Revoking sessions using signaling
First Claim
1. At a computer system including at least one processor, a computer-implemented method for revoking user sessions using signaling, the method comprising:
- an act of receiving, at an identity platform, an indication indicating that a user'"'"'s login account has been compromised, the user'"'"'s login account having an associated login session and corresponding session artifact that is valid for a specified amount of time, wherein the specified amount of time for the session artifact indicates that the session should remain valid beyond a time in which the indication was received;
an act of generating a signal indicating that the login session is no longer trusted, irrespective of the specified amount of time for the session artifact indicating that the session should still remain valid, and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact; and
an act of using a synchronization signal that is part of an existing synchronization contract to provide the generated signal to one or more relying parties including at least one relying party that is hosting the login session for the user, by utilizing and piggybacking one or more synchronization messages that are already being transmitted according to a predetermined schedule based on the synchronization contract.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user'"'"'s login account has been compromised, where the user'"'"'s login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
21 Citations
15 Claims
-
1. At a computer system including at least one processor, a computer-implemented method for revoking user sessions using signaling, the method comprising:
-
an act of receiving, at an identity platform, an indication indicating that a user'"'"'s login account has been compromised, the user'"'"'s login account having an associated login session and corresponding session artifact that is valid for a specified amount of time, wherein the specified amount of time for the session artifact indicates that the session should remain valid beyond a time in which the indication was received; an act of generating a signal indicating that the login session is no longer trusted, irrespective of the specified amount of time for the session artifact indicating that the session should still remain valid, and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact; and an act of using a synchronization signal that is part of an existing synchronization contract to provide the generated signal to one or more relying parties including at least one relying party that is hosting the login session for the user, by utilizing and piggybacking one or more synchronization messages that are already being transmitted according to a predetermined schedule based on the synchronization contract. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system comprising the following:
-
one or more processors; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing system to perform a method for revoking user sessions using signaling, the method comprising the following; an act of receiving, at an identity platform, an indication indicating that a user'"'"'s login account has been compromised, the user'"'"'s login account having an associated login session and corresponding session artifact that is valid for a specified amount of time, wherein the specified amount of time for the session artifact indicates that the session should remain valid beyond a time in which the indication was received; an act of generating a signal indicating that the login session is no longer trusted, irrespective of the specified amount of time for the session artifact indicating that the session should still remain valid, and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact; and an act of using a synchronization signal that is part of an existing synchronization contract to provide the generated signal to one or more relying parties including at least one relying party that is hosting the login session for the user, by utilizing and piggybacking one or more synchronization messages that are already being transmitted according to a predetermined schedule based on the synchronization contract. - View Dependent Claims (14, 15)
-
Specification