automated hardening of web page content
US9866546B2 (en) 2015-10-29 2018-01-09 Airwatch Llc Selectively enabling multi-factor authentication for managed devices
US9875347B2 (en) 2014-07-31 2018-01-23 Nok Nok Labs, Inc. System and method for performing authentication using data analytics
US9882887B2 (en) 2015-06-15 2018-01-30 Airwatch Llc Single sign-on for managed mobile devices
US9882892B1 (en) * 2014-06-18 2018-01-30 Intuit Inc. User authorization using intent tokens
US9887983B2 (en) 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US20180063152A1 (en) * 2016-08-29 2018-03-01 Matt Erich Device-agnostic user authentication and token provisioning
US9961077B2 (en) 2013-05-30 2018-05-01 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US10009219B2 (en) 2012-09-07 2018-06-26 Oracle International Corporation Role-driven notification system including support for collapsing combinations
US10025913B2 (en) 2015-02-27 2018-07-17 Dropbox, Inc. Cross-application authentication on a content management system
US10050935B2 (en) * 2014-07-09 2018-08-14 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US10091195B2 (en) 2016-12-31 2018-10-02 Nok Nok Labs, Inc. System and method for bootstrapping a user binding
US20180309758A1 (en) * 2016-05-09 2018-10-25 Aetna Inc. Unified authentication software development kit
US10148640B2 (en) * 2012-10-01 2018-12-04 Salesforce.Com, Inc. Secured inter-application communication in mobile devices
US10148630B2 (en) 2014-07-31 2018-12-04 Nok Nok Labs, Inc. System and method for implementing a hosted authentication service
US10171447B2 (en) 2015-06-15 2019-01-01 Airwatch Llc Single sign-on for unmanaged mobile devices
US10171448B2 (en) 2015-06-15 2019-01-01 Airwatch Llc Single sign-on for unmanaged mobile devices
US10187374B2 (en) 2015-10-29 2019-01-22 Airwatch Llc Multi-factor authentication for managed applications using single sign-on technology
US20190069168A1 (en) * 2017-08-27 2019-02-28 Okta, Inc. Secure single sign-on to software applications
US10237070B2 (en) 2016-12-31 2019-03-19 Nok Nok Labs, Inc. System and method for sharing keys across authenticators
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US10375053B2 (en) 2016-09-09 2019-08-06 Microsoft Technology Licensing, Llc Cross-platform single sign-on accessibility of a productivity application within a software as a service platform
US20190306171A1 (en) * 2018-03-30 2019-10-03 Microsoft Technology Licensing, Llc System and method for externally-delegated access control and authorization
US10484358B2 (en) * 2017-05-05 2019-11-19 Servicenow, Inc. Single sign-on user interface improvements
US10567171B2 (en) 2016-06-30 2020-02-18 Shape Security, Inc. Client-side security key generation
WO2020046459A1 (en) * 2018-08-30 2020-03-05 Microsoft Technology Licensing, Llc Secure password-based single sign-on
US10637853B2 (en) 2016-08-05 2020-04-28 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10673834B2 (en) * 2015-05-12 2020-06-02 Alibaba Group Holding Limited Establishing a trusted login procedure
US10757107B2 (en) 2015-02-27 2020-08-25 Dropbox, Inc. Application-assisted login for a web browser
US10769635B2 (en) 2016-08-05 2020-09-08 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10826895B1 (en) * 2018-10-04 2020-11-03 State Farm Mutual Automobile Insurance Company System and method for secure authenticated user session handoff
US10944738B2 (en) 2015-06-15 2021-03-09 Airwatch, Llc. Single sign-on for managed mobile devices using kerberos
US20210084026A1 (en) * 2018-05-03 2021-03-18 Vmware, Inc. Authentication service
US11057364B2 (en) 2015-06-15 2021-07-06 Airwatch Llc Single sign-on for managed mobile devices
US11070548B2 (en) * 2018-12-21 2021-07-20 Paypal, Inc. Tokenized online application sessions
US11074056B2 (en) * 2017-06-29 2021-07-27 Hewlett-Packard Development Company, L.P. Computing device monitorings via agent applications
US11196733B2 (en) * 2018-02-08 2021-12-07 Dell Products L.P. System and method for group of groups single sign-on demarcation based on first user login
US20220006803A1 (en) * 2020-05-21 2022-01-06 Citrix Systems, Inc. Cross device single sign-on
US11303627B2 (en) 2018-05-31 2022-04-12 Oracle International Corporation Single Sign-On enabled OAuth token
US20220174056A1 (en) * 2019-03-22 2022-06-02 Nec Corporation Information processing system, information processing method, and program
US20220210624A1 (en) * 2019-02-13 2022-06-30 Nokia Technologies Oy Service based architecture management
US11388224B2 (en) * 2015-06-12 2022-07-12 Huawei Technologies Co., Ltd. Method for managing user information of application, device, and system
US11410160B2 (en) 2016-11-04 2022-08-09 Walmart Apollo, Llc Authenticating online transactions using separate computing device
US20220321658A1 (en) * 2021-04-04 2022-10-06 Rissana, LLC System and method for handling the connection of user accounts to other entities
US11700121B2 (en) * 2019-09-13 2023-07-11 Amazon Technologies, Inc. Secure authorization for sensitive information
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
US20230351004A1 (en) * 2022-04-29 2023-11-02 Okta, Inc. Techniques for credential and identity synchronization
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11930001B2 (en) 2018-05-03 2024-03-12 Vmware, Inc. Polling service
US12041039B2 (en) 2019-02-28 2024-07-16 Nok Nok Labs, Inc. System and method for endorsing a new authenticator
WO2024205904A1 (en) * 2023-03-31 2024-10-03 Microsoft Technology Licensing, Llc Enabling sso for embedded applications
US12126613B2 (en) 2021-09-17 2024-10-22 Nok Nok Labs, Inc. System and method for pre-registration of FIDO authenticators
US12160416B2 (en) * 2020-12-14 2024-12-03 Express Scripts Strategic Development, Inc. System and method for secure single sign on using security assertion markup language
US20250053685A1 (en) * 2023-08-09 2025-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
US12309132B1 (en) * 2024-07-12 2025-05-20 Cortwo Corp. Continuous universal trust architecture and method

Families Citing this family (284)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9532222B2 (en) 2010-03-03 2016-12-27 Duo Security, Inc. System and method of notifying mobile devices to complete transactions after additional agent verification
US9544143B2 (en) 2010-03-03 2017-01-10 Duo Security, Inc. System and method of notifying mobile devices to complete transactions
US9172693B2 (en) * 2010-11-11 2015-10-27 Paypal, Inc. Quick payment using mobile device binding
WO2012128682A1 (en) * 2011-03-22 2012-09-27 Telefonaktiebolaget L M Ericsson (Publ) Methods for exchanging user profile, profile mediator device, agents, computer programs and computer program products
US9467463B2 (en) 2011-09-02 2016-10-11 Duo Security, Inc. System and method for assessing vulnerability of a mobile device
US8689310B2 (en) 2011-12-29 2014-04-01 Ebay Inc. Applications login using a mechanism relating sub-tokens to the quality of a master token
US9256717B2 (en) * 2012-03-02 2016-02-09 Verizon Patent And Licensing Inc. Managed mobile media platform systems and methods
US9183265B2 (en) 2012-06-12 2015-11-10 International Business Machines Corporation Database query language gateway
US20130339334A1 (en) * 2012-06-15 2013-12-19 Microsoft Corporation Personalized search engine results
JP6025480B2 (ja) * 2012-09-27 2016-11-16 キヤノン株式会社 認可サーバーシステム、権限移譲システム、その制御方法、およびプログラム
US9465587B2 (en) * 2012-11-30 2016-10-11 Red Hat Israel, Ltd. Preserving restful web service structure in a client consuming the restful web service
US10009065B2 (en) 2012-12-05 2018-06-26 At&T Intellectual Property I, L.P. Backhaul link for distributed antenna system
US9113347B2 (en) 2012-12-05 2015-08-18 At&T Intellectual Property I, Lp Backhaul link for distributed antenna system
US9253185B2 (en) * 2012-12-12 2016-02-02 Nokia Technologies Oy Cloud centric application trust validation
US9418213B1 (en) * 2013-02-06 2016-08-16 Amazon Technologies, Inc. Delegated permissions in a distributed electronic environment
US9466051B1 (en) * 2013-02-06 2016-10-11 Amazon Technologies, Inc. Funding access in a distributed electronic environment
US10659288B2 (en) 2013-02-21 2020-05-19 Gree, Inc. Method for controlling server device, recording medium, server device, terminal device, and system
US10083156B2 (en) 2013-03-13 2018-09-25 International Business Machines Corporation Mobile enablement of webpages
US10346501B2 (en) 2013-03-13 2019-07-09 International Business Machines Corporation Mobile enablement of existing web sites
US9426201B2 (en) 2013-03-13 2016-08-23 International Business Machines Corporation Transforming application cached template using personalized content
US9563448B2 (en) * 2013-03-13 2017-02-07 International Business Machines Corporation Mobilizing a web application to take advantage of a native device capability
US9009806B2 (en) 2013-04-12 2015-04-14 Globoforce Limited System and method for mobile single sign-on integration
JP5902304B2 (ja) 2013-04-30 2016-04-13 グリー株式会社 プログラム及び処理方法
WO2014190053A1 (en) * 2013-05-21 2014-11-27 Convida Wireless, Llc Lightweight iot information model
JP5578693B1 (ja) 2013-05-22 2014-08-27 グリー株式会社 サーバ装置、その制御方法、プログラム及びゲームシステム
US9525524B2 (en) 2013-05-31 2016-12-20 At&T Intellectual Property I, L.P. Remote distributed antenna system
US9999038B2 (en) 2013-05-31 2018-06-12 At&T Intellectual Property I, L.P. Remote distributed antenna system
CN104426856A (zh) * 2013-08-22 2015-03-18 北京千橡网景科技发展有限公司 应用登录方法、装置以及用户设备
US9641335B2 (en) * 2013-09-16 2017-05-02 Axis Ab Distribution of user credentials
US9979751B2 (en) 2013-09-20 2018-05-22 Open Text Sa Ulc Application gateway architecture with multi-level security policy and rule promulgations
US10824756B2 (en) 2013-09-20 2020-11-03 Open Text Sa Ulc Hosted application gateway architecture with multi-level security policy and rule promulgations
US10225244B2 (en) 2013-09-20 2019-03-05 Oracle International Corporation Web-based interface integration for single sign-on
EP2851833B1 (en) 2013-09-20 2017-07-12 Open Text S.A. Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations
MX355851B (es) 2013-09-24 2018-05-02 Commscope Technologies Llc Módulo óptico activo enchufable con soporte de conectividad gestionada y tabla de memoria simulada.
JP6343900B2 (ja) * 2013-10-10 2018-06-20 富士通株式会社 通信端末、通信処理方法および通信処理プログラム
US10243945B1 (en) * 2013-10-28 2019-03-26 Amazon Technologies, Inc. Managed identity federation
US8897697B1 (en) 2013-11-06 2014-11-25 At&T Intellectual Property I, Lp Millimeter-wave surface-wave communications
US9554323B2 (en) 2013-11-15 2017-01-24 Microsoft Technology Licensing, Llc Generating sequenced instructions for connecting through captive portals
US10057302B2 (en) 2013-11-15 2018-08-21 Microsoft Technology Licensing, Llc Context-based selection of instruction sets for connecting through captive portals
US9369342B2 (en) 2013-11-15 2016-06-14 Microsoft Technology Licensing, Llc Configuring captive portals with a cloud service
US10382305B2 (en) 2013-11-15 2019-08-13 Microsoft Technology Licensing, Llc Applying sequenced instructions to connect through captive portals
US9124575B2 (en) 2013-11-27 2015-09-01 Sap Se Self-single sign-on
CN103618790A (zh) * 2013-11-28 2014-03-05 深圳先进技术研究院 一种获取api服务的方法及系统
US9209902B2 (en) 2013-12-10 2015-12-08 At&T Intellectual Property I, L.P. Quasi-optical coupler
EP3085007B1 (en) 2013-12-20 2023-03-15 Nokia Technologies Oy Push-based trust model for public cloud applications
CN104767719B (zh) * 2014-01-07 2018-09-18 阿里巴巴集团控股有限公司 确定登录网站的终端是否是移动终端的方法及服务器
EP3103238B1 (en) 2014-02-07 2021-06-23 Oracle International Corporation Mobile cloud service architecture
US9529658B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace request messages and identifying related diagnostic information
US9529657B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace events and identifying related diagnostic information
CA2931750C (en) 2014-02-07 2023-03-07 Oracle International Corporation Cloud service custom execution environment
US9313208B1 (en) * 2014-03-19 2016-04-12 Amazon Technologies, Inc. Managing restricted access resources
SG11201605786SA (en) 2014-03-31 2016-10-28 Oracle Int Corp Infrastructure for synchronization of mobile device with mobile cloud service
CN105099984B (zh) * 2014-04-16 2019-07-02 百度在线网络技术(北京)有限公司 一种app间账号互通的方法和装置
US9762590B2 (en) * 2014-04-17 2017-09-12 Duo Security, Inc. System and method for an integrity focused authentication service
US10209992B2 (en) 2014-04-25 2019-02-19 Avago Technologies International Sales Pte. Limited System and method for branch prediction using two branch history tables and presetting a global branch history register
US9419962B2 (en) * 2014-06-16 2016-08-16 Adobe Systems Incorporated Method and apparatus for sharing server resources using a local group
US9712516B2 (en) * 2014-06-20 2017-07-18 Bmc Software, Inc. Monitoring signed resources transferred over a network
US9635005B2 (en) 2014-07-18 2017-04-25 Document Storage Systems, Inc. Computer readable storage media for tiered connection pooling and methods and systems for utilizing same
US9692101B2 (en) 2014-08-26 2017-06-27 At&T Intellectual Property I, L.P. Guided wave couplers for coupling electromagnetic waves between a waveguide surface and a surface of a wire
US8984612B1 (en) * 2014-09-04 2015-03-17 Google Inc. Method of identifying an electronic device by browser versions and cookie scheduling
US9768833B2 (en) 2014-09-15 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for sensing a condition in a transmission medium of electromagnetic waves
US10063280B2 (en) 2014-09-17 2018-08-28 At&T Intellectual Property I, L.P. Monitoring and mitigating conditions in a communication network
US9444848B2 (en) * 2014-09-19 2016-09-13 Microsoft Technology Licensing, Llc Conditional access to services based on device claims
US10819747B1 (en) * 2014-09-26 2020-10-27 Amazon Technologies, Inc. Entitlement map for policy simulation
US9762676B2 (en) * 2014-09-26 2017-09-12 Intel Corporation Hardware resource access systems and techniques
US9628854B2 (en) 2014-09-29 2017-04-18 At&T Intellectual Property I, L.P. Method and apparatus for distributing content in a communication network
US9615269B2 (en) 2014-10-02 2017-04-04 At&T Intellectual Property I, L.P. Method and apparatus that provides fault tolerance in a communication network
US9685992B2 (en) 2014-10-03 2017-06-20 At&T Intellectual Property I, L.P. Circuit panel network and methods thereof
US9503189B2 (en) 2014-10-10 2016-11-22 At&T Intellectual Property I, L.P. Method and apparatus for arranging communication sessions in a communication system
US9762289B2 (en) 2014-10-14 2017-09-12 At&T Intellectual Property I, L.P. Method and apparatus for transmitting or receiving signals in a transportation system
US9973299B2 (en) 2014-10-14 2018-05-15 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a mode of communication in a communication network
US9312919B1 (en) 2014-10-21 2016-04-12 At&T Intellectual Property I, Lp Transmission device with impairment compensation and methods for use therewith
US9577306B2 (en) 2014-10-21 2017-02-21 At&T Intellectual Property I, L.P. Guided-wave transmission device and methods for use therewith
US9564947B2 (en) 2014-10-21 2017-02-07 At&T Intellectual Property I, L.P. Guided-wave transmission device with diversity and methods for use therewith
US9627768B2 (en) 2014-10-21 2017-04-18 At&T Intellectual Property I, L.P. Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9520945B2 (en) 2014-10-21 2016-12-13 At&T Intellectual Property I, L.P. Apparatus for providing communication services and methods thereof
US9769020B2 (en) 2014-10-21 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for responding to events affecting communications in a communication network
US9653770B2 (en) 2014-10-21 2017-05-16 At&T Intellectual Property I, L.P. Guided wave coupler, coupling module and methods for use therewith
US9780834B2 (en) 2014-10-21 2017-10-03 At&T Intellectual Property I, L.P. Method and apparatus for transmitting electromagnetic waves
US9760501B2 (en) 2014-11-05 2017-09-12 Google Inc. In-field smart device updates
US20160128104A1 (en) * 2014-11-05 2016-05-05 Google Inc. In-field smart device updates
US9742462B2 (en) 2014-12-04 2017-08-22 At&T Intellectual Property I, L.P. Transmission medium and communication interfaces and methods for use therewith
US9954287B2 (en) 2014-11-20 2018-04-24 At&T Intellectual Property I, L.P. Apparatus for converting wireless signals and electromagnetic waves and methods thereof
US10243784B2 (en) 2014-11-20 2019-03-26 At&T Intellectual Property I, L.P. System for generating topology information and methods thereof
US9654173B2 (en) 2014-11-20 2017-05-16 At&T Intellectual Property I, L.P. Apparatus for powering a communication device and methods thereof
US9997819B2 (en) 2015-06-09 2018-06-12 At&T Intellectual Property I, L.P. Transmission medium and method for facilitating propagation of electromagnetic waves via a core
US9461706B1 (en) 2015-07-31 2016-10-04 At&T Intellectual Property I, Lp Method and apparatus for exchanging communication signals
US10009067B2 (en) 2014-12-04 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for configuring a communication interface
US10340573B2 (en) 2016-10-26 2019-07-02 At&T Intellectual Property I, L.P. Launcher with cylindrical coupling device and methods for use therewith
US9800327B2 (en) 2014-11-20 2017-10-24 At&T Intellectual Property I, L.P. Apparatus for controlling operations of a communication device and methods thereof
US9544006B2 (en) 2014-11-20 2017-01-10 At&T Intellectual Property I, L.P. Transmission device with mode division multiplexing and methods for use therewith
US9680670B2 (en) 2014-11-20 2017-06-13 At&T Intellectual Property I, L.P. Transmission device with channel equalization and control and methods for use therewith
CN105790945B (zh) * 2014-12-22 2019-09-03 中国移动通信集团公司 一种实现用户唯一身份认证的认证方法、装置和系统
US9613204B2 (en) 2014-12-23 2017-04-04 Document Storage Systems, Inc. Computer readable storage media for legacy integration and methods and systems for utilizing same
US10063661B2 (en) 2015-01-14 2018-08-28 Oracle International Corporation Multi-tenant cloud-based queuing systems
WO2016123109A1 (en) 2015-01-26 2016-08-04 Mobile Iron, Inc. Identity proxy to provide access control and single sign on
US10144036B2 (en) 2015-01-30 2018-12-04 At&T Intellectual Property I, L.P. Method and apparatus for mitigating interference affecting a propagation of electromagnetic waves guided by a transmission medium
US9876570B2 (en) 2015-02-20 2018-01-23 At&T Intellectual Property I, Lp Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US10187388B2 (en) 2015-03-12 2019-01-22 At&T Intellectual Property I, L.P. System and method for managing electronic interactions based on defined relationships
US9749013B2 (en) 2015-03-17 2017-08-29 At&T Intellectual Property I, L.P. Method and apparatus for reducing attenuation of electromagnetic waves guided by a transmission medium
US9749310B2 (en) * 2015-03-27 2017-08-29 Intel Corporation Technologies for authentication and single-sign-on using device security assertions
US9705561B2 (en) 2015-04-24 2017-07-11 At&T Intellectual Property I, L.P. Directional coupling device and methods for use therewith
US10224981B2 (en) 2015-04-24 2019-03-05 At&T Intellectual Property I, Lp Passive electrical coupling device and methods for use therewith
US9948354B2 (en) 2015-04-28 2018-04-17 At&T Intellectual Property I, L.P. Magnetic coupling device with reflective plate and methods for use therewith
US9793954B2 (en) 2015-04-28 2017-10-17 At&T Intellectual Property I, L.P. Magnetic coupling device and methods for use therewith
US9871282B2 (en) 2015-05-14 2018-01-16 At&T Intellectual Property I, L.P. At least one transmission medium having a dielectric surface that is covered at least in part by a second dielectric
US9748626B2 (en) 2015-05-14 2017-08-29 At&T Intellectual Property I, L.P. Plurality of cables having different cross-sectional shapes which are bundled together to form a transmission medium
US9490869B1 (en) 2015-05-14 2016-11-08 At&T Intellectual Property I, L.P. Transmission medium having multiple cores and methods for use therewith
US10650940B2 (en) 2015-05-15 2020-05-12 At&T Intellectual Property I, L.P. Transmission medium having a conductive material and methods for use therewith
US10679767B2 (en) 2015-05-15 2020-06-09 At&T Intellectual Property I, L.P. Transmission medium having a conductive material and methods for use therewith
US9917341B2 (en) 2015-05-27 2018-03-13 At&T Intellectual Property I, L.P. Apparatus and method for launching electromagnetic waves and for modifying radial dimensions of the propagating electromagnetic waves
US9930060B2 (en) 2015-06-01 2018-03-27 Duo Security, Inc. Method for enforcing endpoint health standards
US10812174B2 (en) 2015-06-03 2020-10-20 At&T Intellectual Property I, L.P. Client node device and methods for use therewith
US9866309B2 (en) 2015-06-03 2018-01-09 At&T Intellectual Property I, Lp Host node device and methods for use therewith
US9912381B2 (en) 2015-06-03 2018-03-06 At&T Intellectual Property I, Lp Network termination and methods for use therewith
US10348391B2 (en) 2015-06-03 2019-07-09 At&T Intellectual Property I, L.P. Client node device with frequency conversion and methods for use therewith
US10103801B2 (en) 2015-06-03 2018-10-16 At&T Intellectual Property I, L.P. Host node device and methods for use therewith
US10154493B2 (en) 2015-06-03 2018-12-11 At&T Intellectual Property I, L.P. Network termination and methods for use therewith
US9913139B2 (en) 2015-06-09 2018-03-06 At&T Intellectual Property I, L.P. Signal fingerprinting for authentication of communicating devices
US9608692B2 (en) 2015-06-11 2017-03-28 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US10142086B2 (en) 2015-06-11 2018-11-27 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9820146B2 (en) 2015-06-12 2017-11-14 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9667317B2 (en) 2015-06-15 2017-05-30 At&T Intellectual Property I, L.P. Method and apparatus for providing security using network traffic adjustments
US9640850B2 (en) 2015-06-25 2017-05-02 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a non-fundamental wave mode on a transmission medium
US9509415B1 (en) 2015-06-25 2016-11-29 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a fundamental wave mode on a transmission medium
US9865911B2 (en) 2015-06-25 2018-01-09 At&T Intellectual Property I, L.P. Waveguide system for slot radiating first electromagnetic waves that are combined into a non-fundamental wave mode second electromagnetic wave on a transmission medium
US9847566B2 (en) 2015-07-14 2017-12-19 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a field of a signal to mitigate interference
US9722318B2 (en) 2015-07-14 2017-08-01 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10148016B2 (en) 2015-07-14 2018-12-04 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array
US10341142B2 (en) 2015-07-14 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an uninsulated conductor
US10170840B2 (en) 2015-07-14 2019-01-01 At&T Intellectual Property I, L.P. Apparatus and methods for sending or receiving electromagnetic signals
US10044409B2 (en) 2015-07-14 2018-08-07 At&T Intellectual Property I, L.P. Transmission medium and methods for use therewith
US10033107B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10205655B2 (en) 2015-07-14 2019-02-12 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array and multiple communication paths
US10033108B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave having a wave mode that mitigates interference
US9853342B2 (en) 2015-07-14 2017-12-26 At&T Intellectual Property I, L.P. Dielectric transmission medium connector and methods for use therewith
US9628116B2 (en) 2015-07-14 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and methods for transmitting wireless signals
US9882257B2 (en) 2015-07-14 2018-01-30 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US10320586B2 (en) 2015-07-14 2019-06-11 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an insulated transmission medium
US9836957B2 (en) 2015-07-14 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for communicating with premises equipment
US9793951B2 (en) 2015-07-15 2017-10-17 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US10090606B2 (en) 2015-07-15 2018-10-02 At&T Intellectual Property I, L.P. Antenna system with dielectric array and methods for use therewith
US9608740B2 (en) 2015-07-15 2017-03-28 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US11196739B2 (en) * 2015-07-16 2021-12-07 Avaya Inc. Authorization activation
US9871283B2 (en) 2015-07-23 2018-01-16 At&T Intellectual Property I, Lp Transmission medium having a dielectric core comprised of plural members connected by a ball and socket configuration
US9948333B2 (en) 2015-07-23 2018-04-17 At&T Intellectual Property I, L.P. Method and apparatus for wireless communications to mitigate interference
US9912027B2 (en) 2015-07-23 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for exchanging communication signals
US10784670B2 (en) 2015-07-23 2020-09-22 At&T Intellectual Property I, L.P. Antenna support for aligning an antenna
US9749053B2 (en) 2015-07-23 2017-08-29 At&T Intellectual Property I, L.P. Node device, repeater and methods for use therewith
US9735833B2 (en) 2015-07-31 2017-08-15 At&T Intellectual Property I, L.P. Method and apparatus for communications management in a neighborhood network
US10020587B2 (en) 2015-07-31 2018-07-10 At&T Intellectual Property I, L.P. Radial antenna and methods for use therewith
US9967173B2 (en) 2015-07-31 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9807198B2 (en) 2015-08-20 2017-10-31 Google Inc. Methods and systems of identifying a device using strong component conflict detection
US9904535B2 (en) 2015-09-14 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for distributing software
US10079661B2 (en) 2015-09-16 2018-09-18 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having a clock reference
US10009063B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an out-of-band reference signal
US10051629B2 (en) 2015-09-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an in-band reference signal
US9705571B2 (en) 2015-09-16 2017-07-11 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system
US10009901B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method, apparatus, and computer-readable storage medium for managing utilization of wireless resources between base stations
US10136434B2 (en) 2015-09-16 2018-11-20 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an ultra-wideband control channel
CN108137265B (zh) 2015-09-21 2020-08-14 通力股份公司 应用程序编程接口管理器
US9769128B2 (en) 2015-09-28 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for encryption of communications over a network
US9729197B2 (en) 2015-10-01 2017-08-08 At&T Intellectual Property I, L.P. Method and apparatus for communicating network management traffic over a network
US9876264B2 (en) 2015-10-02 2018-01-23 At&T Intellectual Property I, Lp Communication system, guided wave switch and methods for use therewith
US9882277B2 (en) 2015-10-02 2018-01-30 At&T Intellectual Property I, Lp Communication device and antenna assembly with actuated gimbal mount
US10074890B2 (en) 2015-10-02 2018-09-11 At&T Intellectual Property I, L.P. Communication device and antenna with integrated light assembly
US10051483B2 (en) 2015-10-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for directing wireless signals
US10665942B2 (en) 2015-10-16 2020-05-26 At&T Intellectual Property I, L.P. Method and apparatus for adjusting wireless communications
US10355367B2 (en) 2015-10-16 2019-07-16 At&T Intellectual Property I, L.P. Antenna structure for exchanging wireless signals
US11593075B2 (en) 2015-11-03 2023-02-28 Open Text Sa Ulc Streamlined fast and efficient application building and customization systems and methods
US10757064B2 (en) * 2015-11-04 2020-08-25 Oracle International Corporation Communication interface for handling multiple operations
US10546058B2 (en) * 2015-11-09 2020-01-28 Microsoft Technology Licensing, Llc Creating and modifying applications from a mobile device
US10749854B2 (en) * 2015-11-12 2020-08-18 Microsoft Technology Licensing, Llc Single sign-on identity management between local and remote systems
WO2017091709A1 (en) * 2015-11-25 2017-06-01 Akamai Technologies, Inc. Uniquely identifying and securely communicating with an appliance in an uncontrolled network
US10050953B2 (en) * 2015-11-30 2018-08-14 Microsoft Technology Licensing, Llc Extending a federated graph with third-party data and metadata
CN105812350B (zh) * 2016-02-03 2020-05-19 北京中搜云商网络技术有限公司 一种跨平台单点登录系统
US11388037B2 (en) * 2016-02-25 2022-07-12 Open Text Sa Ulc Systems and methods for providing managed services
KR102427276B1 (ko) 2016-03-28 2022-07-29 오라클 인터내셔날 코포레이션 모바일 클라우드 서비스에 대한 미리-형성된 명령어들
US11128734B2 (en) * 2016-05-10 2021-09-21 Veniam, Inc. Configuring a communication system using analytics of a restful API in a network of moving things
US10673838B2 (en) * 2016-05-13 2020-06-02 MobileIron, Inc. Unified VPN and identity based authentication to cloud-based services
US10567302B2 (en) * 2016-06-01 2020-02-18 At&T Intellectual Property I, L.P. Enterprise business mobile dashboard
US10102524B2 (en) 2016-06-03 2018-10-16 U.S. Bancorp, National Association Access control and mobile security app
SG11201810477PA (en) 2016-06-06 2018-12-28 Illumina Inc Tenant-aware distributed application authentication
US9912419B1 (en) 2016-08-24 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for managing a fault in a distributed antenna system
US9860075B1 (en) 2016-08-26 2018-01-02 At&T Intellectual Property I, L.P. Method and communication node for broadband distribution
US10484382B2 (en) 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10334434B2 (en) 2016-09-08 2019-06-25 Vmware, Inc. Phone factor authentication
US10291311B2 (en) 2016-09-09 2019-05-14 At&T Intellectual Property I, L.P. Method and apparatus for mitigating a fault in a distributed antenna system
US10594684B2 (en) 2016-09-14 2020-03-17 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
EP3528454B1 (en) * 2016-09-14 2020-08-26 Oracle International Corporation Single sign-on and single logout functionality for a multi-tenant identity and data security management cloud service
US11032819B2 (en) 2016-09-15 2021-06-08 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having a control channel reference signal
US10445395B2 (en) 2016-09-16 2019-10-15 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10340600B2 (en) 2016-10-18 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via plural waveguide systems
US10135146B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via circuits
US10135147B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via an antenna
US10811767B2 (en) 2016-10-21 2020-10-20 At&T Intellectual Property I, L.P. System and dielectric antenna with convex dielectric radome
US10374316B2 (en) 2016-10-21 2019-08-06 At&T Intellectual Property I, L.P. System and dielectric antenna with non-uniform dielectric
US9991580B2 (en) 2016-10-21 2018-06-05 At&T Intellectual Property I, L.P. Launcher and coupling system for guided wave mode cancellation
US9876605B1 (en) 2016-10-21 2018-01-23 At&T Intellectual Property I, L.P. Launcher and coupling system to support desired guided wave mode
US10312567B2 (en) 2016-10-26 2019-06-04 At&T Intellectual Property I, L.P. Launcher with planar strip antenna and methods for use therewith
US10291334B2 (en) 2016-11-03 2019-05-14 At&T Intellectual Property I, L.P. System for detecting a fault in a communication system
US10224634B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Methods and apparatus for adjusting an operational characteristic of an antenna
US10498044B2 (en) 2016-11-03 2019-12-03 At&T Intellectual Property I, L.P. Apparatus for configuring a surface of an antenna
US10225025B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Method and apparatus for detecting a fault in a communication system
US10340601B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Multi-antenna system and methods for use therewith
US10535928B2 (en) 2016-11-23 2020-01-14 At&T Intellectual Property I, L.P. Antenna system and methods for use therewith
US10178445B2 (en) 2016-11-23 2019-01-08 At&T Intellectual Property I, L.P. Methods, devices, and systems for load balancing between a plurality of waveguides
US10340603B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Antenna system having shielded structural configurations for assembly
US10090594B2 (en) 2016-11-23 2018-10-02 At&T Intellectual Property I, L.P. Antenna system having structural configurations for assembly
US10305190B2 (en) 2016-12-01 2019-05-28 At&T Intellectual Property I, L.P. Reflecting dielectric antenna system and methods for use therewith
US10361489B2 (en) 2016-12-01 2019-07-23 At&T Intellectual Property I, L.P. Dielectric dish antenna system and methods for use therewith
US10694379B2 (en) 2016-12-06 2020-06-23 At&T Intellectual Property I, L.P. Waveguide system with device-based authentication and methods for use therewith
US10439675B2 (en) 2016-12-06 2019-10-08 At&T Intellectual Property I, L.P. Method and apparatus for repeating guided wave communication signals
US9927517B1 (en) 2016-12-06 2018-03-27 At&T Intellectual Property I, L.P. Apparatus and methods for sensing rainfall
US10135145B2 (en) 2016-12-06 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave along a transmission medium
US10326494B2 (en) 2016-12-06 2019-06-18 At&T Intellectual Property I, L.P. Apparatus for measurement de-embedding and methods for use therewith
US10727599B2 (en) 2016-12-06 2020-07-28 At&T Intellectual Property I, L.P. Launcher with slot antenna and methods for use therewith
US10020844B2 (en) 2016-12-06 2018-07-10 T&T Intellectual Property I, L.P. Method and apparatus for broadcast communication via guided waves
US10637149B2 (en) 2016-12-06 2020-04-28 At&T Intellectual Property I, L.P. Injection molded dielectric antenna and methods for use therewith
US10819035B2 (en) 2016-12-06 2020-10-27 At&T Intellectual Property I, L.P. Launcher with helical antenna and methods for use therewith
US10755542B2 (en) 2016-12-06 2020-08-25 At&T Intellectual Property I, L.P. Method and apparatus for surveillance via guided wave communication
US10382976B2 (en) 2016-12-06 2019-08-13 At&T Intellectual Property I, L.P. Method and apparatus for managing wireless communications based on communication paths and network device positions
US10139820B2 (en) 2016-12-07 2018-11-27 At&T Intellectual Property I, L.P. Method and apparatus for deploying equipment of a communication system
US10168695B2 (en) 2016-12-07 2019-01-01 At&T Intellectual Property I, L.P. Method and apparatus for controlling an unmanned aircraft
US10547348B2 (en) 2016-12-07 2020-01-28 At&T Intellectual Property I, L.P. Method and apparatus for switching transmission mediums in a communication system
US10359749B2 (en) 2016-12-07 2019-07-23 At&T Intellectual Property I, L.P. Method and apparatus for utilities management via guided wave communication
US10389029B2 (en) 2016-12-07 2019-08-20 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system with core selection and methods for use therewith
US10027397B2 (en) 2016-12-07 2018-07-17 At&T Intellectual Property I, L.P. Distributed antenna system and methods for use therewith
US9893795B1 (en) 2016-12-07 2018-02-13 At&T Intellectual Property I, Lp Method and repeater for broadband distribution
US10243270B2 (en) 2016-12-07 2019-03-26 At&T Intellectual Property I, L.P. Beam adaptive multi-feed dielectric antenna system and methods for use therewith
US10446936B2 (en) 2016-12-07 2019-10-15 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system and methods for use therewith
US10916969B2 (en) 2016-12-08 2021-02-09 At&T Intellectual Property I, L.P. Method and apparatus for providing power using an inductive coupling
US9998870B1 (en) 2016-12-08 2018-06-12 At&T Intellectual Property I, L.P. Method and apparatus for proximity sensing
US10326689B2 (en) 2016-12-08 2019-06-18 At&T Intellectual Property I, L.P. Method and system for providing alternative communication paths
US9911020B1 (en) 2016-12-08 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for tracking via a radio frequency identification device
US10103422B2 (en) 2016-12-08 2018-10-16 At&T Intellectual Property I, L.P. Method and apparatus for mounting network devices
US10389037B2 (en) 2016-12-08 2019-08-20 At&T Intellectual Property I, L.P. Apparatus and methods for selecting sections of an antenna array and use therewith
US10777873B2 (en) 2016-12-08 2020-09-15 At&T Intellectual Property I, L.P. Method and apparatus for mounting network devices
US10601494B2 (en) 2016-12-08 2020-03-24 At&T Intellectual Property I, L.P. Dual-band communication device and method for use therewith
US10938108B2 (en) 2016-12-08 2021-03-02 At&T Intellectual Property I, L.P. Frequency selective multi-feed dielectric antenna system and methods for use therewith
US10069535B2 (en) 2016-12-08 2018-09-04 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves having a certain electric field structure
US10530505B2 (en) 2016-12-08 2020-01-07 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves along a transmission medium
US10411356B2 (en) 2016-12-08 2019-09-10 At&T Intellectual Property I, L.P. Apparatus and methods for selectively targeting communication devices with an antenna array
US10264586B2 (en) 2016-12-09 2019-04-16 At&T Mobility Ii Llc Cloud-based packet controller and methods for use therewith
US9838896B1 (en) 2016-12-09 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for assessing network coverage
US10340983B2 (en) 2016-12-09 2019-07-02 At&T Intellectual Property I, L.P. Method and apparatus for surveying remote sites via guided wave communications
US10419410B2 (en) 2016-12-15 2019-09-17 Seagate Technology Llc Automatic generation of unique identifiers for distributed directory management users
CN108322416B (zh) * 2017-01-16 2022-04-15 腾讯科技(深圳)有限公司 一种安全认证实现方法、装置及系统
US10581825B2 (en) 2017-01-27 2020-03-03 Equifax Inc. Integrating sensitive data from a data provider into instances of third-party applications executed on user devices
US20180232262A1 (en) * 2017-02-15 2018-08-16 Ca, Inc. Mapping heterogeneous application-program interfaces to a database
US9973940B1 (en) 2017-02-27 2018-05-15 At&T Intellectual Property I, L.P. Apparatus and methods for dynamic impedance matching of a guided wave launcher
US10298293B2 (en) 2017-03-13 2019-05-21 At&T Intellectual Property I, L.P. Apparatus of communication utilizing wireless network devices
US11012441B2 (en) * 2017-06-30 2021-05-18 Open Text Corporation Hybrid authentication systems and methods
CN113328861B (zh) * 2017-08-23 2022-11-01 重庆京像微电子有限公司 权限的验证方法、装置和系统
WO2019060758A1 (en) 2017-09-22 2019-03-28 Intel Corporation DEVICE MANAGEMENT SERVICES BASED ON NON-REST MESSAGING
US10496810B2 (en) * 2017-09-26 2019-12-03 Google Llc Methods and systems of performing preemptive generation of second factor authentication
US10831789B2 (en) 2017-09-27 2020-11-10 Oracle International Corporation Reference attribute query processing for a multi-tenant cloud service
US10412113B2 (en) 2017-12-08 2019-09-10 Duo Security, Inc. Systems and methods for intelligently configuring computer security
CN108289101B (zh) * 2018-01-25 2021-02-12 中企动力科技股份有限公司 信息处理方法及装置
US10607021B2 (en) 2018-01-26 2020-03-31 Bank Of America Corporation Monitoring usage of an application to identify characteristics and trigger security control
US10715564B2 (en) 2018-01-29 2020-07-14 Oracle International Corporation Dynamic client registration for an identity cloud service
KR102396255B1 (ko) * 2018-05-03 2022-05-10 손영욱 클라우드 기반 인공지능 음성인식을 이용한 맞춤형 스마트팩토리 생산관리 통합 서비스 제공 방법
US11568039B2 (en) * 2018-06-03 2023-01-31 Apple Inc. Credential manager integration
WO2020002764A1 (en) * 2018-06-29 2020-01-02 Nokia Technologies Oy Security management for service access in a communication system
US10904238B2 (en) * 2018-07-13 2021-01-26 Sap Se Access token management for state preservation and reuse
US20200045037A1 (en) * 2018-07-31 2020-02-06 Salesforce.Com, Inc. Token store service for platform authentication
CN109194683A (zh) * 2018-09-30 2019-01-11 北京金山云网络技术有限公司 登陆信息处理方法、装置及客户端
US11140169B1 (en) * 2018-10-31 2021-10-05 Workday, Inc. Cloud platform access system
US11005891B2 (en) * 2018-11-12 2021-05-11 Citrix Systems, Inc. Systems and methods for live SaaS objects
US11658962B2 (en) 2018-12-07 2023-05-23 Cisco Technology, Inc. Systems and methods of push-based verification of a transaction
US12032674B2 (en) 2018-12-31 2024-07-09 Thales Dis France Sas Method and system for managing access to a service
US11792226B2 (en) 2019-02-25 2023-10-17 Oracle International Corporation Automatic api document generation from scim metadata
US11423111B2 (en) 2019-02-25 2022-08-23 Oracle International Corporation Client API for rest based endpoints for a multi-tenant identify cloud service
CN110008668B (zh) * 2019-03-21 2023-09-19 北京小米移动软件有限公司 一种数据处理方法、装置及存储介质
CZ308358B6 (cs) * 2019-04-08 2020-06-17 Aducid S.R.O. Způsob autentizace uživatele ke spoléhající straně v systému federace elektronické identity
CN110213229B (zh) * 2019-04-25 2021-09-14 平安科技(深圳)有限公司 身份认证方法、系统、计算机设备及存储介质
US11190514B2 (en) * 2019-06-17 2021-11-30 Microsoft Technology Licensing, Llc Client-server security enhancement using information accessed from access tokens
US11687378B2 (en) 2019-09-13 2023-06-27 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability
US11870770B2 (en) 2019-09-13 2024-01-09 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration
CN110753044A (zh) * 2019-10-12 2020-02-04 山东英信计算机技术有限公司 一种身份认证方法、系统、电子设备及存储介质
CN113114638A (zh) * 2021-03-26 2021-07-13 湖南和信安华区块链科技有限公司 联盟链的访问和验证方法及系统
WO2023012808A1 (en) * 2021-08-04 2023-02-09 SRINIVAS RAJGOPAL, Anasapurapu A system and method for managing digital identity of a user in a digital ecosystem
US12231430B2 (en) * 2021-10-27 2025-02-18 Microsoft Technology Licensing, Llc Cloud service artifact tokens
CN116055151A (zh) * 2022-12-31 2023-05-02 鼎道智联(北京)科技有限公司 业务权限令牌获取方法、系统、电子设备及存储介质

Citations (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040010682A1 (en) * 2002-07-10 2004-01-15 Foster Ward Scott Secure resource access in a distributed environment
US20050039008A1 (en) * 2003-08-05 2005-02-17 Gaurav Bhatia Method and apparatus for end-to-end identity propagation
US20060031683A1 (en) * 2004-06-25 2006-02-09 Accenture Global Services Gmbh Single sign-on with common access card
US20060075475A1 (en) * 2004-10-01 2006-04-06 Grand Central Communications, Inc. Application identity design
US20060075224A1 (en) * 2004-09-24 2006-04-06 David Tao System for activating multiple applications for concurrent operation
US20060294196A1 (en) * 2005-06-27 2006-12-28 Elie Feirouz Method and system for storing a web browser application session cookie from another client application program
US20070050845A1 (en) * 2005-08-31 2007-03-01 Das Tapas K Fortified authentication on multiple computers using collaborative agents
US20070204167A1 (en) * 2006-02-28 2007-08-30 Aladdin Knowledge Systems Ltd. Method for serving a plurality of applications by a security token
US20070226785A1 (en) * 2006-03-23 2007-09-27 Microsoft Corporation Multiple Security Token Transactions
US20080033954A1 (en) * 2006-08-07 2008-02-07 Brooks David A Method and system for securing application information in system-wide search engines
US20080059804A1 (en) * 2006-08-22 2008-03-06 Interdigital Technology Corporation Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US7500262B1 (en) * 2002-04-29 2009-03-03 Aol Llc Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US20090217367A1 (en) * 2008-02-25 2009-08-27 Norman James M Sso in volatile session or shared environment
US20090235349A1 (en) * 2008-03-12 2009-09-17 Intuit Inc. Method and apparatus for securely invoking a rest api
US20090328207A1 (en) * 2008-06-30 2009-12-31 Amol Patel Verification of software application authenticity
US20100223471A1 (en) * 2009-02-27 2010-09-02 Research In Motion Limited Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices
US20100274910A1 (en) * 2009-04-24 2010-10-28 Microsoft Corporation Hosted application sandbox model
US20100306547A1 (en) * 2009-05-28 2010-12-02 Fallows John R System and methods for providing stateless security management for web applications using non-http communications protocols
US20110202988A1 (en) * 2010-02-17 2011-08-18 Nokia Corporation Method and apparatus for providing an authentication context-based session
US20110231921A1 (en) * 2010-03-18 2011-09-22 Microsoft Corporation Pluggable token provider model to implement authentication across multiple web services
US20110264913A1 (en) * 2010-04-13 2011-10-27 Pekka Nikander Method and apparatus for interworking with single sign-on authentication architecture
US20110277016A1 (en) * 2010-05-05 2011-11-10 International Business Machines Corporation Method for managing shared accounts in an identity management system
US20120023556A1 (en) * 2010-07-23 2012-01-26 Verizon Patent And Licensing Inc. Identity management and single sign-on in a heterogeneous composite service scenario
US20120036563A1 (en) * 2010-08-04 2012-02-09 At&T Mobility Ii Llc Systems, devices, methods and computer program products for establishing network connections between service providers and applications that run natively on devices
US20120054625A1 (en) * 2010-08-30 2012-03-01 Vmware, Inc. Unified workspace for thin, remote, and saas applications
US20120079569A1 (en) * 2010-09-24 2012-03-29 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
US20120151568A1 (en) * 2010-12-13 2012-06-14 International Business Machines Corporation Method and system for authenticating a rich client to a web or cloud application
US20120154341A1 (en) * 2010-12-15 2012-06-21 Research In Motion Limited Communication device
US8281149B2 (en) * 2009-06-23 2012-10-02 Google Inc. Privacy-preserving flexible anonymous-pseudonymous access
US20120254957A1 (en) * 2011-03-28 2012-10-04 International Business Machines Corporation User impersonation/delegation in a token-based authentication system
US20120284786A1 (en) * 2011-05-05 2012-11-08 Visto Corporation System and method for providing access credentials
US20120290478A1 (en) * 2011-05-13 2012-11-15 American Express Travel Related Services Company, Inc. Cloud enabled payment processing system and method
US20130024919A1 (en) * 2011-07-21 2013-01-24 Microsoft Corporation Cloud service authentication
US20130055243A1 (en) * 2011-08-24 2013-02-28 Dell Products, Lp Unified Management Architecture to Support Multiple Platform-as-a-Service Workloads
US20130125226A1 (en) * 2011-04-28 2013-05-16 Interdigital Patent Holdings, Inc. Sso framework for multiple sso technologies
US20130174241A1 (en) * 2011-06-28 2013-07-04 Interdigital Patent Holdings, Inc. Automated negotiation and selection of authentication protocols
US8533796B1 (en) * 2011-03-16 2013-09-10 Google Inc. Providing application programs with access to secured resources
US20150019944A1 (en) * 2011-07-05 2015-01-15 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems

Family Cites Families (88)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092204A (en) 1996-10-01 2000-07-18 At&T Corp Filtering for public databases with naming ambiguities
US7290288B2 (en) 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US6516416B2 (en) 1997-06-11 2003-02-04 Prism Resources Subscription access system for use with an untrusted network
US6092196A (en) 1997-11-25 2000-07-18 Nortel Networks Limited HTTP distributed remote user authentication system
US6529948B1 (en) * 1999-08-31 2003-03-04 Accenture Llp Multi-object fetch component
US6438594B1 (en) * 1999-08-31 2002-08-20 Accenture Llp Delivering service to a client via a locally addressable interface
AU7740300A (en) * 1999-10-01 2001-05-10 Andersen Consulting Llp Data management for netcentric computing systems
WO2001072009A2 (en) * 2000-03-17 2001-09-27 At & T Corp. Web-based single-sign-on authentication mechanism
JP2002041467A (ja) 2000-07-25 2002-02-08 Mitsubishi Electric Corp 証明書アクセスシステム
US7069433B1 (en) 2001-02-20 2006-06-27 At&T Corp. Mobile host using a virtual single account client and server system for network access and management
JP2003316743A (ja) 2002-04-24 2003-11-07 Nippon Telegr & Teleph Corp <Ntt> ネットワークアクセス方法およびクライアント
CN100437551C (zh) 2003-10-28 2008-11-26 联想(新加坡)私人有限公司 使多个用户设备自动登录的方法和设备
US7721329B2 (en) * 2003-11-18 2010-05-18 Aol Inc. Method and apparatus for trust-based, fine-grained rate limiting of network requests
US20050124320A1 (en) 2003-12-09 2005-06-09 Johannes Ernst System and method for the light-weight management of identity and related information
US20080288889A1 (en) * 2004-02-20 2008-11-20 Herbert Dennis Hunt Data visualization application
JP2006221506A (ja) * 2005-02-14 2006-08-24 Hitachi Software Eng Co Ltd ユーザパスワード認証システムにおける権限委譲方法
US7631346B2 (en) 2005-04-01 2009-12-08 International Business Machines Corporation Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
US20080171541A1 (en) 2005-05-06 2008-07-17 Telefonaktiebolaget Lm Ericsson (Publ) Arrangements in Ip Multimedia Subsystem (Ims)
WO2007001275A1 (en) 2005-06-22 2007-01-04 Thomson Licensing Multicast downloading using path information
US8219814B2 (en) 2005-06-30 2012-07-10 Psion Teklogix Inc. System and method of user credential management
JP4821192B2 (ja) 2005-07-06 2011-11-24 大日本印刷株式会社 計算機ホログラム光学素子
US8150416B2 (en) 2005-08-08 2012-04-03 Jambo Networks, Inc. System and method for providing communication services to mobile device users incorporating proximity determination
US20070055703A1 (en) 2005-09-07 2007-03-08 Eyal Zimran Namespace server using referral protocols
US20070156594A1 (en) * 2006-01-03 2007-07-05 Mcgucken Elliot System and method for allowing creators, artsists, and owners to protect and profit from content
US8327428B2 (en) * 2006-11-30 2012-12-04 Microsoft Corporation Authenticating linked accounts
US20080270363A1 (en) * 2007-01-26 2008-10-30 Herbert Dennis Hunt Cluster processing of a core information matrix
US10621203B2 (en) * 2007-01-26 2020-04-14 Information Resources, Inc. Cross-category view of a dataset using an analytic platform
US20080294996A1 (en) * 2007-01-31 2008-11-27 Herbert Dennis Hunt Customized retailer portal within an analytic platform
US8817990B2 (en) * 2007-03-01 2014-08-26 Toshiba America Research, Inc. Kerberized handover keying improvements
US8041743B2 (en) 2007-04-17 2011-10-18 Semandex Networks, Inc. Systems and methods for providing semantically enhanced identity management
US9800614B2 (en) * 2007-05-23 2017-10-24 International Business Machines Corporation Method and system for global logoff from a web-based point of contact server
US7992197B2 (en) 2007-10-29 2011-08-02 Yahoo! Inc. Mobile authentication framework
CN101207482B (zh) 2007-12-13 2010-07-21 深圳市戴文科技有限公司 一种实现单点登录的方法及系统
US8621561B2 (en) 2008-01-04 2013-12-31 Microsoft Corporation Selective authorization based on authentication input attributes
CA2632793A1 (en) * 2008-04-01 2009-10-01 Allone Health Group, Inc. Information server and mobile delivery system and method
CN101277193A (zh) * 2008-05-05 2008-10-01 北京航空航天大学 基于面向服务架构认证服务代理的信息门户单点登录和访问系统
US8364659B2 (en) 2008-05-14 2013-01-29 Enpulz, L.L.C. Network server employing client favorites information and profiling
US8141140B2 (en) * 2008-05-23 2012-03-20 Hsbc Technologies Inc. Methods and systems for single sign on with dynamic authentication levels
US9271129B2 (en) * 2008-08-05 2016-02-23 HeyWire, Inc. Mobile messaging hub enabling enterprise office telephone numbers
US20100095372A1 (en) * 2008-10-09 2010-04-15 Novell, Inc. Trusted relying party proxy for information card tokens
US9781148B2 (en) * 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US8281379B2 (en) * 2008-11-13 2012-10-02 Vasco Data Security, Inc. Method and system for providing a federated authentication service with gradual expiration of credentials
US20100146394A1 (en) * 2008-12-04 2010-06-10 Morris Robert P Methods, Systems, And Computer Program Products For Browsing Using A Geospatial Map Metaphor
US8296828B2 (en) * 2008-12-16 2012-10-23 Microsoft Corporation Transforming claim based identities to credential based identities
US20100162124A1 (en) 2008-12-19 2010-06-24 Morris Robert P Methods, Systems, And Computer Program Products For Presenting A Map In Correspondence With A Presented Resource
US20100169952A1 (en) * 2008-12-30 2010-07-01 Jussi Maki Method, apparatus and computer program product for providing an adaptive authentication session validity time
US8255984B1 (en) * 2009-07-01 2012-08-28 Quest Software, Inc. Single sign-on system for shared resource environments
US8296567B2 (en) 2009-07-15 2012-10-23 Research In Motion Limited System and method for exchanging key generation parameters for secure communications
US9049182B2 (en) 2009-08-11 2015-06-02 Novell, Inc. Techniques for virtual representational state transfer (REST) interfaces
EP2497224A4 (en) * 2009-11-06 2014-01-29 Ericsson Telefon Ab L M SYSTEM AND METHOD FOR COMMUNICATING WEB APPLICATIONS
US8984588B2 (en) 2010-02-19 2015-03-17 Nokia Corporation Method and apparatus for identity federation gateway
US8620305B2 (en) 2010-06-23 2013-12-31 Salesforce.Com, Inc. Methods and systems for a mobile device testing framework
US8984034B2 (en) 2010-09-28 2015-03-17 Schneider Electric USA, Inc. Calculation engine and calculation providers
US20120174196A1 (en) 2010-12-30 2012-07-05 Suresh Bhogavilli Active validation for ddos and ssl ddos attacks
CN102111410B (zh) * 2011-01-13 2013-07-03 中国科学院软件研究所 一种基于代理的单点登录方法及系统
US8347322B1 (en) * 2011-03-31 2013-01-01 Zynga Inc. Social network application programming interface
US8521838B2 (en) 2011-07-28 2013-08-27 Sap Ag Managing consistent interfaces for communication system and object identifier mapping business objects across heterogeneous systems
US9578014B2 (en) * 2011-09-29 2017-02-21 Oracle International Corporation Service profile-specific token attributes and resource server token attribute overriding
US20130086669A1 (en) 2011-09-29 2013-04-04 Oracle International Corporation Mobile application, single sign-on management
US8844013B2 (en) * 2011-10-04 2014-09-23 Salesforce.Com, Inc. Providing third party authentication in an on-demand service environment
US8863126B2 (en) * 2011-12-29 2014-10-14 Oracle International Corporation Java virtual machine embedded in a native mobile application
US9774581B2 (en) * 2012-01-20 2017-09-26 Interdigital Patent Holdings, Inc. Identity management with local functionality
US20140089661A1 (en) 2012-09-25 2014-03-27 Securly, Inc. System and method for securing network traffic
JP6066647B2 (ja) * 2012-09-27 2017-01-25 キヤノン株式会社 デバイス装置、その制御方法、およびそのプログラム
JP6057666B2 (ja) * 2012-10-25 2017-01-11 キヤノン株式会社 画像形成装置、情報処理方法及びプログラム
US9148285B2 (en) * 2013-01-21 2015-09-29 International Business Machines Corporation Controlling exposure of sensitive data and operation using process bound security tokens in cloud computing environment
CN105659558B (zh) * 2013-09-20 2018-08-31 甲骨文国际公司 计算机实现的方法、授权服务器以及计算机可读存储器
US9225682B2 (en) * 2013-10-03 2015-12-29 Cisco Technology, Inc. System and method for a facet security framework
JP2015075902A (ja) * 2013-10-08 2015-04-20 キヤノン株式会社 画像形成装置、その制御方法とプログラム
US9794357B2 (en) * 2013-10-23 2017-10-17 Cision Us Inc. Web browser tracking
US9276933B2 (en) * 2013-12-20 2016-03-01 Sharp Laboratories Of America, Inc. Security token caching in centralized authentication systems
US20150312715A1 (en) * 2014-04-23 2015-10-29 Lapdoog Oy Arrangement and method for location based content provision
US20150333909A1 (en) * 2014-05-15 2015-11-19 Ricoh Company, Ltd. Information processing system and information processing method
US9654581B2 (en) * 2014-05-30 2017-05-16 Apple Inc. Proxied push
US10057354B2 (en) 2014-05-30 2018-08-21 Genesys Telecommunications Laboratories, Inc. System and method for single logout of applications
US9531714B2 (en) * 2014-06-27 2016-12-27 Citrix Systems, Inc. Enterprise authentication via third party authentication support
US20160014077A1 (en) * 2014-07-10 2016-01-14 Aorato Ltd. System, Method and Process for Mitigating Advanced and Targeted Attacks with Authentication Error Injection
US9847990B1 (en) * 2014-07-18 2017-12-19 Google Inc. Determining, by a remote system, applications provided on a device based on association with a common identifier
US9401912B2 (en) * 2014-10-13 2016-07-26 Netiq Corporation Late binding authentication
US9578015B2 (en) * 2014-10-31 2017-02-21 Vmware, Inc. Step-up authentication for single sign-on
US9544311B2 (en) * 2014-11-14 2017-01-10 Sap Se Secure identity propagation in a cloud-based computing environment
US9722873B2 (en) * 2014-12-04 2017-08-01 Microsoft Technology Licensing, Llc Zero-downtime, reversible, client-driven service migration
US10171447B2 (en) * 2015-06-15 2019-01-01 Airwatch Llc Single sign-on for unmanaged mobile devices
EP3112549A1 (fr) 2015-07-01 2017-01-04 KEOKI Company SA Panneau de construction destiné à la réalisation de parois chauffantes et/ou refroidissantes de bâtiments
US9674200B2 (en) * 2015-07-14 2017-06-06 Mastercard International Incorporated Identity federation and token translation module for use with a web application
US10198279B2 (en) * 2015-10-22 2019-02-05 Oracle International Corporation Thread synchronization for platform neutrality
JP6682254B2 (ja) * 2015-12-08 2020-04-15 キヤノン株式会社 認証連携システム及び認証連携方法、認可サーバー及びプログラム
US10778684B2 (en) * 2017-04-07 2020-09-15 Citrix Systems, Inc. Systems and methods for securely and transparently proxying SAAS applications through a cloud-hosted or on-premise network gateway for enhanced security and visibility

Patent Citations (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7500262B1 (en) * 2002-04-29 2009-03-03 Aol Llc Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US8832787B1 (en) * 2002-04-29 2014-09-09 Citrix Systems, Inc. Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US20040010682A1 (en) * 2002-07-10 2004-01-15 Foster Ward Scott Secure resource access in a distributed environment
US20050039008A1 (en) * 2003-08-05 2005-02-17 Gaurav Bhatia Method and apparatus for end-to-end identity propagation
US20060031683A1 (en) * 2004-06-25 2006-02-09 Accenture Global Services Gmbh Single sign-on with common access card
US20060075224A1 (en) * 2004-09-24 2006-04-06 David Tao System for activating multiple applications for concurrent operation
US20060075475A1 (en) * 2004-10-01 2006-04-06 Grand Central Communications, Inc. Application identity design
US20060294196A1 (en) * 2005-06-27 2006-12-28 Elie Feirouz Method and system for storing a web browser application session cookie from another client application program
US20070050845A1 (en) * 2005-08-31 2007-03-01 Das Tapas K Fortified authentication on multiple computers using collaborative agents
US20070204167A1 (en) * 2006-02-28 2007-08-30 Aladdin Knowledge Systems Ltd. Method for serving a plurality of applications by a security token
US8225385B2 (en) * 2006-03-23 2012-07-17 Microsoft Corporation Multiple security token transactions
US20070226785A1 (en) * 2006-03-23 2007-09-27 Microsoft Corporation Multiple Security Token Transactions
US20080033954A1 (en) * 2006-08-07 2008-02-07 Brooks David A Method and system for securing application information in system-wide search engines
US20080059804A1 (en) * 2006-08-22 2008-03-06 Interdigital Technology Corporation Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US20090217367A1 (en) * 2008-02-25 2009-08-27 Norman James M Sso in volatile session or shared environment
US20090235349A1 (en) * 2008-03-12 2009-09-17 Intuit Inc. Method and apparatus for securely invoking a rest api
US20090328207A1 (en) * 2008-06-30 2009-12-31 Amol Patel Verification of software application authenticity
US20100223471A1 (en) * 2009-02-27 2010-09-02 Research In Motion Limited Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices
US20100274910A1 (en) * 2009-04-24 2010-10-28 Microsoft Corporation Hosted application sandbox model
US20100306547A1 (en) * 2009-05-28 2010-12-02 Fallows John R System and methods for providing stateless security management for web applications using non-http communications protocols
US8281149B2 (en) * 2009-06-23 2012-10-02 Google Inc. Privacy-preserving flexible anonymous-pseudonymous access
US20110202988A1 (en) * 2010-02-17 2011-08-18 Nokia Corporation Method and apparatus for providing an authentication context-based session
US20110231921A1 (en) * 2010-03-18 2011-09-22 Microsoft Corporation Pluggable token provider model to implement authentication across multiple web services
US20110264913A1 (en) * 2010-04-13 2011-10-27 Pekka Nikander Method and apparatus for interworking with single sign-on authentication architecture
US20110277016A1 (en) * 2010-05-05 2011-11-10 International Business Machines Corporation Method for managing shared accounts in an identity management system
US20120023556A1 (en) * 2010-07-23 2012-01-26 Verizon Patent And Licensing Inc. Identity management and single sign-on in a heterogeneous composite service scenario
US20120036563A1 (en) * 2010-08-04 2012-02-09 At&T Mobility Ii Llc Systems, devices, methods and computer program products for establishing network connections between service providers and applications that run natively on devices
US20120054625A1 (en) * 2010-08-30 2012-03-01 Vmware, Inc. Unified workspace for thin, remote, and saas applications
US20120079569A1 (en) * 2010-09-24 2012-03-29 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
US20120151568A1 (en) * 2010-12-13 2012-06-14 International Business Machines Corporation Method and system for authenticating a rich client to a web or cloud application
US20120154341A1 (en) * 2010-12-15 2012-06-21 Research In Motion Limited Communication device
US8533796B1 (en) * 2011-03-16 2013-09-10 Google Inc. Providing application programs with access to secured resources
US20120254957A1 (en) * 2011-03-28 2012-10-04 International Business Machines Corporation User impersonation/delegation in a token-based authentication system
US20130125226A1 (en) * 2011-04-28 2013-05-16 Interdigital Patent Holdings, Inc. Sso framework for multiple sso technologies
US20120284786A1 (en) * 2011-05-05 2012-11-08 Visto Corporation System and method for providing access credentials
US20120290478A1 (en) * 2011-05-13 2012-11-15 American Express Travel Related Services Company, Inc. Cloud enabled payment processing system and method
US20130174241A1 (en) * 2011-06-28 2013-07-04 Interdigital Patent Holdings, Inc. Automated negotiation and selection of authentication protocols
US20150019944A1 (en) * 2011-07-05 2015-01-15 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US20130024919A1 (en) * 2011-07-21 2013-01-24 Microsoft Corporation Cloud service authentication
US20130055243A1 (en) * 2011-08-24 2013-02-28 Dell Products, Lp Unified Management Architecture to Support Multiple Platform-as-a-Service Workloads

Cited By (196)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8881247B2 (en) * 2010-09-24 2014-11-04 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
US10621329B2 (en) * 2011-09-29 2020-04-14 Oracle International Corporation Mobile application, resource management advice
US20150089622A1 (en) * 2011-09-29 2015-03-26 Oracle International Corporation Mobile oauth service
US9578014B2 (en) 2011-09-29 2017-02-21 Oracle International Corporation Service profile-specific token attributes and resource server token attribute overriding
US9197623B2 (en) 2011-09-29 2015-11-24 Oracle International Corporation Multiple resource servers interacting with single OAuth server
US10325089B2 (en) * 2011-09-29 2019-06-18 Oracle International Corporation Mobile application, resource management advice
US9965614B2 (en) * 2011-09-29 2018-05-08 Oracle International Corporation Mobile application, resource management advice
US9699170B2 (en) 2011-09-29 2017-07-04 Oracle International Corporation Bundled authorization requests
US9544294B2 (en) 2011-09-29 2017-01-10 Oracle International Corporation Pluggable authorization policies
US9237145B2 (en) 2011-09-29 2016-01-12 Oracle International Corporation Single sign-on (SSO) for mobile applications
US9531697B2 (en) 2011-09-29 2016-12-27 Oracle International Corporation Configurable adaptive access manager callouts
US9600652B2 (en) 2011-09-29 2017-03-21 Oracle International Corporation Mobile application, identity interface
US9565178B2 (en) 2011-09-29 2017-02-07 Oracle International Corporation Using representational state transfer (REST) for consent management
US9495533B2 (en) 2011-09-29 2016-11-15 Oracle International Corporation Mobile application, identity relationship management
US9081951B2 (en) 2011-09-29 2015-07-14 Oracle International Corporation Mobile application, identity interface
US9350718B2 (en) 2011-09-29 2016-05-24 Oracle International Corporation Using representational state transfer (REST) for consent management
US20130086211A1 (en) * 2011-09-29 2013-04-04 Oracle International Corporation Mobile application, resource management advice
US9374356B2 (en) * 2011-09-29 2016-06-21 Oracle International Corporation Mobile oauth service
US20170053028A1 (en) * 2012-01-03 2017-02-23 Google Inc. Sharing a process in a web client
US10534817B2 (en) * 2012-01-03 2020-01-14 Google Llc Sharing a process in a web client
US9053302B2 (en) 2012-06-08 2015-06-09 Oracle International Corporation Obligation system for enterprise environments
US9058471B2 (en) 2012-06-08 2015-06-16 Oracle International Corporation Authorization system for heterogeneous enterprise environments
US20130340048A1 (en) * 2012-06-18 2013-12-19 Infosys Limited Mobile application management framework
US9674179B2 (en) 2012-06-18 2017-06-06 Google Inc. Pass through service login to application login
US9208298B2 (en) 2012-06-18 2015-12-08 Google Inc. Pass through service login to application login
US9325683B2 (en) * 2012-06-18 2016-04-26 Infosys Limited Mobile application management framework
US9300653B1 (en) 2012-08-20 2016-03-29 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme
US8745718B1 (en) * 2012-08-20 2014-06-03 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme
US20150058960A1 (en) * 2012-08-20 2015-02-26 Jericho Systems Corporation Elevating Trust in User Identity During RESTful Authentication and Authorization
US8893293B1 (en) 2012-08-20 2014-11-18 Jericho Systems Corporation Elevating trust in user identity during RESTful authentication
US9485248B2 (en) * 2012-08-20 2016-11-01 Jericho Systems Corporation Elevating trust in user identity during RESTful authentication and authorization
US9069979B2 (en) 2012-09-07 2015-06-30 Oracle International Corporation LDAP-based multi-tenant in-cloud identity management system
US9276942B2 (en) 2012-09-07 2016-03-01 Oracle International Corporation Multi-tenancy identity management system
US10581867B2 (en) 2012-09-07 2020-03-03 Oracle International Corporation Multi-tenancy identity management system
US9838370B2 (en) 2012-09-07 2017-12-05 Oracle International Corporation Business attribute driven sizing algorithms
US10341171B2 (en) 2012-09-07 2019-07-02 Oracle International Corporation Role-driven notification system including support for collapsing combinations
US9467355B2 (en) 2012-09-07 2016-10-11 Oracle International Corporation Service association model
US10009219B2 (en) 2012-09-07 2018-06-26 Oracle International Corporation Role-driven notification system including support for collapsing combinations
US20150113608A1 (en) * 2012-09-12 2015-04-23 Capital One, Na System and method for providing controlled application programming interface security
US10504164B2 (en) * 2012-09-12 2019-12-10 Oracle International Corporation Self-service account enrollment system
US20140074490A1 (en) * 2012-09-12 2014-03-13 Oracle International Corporation Self-service account enrollment system
US11206247B2 (en) 2012-09-12 2021-12-21 Capital One Services, Llc System and method for providing controlled application programming interface security
US10432598B2 (en) * 2012-09-12 2019-10-01 Capital One Services, Llc System and method for providing controlled application programming interface security
US8769651B2 (en) * 2012-09-19 2014-07-01 Secureauth Corporation Mobile multifactor single-sign-on authentication
US9369457B2 (en) 2012-09-19 2016-06-14 Secureauth Corporation Mobile multifactor single-sign-on authentication
US10148640B2 (en) * 2012-10-01 2018-12-04 Salesforce.Com, Inc. Secured inter-application communication in mobile devices
US8959608B2 (en) * 2012-12-26 2015-02-17 Cellco Partnership Single sign-on for a native application and a web application on a mobile device
US20140181944A1 (en) * 2012-12-26 2014-06-26 Cellco Partnership D/B/A Verizon Wireless Single sign-on for a native application and a web application on a mobile device
US9088564B1 (en) * 2013-02-07 2015-07-21 Intuit Inc. Transitioning a logged-in state from a native application to any associated web resource
US20140250508A1 (en) * 2013-03-04 2014-09-04 Dell Products, Lp System and Method for Creating and Managing Object Credentials for Multiple Applications
US9092601B2 (en) * 2013-03-04 2015-07-28 Dell Products, Lp System and method for creating and managing object credentials for multiple applications
US9686287B2 (en) * 2013-03-15 2017-06-20 Airwatch, Llc Delegating authorization to applications on a client device in a networked environment
US20150195284A1 (en) * 2013-03-15 2015-07-09 Airwatch Llc Delegating authorization to applications on a client device in a networked environment
US8997187B2 (en) 2013-03-15 2015-03-31 Airwatch Llc Delegating authorization to applications on a client device in a networked environment
US10176310B2 (en) * 2013-03-22 2019-01-08 Nok Nok Labs, Inc. System and method for privacy-enhanced data synchronization
US10762181B2 (en) 2013-03-22 2020-09-01 Nok Nok Labs, Inc. System and method for user confirmation of online transactions
US10776464B2 (en) 2013-03-22 2020-09-15 Nok Nok Labs, Inc. System and method for adaptive application of authentication policies
US10706132B2 (en) 2013-03-22 2020-07-07 Nok Nok Labs, Inc. System and method for adaptive user authentication
US11929997B2 (en) 2013-03-22 2024-03-12 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US9898596B2 (en) 2013-03-22 2018-02-20 Nok Nok Labs, Inc. System and method for eye tracking during authentication
US10366218B2 (en) 2013-03-22 2019-07-30 Nok Nok Labs, Inc. System and method for collecting and utilizing client data for risk assessment during authentication
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US10282533B2 (en) 2013-03-22 2019-05-07 Nok Nok Labs, Inc. System and method for eye tracking during authentication
US10268811B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. System and method for delegating trust to a new authenticator
US20140289528A1 (en) * 2013-03-22 2014-09-25 Davit Baghdasaryan System and method for privacy-enhanced data synchronization
US20140298484A1 (en) * 2013-03-26 2014-10-02 Jvl Ventures Llc Systems, methods, and computer program products for managing access control
US9495558B2 (en) * 2013-03-26 2016-11-15 Google Inc. Systems, methods, and computer program products for managing access control
US20140298441A1 (en) * 2013-03-28 2014-10-02 DeNA Co., Ltd. Authentication method, authentication system, and service delivery server
US9548975B2 (en) * 2013-03-28 2017-01-17 DeNA Co., Ltd. Authentication method, authentication system, and service delivery server
US9197408B2 (en) 2013-05-10 2015-11-24 Sap Se Systems and methods for providing a secure data exchange
US9858407B2 (en) 2013-05-24 2018-01-02 Mcafee, Llc Secure automatic authorized access to any application through a third party
CN105308605A (zh) * 2013-05-24 2016-02-03 迈克菲公司 对通过第三方的任意应用的安全自动授权访问
WO2014186882A1 (en) * 2013-05-24 2014-11-27 Passwordbox Inc. Secure automatic authorized access to any application through a third party
US9961077B2 (en) 2013-05-30 2018-05-01 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US9197501B2 (en) 2013-08-09 2015-11-24 Sap Se Zero-step auto-customization of mobile applications
US10785201B2 (en) * 2013-09-11 2020-09-22 Amazon Technologies, Inc. Synchronizing authentication sessions between applications
US9979712B2 (en) * 2013-09-11 2018-05-22 Amazon Technologies, Inc. Synchronizing authentication sessions between applications
US20150341334A1 (en) * 2013-09-11 2015-11-26 Amazon Technologies, Inc. Synchronizing authentication sessions between applications
US20180241734A1 (en) * 2013-09-11 2018-08-23 Amazon Technologies, Inc. Synchronizing authentication sessions between applications
US9450963B2 (en) 2013-09-20 2016-09-20 Oraclle International Corporation Multiple resource servers interacting with single OAuth server
WO2015042349A1 (en) 2013-09-20 2015-03-26 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US9544295B2 (en) 2013-10-14 2017-01-10 Alibaba Group Holding Limited Login method for client application and corresponding server
US9887983B2 (en) 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US10798087B2 (en) 2013-10-29 2020-10-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US9369286B2 (en) 2013-11-27 2016-06-14 Tata Consultancy Services Limited System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
US9584615B2 (en) * 2013-11-27 2017-02-28 Adobe Systems Incorporated Redirecting access requests to an authorized server system for a cloud service
US20150149530A1 (en) * 2013-11-27 2015-05-28 Adobe Systems Incorporated Redirecting Access Requests to an Authorized Server System for a Cloud Service
US20140109194A1 (en) * 2013-12-05 2014-04-17 Sky Socket, Llc Authentication Delegation
US9065819B1 (en) * 2013-12-23 2015-06-23 Cellco Partnership Single sign on (SSO) authorization and authentication for mobile communication devices
US20150180858A1 (en) * 2013-12-23 2015-06-25 Cellco Partnership D/B/A Verizon Wireless Single sign on (sso) authorization and authentication for mobile communication devices
US9258294B2 (en) * 2013-12-31 2016-02-09 Cellco Partnership Remote authentication method with single sign on credentials
US20150188907A1 (en) * 2013-12-31 2015-07-02 Cellco Partnership D/B/A Verizon Wireless Remote authentication method with single sign on credentials
US20150244706A1 (en) * 2014-02-26 2015-08-27 Secureauth Corporation Security object creation, validation, and assertion for single sign on authentication
WO2015130700A1 (en) * 2014-02-26 2015-09-03 Secureauth Corporation Security object creation, validation, and assertion for single sign on authentication
US10404678B2 (en) * 2014-02-26 2019-09-03 Secureauth Corporation Security object creation, validation, and assertion for single sign on authentication
US9577999B1 (en) 2014-05-02 2017-02-21 Nok Nok Labs, Inc. Enhanced security for registration of authentication devices
US10326761B2 (en) 2014-05-02 2019-06-18 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US9654469B1 (en) 2014-05-02 2017-05-16 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
AU2015256293B2 (en) * 2014-05-06 2017-05-04 Okta, Inc. Facilitating single sign-on to software applications
US20150326562A1 (en) * 2014-05-06 2015-11-12 Okta, Inc. Facilitating single sign-on to software applications
WO2015171517A1 (en) * 2014-05-06 2015-11-12 Okta, Inc. Facilitating single sign-on to software applications
US9548976B2 (en) * 2014-05-06 2017-01-17 Okta, Inc. Facilitating single sign-on to software applications
JP2015122049A (ja) * 2014-05-07 2015-07-02 株式会社 ディー・エヌ・エー 所定のサーバに対してログインを要求するログイン要求装置及び方法、並びにこれらに用いられるプログラム
US9760704B2 (en) * 2014-05-23 2017-09-12 Blackberry Limited Security apparatus session sharing
US20150339473A1 (en) * 2014-05-23 2015-11-26 Blackberry Limited Security apparatus session sharing
US10970377B2 (en) 2014-06-16 2021-04-06 Paypal, Inc. Systems and methods for authenticating a user based on a computing device
CN106605246A (zh) * 2014-06-16 2017-04-26 贝宝公司 用于基于计算设备来认证用户的系统与方法
US9858405B2 (en) 2014-06-16 2018-01-02 Paypal, Inc. Systems and methods for authenticating a user based on a computing device
US10311222B2 (en) 2014-06-16 2019-06-04 Paypal, Inc. Systems and methods for authenticating a user based on a computing device
WO2015195180A1 (en) * 2014-06-16 2015-12-23 Ebay Inc. Systems and methods for authenticating a user based on a computing device
US9882892B1 (en) * 2014-06-18 2018-01-30 Intuit Inc. User authorization using intent tokens
US9374361B2 (en) * 2014-07-03 2016-06-21 Verizon Patent And Licensing Inc. Cross-native application authentication application
US10050935B2 (en) * 2014-07-09 2018-08-14 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US9258274B2 (en) * 2014-07-09 2016-02-09 Shape Security, Inc. Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs
US9749131B2 (en) 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US9875347B2 (en) 2014-07-31 2018-01-23 Nok Nok Labs, Inc. System and method for performing authentication using data analytics
US10148630B2 (en) 2014-07-31 2018-12-04 Nok Nok Labs, Inc. System and method for implementing a hosted authentication service
US9729506B2 (en) 2014-08-22 2017-08-08 Shape Security, Inc. Application programming interface wall
US9736154B2 (en) 2014-09-16 2017-08-15 Nok Nok Labs, Inc. System and method for integrating an authentication service within a network architecture
US9800602B2 (en) 2014-09-30 2017-10-24 Shape Security, Inc. Automated hardening of web page content
US9544311B2 (en) * 2014-11-14 2017-01-10 Sap Se Secure identity propagation in a cloud-based computing environment
US20160142408A1 (en) * 2014-11-14 2016-05-19 Martin Raepple Secure identity propagation in a cloud-based computing environment
US9460288B2 (en) 2014-12-08 2016-10-04 Shape Security, Inc. Secure app update server and secure application programming interface (“API”) server
US9609541B2 (en) 2014-12-31 2017-03-28 Motorola Solutions, Inc. Method and apparatus for device collaboration via a hybrid network
CN104683334A (zh) * 2015-02-11 2015-06-03 百度在线网络技术(北京)有限公司 登录数据的处理方法及装置
US11792199B2 (en) 2015-02-27 2023-10-17 Dropbox, Inc. Application-assisted login for a web browser
US10025913B2 (en) 2015-02-27 2018-07-17 Dropbox, Inc. Cross-application authentication on a content management system
US10757107B2 (en) 2015-02-27 2020-08-25 Dropbox, Inc. Application-assisted login for a web browser
US10282522B2 (en) 2015-02-27 2019-05-07 Dropbox, Inc. Cross-application authentication on a content management system
US10917397B2 (en) * 2015-05-12 2021-02-09 Advanced New Technologies Co., Ltd. Establishing a trusted login procedure
US10673834B2 (en) * 2015-05-12 2020-06-02 Alibaba Group Holding Limited Establishing a trusted login procedure
US9225711B1 (en) 2015-05-14 2015-12-29 Fmr Llc Transferring an authenticated session between security contexts
US11388224B2 (en) * 2015-06-12 2022-07-12 Huawei Technologies Co., Ltd. Method for managing user information of application, device, and system
US12120173B2 (en) 2015-06-12 2024-10-15 Huawei Technologies Co., Ltd. Method for managing user information of application, device, and system
US10171448B2 (en) 2015-06-15 2019-01-01 Airwatch Llc Single sign-on for unmanaged mobile devices
US10965664B2 (en) * 2015-06-15 2021-03-30 Airwatch Llc Single sign-on for unmanaged mobile devices
US10812464B2 (en) 2015-06-15 2020-10-20 Airwatch Llc Single sign-on for managed mobile devices
US10944738B2 (en) 2015-06-15 2021-03-09 Airwatch, Llc. Single sign-on for managed mobile devices using kerberos
US9882887B2 (en) 2015-06-15 2018-01-30 Airwatch Llc Single sign-on for managed mobile devices
WO2016205195A1 (en) * 2015-06-15 2016-12-22 Airwatch, Llc Single sign-on for managed mobile devices
US11057364B2 (en) 2015-06-15 2021-07-06 Airwatch Llc Single sign-on for managed mobile devices
US10171447B2 (en) 2015-06-15 2019-01-01 Airwatch Llc Single sign-on for unmanaged mobile devices
US20190141027A1 (en) * 2015-06-15 2019-05-09 Airwatch Llc Single sign-on for unmanaged mobile devices
US12063208B2 (en) 2015-06-15 2024-08-13 Airwatch Llc Single sign-on for unmanaged mobile devices
US10187374B2 (en) 2015-10-29 2019-01-22 Airwatch Llc Multi-factor authentication for managed applications using single sign-on technology
US9866546B2 (en) 2015-10-29 2018-01-09 Airwatch Llc Selectively enabling multi-factor authentication for managed devices
US10432608B2 (en) 2015-10-29 2019-10-01 Airwatch Llc Selectively enabling multi-factor authentication for managed devices
US20180309758A1 (en) * 2016-05-09 2018-10-25 Aetna Inc. Unified authentication software development kit
US10938814B2 (en) * 2016-05-09 2021-03-02 Aetna Inc. Unified authentication software development kit
US10567171B2 (en) 2016-06-30 2020-02-18 Shape Security, Inc. Client-side security key generation
US10769635B2 (en) 2016-08-05 2020-09-08 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10637853B2 (en) 2016-08-05 2020-04-28 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US20180063152A1 (en) * 2016-08-29 2018-03-01 Matt Erich Device-agnostic user authentication and token provisioning
US10375053B2 (en) 2016-09-09 2019-08-06 Microsoft Technology Licensing, Llc Cross-platform single sign-on accessibility of a productivity application within a software as a service platform
US9720750B1 (en) * 2016-09-23 2017-08-01 International Business Machines Corporation Invoking a restricted access service through a restful interface
US11410160B2 (en) 2016-11-04 2022-08-09 Walmart Apollo, Llc Authenticating online transactions using separate computing device
US10237070B2 (en) 2016-12-31 2019-03-19 Nok Nok Labs, Inc. System and method for sharing keys across authenticators
US10091195B2 (en) 2016-12-31 2018-10-02 Nok Nok Labs, Inc. System and method for bootstrapping a user binding
US10484358B2 (en) * 2017-05-05 2019-11-19 Servicenow, Inc. Single sign-on user interface improvements
US11140147B2 (en) * 2017-05-05 2021-10-05 Servicenow, Inc. SAML SSO UX improvements
US11074056B2 (en) * 2017-06-29 2021-07-27 Hewlett-Packard Development Company, L.P. Computing device monitorings via agent applications
US10470040B2 (en) * 2017-08-27 2019-11-05 Okta, Inc. Secure single sign-on to software applications
US20190069168A1 (en) * 2017-08-27 2019-02-28 Okta, Inc. Secure single sign-on to software applications
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
US11196733B2 (en) * 2018-02-08 2021-12-07 Dell Products L.P. System and method for group of groups single sign-on demarcation based on first user login
US10897466B2 (en) * 2018-03-30 2021-01-19 Microsoft Technology Licensing, Llc System and method for externally-delegated access control and authorization
US20190306171A1 (en) * 2018-03-30 2019-10-03 Microsoft Technology Licensing, Llc System and method for externally-delegated access control and authorization
US20210144147A1 (en) * 2018-03-30 2021-05-13 Microsoft Technology Licensing, Llc System and method for externally-delegated access control and authorization
US20210084026A1 (en) * 2018-05-03 2021-03-18 Vmware, Inc. Authentication service
US11588806B2 (en) * 2018-05-03 2023-02-21 Vmware, Inc. Authentication service
US11930001B2 (en) 2018-05-03 2024-03-12 Vmware, Inc. Polling service
US12137091B2 (en) 2018-05-31 2024-11-05 Oracle International Corporation Single sign-on enabled with OAuth token
US11303627B2 (en) 2018-05-31 2022-04-12 Oracle International Corporation Single Sign-On enabled OAuth token
US11736469B2 (en) 2018-05-31 2023-08-22 Oracle International Corporation Single sign-on enabled OAuth token
WO2020046459A1 (en) * 2018-08-30 2020-03-05 Microsoft Technology Licensing, Llc Secure password-based single sign-on
US11212272B2 (en) 2018-08-30 2021-12-28 Microsoft Technology Licensing, Llc. Secure password-based single sign-on
US10826895B1 (en) * 2018-10-04 2020-11-03 State Farm Mutual Automobile Insurance Company System and method for secure authenticated user session handoff
US12199977B2 (en) 2018-12-21 2025-01-14 Paypal, Inc. Tokenized online application sessions
US11070548B2 (en) * 2018-12-21 2021-07-20 Paypal, Inc. Tokenized online application sessions
US20220210624A1 (en) * 2019-02-13 2022-06-30 Nokia Technologies Oy Service based architecture management
US12041039B2 (en) 2019-02-28 2024-07-16 Nok Nok Labs, Inc. System and method for endorsing a new authenticator
US20220174056A1 (en) * 2019-03-22 2022-06-02 Nec Corporation Information processing system, information processing method, and program
US12120103B2 (en) * 2019-03-22 2024-10-15 Nec Corporation Information processing system, information processing method, and program
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
US11700121B2 (en) * 2019-09-13 2023-07-11 Amazon Technologies, Inc. Secure authorization for sensitive information
US11743247B2 (en) * 2020-05-21 2023-08-29 Citrix Systems, Inc. Cross device single sign-on
US20220006803A1 (en) * 2020-05-21 2022-01-06 Citrix Systems, Inc. Cross device single sign-on
US12160416B2 (en) * 2020-12-14 2024-12-03 Express Scripts Strategic Development, Inc. System and method for secure single sign on using security assertion markup language
US11824937B2 (en) * 2021-04-04 2023-11-21 Rissana, LLC System and method for handling the connection of user accounts to other entities
US20220321658A1 (en) * 2021-04-04 2022-10-06 Rissana, LLC System and method for handling the connection of user accounts to other entities
US12126613B2 (en) 2021-09-17 2024-10-22 Nok Nok Labs, Inc. System and method for pre-registration of FIDO authenticators
US20230351004A1 (en) * 2022-04-29 2023-11-02 Okta, Inc. Techniques for credential and identity synchronization
WO2024205904A1 (en) * 2023-03-31 2024-10-03 Microsoft Technology Licensing, Llc Enabling sso for embedded applications
US20250053685A1 (en) * 2023-08-09 2025-02-13 Vive Concierge, Inc. Systems and methods for the securing data while in transit between disparate systems and while at rest
US12309132B1 (en) * 2024-07-12 2025-05-20 Cortwo Corp. Continuous universal trust architecture and method

Also Published As

Publication number Publication date
US9081951B2 (en) 2015-07-14
US20130086639A1 (en) 2013-04-04
US10621329B2 (en) 2020-04-14
CN103930897A (zh) 2014-07-16
US20190251246A1 (en) 2019-08-15
CN108200099A (zh) 2018-06-22
US20130086211A1 (en) 2013-04-04
IN2014CN02442A (enrdf_load_stackoverflow) 2015-08-07
US9495533B2 (en) 2016-11-15
EP2761527B1 (en) 2019-02-06
JP6096200B2 (ja) 2017-03-15
US20130086210A1 (en) 2013-04-04
US20180211028A1 (en) 2018-07-26
JP2014529147A (ja) 2014-10-30
CN103930897B (zh) 2018-04-06
US20150310202A1 (en) 2015-10-29
CN108200099B (zh) 2019-09-17
US9600652B2 (en) 2017-03-21
US9965614B2 (en) 2018-05-08
US10325089B2 (en) 2019-06-18
EP2761527A1 (en) 2014-08-06
WO2013049392A1 (en) 2013-04-04

Similar Documents

Publication Publication Date Title
US10621329B2 (en) Mobile application, resource management advice
US9667661B2 (en) Privileged account manager, dynamic policy engine
JP7599532B2 (ja) マルチテナントアイデンティクラウドサービスのデータレプリケーション競合の検出および解決
JP7411548B2 (ja) マルチテナントアイデンティクラウドサービスのリソースタイプおよびスキーマメタデータのレプリケーション
US10880292B2 (en) Seamless transition between WEB and API resource access
JP7602918B2 (ja) オンプレミス認証が統合されたマルチテナントアイデンティティクラウドサービス
JP7545951B6 (ja) オンプレミス認証が統合されたブリッジ可用性が高いマルチテナントアイデンティティクラウドサービス
US11245682B2 (en) Adaptive authorization using access token
US10965664B2 (en) Single sign-on for unmanaged mobile devices
JP5998284B2 (ja) エンタプライズシステムへのアプリケーションの動的登録
US20160359861A1 (en) Accessing an application through application clients and web browsers
CN107690792A (zh) 未经管理的移动设备的单点登录
JP2019503115A (ja) 証明書更新及び展開

Legal Events

Date Code Title Description
AS Assignment

Owner name: ORACLE INTERNATIONAL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SONDHI, AJAY;DONLEY, CLAYTON;BHAT, SHIVARAM;AND OTHERS;SIGNING DATES FROM 20120523 TO 20120530;REEL/FRAME:033775/0278

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION