Patent application number | Description | Published |
20090265772 | Secure Key Distribution to Internet Clients - A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network. | 10-22-2009 |
20120072716 | MULTITENANT-AWARE PROTECTION SERVICE - Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis. | 03-22-2012 |
20130151419 | Merchant Verification of In-person Electronic Transactions - Validation data, such as an image selected by a merchant, is rendered on a mobile device of a customer to provide the merchant confirmation that payment for an item submitted through the mobile device of the customer was in fact received by the merchant. The merchant may establish an account on a network-accessible computing device (e.g., in the “cloud”) that includes the validation data. The customer authorizes payment to the merchant from the mobile device using the network connectivity of the mobile device. When the payment is received by the merchant, the network-accessible computing device sends the validation data to the customer's mobile device. The merchant may be confident that he or she has in fact received an electronic payment from the customer when the validation data is presented on the mobile device. Techniques to prevent reuse and copying of the validation data are also discussed. | 06-13-2013 |
20130198818 | Logout From Multiple Network Sites - Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions. | 08-01-2013 |
20130198821 | Account Management for Multiple Network Sites - Disclosed are various embodiments for account management for multiple network sites. Multiple accounts of a user are maintained for multiple network sites in a computing device. A secured resource of a network site is to be accessed by the computing device. A new account is created, or an existing account is upgraded, in response to determining that the accounts are not capable of accessing the secured resource. A set of information about the user is provided to the network site to create, or upgrade, the account. | 08-01-2013 |
20130198822 | Authentication Management Services - Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported. | 08-01-2013 |
20130198823 | Presenting Managed Security Credentials to Network Sites - Disclosed are various embodiments for providing managed security credentials to network sites for authentication. Multiple accounts of a user are maintained for multiple network sites. A secured resource of a network site is to be accessed by a computing device. One of the accounts is identified according to a domain name of the network site. The account is associated with a different network site having a different domain name from the domain name. The computing device is automatically authenticated with the network site using a security credential associated with the account. | 08-01-2013 |
20130198824 | Recovery of Managed Security Credentials - Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid. | 08-01-2013 |
20150033302 | LOGOUT FROM MULTIPLE NETWORK SITES - Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions. | 01-29-2015 |