-
公开(公告)号:US20200267162A1
公开(公告)日:2020-08-20
申请号:US16867243
申请日:2020-05-05
发明人: Vipin Koottayi , Vikas Pooven Chathoth , Aarathi Balakrishnan , Madhu Martin , Deepak Ramakrishanan
摘要: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
-
公开(公告)号:US20190036940A1
公开(公告)日:2019-01-31
申请号:US15659530
申请日:2017-07-25
摘要: Location-based authentication may be provided by an access management system on a server. The location-based authentication may determine whether a device should be granted access to a resource. The resource may either be located on or remote from the server. The location-based authentication may provide an additional authentication factor that is based on a past location of a user and/or device associated with the user requesting authentication. The past location may be associated with a user-configured question. The user-configured question may be provided to the device for an additional level of security. An answer received in response to a user-configured question may be compared to a user-configured answer that is associated with the user-configured question. In other examples, the answer may be compared to one or more possible answers that are determined by the access management system.
-
公开(公告)号:US09628465B2
公开(公告)日:2017-04-18
申请号:US14754238
申请日:2015-06-29
CPC分类号: H04L63/08 , H04L63/102 , H04L67/02
摘要: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.
-
公开(公告)号:US20230336536A1
公开(公告)日:2023-10-19
申请号:US18343345
申请日:2023-06-28
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
IPC分类号: H04L9/40
CPC分类号: H04L63/0815 , H04L63/108 , H04L63/0853
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
公开(公告)号:US11736469B2
公开(公告)日:2023-08-22
申请号:US17684949
申请日:2022-03-02
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
CPC分类号: H04L63/0815 , H04L63/0853 , H04L63/108
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
6.发明授权Communication between authentication plug-ins of a single-point authentication manager and client systems 有权单点认证管理器和客户端系统的认证插件之间的通信公开(公告)号:US08925050B2
公开(公告)日:2014-12-30
申请号:US13663189
申请日:2012-10-29
CPC分类号: H04L63/083 , G06F21/31
摘要: Various arrangements for providing authentication information to a user are presented. A single-point authentication manager executed by a computer system may receive a request to access a resource from a remote client computer system. The single-point authentication manager may manage access to a plurality of resources including the resource. The single-point authentication manager may communicate with an authentication plug-in application that performs a type of authentication. Authentication of the user may be performed. In response to performing authentication of the user, the authentication plug-in application may generate a message to be transmitted to the remote client computer system. The message may include an indication that the message is to be passed to the remote client computer system and information regarding the authentication of the user. In response to receiving the message from the authentication plug-in application, the message may be transmitted to the remote client computer system.
摘要翻译: 呈现了向用户提供认证信息的各种布置。 由计算机系统执行的单点认证管理器可以从远程客户端计算机系统接收访问资源的请求。 单点认证管理器可以管理对包括资源的多个资源的访问。 单点认证管理器可以与执行认证类型的认证插件应用通信。 可以执行用户的认证。 响应于执行用户的认证,认证插件应用可以生成要发送到远程客户端计算机系统的消息。 消息可以包括消息将被传递到远程客户端计算机系统的指示和关于用户认证的信息。 响应于从认证插件应用接收到消息,该消息可以被发送到远程客户端计算机系统。
-
公开(公告)号:US20220191188A1
公开(公告)日:2022-06-16
申请号:US17684949
申请日:2022-03-02
发明人: Mayank Maria , Aarathi Balakrishnan , Dharmvir Singh , Madhu Martin , Vikas Pooven Chathoth , Vamsi Motukuru
IPC分类号: H04L9/40
摘要: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.
-
公开(公告)号:US11265329B2
公开(公告)日:2022-03-01
申请号:US16867243
申请日:2020-05-05
发明人: Vipin Koottayi , Vikas Pooven Chathoth , Aarathi Balakrishnan , Madhu Martin , Deepak Ramakrishanan
摘要: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
-
公开(公告)号:US11245682B2
公开(公告)日:2022-02-08
申请号:US16286366
申请日:2019-02-26
摘要: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.
-
公开(公告)号:US10721239B2
公开(公告)日:2020-07-21
申请号:US15940604
申请日:2018-03-29
发明人: Vipin Koottayi , Vikas Pooven Chathoth , Aarathi Balakrishnan , Madhu Martin , Deepak Ramakrishanan
摘要: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.017 秒)
