Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Global (e.g., Single Sign On (SSO), etc.)

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

726005000 - Credential

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20130031619REMOTE AUTHENTICATION SCREEN LOCKER FOR A MOBILE DEVICE - Devices, methods and products are described that provide for remote authentication of mobile information handling devices. One aspect provides a method comprising configuring an information handling device operating through a mobile operating system to allow communication with least one remote authentication architecture; denying access to a information handling device of the information handling device responsive to a device lock event; and granting access to the display device responsive to an unlock event comprising entry of logon credentials authenticated at the at least one remote authentication architecture. Other embodiments and aspects are also described herein.01-31-2013
20110202989METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION SESSION SHARING - An approach is provided for providing authentication session sharing between browsers and run time environments in network communication. An interface receives an authentication context associated with a first service. The interface causes, at least in part, storage of the authentication context in a first cache associated with the interface. The interface causes, at least in part, population of the authentication context to a second cache associated with a second service. The second cache is not directly linked to the interface. The authentication context in the second cache authenticates access to the second service.08-18-2011
20110202988METHOD AND APPARATUS FOR PROVIDING AN AUTHENTICATION CONTEXT-BASED SESSION - An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.08-18-2011
20100115598METHOD AND ARRANGEMENT FOR INTEGRATION OF DIFFERENT AUTHENTICATION INFRASTRUCTURES - A method is disclosed that provides efficient integration of infrastructure for federated single sign on, e.g. Liberty ID-FP framework, and generic bootstrapping architecture, e.g. 3GPP GAA/GBA architecture. An integrated proxy server (IAP) is inserted in the path between a user and a service provider (SP). The proxy server differentiates type of access and determines corresponding operative state to act as a liberty enabled server or as a GAA/GBA network application function. A Bootstrapping, Identity, Authentication and Session Management arrangement (BIAS) leverages on 3GPP GAA/GBA infrastructure to provide an integrated system for handling Liberty Federated SSO and 3GPP GAA/GBA bootstrapping procedures at the same time. The method and arrangement provides improved use of infrastructure elements and performance for authenticated service access.05-06-2010
20130086670PROVIDING THIRD PARTY AUTHENTICATION IN AN ON-DEMAND SERVICE ENVIRONMENT - A method for logging a user into an online host system begins by receiving a login request from a web browser application of a client device, wherein the login request identifies the online host system. The method continues by initiating a single sign-on routine that involves an online third party system and by obtaining third party user data from the online third party system, wherein the obtained third party user data is associated with the user and is maintained by the online third party system. Host system records maintained by the online host system are modified in accordance with the obtained third party user data. Thereafter, the user is automatically logged into the online host system.04-04-2013
20130086669MOBILE APPLICATION, SINGLE SIGN-ON MANAGEMENT - Techniques for managing single sign-on are provided. in some examples, single sign-on functionality may be provided for use on mobile devices by utilizing mobile applications, cloud applications, and/or other web-based applications. For example, a mobile application or mobile web browser may request to authenticate with or access one or more service providers. Authentication credentials may be requested from a user of the mobile device to facilitate such authentication and/or access. Based at least in part on a successful log-in, access to server resources from other applications on the same mobile device may be provided without successive or repetitive credential requests to the user.04-04-2013
20130081126SYSTEM AND METHOD FOR TRANSPARENT SINGLE SIGN-ON - A method for transparent single sign-on authentication on computers in a networked environment. An embodiment includes receiving an authentication request from an operating system of a first computer, requesting credentials of an application making the authentication request, authenticating the credentials, storing the credentials if the authentication is successful, and transmitting the credentials to a second computer. On subsequent access requests made by the user on the second computer, the credentials can be retrieved from the secure store, eliminating the need to prompt the user to re-enter authentication information.03-28-2013
20130081125User Login With Redirect To Home Network - A login browser form allows a user to securely login to an account and access a web-based service at a server or server farm, referred to as a transaction node, without using a separate authentication or single sign-on server. A user is assigned to one of multiple transaction nodes as its home when the user enrolls in the web-based service. In a subsequent attempt to login, the user may land at the home transaction node or at a non-home transaction node. The transaction node serves the login browser form, including code to cause the web browser to transmit the user login id to the transaction node. If the transaction node determines that it is not the user's home, based on its records of user assignments, it identifies the home and configures the web browser to direct future communications to the home. The user's password is not sent to the non-home.03-28-2013
20130036460Cross-domain Session Refresh - Various embodiments utilize redirection techniques to refresh an authenticated session for a web-based executable operated across multiple domains. In at least some embodiments, the redirection techniques utilize a hidden inline frame (“i-frame”) to refresh an authenticated session. In some embodiments, polling is utilized to detect the end of a redirection sequence and a refreshed authenticated session while in other embodiments, an authenticated session is assumed to be refreshed after the expiration of a predetermined period of time.02-07-2013
20100043065SINGLE SIGN-ON FOR WEB APPLICATIONS - Techniques for providing identity and other attributes to sign-on web applications in configurable application specific formats are described herein. In some embodiments, a method for allowing access to a plurality of target applications after single sign-on includes detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie. The method can also comprise determining user attributes from the FSSO attributes cookie and determining a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application. The method can also include creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format and providing the data structure to the target application.02-18-2010
20090158412Secure Automatically Configuring, Self-Authenticating Administrative User Without A Password - A method and apparatus are provided for accessing a server of a computer system. The method includes the steps of providing a startup CONFIG file or database table for use during initialization of the server and a predetermined user identifier within the startup CONFIG file or database table. The method further includes the steps of a user requesting access to the server, the user providing the predetermined user identifier and the server logging the user into the server under the predetermined user identifier without requiring a password.06-18-2009
20130047239METHOD AND SYSTEM FOR MAINTAINING LOGIN PREFERENCE INFORMATION OF USERS IN A NETWORK-BASED TRANSACTION FACILITY - The present invention relates to various aspects for maintaining and utilizing login preference information of users of a network-based transaction facility. In one embodiment, user interface information is communicated to a client via a communications network. The user interface information includes information concerning a plurality of features within the network-based transaction facility. The user interface information also specifies a login interface that facilitates user input of login preference information pertaining to each of the plurality of features. Further, the login preference information is received from the client via the communications network and utilized to control user access to any of the plurality of features within the network-based transaction facility via the communications network.02-21-2013
20130074172METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.03-21-2013
20130061308COMPUTER PROGRAM CODE AND METHOD FOR DELIVERING EXTERNAL DATA TO A PROCESS RUNNING ON A VIRTUAL MACHINE - A method and system for delivering external data to a process running on a virtual machine, the virtual machine running on an operating system. The method includes the steps of executing instructions on the virtual machine that obtain state data related to the process; querying the virtual machine to obtain component data related to the state data; and manipulating the component data to deliver the external data to the process. In one example, the system provides a single sign-on application that passes user credentials to a Java applet running on a Java virtual machine.03-07-2013
20090055915SYSTEMS AND METHODS FOR UNIVERSAL ENHANCED LOG-IN, IDENTITY DOCUMENT VERIFICATION, AND DEDICATED SURVEY PARTICIPATION - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.02-26-2009
20090235346System and method for augmented user and site authentication from mobile devices - A system and method for augmented user and site authentication from mobile devices is disclosed herein. The system and method provides for the performing of strong authentication of users, whether human or otherwise, as well as of site authentication, which is optimized for use when such users access a system from a mobile device using a web browser or mini-web browser. In doing so the claimed invention utilizes multiple different heuristic algorithms and/or scoring values for device identification based on the type of mobile device, and may further identify the specific type of device attempting such access.09-17-2009
20090013395METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.01-08-2009
20130167217INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes following components. An authentication processing unit authenticates a user. A display displays information. An accessing unit accesses an external service. An authenticated-access-information acquiring unit acquires authenticated access information associated with user information for identifying an authenticated user. An unauthenticated-access-information acquiring unit acquires unauthenticated access information having been input by an unauthenticated user when accessing the external service. A controller performs control, when an authenticated user attempts to access the external service, so that the authenticated-access-information acquiring unit acquires authenticated access information associated with user information of the user and the accessing unit accesses the external service by using the acquired authenticated access information, and, when a user attempts to access the external service without being authenticated, so that the unauthenticated-access-information acquiring unit acquires the unauthenticated access information and the display displays the acquired unauthenticated access information.06-27-2013
20130167218SINGLE LOGON SYSTEM AND METHOD - The disclosure provides a single logon system for accessing different applications and a method for single logon. Before a client accesses an application, the system determines whether a valid session of the client has been stored. When there is a stored valid session of the client, the client can logon and access the application, or the client must input a legal user name and a legal password to access the application, and the system creates a session and save the session associated with the client. Therefore, when there is a stored valid session, the client can directly access other applications and does not input the user name and the password.06-27-2013
20110035792CLIENT/SERVER SYSTEM FOR COMMUNICATING ACCORDING TO THE STANDARD PROTOCOL OPC UA AND HAVING SINGLE SIGN-ON MECHANISMS FOR AUTHENTICATING, AND METHOD FOR PERFORMING SINGLE SIGN-ON IN SUCH A SYSTEM - A method and device are provided for integrating single sign-on (SOS) mechanisms in a client/server system using communication according to the standard protocol OPC UA, and for performing SOS for user authentication and authorization in the system. A client is connected to an aggregating server, and the aggregating server is connected to subordinated servers via a communication network. To integrate SOS mechanisms, the aggregating server is provided with an SSO component for mapping user legitimation data used in a service call to identities in the form in which the identities are stored in the subordinate servers. To perform SOS using the SSO component, user legitimation data associated with a service call are used to automatically search for corresponding mapped identities and affected servers, and to call up an active session service for each match in each server via the mapped identity, to establish the desired access to data from the user's service invocation.02-10-2011
20090055916SECURE DELEGATION USING PUBLIC KEY AUTHENTICATION - A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers.02-26-2009
20120227098SHARING USER ID BETWEEN OPERATING SYSTEM AND APPLICATION - One or more techniques and/or systems are disclosed for authenticating a user of an application using an operating system. A user can log onto their device, such as at power-up, using a cloud-based ID registered to an online identity service. The user can be authenticated with the operating system on the user's device, using the cloud-based identity for the user, where the operating system may contact the online identity service to authenticate the user. When the user activates an application on the device it may request authentication of the user from the operating system, and an authentication token for the user's cloud-based identity is provided to the application. The application then uses the authentication token to authenticate the user for the application, as long as the application supports the use of the cloud-based ID of the user. In this manner, a subsequent manual user log-in operation is not required.09-06-2012
20090013394SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.01-08-2009
20110277027Systems and Methods for Providing a Single Click Access to Enterprise, SAAS and Cloud Hosted Application - The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.11-10-2011
20090320114FEDERATED REALM DISCOVERY - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.12-24-2009
20100071045Information Processing Apparatus and Information Processing Method - An information processing apparatus includes: a first storage module configured to store addresses of websites and pieces of login information being correlated with the addresses, the login information that are required for logging in the respective websites; and a second storage module configured to store the addresses of the websites and command files being correlated with the addresses, the command files containing a login operation procedure to be executed on a login page of a website that includes an entry field for login information.03-18-2010
20090150985Multiple Identity Management in an Electronic Commerce Site - In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user's session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site. The method comprises defining the e-commerce site as one or more security domains; and in response to a user's request to invoke an operation of the e-commerce site: determining a one of the one or more security domains to which the operation relates; performing one of a) creating a session and b) reusing a session for the user automatically in accordance with the determined security domain, said session associated with a user identity and a role indicating privileges for invoking operations of the e-commerce site in at least the determined security domain; and persisting said session for reuse. The user's request may be received in association with one or more sessions persisted for the user and a one of the sessions selected in accordance with the determined security domain. In response, either a session may be created or reused. Persisting may comprise providing one or more cookies defining the session to the user for associating with a subsequent request. In accordance with a feature of this aspect, the e-commerce site may define each of the one or more security domains as a hierarchy of organizations and assets owned by the organizations and the determining a one of the one or more security domains to which the operation relates may comprise evaluating the user's request in accordance with the hierarchy.06-11-2009
20080244719AUTHENTICATION PROCESSING METHOD AND SYSTEM - A plurality of authentication servers belonging to different domains are connected to achieve a Single Sign-On using two cookies in two management systems.10-02-2008
20080271129Single sign-on functionality for secure communications over insecure networks - Techniques for identity techniques for single sign-on functionality for secure communications over insecure networks are provided. A principal achieves single sign-on access to a server via a client by initially authenticating to third-party authentication service. Next, a credentialing service supplies a randomly generated credential to the client and the server unbeknownst to the principal. The principal is then equipped to engage in secure communicates over an insecure network using the credential that is managed by services of the client to authenticate to services of the server in a fashion that the principal is unaware of.10-30-2008
20110173688INFORMATION PROCESSING APPARATUS AND METHOD - When authentication processing has succeeded between different authentication domains in an information processing apparatus, authentication information between the different authentication domains is registered in association with user-related information. When a data conversion is performed between the different authentication domains, the data conversion of the user-related information is carried out based upon the registered authentication information.07-14-2011
20090282468Systems and methods of network operation and information processing, including use of persistent/anonymous identifiers throughout all stages of information processing and delivery - Systems and methods are disclosed for network operation and information processing associated with global unique identifiers (GUIDs). In one exemplary embodiment, there is provided a method of inserting a UID into a web-bound request. Moreover, the method includes, in the context of processing a web-bound request associated with a browsing session, extracting non-personal/device information during MAC/network layer processing, processing an anonymous UID created based on the non-personal/device information, and inserting the UID in the HTTP header or other extensible locations within the web-bound request. Exemplary embodiments may also include enabling global persistence of the UID as a function of extraction of non-personal/device data during MAC/network layer processing.11-12-2009
20110173689NETWORK ID BASED FEDERATION AND SINGLE SIGN ON AUTHENTICATION METHOD - Provided are methods for network ID based federation and single sign on authentication. A method of federating a service providing site in a service network with an access network for web application service authentication in a next generation network (NGN), the method comprising requesting the user equipment for authentication in correspondence with the federation request and inquiring whether to perform the federation, when a federation request is received from user equipment which has been authenticated by the access network; receiving responses to the authentication request and the inquiry from the user equipment; and registering the access network with a user federation list and notifying the federation to the access network, when authentication is determined to be successful from the response.07-14-2011
20090276839IDENTITY COLLECTION, VERIFICATION AND SECURITY ACCESS CONTROL SYSTEM - A system for collecting personally identifying information from individuals and using that information in verifying their identity and permitting their access to one or more secure systems via a single login authentication system. Based on a series of questions (opinion-based), a database of answers is developed for each user. To access a secure system at a base level of security, a user is asked to answer a group of questions randomly selected from the database and presented to the user for answers. If the questions are correctly answered, the user is permitted access to the secure system. Once access is granted, under certain circumstances, the user can access additional secure systems either as a result of the base level of security previously established, or a higher level of security, which requires the user to correctly answer additional randomly selected questions.11-05-2009
20090119763METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON SERVICE - Provided is a method and system for providing an SSO service enabling the use of Web services in different trusted domains through a one-time authentication process. In the method, mutual authentication information is issued from a trusted third party to each of ID-federation service providers managing each of trusted domains, and an ID federation established between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider. The first ID-federation service provider managing the first trusted domain, to which the user belongs to, is confirmed when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain. User authentication and mutual authentication arc performed between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain. The Web service provider authenticates the user in the first trusted domain and provides a corresponding Web service.05-07-2009
20110209209Method and system for performing an electronic signature approval process - The present invention includes a computer-implemented method and an Enterprise Resource Planning System (ERP). The method and system allows a user to enable an electronic signature approval process for modification of data in a transaction. The method includes accessing a table that corresponds with the transaction and adding a signature field having a property sheet to the table. The method also includes defining a select property in the property sheet with a select parameter. The select property configured to provide approval of modified data in the transaction upon entry of a valid electronic signature.08-25-2011
20110209210System and Method for Single Sign-On Session Management Without Central Server - A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.08-25-2011
20080235779TRUSTED LOCAL SINGLE SIGN-ON - A method includes running on a computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured exclusively for interacting with multiple servers in respective secure communication sessions and is isolated from the first operating environment. Multiple server-specific credentials for authenticating a user of the computer to the respective servers, as well as a single set of master credentials for authenticating the user to the second operating environment, are stored in the second operating environment.09-25-2008
20080216164METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS - A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.09-04-2008
20120297472INFORMATION PROCESSING SYSTEM, CONTROL METHOD FOR CONTROLLING THE INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM - A second information processing system to communicate with a first information processing system includes an acquisition unit, an acceptance unit, a confirmation unit, and a setting unit. The acquisition unit acquires authentication information from the first information processing system and from a memory of the second information processing system. The acceptance unit accepts correspondence information indicating correspondence between first authentication information and second authentication information. The confirmation unit confirms, as a condition, whether the acquired authentication information in the first information processing system is identical to the accepted first authentication information and confirms, as a condition, whether the acquired authentication information in the second information processing system is identical to the accepted second authentication information. The setting unit does not set the correspondence information as single sign-on setting information if a condition is not satisfied and sets the correspondence information as single sign-on setting information if both conditions are satisfied.11-22-2012
20080244718Systems and Methods for User Login - Systems and methods for login a user into a computing system are shown and described. The method can include receiving a request for an anonymous user login, creating an identifying tag responsive to the received request, creating a user account incorporating the identifying tag, and providing to the computing system the created user account to log into the computing system.10-02-2008
20090049535CONTROLLED DISCOVERY OF SAN-ATTACHED SCSI DEVICES AND ACCESS CONTROL VIA LOGIN AUTHENTICATION - A method for accessing data in a storage area network is provided. The method initiates with receiving a request for a list of targets on the storage area network. All the targets on the storage area network are exposed to the requester and authentication requiring a password is requested from the requester to grant access to the targets on the storage are network. Access to the targets is granted if the password is acceptable, and access to the targets is refused if the password is unacceptable.02-19-2009
20110225640CLOUD-BASED DEVICE INFORMATION STORAGE - Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices.09-15-2011
20090222899SYSTEMS AND METHODS FOR UNIFIED LOGIN TO MULTIPLE NETWORKED SERVICES - Embodiments relate to systems and methods for unified login to multiple networked services. A user operates a browser to access a Web site, such as an email portal. The user is presented with a query box to input login information such as a user name and password to view email from an email account. Upon entry of login information to the email or other site, a login manager captures the login information to automatically transmit that information to a local program and associated networked sites or services, such as messenger or media services, that accept the same login information. The login manager logs the user into that program and additional services without the user having to re-enter the same login information. The additional services can be accessed via an online desktop, and the user can configure the additional local programs or registered services via that desktop or other interface.09-03-2009
20120198534INFORMATION PROCESSING SYSTEM, APPARATUS, METHOD, AND PROGRAM STORAGE MEDIUM - An information processing system includes a plurality of information processing apparatuses, each apparatus including a transmission unit and a verification unit, and a plurality of authentication servers connectable to the plurality of information processing apparatuses via one or more networks. When one information processing apparatus, used as a receiving apparatus, receives a request of executing a processing at the receiving apparatus from other information processing apparatus, used as a requesting apparatus, the transmission unit of requesting apparatus transmits information to the receiving apparatus, and the verification unit of receiving apparatus determines whether the requested processing can be executed at the receiving apparatus for a user of the receiving apparatus based on a comparison of the information transmitted from the requesting apparatus and information settable for the receiving apparatus by using the authentication server useable for user verification of the information processing apparatuses.08-02-2012
20110231919EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM - Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data.09-22-2011
20110231920SERVER APPARATUS AND PROGRAM FOR SINGLE SIGN-ON - A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user.09-22-2011
20110231918REMOTE REGISTRATION FOR ENTERPRISE APPLICATIONS - A partner registration module can provide for an automatic registration of partners to a central server. An entire partner registration process can be automated from end to end, providing a unified process for registering partners. The partner registration module can be fully compatible with current registration agents and next generation registration agents.09-22-2011
20110231917SYSTEM AND METHOD FOR PROVIDING A VIRTUAL PEER-TO-PEER ENVIRONMENT - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables the creation of a virtual endpoint that may operate within a peer-to-peer network to represent a device that is unable to operate as an endpoint.09-22-2011
20090260070Systems and Methods for Secure Sign-Up Procedures for Application Servers in Wired and Wireless Environments - Systems and methods of providing strong authentication for a client device to sign-up with an online service. Authentication can involve verifying user's identity, message authentication, message integrity and nonrepudiation. The security procedures may, in some cases, be sufficient to verify all of these parameters. In other cases, the sign-up procedure needs to be combined with other information in order to verify the user's real identity.10-15-2009
20090254982METHODS, PROGRAMS AND A SYSTEM OF PROVIDING REMOTE ACCESS - The invention relates to a method of providing access to one or more resources accessible via a remote computer. The resources are assigned to a remote security context. Access to at least one of said remote resources within the remote security context is controlled by access rules that are valid for said at least one of said remote resources, on receipt of a terminal services request for a terminal session from a local computer. A user of said local computer has already been authenticated in a local security context by local authentication information. The local computer runs a local agent and contains identification information in addition to the local authentication information. The method involves obtaining at least said identification information from said local agent; performing access control to said at least one of said remote resources using said access rules on the basis of at least said identification information, and providing access for said local computer to said at least one of said remote resources for which said access rules permit access.10-08-2009
20090249462METHOD, APPARATUS, AND SYSTEM FOR SENDING CREDENTIALS SECURELY - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed.10-01-2009
20100263037CUSTOMIZABLE SIGN-ON SERVICE - Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.10-14-2010
20100154046SINGLE SIGN-ON METHOD AND SYSTEM FOR WEB BROWSER - A single sign-on methodology across web sites and web services is provided. The method is also a single sign-on (SSO) system, so the user's identification information interacts across the web sites and the back end web services. The user can enter each various web site after taking one entrance procedure, and access surely the back end service of web site by the identity oneself at various web site. The present disclosure can make the web service to identify directly and control the terminal user and achieve the control by the identity authority of the terminal user. This system can be deployed rapidly into a organized system under the prerequisite of reserving prior system as the one to deploy the system which has possessing the SSO system of the web site or web service, because the present disclosure takes the foundation of the prior SSO solution.06-17-2010
20100154045Mesh Platform Utility Computing Portal - A utility computing portal supports public and private modules for application development in a cloud computing environment. The public modules support downloads, customer support and access to a development community. The private modules are accessible to users with valid login credentials or those authenticated via a related entity, such as a Live ID. The private modules may include modules for testing, analysis, and billing. The utility computing portal also supports access to application configuration, for example, allowing a manager to change the number of front end and backend physical/virtual machines available to various application roles.06-17-2010
20100212003SECURE PERSONAL INFORMATION PROFILE - A method, programmed medium and system are provided for implementing a prebuilt and encrypted personal identification information (PII) profile which resides only on a user's computer and is prevented from being permanently stored in a server's database. In an exemplary embodiment, when a user visits a web site and creates a new account, the site submits a request to query the user's profile using an extension to the HTTP protocol. The user is prompted by the user's browser to grant the site permission to do so and the site automatically uploads a non-personal identifying number (ID) to the user's system to create an account. All personal information remains on the user's computer within the user's encrypted PII profile and is not allowed to be stored in the server's storage. Therefore, each time the user purchases something, the site must again request to query the user's profile for the user's name, credit card information and/or billing address or other information, rather than keeping that information in the web site's datastore.08-19-2010
20100122333METHOD AND SYSTEM FOR PROVIDING A FEDERATED AUTHENTICATION SERVICE WITH GRADUAL EXPIRATION OF CREDENTIALS - The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.05-13-2010
20100083361Managing Web Single Sign-On Applications - A method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs) includes defining a first servlet mapping including a description of a protected URL resource pattern, defining a second servlet mapping including a description of an unprotected URL resource pattern, determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping, configuring the display logic of the web SSO application based on the determination, defining an intercepting filter, and registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.04-01-2010
20090320115Secure Network Portal - According to one embodiment, a secure network portal includes a number of application servers coupled to one or more clients through a portal server. The application servers serve a number of secure services that may be consumed by clients. The portal server creates a login session with a graphical user interface in which the login session is associated with a particular authorization level. The portal server then displays a service access point for each of the plurality of secure services and restricts access to each of the secure services according to the authorization level of the login session.12-24-2009
20120246709LIGHTWEIGHT AUTHENTICATION FOR ON-PREMISE RICH CLIENTS - The subject disclosure relates to lightweight authentication for on-premise rich clients. The lightweight authentication mitigates the amount of software that is installed on a client machine for authentication purposes. A portion of an external website is hosted on an application executing on the rich client. The user can interact with the portion of the external website in order to enter credentials or other identification information. The entry of the credentials or other identification information is relayed to the external website for verification. If the verification is successful, the user can interact with various external websites utilizing the single verification.09-27-2012
20100293608EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION - Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold.11-18-2010
20130133056Single login Identifier Used Across Multiple Shopping Sites - Various methods and systems for facilitating online shopping at multiple retailer websites using a single login identifier are provided. The techniques disclosed herein allow prospective consumers to access various retailer websites on the Internet without the need to remember multiple logins and passwords or log into such retailer websites each time the consumers uses a new electronic device. The prospective consumers may log into a common website, such as a social networking website using a single user identifier and password. An example method for facilitating online shopping at multiple retailer websites using a single login identifier comprises receipt of the login information that corresponds to one or more login websites from a user device. The method may further include retrieving an internal user login identifier based on the received login information.05-23-2013
20100325714SYSTEM AND METHOD FOR PROVIDING MOBILITY IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment and includes providing an Internet Protocol (IP) address based on an authentication request associated with a device, the authentication request being associated with a Wi-Fi protocol. The method also includes 12-23-2010
20110030044TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating.02-03-2011
20100180329Authenticated Identity Propagation and Translation within a Multiple Computing Unit Environment - An authenticated identity propagation and translation technique is provided in a transaction processing environment including distributed and mainframe computing components. Identified and authenticated user identification and authentication information is forwarded in association with transaction requests from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate runtime security context. The forwarded user identification and authentication information contains a plurality of sections with identifying information about an authenticated client end-user identity as known at the initial authentication component and a mask specifying a subset of the sections. The mainframe component generates a hash from the subset of sections specified by the mask and uses that hash as a lookup key to determine whether a local authenticated runtime security context already exists in a local cache for the client end-user initiating the transaction request.07-15-2010
20110041175SYSTEM AND METHOD FOR INTEGRATING OPERATION OF SYSTEMS EMPLOYING SINGLE SIGN-ON AUTHENTICATION - The subject application is directed to a system and method for integrating operation of systems employing distinct authentication. Department code data is first received from an associated user via a user interface of a document processing device. The received department code data is then communicated from the document processing device to an authentication translation server. A data map of department code data relative to enterprise authentication data is then stored in a memory associated with the authentication translation server. Application authentication data is then received into an enterprise application server corresponding to the received department code. Application authentication data is then retrieved corresponding to the received department code from the memory. The authenticity of the retrieved authentication data is then tested. The enterprise application server is then selectively operated in accordance with the testing.02-17-2011
20110119747SINGLE SIGN ON WITH MULTIPLE AUTHENTICATION FACTORS - The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.05-19-2011
20100146611Credential Sharing Between Multiple Client Applications - Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.06-10-2010
20100037307COMPUTER PROGRAM CODE AND METHOD FOR DELIVERING EXTERNAL DATA TO A PROCESS RUNNING ON A VIRTUAL MACHINE - A method and system for delivering external data to a process running on a virtual machine, the virtual machine running on an operating system. The method includes the steps of executing instructions on the virtual machine that obtain state data related to the process; querying the virtual machine to obtain component data related to the state data; and manipulating the component data to deliver the external data to the process. In one example, the system provides a single sign-on application that passes user credentials to a Java applet running on a Java virtual machine.02-11-2010
20090217367SSO IN VOLATILE SESSION OR SHARED ENVIRONMENT - Apparatus and methods utilize a single-sign-on (SSO) framework on one or more physical or virtual computing devices. During use, it is determined whether SSO credentials are for use in a volatile session and/or for use amongst an application suite or a plurality of applications. In the former, the SSO credentials are either made temporarily available in a memory of the computing devices, if relatively high security is desired, or a credential store and its contents are made available to a disk, if relatively low security is acceptable. In the latter, the SSO credentials are shared during authentication of a single user as individual applications of the application suite or the plurality of applications are used or started independently. Other features contemplate credential lifetime, the destruction of credentials, timing of application usage relative to credentials as well as retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.08-27-2009
20090217366Method For Implementing Unified Authentication - A method for implementing unified authentication for user logon, the method comprising the steps of: establishing an authentication server; creating a user authentication account number in the authentication server; storing user information which the user uses in a plurality of systems into the authentication server; associating, in the authentication server, the created user authentication account number with the user information which the user uses in the plurality of systems; and providing an authentication flag to the client of the user by the authentication server based on the association between the user authentication account number and the user information which the user uses in the plurality of systems established in the authentication server so that the user can log on the plurality of systems using the authentication flag. The present invention is applied to provide a unified mechanism of user logon authentication in integration and mergence of the service processes provided by a plurality of Internet information systems or Internet providers, and thus the user can access all authorized application systems or service providers with only one logon authentication.08-27-2009
20100077469Single Sign On Infrastructure - One embodiment is a method that uses a Single Sign On (SSO) infrastructure in an application for creating a security context that identifies a user. The application then passes the security context to a second application and to the user as a cookie. The cookie is passed back to applications to enable SSO access to resources.03-25-2010
20110252465System and Method for Single Session Sign-On - A method and system for cross-system authentication or credentialing of clients. Credentials from one system (e.g., system 10-13-2011
20120304272Accessing A Communication System - Method, user terminal and communication system for authenticating an application for accessing the communication system on behalf of a user, wherein a communication client associated with the communication system is executed at the user terminal, usable by the user, and is authenticated for communicating over the communication system on behalf of the user. The method comprises transmitting authentication data from the application to the communication system. The communication system verifies the authentication data transmitted from the application, and on the basis that the authentication data is verified, the communication system authenticates the application for accessing the communication system on behalf of the user. Prior to the transmitting step the authentication data is provided from the communication system to the client, and then from the client to the application. The verifying step comprises determining that the authentication data transmitted from the application corresponds to the authentication data provided from the communication system to the client, such that the application is authenticated for accessing the communication system on behalf of the user on the basis of the client's authentication with the communication system.11-29-2012
20110154464SYSTEMS AND METHODS FOR INTERCEPTING AND AUTOMATICALLY FILLING IN FORMS BY THE APPLIANCE FOR SINGLE-SIGN ON - The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.06-23-2011
20110061098AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND AUTHENTICATION PROGRAM IMPLEMENTING THE METHOD - For enabling single sign-on among applications, a linkage ID indicating connection between the authentication apparatus 03-10-2011
20110072501ELECTRONIC APPARATUS AND COMMUNICATION CONTROL METHOD - According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.03-24-2011
20110016518SYSTEM TO ENABLE A SINGLE SIGN-ON BETWEEN A DOCUMENT STORAGE SERVICE AND CUSTOMER RELATIONSHIP MANAGEMENT SERVICE - Described herein is a method for producing a single sign-on between two network accessible software applications using a server apparatus having a processor and a computer readable medium. The method includes calling a new program interface using a first software application, initiating a handshake between a first software application adaptor and the first software application, sending authentication information from the first software application to the first software application adaptor, authenticating the authentication information using a second software application and returning a valid session ID from said second software application to said first software application via the first software application adaptor.01-20-2011
20130160105CONFIGURING IDENTITY FEDERATION CONFIGURATION - A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties.06-20-2013
20120204249TOOLBAR FOR SINGLE SIGN-ON AND NON-SINGLE SIGN-ON SITES, APPLICATIONS, SYSTEMS, AND SESSIONS - A method including receiving a request to connect to a single sign-on site, a non-single sign-on site, a system, a mainframe, or to use a mainframe or user device application; determining, by a toolbar of a user device, whether a user is authorized to connect to, initiate, or use the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or user device application; selecting, by the toolbar, one or more user credentials to allow the user to connect to, initiate, or use the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or the user device application when it is determined that the user is authorized; and signing-on, by the toolbar, to the single sign-on site, the non-single sign-on site, the system, the mainframe, the mainframe or user device application based on the one or more user credentials.08-09-2012
20120151568Method and system for authenticating a rich client to a web or cloud application - A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.06-14-2012
20120204248PROVISIONER FOR SINGLE SIGN-ON AND NON-SINGLE SIGN-ON SITES, APPLICATIONS, SYSTEMS, AND SESSIONS - A method including receiving an access request to a provisioning system; determining whether to grant access based on receipt of one or more user credentials; determining a level of access to the provisioning system based on user role information, when the one or more user credentials are valid; receiving configuration information by the provisioning system that permits a user to configure an automated sign-on system for single sign-on sites, non-single sign-on sites, mainframe sessions and applications, systems, and user device applications; and configuring the automated sign-on system based on the received configuration information.08-09-2012
20090126000SINGLE SIGN-ON METHOD FOR WEB-BASED APPLICATIONS - A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.05-14-2009
20110162057ACCESS CONTROL BASED ON USER AND SERVICE - For a particular request to access a resource, both a user associated with the request and a service through which the request is made are identified. Whether requested access to a resource is permitted is determined based on a user associated with the requested access and a service through which the access is requested. This determination can be made based on an access control entry of an access control list corresponding to the resource, the access control entry identifying access to the resource that is permitted to the user when accessing the resource through the service.06-30-2011
20080282333IMAGE FORMING APPARATUS UNIFYING MANAGEMENT FOR USE OF IMAGE FORMING APPARATUS AND USE OF WEB SERVICE - An MFP stores information of a web service for permitting use with respect to each user, and information for limiting a use of its function. When there is a web service allowed to be used by the logged in user, its list is displayed. When a linked function with the selected web service is not allowed to be used, a massage to the effect that is displayed and when the use of the function is limited, limited contents are displayed to confirm the use of the web service.11-13-2008
20110055912METHODS AND APPARATUS FOR ENABLING CONTEXT SHARING - Some embodiments relate to processing a web page requested by a web browser. The requested web page is received, and additional code is inserted into the web page that alters and/or augments the functionality of the web page. The web page is then forwarded to the web browser that requested it. The browser executes the code inserted into the web page, thereby augmenting the functionality of the web page.03-03-2011
20100313257Enforcing single stream per sign-on from a content delivery network (CDN) media server - A method for enforcing a media stream delivery restriction uses a stream control service (SCS). The SCS is implemented in a distributed network, such as a CDN, in which a given media stream is delivered to authorized end users from multiple delivery servers, but where an authorized end user is associated with a single log-in identifier that is not intended to be shared with other end users. According to the method, an enforcement server of the SCS identifies first and second copies of the given media stream associated with the single log-in identifier being delivered from multiple delivery servers. It then issues message to terminate delivery of the given media stream from at least one of the multiple delivery servers.12-09-2010
20100293607LINKING WEB IDENTITY AND ACCESS TO DEVICES - Systems and methods are provided for linking a web identity and a portable device to provide web access to a user from a vehicle. An example system includes a presence agent that may be configured to validate the presence of the portable device in the vehicle by recognizing a device identifier saved on the portable device. After the presence of the portable device is validated, a security manager may receive a user identifier, and to verify if the user identifier corresponds with a known user value. Then, the security manager may send a user identity secure proxy to a credential manager. The credential manager may be configured to receive the user identity secure proxy, and in response, pass one or more credentials to a computing device onboard the vehicle. The credentials may indicate that the user is authorized to access one or more web services from the computing device.11-18-2010
20120311688HOSTED MEDIA CONTENT SERVICE SYSTEMS AND METHODS - An exemplary system includes 1) at least one computing device within a first computing subsystem associated with a hosted media content service, the at least one computing device configured to authenticate a user to the hosted media content service and provide at least one encrypted token to a user device associated with the user, and 2) at least one other computing device within a second computing subsystem associated with the hosted media content service, the at least one other computing device configured to store hosted media content associated with the hosted media content service, receive the at least one encrypted token from the user device, validate the at least one encrypted token, and perform, in response to the validation, at least one action on media content as part of the hosted media content service. Corresponding methods and systems are also disclosed.12-06-2012
20110126275SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method described herein for discovery enrichment in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing identities and access credentials, which may provide information that can enrich discovery of physical and virtual infrastructure resources. For example, a discovery engine may reference federated identity information stored in an identity vault and enrich a discovered infrastructure model with the federated identity information. Thus, the model may generally include information describing physical and virtualized resources in the infrastructure, applications and services running in the infrastructure, and information derived from the federated identity information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services.05-26-2011
20100263036NETWORK-BASED APPLICATION CONTROL - Apparatus, systems, and methods may operate to send, from a central manager to one or more target machines, an access request associated with at least one application selected from a plurality of applications on the target machines, the access request identifying the target machines, the applications, and access customization code corresponding to the applications; and to send access customization code and a script corresponding to the applications from a central repository to the target machines when the customization code is not resident on the target machines. Further activities may include loading the access customization code as a library on the target machines linked to the applications and replaying recorded user intention input according to a script to supply the input to objects associated with the applications to access and otherwise control the applications. Additional apparatus, systems, and methods are disclosed.10-14-2010
20110138453SINGLE SIGN-ON IN MIXED HTTP AND SIP ENVIRONMENTS - In a first embodiment of the present invention, a method for providing single sign-on in a network having a HyperText Transfer Protocol (HTTP) portion and a Session Initiation Protocol (SIP) portion is provided, the method performed at a gateway and comprising: receiving an HTTP request for an assertion from a requester over the HTTP portion; generating a SIP request using the request for assertion; sending the SIP request to a SIP registrar over the SIP portion; receiving a SIP response including information regarding an assertion from the SIP registrar; and sending the information regarding the assertion in an HTTP response to the requester, such that the requester can use the information regarding the assertion in authenticating the requester to a web server.06-09-2011
20110099618SINGLE SIGN-ON AUTHENTICATION - Apparatus, systems, and methods may operate to receive a request from a node to provide access to a web site, to provide site authenticity information associated with the web site to the node, and to receive single sign-on (SSO) information from the node in response to validation of the site authenticity information by the node, the SSO information enabling the node to automatically log in to the web site. Additional activities include receiving site authenticity information from a node associated with a web site, and automatically transmitting SSO information to the node responsive to validating the site authenticity information. Additional apparatus, systems, and methods are disclosed.04-28-2011
20090007248Single sign-on system and method - A single sign-on (SSO) provider establishes a system by which users authenticate once per session with the provider, then can access multiple sites that require credentials without manually supplying or remembering those other credentials. A browser plug-in on the user's terminal accesses the SSO provider's resources and retrieves relevant credentials for the user's session. The SSO provider contracts with a third-party administrator (TPA) of medical and/or insurance benefits, and provides SSO accounts individuals served by the TPA (usually employees of the TPA's clients). These accounts may be pre-loaded with links to (and even credentials for logging into) network-accessible resources relating to the individuals' insurance and/or medical care. Additional links and credentials might be preloaded based on the goodwill of the SSO provider or affiliate contracts, and the individuals might be enabled to add further links and credentials.01-01-2009
20100024023Reactive Biometric Single Sign-on Utility - A computer implemented method, apparatus, and computer usable program code for accessing protected resources. Biometric data for a user is received from a biometric input device and an indication of an application requiring a password. Responsive to receiving the biometric data from the user, the user is authenticated using the biometric data and a profile. Responsive to the user being authenticated, the password is established with the application to allow access to the application, wherein the password is established without user input.01-28-2010
20110265173MOBILE AUTHENTICATION FRAMEWORK - Disclosed are apparatus and methods for associating a mobile device with a web service or a user account. A unique code is displayed on the mobile device. The unique code is associated with a user account or web service to be utilized with the mobile device. Instructions for a user to enter the unique code in an authentication process via an authentication portal of a management device are also displayed. After it is determined that a user has performed the authentication process, any user identification, which has been associated with the unique code, is then obtained from the management device. The obtained user identification is then stored for use by the mobile device. After user identification has been obtained and stored, the stored user identification is used for the mobile device to participate in an authentication process for authorizing the mobile device to utilize a web service or user account associated with the user identification. The authentication process is participated in by the mobile device without requiring input from the user during such authentication process.10-27-2011
20110265172METHOD AND SYSTEM FOR THIRD PARTY CLIENT AUTHENTICATION - Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).10-27-2011
20100031335REMOTE PROFILE SECURITY SYSTEM - A method comprises storing, at the server computer system, user profile information for the remote user. The user profile information for the remote user (or a link to the user profile information) is encrypted using authentication information. The user profile information is associated with user identification information, at the server computer system, using the authentication information, which is selectively made available by the remote user via the network to the server computer system in order to enable the server computer system to associate the user profile information with the user identification information.02-04-2010
20110138452CROSS SECURITY-DOMAIN IDENTITY CONTEXT PROJECTION WITHIN A COMPUTING ENVIRONMENT - Processing within a computing environment is facilitated by: determining by a local security manager of a first system in a first security domain whether a local security context of a user is acceptable to a second system in a second security domain; responsive to the user's security context being unacceptable to the second system, creating by a local security manager of the second system a runtime security context for the user in the second system; and providing the first system with a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system, the reference or the portable representation being subsequently returned to the second system with a request from the first system to process work at the second system.06-09-2011
20120042370COMPUTER SYSTEM AND METHOD OF CONTROLLING COMPUTER - A computer system includes a first communication unit which communicates with an authentication module storing preset first authentication information, a second communication unit which is connected with a server through a network, the server storing preset second authentication information, a main board unit which implements a preset first operation of a computer, and a controller which receives the first authentication information from the authentication module through the first communication unit, receives the second authentication information corresponding to the first authentication information from the server through the second communication unit, and controls the main board unit to block implementation of the first operation when at least one of the first authentication information and the second authentication information is not received.02-16-2012
20120047567IMAGE FORMING APPARATUS, CONTROLLING METHOD AND PROGRAM - There is provided a system in which, even if cache data of a user is not held in a multifunction machine, the relevant user can log in to the multifunction machine in a case where the relevant user is approved by a user of which the cache data has been held in the multifunction machine.02-23-2012
20120210414INFORMATION PROCESSING SYSTEM, METHOD FOR CONTROLLING INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM - An information processing system stores key information for determining an authentication device and information about the authentication device by associating these information pieces with each other and extract the key information from access of an unauthenticated user. Based on the information about the authentication device associated with the key information, the access of the unauthenticated user is redirected.08-16-2012
20120005739LINKED IDENTITIES - Methods and systems to automatically respond to make a Super Identity by linking two identities and methods and systems to use the identities include a transaction authorization module that receives a request associated with a first identity record associated with a user, the request being for information associated with a second identity record. An identity linking module identifies that the second identity record is linked to the first identity record and retrieves the information associated with the second identity record. The transaction authorization module also generates a response including the information associated with the second identity, and transmits the response.01-05-2012
20120011578Cross-protocol federated single sign-on (F-SSO) for cloud enablement - A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.01-12-2012
20120210413FACILITATING SINGLE SIGN-ON (SSO) ACROSS MULTIPLE BROWSER INSTANCE - Facilitating single sign-on (SSO) across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources (hosted on server systems) from other browser instances. In an embodiment, the different browser instances are executing on different client systems. An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature. After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session).08-16-2012
20120023565SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON - Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor.01-26-2012
20080320576Unified online verification service - A web-based, graphical user interface-driven arrangement for configuring federated access management across a group of federations and associated identity providers is enabled by a centralized server, called a global verification server. The global verification server operates to give service providers who host protected resources (i.e., those that have access restricted to only users having particular attributes, such as being a member of a particular group) a unified view of federations that are typically deployed on a global basis, as well as provides web-based tools to manage federated access. The global verification server also provides a single location on the web where users can go to access protected resources by discovering and using their home identity provider for verified single sign-on.12-25-2008
20110107409Single Sign On For a Remote User Session - A user accesses a remote session, the connection to which is managed by a connection broker, according to a single sign-on (SSO) process. The SSO process includes the user entering his or her credentials and being authenticated to the connection broker. In addition to user authentication, the SSO process includes connection broker authentication to confirm that the connection broker is trustworthy. When the connection broker is authenticated, the user credentials are transmitted to the connection broker in a secure manner and the connection broker forwards them onto a machine hosting the remote session so that the user can be logged into the remote session without entering his or her credentials again.05-05-2011
20090133110SYSTEM AND METHOD USING GLOBALLY UNIQUE IDENTITIES - Systems and methods are described for creating a globally unique identity for a user or user-container by performing an iterative join where each participating back-end data source. The systems and methods include an ID-Unify (IDU) that performs identity virtualization and creates or generates a globally unique identifier for a user in operational environments in which there is a pre-existing conflict caused by the existence of different identities for a user in different authentication data sources.05-21-2009
20120216267User Initiated and Controlled Identity Federation Establishment and Revocation Mechanism - A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent.08-23-2012
20120167193METHOD AND SYSTEM FOR ESTABLISHING AND MAINTAINING AN IMPROVED SINGLE SIGN-ON (SSO) FACILITY - A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.06-28-2012
20120254969SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY SERVICES - Systems and methods for providing a login context operate a virtual machine, wherein the virtual machine includes an open services platform and an authentication service, wherein the authentication service includes a classloader, and an initial classloader is designated as the classloader of the authentication service, register a login module, receive an authentication request from a first application, and responsive to receiving the authentication request designate a classloader associated with the login module as the classloader of the authentication service, generate a login context of the login module, and provide the login context of the login module to the first application, whereby the first application uses the login context to perform an authentication.10-04-2012
20120254968SYSTEMS AND METHODS FOR IMPLEMENTING SECURITY SERVICES - Systems and methods for providing a login context operate a virtual machine, wherein the virtual machine includes an open services platform and an authentication service, wherein the authentication service includes a classloader, and an initial classloader is designated as the classloader of the authentication service, register a login module, receive an authentication request from a first application, and responsive to receiving the authentication request designate a classloader associated with the login module as the classloader of the authentication service, generate a login context of the login module, and provide the login context of the login module to the first application, whereby the first application uses the login context to perform an authentication.10-04-2012
20110185414System and Method for Single Sign-On Session Management Without Central Server - A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.07-28-2011
20100175118ACCESS TO SERVICE - A method is described for providing access to service in an access management system accessible via a data network, in which data network a user is registered and/or authenticated to a service by providing at least one detail related to the user. A user is provided with an option to add a direct view to the service from an external micro application platform and allowed to select the option of adding the direct view and responsively negotiating with the external micro application platform credential information in order to form a trusted relationship for accessing the direct view from the external micro application platform. After recognizing of a show view request from the external micro application platform based on the trusted relationship, the external micro application platform is provided with the view to the service. Corresponding method in a micro platform is described.07-08-2010
20120222104METHOD AND APPARATUS FOR PROVIDING SINGLE SIGN-ON FOR COMPUTATION CLOSURES - An approach is provided for providing single sign-on for computation closures. A single sign-on management platform determines to create a single sign-on computation closure in response to an initiation of a single sign-on authentication session. The single sign-on management platform also determines one or more computation entities that are to execute at least one other computation closure under the single sign-on authentication session. The single sign-on management platform further causes, at least in part, a transfer of the single sign-on computation closure to the one or more computation entities.08-30-2012
20100050246TRUSTING SECURITY ATTRIBUTE AUTHORITIES THAT ARE BOTH COOPERATIVE AND COMPETITIVE - A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide.02-25-2010
20100050245Systems and Methods to Provide Information and Services to Authorized Users - Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses.02-25-2010
20120084850TRUSTWORTHY DEVICE CLAIMS FOR ENTERPRISE APPLICATIONS - Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.04-05-2012
20120240210SERVICE ACCESS CONTROL - The invention enables a user to use single-sign-on methodologies to obtain access to a service where that user has more than one account. In addition to querying an identity provider to obtain user credentials in the usual way, the invention enables an application to request and obtain further credentials for that user in order to enable the user to gain access to the desired user account. The user may then be prompted to select which of the available accounts should be used at the application.09-20-2012
20120266228SECURE MANAGEMENT OF USER RIGHTS DURING ACCESSING OF EXTERNAL SYSTEMS - In an external system, a request handler may receive, at the external system, a logon ticket from a proprietary software system, the logon ticket associated with a request from a user of the proprietary system for access to the external system. A ticket handler may provide the logon ticket to an authentication service which is configured to perform a validation of the logon ticket at the proprietary system. A session manager may receive, from the authentication service and based on the validation, a user session and access rights related to the requested access. An access control manager may provide the requested access to the user via the proprietary system, according to the access rights and within the user session.10-18-2012
20080289017APPARATUS, METHODS, AND COMPUTER PROGRAMS FOR IDENTIFYING OR MANAGING VULNERABILITIES WITHIN A DATA PROCESSING NETWORK - A system, method, and service associated with a computing grid or a virtual organization include a request for proposal (RFP) generator, where the RFP describes a data processing task. The RFP is provided to multiple resource providers via the computing grid where each of the resource providers is potentially suitable for performing the data processing task on behalf of the resource consumer. An RFP response processor receives and evaluates RFP responses generated by one or more of the resource providers. An exception processor accessible to the RFP response processor evaluates any exception in the RFP to determine if the exception disqualifies the RFP response. The exceptions may include, for example, job time limit exceptions, resource requirement exceptions, hardware/software platform requirement exceptions and others. Exception rules may be defined to guide the evaluation of the exception.11-20-2008
20120324558SYSTEMS AND METHODS OF INTEGRATING OPENID WITH A TELECOMMUNICATIONS NETWORK - A solution is described which allows mobile devices to specify that certain sites are allowed to be logged into based on the device credentials alone. The solution integrates OpenID with a telecommunications network in order to verify the user's identity. This verification is based on the trust that the telecom carrier has to identify the subscriber at the GGSN. The solution splits the OpenID Provider (OP) into two systems—an internal OP and an external OP. The external OP can reside in the public network and can allow the user to authenticate with a password. The internal OP resides in the private network of the carrier and is directly connected to the GGSN such that it is only reachable from the GGSN.12-20-2012
20110277026Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications - The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution11-10-2011
20120102560SYNCHRONIZED SIGN-ON METHODS FOR NON-PROGRAMMATIC INTEGRATION SYSTEMS - Methods and systems for automatically signing a user on to an integration application when a user signs on to another application and signing a user off when the user signs off of the other application. The integration application automatically non-programmatically collects data from a mapped location of a mapped source reference of the other application. The collected data includes a user identifier value. The integration continuously monitors the collected user identifier value for a difference in the collected user identifier value. If the collected user identifier value is recognized by the integration application, the user is signed into the integration application using the collected user identifier value, and if a difference in the collected user identifier value is detected, the user is signed off of the integration application.04-26-2012
20120291114SINGLE SIGN-ON BETWEEN APPLICATIONS - A single sign-on (SSO) system uses simple one-to-one trust relationships between individual applications and an SSO service to extend log in services from one application to another. Each application retains its own login policies and can separately make a decision whether to trust the SSO request or challenge the user for login credentials. By structuring the SSO system to use simple identity mapping, there is no requirement for consolidating user identity records from multiple applications into a single database with its attendant overhead and dependency risks.11-15-2012
20100199340SYSTEM FOR INTEGRATING MULTIPLE IM NETWORKS AND SOCIAL NETWORKING WEBSITES - Systems and methods are described herein that provide for the integration of instant messaging applications and social networking websites. In some embodiments, a user can chat with individuals or groups of individuals that are logged in to a variety of different instant messaging applications or social networking websites, of which the user is a member. Thus, the user is able to use a single application to chat with any contact appearing on any of the user's contact lists across multiple different IM or social networks.08-05-2010
20100192214INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM INCLUDING COMPUTER PROGRAM - An information processing method includes receiving user information from a input unit pre-corresponded to the executer; acquiring the received user information via the corresponded input unit; determining whether the acquired user information matches the user information of the pre-corresponded user; starting a standard operation when the acquired user information is determined to match the user information of the pre-corresponded user; requesting the controller to identify another executer corresponded to the acquired user information when the acquired user information is determined to fail to match the user information of the pre-corresponded user; identifying the other executer corresponded to the user information when the executer requests the other executer corresponded to the user to be identified; and switching between the input unit corresponded to the executer having requested the other executer to be identified and the input unit corresponded to the other executer when the other executer is identified.07-29-2010
20130014243Cross Domain Single Sign On - The present application provides a method and system for Cross Domain Single Sign On. The method comprises: receiving a request from a user to a service provider; processing the user request prior to relaying the request to the service provider; forwarding the processed request to the corresponding service provider according, to the type of request; in response to receiving a response to the request from the service provider, processing the response, and forwarding the processed response to the user. By adopting the method and system of the present application, a Single Sign On management proxy is introduced as a united management system for a session lifetime of the user. The SSO management proxy manages operations of logging in, checking a session expiration and recovering, logging out, URL mapping, error processing, and access control, and effectively improves the availability, security, functional continuity of the service as well as the user's experience.01-10-2013
20130014244TECHNIQUES FOR ENVIRONMENT SINGLE SIGN ON - Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating.01-10-2013
20120151569Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores.06-14-2012
20130019299Distributed Authentication with Data Cloud - A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.01-17-2013
20130019300SYSTEM, CONTROL METHOD THEREFOR, SERVICE PROVIDING APPARATUS, RELAY APPARATUS AND COMPUTER-READABLE MEDIUMAANM Uchida; TakayukiAACI Kawasaki-shiAACO JPAAGP Uchida; Takayuki Kawasaki-shi JP - A system in which a first service providing apparatus, a second service providing apparatus, and at least one authentication apparatus cooperate with each other to provide a service by single sign-on to be used by a user, the second service providing apparatus comprises a management unit that manages belonging information for specifying a group to which the user belongs, and a transmission unit that transmits to the client terminal, when an instruction to provide a service by the first service providing apparatus is accepted from the user while providing a service by the second service providing apparatus, information for accessing the first service providing apparatus and the belonging information if the management unit manages the belonging information of the group to which the user belongs.01-17-2013
20080235778COMMUNICATION NETWORK, AN ACCESS NETWORK ELEMENT AND A METHOD OF OPERATION THEREFOR - An access network element provides user equipment access to a network comprising a centralised authentication server. The access network element comprises an authentication processor which authenticates the access network element at the centralised authentication server. In addition, the access network element authenticates a first user equipment in response to the authentication of the access network element by the centralised authentication server. A communication processor supports a peer-to-peer first communication session for the first user equipment and a peer-to-peer second communication session with a second access network element which supports a peer-to-peer communication session with a second user equipment. Peer-to-peer communication between the first and second user equipments is supported by exchanging data between the first communication session and the second communication session. The invention may allow benefits of de-centralised peer-to-peer communications to be combined with existing centralised network architectures such as the Internet Protocol Multimedia Subsystem, IMS.09-25-2008
20080222713SYSTEM AND METHOD FOR AUTHENICATION TO AN APPLICATION - Authenticating a first user in a protected network to an application in a DMZ network shared simultaneously with a second user in an unprotected network. The first user supplies a userID and a password to a first server within the protected network for authentication for the application. The first server checks authentication of the first user based on the userID and password. If the first user is authentic, the first server forwards to the application an authentication key for the first user and a selection by the first user pertaining to the application. The application checks authentication of the key, and if authentic, complies with the selection by the first user. The second user supplies another userID and another password to the application. If the other userID and other password are authentic, the application complies with a selection made by the second user pertaining to the application.09-11-2008
20130139240NETWORK SYSTEM, INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING THE INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - A network system including at least one client and a user account management server is provided. The user account management server includes a user account saving portion for saving a user identifier and a user password for a cooperative server with which at least one client works in coordination for specific processing. Each of the clients includes an application storage portion for storing an application for the specific processing, a reference information storage portion for storing reference information to be referred to when the application is executed, a location information obtaining portion for obtaining location information indicating a saving location of the user identifier and user password, a user account obtaining portion for obtaining, based on the location information, the user identifier and the user password from the user account management server, and an update portion for updating the reference information to indicate the user identifier and the user password.05-30-2013
20130097685METHOD AND SYSTEM FOR CONTENT DISTRIBUTION MANAGEMENT - A method of managing content related to a plurality of social networking websites. The method comprises accessing a first account that stores user's authentication information of the plurality of the networking websites and connecting to the plurality of social networking websites. Content associated with a second account is obtained from each of the plurality of social networking websites and service capabilities of each of the plurality of social networking websites are tracked. The obtained content from all the social networking websites is displayed on a single page and service information applicable to content is provided.04-18-2013
20110277025METHOD AND SYSTEM FOR PROVIDING MULTIFACTOR AUTHENTICATION - An approach is provided for using multifactor authentication to access multiple services. A determination is made that a user equipment has been authenticated for an access network. An identifier corresponding to the user equipment is received. An alias identifier is generated based on the received user equipment identifier for use in combination with a universal user identifier to authenticate a user corresponding to the user equipment for accessing a plurality of services via the access network.11-10-2011
20100319063ACCESS CONTROL TO SECURED APPLICATION FEATURES USING CLIENT TRUST LEVELS - Architecture that facilitates the conveyance of a trust level when the caller makes a call, the trust level in dependence on the state of the caller system. The callee (call recipient) receives notification of the trust level and can use this information in the communication such as to request verification from the caller and/or initiate other modes of communication. A caller can authenticate the caller identity in different ways to a communication server. Based on that, the server can assign an appropriate server-verified trust level to the caller. Further, an unsecured phone controller can indicate a lower client-side defined trust level. The server verified and client-side trust levels are then sent to the callee, where the callee determines whether to allow caller access to one or more secured features based on the feature values and the trust level imposed by the callee to access those features.12-16-2010
20110289575DIRECTORY AUTHENTICATION METHOD FOR POLICY DRIVEN WEB FILTERING - Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal.11-24-2011
20110314532IDENTITY PROVIDER SERVER CONFIGURED TO VALIDATE AUTHENTICATION REQUESTS FROM IDENTITY BROKER - Techniques are disclosed for an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for user authentication. For example, the identity broker may be configured to respond to a user authentication request from a network device formatted as a RADIUS or LDAP message. The identity broker may operate in conjunction with an identity provider to authenticate a user requesting access to a computing resource (e.g., to the network device, system, or hosted application).12-22-2011
20120066755METHOD AND SYSTEM FOR MANAGING AND MONITORING OF A MULTI-TENANT SYSTEM - Embodiments are described for providing access by application vendors to applications deployed in an enterprise network environment. A package access system defines a support user class in a user profile database for an application executed within organization resources maintained in a multi-tenant data store. The support user is granted read only privileges to metadata of the application. An organization administrator can grant the application vendor access to the application as a support user, allowing the vendor to view and analyze the metadata. The organization administrator can further grant access by a specific support representative to the application as a specific user within the organization user for a limited term. The support representative can then log into the organization and access and use the application in order to diagnose any post-installation usage problems with the application.03-15-2012
20130205383CONSOLIDATING DISPARATE CLOUD SERVICE DATA AND BEHAVIOR BASED ON TRUST RELATIONSHIPS BETWEEN CLOUD SERVICES - A method for consolidating cloud service data and behaviors can begin with the compilation of user/service membership data that associates requesting entities with subscribed cloud services by a trusted cloud service consolidator. A federated trust library housing inter-service trust information for the cloud services contained in the user/service membership data can be created. In response to a service request from a requesting entity, trusted secondary cloud services can be identified for the requesting entity. Identification of the trusted secondary cloud services can be based upon trust factors synthesized from data contained in the federated trust library. Data satisfying the service request and associated behaviors from each trusted secondary cloud service can then be consolidated into a unified data structure. A behavior can be an executable action supported by a trusted secondary cloud service. The unified data structure can be conveyed to the requesting entity in a service response.08-08-2013
20120096534Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.04-19-2012
20120096533Application Identity Design - Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.04-19-2012
20130212665SIGNING OFF FROM MULTIPLE DOMAINS ACCESSIBLE USING SINGLE SIGN-ON - An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains.08-15-2013

Patent applications in class Global (e.g., Single Sign On (SSO), etc.)