A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.

A method and a system for providing one or more services to one or more user devices

in an IoT network in a scalable M2M (Machine to Machine) framework. The method comprises receiving a connection request from the one or more user devices [202] at a load balance of the IoT network, the connection request comprises at least a username comprising a cluster identifier. The load balancer [204] determines a cluster identifier based on the connection request and identifies at least one target cluster from the one or more clusters [206], said target cluster being associated with the identifier cluster identifier. The load balancer [204] routes the connection request to the at least one target cluster to provide the one or more services to the one or more user devices [202].

An interface server (e.g., Web Application Open Platform Interface (WOPI) server) is communicatively connected to an information management (IM) server and to an online application server which acts as a client of the interface server. When a user wishes to open, create, or edit a document in an online application hosted by the online application server, the interface server is called, instead of the IM server which manages the document at the backend of an enterprise computing network. The interface server is configured for obtaining a working copy of the document from the IM server and providing the working copy to the client. The client provides the working copy to the online application for display on the user device. When the work is done, the working copy is sync'd back through the interface server to the IM server as a new draft and deleted by the interface server.

Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys. Secure search capability is also provided by the client devices supplying a set of message tokens obtained by transformations that the communication server cannot replicate, and the communication server maintaining a search index storing the message tokens in association with the (encrypted) messages from which they were obtained.

Methods, systems, and apparatus, including computer programs stored on computer-readable media, for integrating electronic card display at a client via a software development kit (SDK) provided at one or more data servers are disclosed. A client-side application such as a web browser may request the SDK based on a code snippet included in a data file, such as a HyperText Markup Language (HTML) file for a web page. Once the SDK is received at the client, the client-side application may perform various functionalities enabled by the SDK, including determining terms in the data file that match keywords associated with electronic cards, requesting and receiving electronic card rendering data associated with the electronic cards, and modifying a display generated based on the data file to display an electronic card, upon detecting a trigger event in relation to a term within the web page that corresponds to the electronic card.

A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.

Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

One or more computing devices, systems, and/or methods for providing a system with access to resources associated with a user account using a disposable email address (DEA) are provided. A request to provide a system with access to a first set of resources may be received. The first set of resources may be associated with a first email account associated with a first email address. A first DEA associated with the first email account may be generated. The first DEA may be transmitted to the system. A first set of modified emails may be generated based upon a first set of emails of the first email account. A first modified email of the first set of modified emails may comprise an indication of the first DEA. Access to the first set of modified emails may be provided to the system. The first DEA may be deactivated.

Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information.