知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

16 records (took 0.019 seconds)

    Compromised Access Token Invalidation in a Singleton Process
    1.
    发明申请
    Compromised Access Token Invalidation in a Singleton Process 有权

    公开(公告)号:US20220255745A1

    公开(公告)日:2022-08-11

    申请号:US17171157

    申请日:2021-02-09

    Applicant: International Business Machines Corporation

    Inventor: Bruce Tiffany David Alex Cohen Chunlong Liang

    IPC: H04L9/32 H04L9/08 H04L29/08

    Abstract: Handling access token invalidation is provided. In response to receiving a valid login from a user requesting access to a service, a new access token is issued to the user with a claim containing a container identifier. A first cache corresponding to access tokens issued to the user is searched. In response to identifying a previously issued access token corresponding to the user in the first cache, the previously issued access token is added to a second cache corresponding to stale tokens. The new access token is added to the first cache. In response to receiving the new access token as an identity of the user to access the service, the new access token is validated when the new access token is not identified in the second cache of stale tokens and the container identifier contained in the claim matches an identifier corresponding to a running container of the service.

    Dynamically selecting an identity provider for a single sign-on request
    4.
    发明申请
    Dynamically selecting an identity provider for a single sign-on request 有权
    动态选择身份提供者进行单一登录请求

    公开(公告)号:US20140189123A1

    公开(公告)日:2014-07-03

    申请号:US13732727

    申请日:2013-01-02

    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

    Inventor: William D. Dodd William J. O'Donnell Eduardo N. Spring Chunlong Liang

    IPC: H04L12/56

    CPC classification number: H04L47/70 H04L63/0815 H04L67/02 H04L67/327

    Abstract: An identity provider (IdP) discovery service operative at a service provider (SP) is described. In operation, and as valid requests are received by the SP via normal IdP-initiated flows, the SP builds-up knowledge about the relationship between the IdP (that redirected the request) and the initiator of the request. The IdP instance typically is inferred from an HTTP referrer field, and information about the initiator may be ascertained from client-specific information, such as client system IP address, client DNS domain, a domain of a user e-mail address, a target URL for the incoming request, or the value associated with a particular HTTP header field. This knowledge is maintained in one or more mapping table(s) that associate request attributes-to-IdP instance data. The mappings are then used to facilitate IdP discovery for a new incoming request to the SP that has been determined to originate from other than an IdP.

    Abstract translation: 描述在服务提供商(SP)处操作的身份提供商(IdP)发现服务。 在操作中,SP通过正常的IdP发起的流程接收到有效请求,SP建立了关于IdP(重定向请求)与请求发起者之间的关系的知识。 IdP实例通常是从HTTP引用者字段推断的,并且可以从客户端特定信息(例如客户端系统IP地址,客户端DNS域,用户电子邮件地址的域,目标URL)中确定关于发起者的信息 对于传入请求,或与特定HTTP头字段相关联的值。 该知识被维护在将请求属性与IdP实例数据相关联的一个或多个映射表中。 然后,使用映射来促进对已经被确定源于除IdP之外的SP的新的传入请求的IdP发现。

    Compromised access token invalidation in a singleton process
    6.
    发明授权
    Compromised access token invalidation in a singleton process 有权

    公开(公告)号:US11528140B2

    公开(公告)日:2022-12-13

    申请号:US17171157

    申请日:2021-02-09

    Applicant: International Business Machines Corporation

    Inventor: Bruce Tiffany David Alex Cohen Chunlong Liang

    IPC: H04L9/32 H04L9/08 H04L9/40 G06F21/31 H04L67/568

    Abstract: Handling access token invalidation is provided. In response to receiving a valid login from a user requesting access to a service, a new access token is issued to the user with a claim containing a container identifier. A first cache corresponding to access tokens issued to the user is searched. In response to identifying a previously issued access token corresponding to the user in the first cache, the previously issued access token is added to a second cache corresponding to stale tokens. The new access token is added to the first cache. In response to receiving the new access token as an identity of the user to access the service, the new access token is validated when the new access token is not identified in the second cache of stale tokens and the container identifier contained in the claim matches an identifier corresponding to a running container of the service.

    Preventing Password Cracking Based on Combined Server/Client Salted Passwords
    8.
    发明公开
    Preventing Password Cracking Based on Combined Server/Client Salted Passwords 审中-公开

    公开(公告)号:US20240267210A1

    公开(公告)日:2024-08-08

    申请号:US18107106

    申请日:2023-02-08

    Applicant: International Business Machines Corporation

    Inventor: Chunlong Liang James T. Mulvey Jose Angel Rodriguez Jose I. Ortiz Xiaoyan Yanni Zhang

    IPC: H04L9/08 H04L9/32

    CPC classification number: H04L9/0863 H04L9/3242

    Abstract: Mechanisms are provided for salted password protection of computing resources. An entity identifier and password for authenticating an entity to access a protected computing resource are received and a client salt value is generated by a password management engine of a client computing device. A server salt value is generated as a random value that is combined with the client salt value to generate a combined salt value. The combined salt value is combined with the password to generate a combined salted password. A hash value is generated based on a hash function and the combined salted password as an input to the hash function, and the server salt value is encrypted based on an encryption key and an encryption algorithm to generate an encrypted server salt value. The entity identifier, hash value, and encrypted server salt value are stored in a secured database for later validation of access requests.

Patent Agency Ranking