REVOKING SESSIONS USING SIGNALING

US 20180139200A1
Filed: 11/29/2017
Published: 05/17/2018
Est. Priority Date: 08/06/2014
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user'"'"'s login account has been compromised, where the user'"'"'s login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Citations

21 Claims

1. (canceled)

2. A computer system comprising:
- one or more processors; and
  
  one or more computer-readable hardware storage devices having stored thereon computer-executable instructions which, when executed by the one or more processors, cause the computer system to operate with an architecture that performs a method of improving user sign-in security by facilitating selective revocation of one or more sessions which purport to have been previously initiated by a user, and wherein the method comprises;
  
  receiving sign-in credentials for a user who is signing into an application;
  
  based on the sign-in credentials, initiating a new active session for the user;
  
  determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions;
  
  presenting an identification of the multiple currently active sessions for the user;
  
  andselecting for revocation any particular session for which the user'"'"'s login credentials have been changed, or any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The computer system of claim 2, wherein execution of the computer-executable instructions further causes the computer system to cause subsequent sign-ins of the user to require an authentication means that is different than an authentication means that the user used when initially signing into the application.
  - 4. The computer system of claim 2, wherein a cookie file is stored on the computer system when the new active session is initiated for the user.
  - 5. The computer system of claim 2, wherein execution of the computer-executable instructions further causes the computer system to monitor a login activity associated with the user.
  - 6. The computer system of claim 5, wherein the login activity includes information corresponding to a geographic location where the user signed into the application.
  - 7. The computer system of claim 2, wherein the selectively revoking is initiated by the user such that the user selectively chooses when the particular session is to be revoked.
  - 8. The computer system of claim 2, wherein execution of the computer-executable instructions further causes the computer system to record a time corresponding to when the user signed into the application.

9. A method for operating an architecture that improves user sign-in security by selectively revoking a user session, the method being performed by a computer system that operates with the architecture, the method comprising:
- receiving sign-in credentials for a user who is signing into an application;
  
  based on the sign-in credentials, initiating a new active session for the user;
  
  determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions;
  
  presenting an identification of the multiple currently active sessions for the user; and
  
  selecting for revocation any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the method further includes:
    - after the new active session is initiated for the user, detecting an occurrence of a particular condition; and
      
      in response to detecting the occurrence of the particular condition, requiring that the user sign into the application using an authentication means that is different than an authentication means that the user used when initially signing into the application.
  - 11. The method of claim 9, wherein a cookie file is stored on the computer system when the new active session is initiated for the user.
  - 12. The method of claim 9, wherein the method further includes monitoring a login activity associated with the user.
  - 13. The method of claim 12, wherein the login activity includes information corresponding to a geographic location where the user signed into the application.
  - 14. The method of claim 9, wherein the selectively revoking is initiated by the user such that the user selectively chooses when the particular session is to be revoked.
  - 15. The method of claim 9, wherein a time corresponding to when the user signed into the application is recorded.

16. One or more hardware storage devices having stored thereon computer-executable instructions which, when executed by one or more processors of a computer system, cause the computer system to operate with an architecture that performs a method of improving user sign-in security by facilitating selective revocation of one or more sessions which purport to have been previously initiated by a user, and wherein the method comprises:
- receiving sign-in credentials for a user who is signing into an application;
  
  based on the sign-in credentials, initiating a new active session for the user;
  
  determining that one or more additional sessions which purport to have been previously initiated by the user are active for the user such that the user is associated with multiple currently active sessions, wherein the multiple currently active sessions comprise the new active session and the one or more additional sessions;
  
  presenting an identification of the multiple currently active sessions for the user; and
  
  selecting for revocation any particular session which purports to have been previously initiated by the user but is otherwise suspect, but without revoking any non-selected session of the multiple currently active sessions.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The one or more hardware storage devices of claim 16, wherein execution of the computer-executable instructions further causes the computer system to cause subsequent sign-ins of the user to require an authentication means that is different than an authentication means that the user used when initially signing into the application.
  - 18. The one or more hardware storage devices of claim 16, wherein a cookie file is stored on the computer system when the new active session is initiated for the user.
  - 19. The one or more hardware storage devices of claim 16, wherein execution of the computer-executable instructions further causes the computer system to monitor a login activity associated with the user.
  - 20. The one or more hardware storage devices of claim 19, wherein the login activity includes information corresponding to a geographic location where the user signed into the application.
  - 21. The one or more hardware storage devices of claim 16, wherein the selectively revoking is initiated by the user such that the user selectively chooses when the particular session is to be revoked.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Gordon, Ariel, Devasahayam, Samuel, Zhao, Lu, Rouskov, Yordan, Arewar, Parmeshwar Miguel Sequeira, Gopalakrishnan, Venkatesh, Subramaniam, Sarat Chandra, Miron, Titus Constantin

Granted Patent

US 10,104,071 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 69/28   Timers or timing mechanisms...

REVOKING SESSIONS USING SIGNALING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

REVOKING SESSIONS USING SIGNALING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links