Patent application number | Description | Published |
20090222656 | SECURE ONLINE SERVICE PROVIDER COMMUNICATION - Computer-readable media, systems, and methods for encrypting communications between a client and an online service provider to ensure the communications are secure. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes identification information and authentication information. Additionally, it is determined that the identification and authentication information are associated with a user. An authentication ticket is created that includes a user identification and an authentication and indicates to the online service provider that the user is authenticated to access one or more services. Further, a session key is generated and an encrypted session key is embedded into the authentication ticket. The session key is encrypted and the private key is known only to the online service provider and the public key is known at least by an authentication server. | 09-03-2009 |
20090254978 | DELEGATED AUTHENTICATION FOR WEB SERVICES - Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user's data, and the host web service. | 10-08-2009 |
20090300168 | DEVICE-SPECIFIC IDENTITY - A device identifier (ID) is used across enterprise boundaries. A user can use the device ID to publish a device for sharing with other remote users. The remote users can discover devices that are shared by other users based on device IDs, connect to a selected device, and then verify that they have connected to the correct device based on its device ID. An account authority service may be used to manage the publication and/or discovery of the shared devices and their device IDs. | 12-03-2009 |
20090300720 | CENTRALIZED ACCOUNT REPUTATION - A centralized account reputation system differentiates between illegitimate users and legitimate users using reputation scores associated with the users' online accounts. The system restricts the access of illegitimate users to certain network services while minimizing its negative effects on legitimate users. The system can manage the life cycle of an online account, considering data about the account that is obtained throughout the account network to compute the online account reputation score and allocating access to network services based on the online account reputation score. For example, a reputation score may be embedded in a security token that can be accessed by multiple services on the account network, so that each service can determine the appropriate level of access to be granted to the associated user account based on the reputation score. Various types of online account behavior over time can improve or diminish the online account's reputation. | 12-03-2009 |
20090300744 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 12-03-2009 |
20090320114 | FEDERATED REALM DISCOVERY - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 12-24-2009 |
20090320116 | FEDERATED REALM DISCOVERY - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 12-24-2009 |
20100088753 | IDENTITY AND AUTHENTICATION SYSTEM USING ALIASES - An identity and authentication platform utilizes a data model that enables multiple identities such as e-mail addresses, mobile phone numbers, nicknames, gaming IDs, and other user IDs to be utilized as aliases which are unique sub-identities of a main account name. A user may utilize the aliases supported by the platform to project multiple different on-line identities while using the authentication credentials of the main account. The platform is configured to expose the aliases to various client applications and Internet-accessible sites and services such as e-mail, instant messaging, media sharing, gaming and social networks, and the like, to enable the implementation of a variety of usage scenarios that employ aliases. | 04-08-2010 |
20100235431 | DATACENTER SYNCHRONIZATION - A datacenter infrastructure comprising a plurality of datacenters is configured to provide services to users. Data (e.g., application data) provided to respective datacenters from a user is synchronized between different datacenters comprised within “a cloud” according to a multilevel synchronization scheme. Respective levels of the multilevel synchronization operate to transfer different priority (user) data between the plurality of datacenters, wherein respective priorities are determined based upon the importance of the data in providing a service. For example, data used to perform a service is synchronized by a synchronization component facilitating a higher level of synchronization between datacenters, while data not routinely used to perform a service is synchronized by a lower priority synchronization component. Synchronization between datacenters allows a network address routing system to provide substantially uninterrupted routing of a user to an available or otherwise appropriate datacenter within the datacenter infrastructure, thereby providing increased service reliability and performance. | 09-16-2010 |
20110247055 | TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service. | 10-06-2011 |
20140026205 | Federated Realm Discovery - A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm. | 01-23-2014 |