REVOKING SESSIONS USING SIGNALING
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user'"'"'s login account has been compromised, where the user'"'"'s login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
-
Citations
21 Claims
-
1. (canceled)
-
2. A computer system comprising:
-
one or more processors; and one or more computer-readable hardware storage devices having stored thereon computer-executable instructions which, when executed by the one or more processors, cause the computer system to operate with an architecture that performs a method of improving user sign-in security by facilitating selective revocation of one or more sessions which purport to have been previously initiated by a user, and wherein the method comprises; receiving sign-in credentials for a user who is signing into an application; based on the sign-in credentials, initiating a new active session for the user; determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions; presenting an identification of the multiple currently active sessions for the user; and selecting for revocation any particular session for which the user'"'"'s login credentials have been changed, or any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A method for operating an architecture that improves user sign-in security by selectively revoking a user session, the method being performed by a computer system that operates with the architecture, the method comprising:
-
receiving sign-in credentials for a user who is signing into an application; based on the sign-in credentials, initiating a new active session for the user; determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions; presenting an identification of the multiple currently active sessions for the user; and selecting for revocation any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. One or more hardware storage devices having stored thereon computer-executable instructions which, when executed by one or more processors of a computer system, cause the computer system to operate with an architecture that performs a method of improving user sign-in security by facilitating selective revocation of one or more sessions which purport to have been previously initiated by a user, and wherein the method comprises:
-
receiving sign-in credentials for a user who is signing into an application; based on the sign-in credentials, initiating a new active session for the user; determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions; presenting an identification of the multiple currently active sessions for the user; and selecting for revocation any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification