Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.

A system, method, and computer program product are provided for managing a plurality of heterogeneous services and/or a plurality of heterogeneous devices linked to at least one customer. In operation, a system links a customer identifier associated with at least one customer with one or more of a plurality of heterogeneous services and/or a plurality of heterogeneous devices. Moreover, the system manages the plurality of heterogeneous services and/or the plurality of heterogeneous devices linked to the customer(s).

A method of authenticating communications includes receiving, by a computer, a first set of credentials, verifying the first set of credentials by comparing the first set of credentials to a plurality of sets of credentials stored in a database, subsequent to verifying the first set of credentials, deriving a second set of credentials, and transmitting notification of the second set of credentials to a remote computer.

Multi-factor authentication techniques are used to verify an identity of an audio-only caller requesting to join a video-enabled virtual meeting. A request for an audio-only caller to join a video-enabled virtual meeting is received from a phone device of the audio-only caller, in which the audio-only caller is using the phone device to call into the video-enabled virtual meeting. An authentication request is transmitted to the phone device to verify an identity of the audio-only caller. A response to the authentication request is received from the phone device and includes an authentication code generated based on the request for the audio-only caller to join the video-enabled virtual meeting. The identity of the audio-only caller is then verified using the authentication code and information associated with the phone device, and the request for the audio-only caller to join the video-enabled virtual meeting is allowed or denied based on the verification.

Embodiments of the present invention include techniques for reestablishing a secure communication channel between a client machine and a server machine. A client machine receives, from a server machine, a first message generated in connection with a first master token. The client machine detects an error condition associated with the first message. The client machine transmits, to the server machine, a second message generated in connection with a pre-provisioned key that includes a request for a new master token. The client machine receives, from the server machine, a third message that includes a second master token. The client machine transmits, to the server machine, a fourth message generated in connection with the second master token.

Disclosed are various approaches for retrieving contacts from a plurality of federated services. In one example, an authentication notification is received from an identity manager. The authentication notification can include an identifier for a user account and a single sign-on token for the user account. A federated service to authenticate on behalf of the user account is identified. The single sign-on token is transmitted to the federated service for authentication. An authentication token and a refresh token is received from the federated service. The authentication token is determined to expire within a threshold time period. The refresh token is has not expired. The refresh token is transmitted to the federated service for a replacement authentication token.

A method for monitoring industrial devices includes: obtaining an access token of a cloud storage server by a management device; sending a certificate request message to the management device by a user apparatus; performing a certificate verification on the user apparatus by the management device according to the certificate request message, and sending a certificate pass message with the access token to the user apparatus by the management device after passing the certificate verification; sending an access request message with the access token and identification information to the cloud storage server by the user apparatus; and providing device data of an industrial device terminal to the user apparatus by the cloud storage server according to the access token and a privilege of the identification information.

A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.

A password-less authentication system and method include registering a contactless card of a client with an application service and binding the contactless card to one or more client devices. The contactless card advantageously stores a username and a dynamic password. Accesses by the client to the application service may be made using any client device, and authentication of the accesses may be performed by any client device that includes a contactless card interface and can retrieve the username and dynamic password pair from the contactless card. By storing the username on the card, rather than requiring user input, application security improved because access to and knowledge of login credentials is limited. In addition, the use of a dynamic password reduces the potential of malicious access.

The embodiments of the disclosure provide a method for authentication and authorization and the authentication server. The disclosure provides a user management mechanism required by multiple applications, so each of the applications does not need to have its own user management mechanism. In this manner, the security mechanism can be provided by the authentication server to improve the security of the user data.