Revoking sessions using signaling
First Claim
1. A computer-implemented method for signaling to one or more entities that a session previously initiated by a user is to be revoked, the method comprising acts of:
- receiving an indication that one or more credentials associated with a user account have been changed, the user account having at least one associated session previously initiated for the user account;
determining that a session token associated with the previously initiated session was issued before the received indication of the one or more changed credentials for the user account; and
based on the determination, signaling to an identity platform that the associated session previously initiated is to be revoked, wherein signaling to the identity platform that the previously initiated session is to be revoked comprises synchronizing a password timestamp with the identity platform.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user'"'"'s login account has been compromised, where the user'"'"'s login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
14 Citations
17 Claims
-
1. A computer-implemented method for signaling to one or more entities that a session previously initiated by a user is to be revoked, the method comprising acts of:
-
receiving an indication that one or more credentials associated with a user account have been changed, the user account having at least one associated session previously initiated for the user account; determining that a session token associated with the previously initiated session was issued before the received indication of the one or more changed credentials for the user account; and based on the determination, signaling to an identity platform that the associated session previously initiated is to be revoked, wherein signaling to the identity platform that the previously initiated session is to be revoked comprises synchronizing a password timestamp with the identity platform. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
-
one or more processors; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing system to perform a method for revoking user sessions using signaling, wherein the method comprises acts of; receiving an indication that one or more credentials associated with a user account have been changed, the user account having at least one associated session previously initiated for the user account; determining that a session token associated with the previously initiated session was issued before the received indication of the one or more changed credentials for the user account; and based on the determination, signaling to an identity platform that the associated session previously initiated is to be revoked, wherein signaling to the identity platform that the previously initiated session is to be revoked comprises synchronizing a password timestamp with the identity platform. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising one or more hardware storage devices having thereon computer-executable instructions that are structured such that, when executed by one or more processors of a computing system, configure a computing system to perform a method for signaling to one or more entities that a session previously initiated by a user is to be revoked, and wherein the method comprises:
-
receiving an indication that one or more credentials associated with a user account have been changed, the user account having at least one associated session previously initiated for the user account; determining that a session token associated with the previously initiated session was issued before the received indication of the one or more changed credentials for the user account; and based on the determination, signaling to an identity platform that the associated session previously initiated is to be revoked, wherein signaling to the identity platform that the previously initiated session is to be revoked comprises synchronizing a password timestamp with the identity platform. - View Dependent Claims (16, 17)
-
Specification