Patent application number | Description | Published |
20090007247 | DOMAIN ID SERVICE - The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding. | 01-01-2009 |
20090013394 | SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated. | 01-08-2009 |
20090013395 | METHOD AND SYSTEM FOR PROVIDING SINGLE SIGN-ON USER NAMES FOR WEB COOKIES IN A MULTIPLE USER INFORMATION DIRECTORY ENVIRONMENT - A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated. | 01-08-2009 |
20090126011 | APPLICATION SECURITY MODEL - Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation. | 05-14-2009 |
20090328134 | LICENSING PROTECTED CONTENT TO APPLICATION SETS - The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested. | 12-31-2009 |
20100180126 | SECURE REMOTE PASSWORD VALIDATION - A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process. | 07-15-2010 |
Patent application number | Description | Published |
20080244736 | MODEL-BASED ACCESS CONTROL - Access control as it relates to policies or permissions is provided based on a created model. A security policy is abstracted and can be independent of a mechanism used to protect resources. An asbstract model of a potential user, user role and/or resource is created without associating a specific individual and/or resource with a model. These abstract user models and abstract resource models can be used across applications or within disparate applications. The abstracted security policies can be selectively applied to the model. Specific users and/or resources can be associated with one or more abstract user model or abstract resource model. The models can be nested to provide configurations for larger systems. | 10-02-2008 |
20080282315 | Host control of partial trust accessibility - Various technologies and techniques are disclosed for providing host control of partial trust accessibility. A framework allows libraries to be identified as partial trust callers allowed to indicate that the libraries are allowed to be called from partially trusted code by default. The framework allows libraries to be identified as partial trust callers enabled to indicate the libraries could be called from partially trusted code, but not by default. A hosting application is notified that a particular library has been loaded. If the particular library has been identified as partial trust callers allowed, then a determination is received from the hosting application on whether to remove or keep partial trust accessibility for the particular library. If the particular library has been identified as partial trust callers enabled, then a determination is received from the hosting application on whether or not to enable partial trust accessibility for the particular library. | 11-13-2008 |
20080301780 | ACCESS CONTROL NEGATION USING NEGATIVE GROUPS - The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group. | 12-04-2008 |
20080307486 | ENTITY BASED ACCESS MANAGEMENT - The subject disclosure pertains to systems and methods that facilitate entity-based for access management. Typically, access to one or more resources is managed based upon identifiers assigned to entities. Groups of identifiers can be assigned to access rights. An authority component can manage an exclusion group that excludes an entity, regardless of the identifier utilized by the entity. Access control components can utilize exclusion groups in access policies to define access rights to a resource. | 12-11-2008 |
20080313712 | TRANSFORMATION OF SEQUENTIAL ACCESS CONTROL LISTS UTILIZING CERTIFICATES - The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL. | 12-18-2008 |
20100023767 | API for Diffie-Hellman secret agreement - Various technologies and techniques are disclosed for implementing a Diffie-Hellman secret agreement. An application programming interface is provided that is operable to allow a first computer to generate a Diffie-Hellman secret agreement for communicating securely with a second computer over an insecure channel. A get public key operation is performed upon receiving a request to perform the get public key operation. The get public key operation gets a public key of the first computer. A retrieval operation is performed upon receiving a request to perform the retrieval operation. The retrieval operation retrieves the Diffie-Hellman secret agreement upon supplying a public key of the second computer. | 01-28-2010 |
20100293608 | EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION - Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold. | 11-18-2010 |
20130283342 | Transformation of Sequential Access Control Lists Utilizing Certificates - The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL. | 10-24-2013 |
Patent application number | Description | Published |
20090122972 | INDEPENDENT CUSTOMER SERVICE AGENTS - Aspects of systems and methods for maintaining and operating agent nodes are provided. In some embodiments, calls, contacts, and other work units may be routed to individual customer service agents via a centralized queue based on a variety of factors. Some embodiments may provide market-based call pricing and customer service agent compensation. | 05-14-2009 |
20110051920 | SYSTEMS AND METHODS FOR CUSTOMER CONTACT - A user of a personal computing device may identify an item of interest displayed in a user interface provided by a network-based service and would like to obtain more information. The user may submit one or more electronic contact requests to a contact service in communication with a contact distribution system in order to obtain more information. The contact distribution system determines accurate, real-time availability of service agents and enables communications between the customer and an agent to be established in accordance with user contact information provided by the user. | 03-03-2011 |
20110051922 | SYSTEMS AND METHODS FOR CUSTOMER CONTACT - A user of a personal computing device may identify an item of interest displayed in a user interface provided by a network-based service and would like to obtain more information. The user may submit one or more electronic contact requests to a contact service in communication with a contact distribution system in order to obtain more information. The contact distribution system determines accurate, real-time availability of service agents and enables communications between the customer and an agent to be established in accordance with user contact information provided by the user. | 03-03-2011 |
20140074529 | SYSTEMS AND METHODS FOR CUSTOMER CONTACT - A user of a personal computing device may identify an item of interest displayed in a user interface provided by a network-based service and would like to obtain more information. The user may submit one or more electronic contact requests to a contact service in communication with a contact distribution system in order to obtain more information. The contact distribution system determines accurate, real-time availability of service agents and enables communications between the customer and an agent to be established in accordance with user contact information provided by the user. | 03-13-2014 |
20150195407 | FOLLOWUP OF CUSTOMER SERVICE AGENTS - A user of a personal computing device may identify an item of interest displayed in a user interface provided by a network-based service and would like to obtain more information. The user may submit an electronic contact requests to an agent continuity service in communication with one or more service agents in order to obtain more information. The agent continuity service may determine whether the user has communicated with an agent previously and, if so, provide the user with the option to communicate with the agent again, should the user desire. | 07-09-2015 |
20150221021 | SYSTEM AND METHOD FOR VISUAL VERIFICATION OF ORDER PROCESSING - One or more images of items for an order being processed at processing station of an order fulfillment center may be captured and associated with the order. Alternatively, a short video clip may be captured of the order being packaged. An electronic notification that the order has been processed may be sent to a customer associated with the order. The electronic notification may include a reference to one or more of the captured images or video clips. The customer may use a reference included in the notification to view the captured images. The customer may view captured images to verify that the order has been correctly processed. The captured images may include images of the items being packaged for shipment and may show the shipping address on the package allowing the customer to verify that indeed it is his package in the images. | 08-06-2015 |
20150324806 | SYSTEMS AND METHODS FOR CUSTOMER CONTACT - A user of a personal computing device may identify an item of interest displayed in a user interface provided by a network-based service and would like to obtain more information. The user may submit one or more electronic contact requests to a contact service in communication with a contact distribution system in order to obtain more information. The contact distribution system determines accurate, real-time availability of service agents and enables communications between the customer and an agent to be established in accordance with user contact information provided by the user. | 11-12-2015 |