公开(公告)号：US10454915B2

公开(公告)日：2019-10-22

申请号：US15797374

申请日：2017-10-30

Applicant: Oracle International Corporation

Inventor： Mohamad Raja Gani Mohamad Abdul ,  Gregg Wilson

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/12 ,  H04L9/32

Abstract: Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.

公开(公告)号：US10218705B2

公开(公告)日：2019-02-26

申请号：US15712588

申请日：2017-09-22

Applicant: Oracle International Corporation

Inventor： Gregg Wilson ,  Tomas Knappek

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/08

Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for an identity management service, authenticates the request, and accesses a microservice based on the request. The system determines, based on the request, a tenancy of the client, a tenancy of a user, and a tenancy of a resource. The system retrieves data from the determined tenancies as required to process the request, where the data is retrieved by the microservice using a connection pool that provides connections to the database. The system then performs the identity management service by the appropriate microservice responsible for processing the received request.

公开(公告)号：US11870770B2

公开(公告)日：2024-01-09

申请号：US16807713

申请日：2020-03-03

Applicant: Oracle International Corporation

Inventor： Isabella Hio-Wai Lao ,  Gary Cole ,  Sudarsan Sridhar ,  Gregg Wilson

IPC: H04L9/40 ,  H04L12/403 ,  H04L12/46 ,  H04L67/568

CPC classification number: H04L63/0846 ,  H04L12/403 ,  H04L12/462 ,  H04L63/029 ,  H04L67/568

Abstract: Embodiments are directed to a multi-tenant cloud system. Embodiments receive a request for an authentication action for a user and create an authenticate target action. Embodiments register a cache listener to listen for a target action response that is responsive to the authenticate target action and initiate the authentication action for the user at an on-premise active directory (“AD”) via a bridge. Embodiments wait for a cache callback and, at the cache callback, receive a target action response comprising a result of the authentication action.

公开(公告)号：US11669321B2

公开(公告)日：2023-06-06

申请号：US16550765

申请日：2019-08-26

Applicant: Oracle International Corporation

Inventor： Sudhir Kumar Srinivasan ,  Venkateswara Reddy Medam ,  Gregg Wilson ,  Raghavendra Saravanamurthy

IPC: G06F8/65 ,  G06F16/21 ,  G06F16/27

CPC classification number: G06F8/65 ,  G06F16/212 ,  G06F16/27

Abstract: Embodiments include a multi-tenant cloud-based identity management system for a plurality of tenants. Embodiments include a global database providing a first set of resources to the plurality of tenants and a plurality of tenant databases, each tenant database providing a second set of resources to one of the plurality of tenants. Embodiments further include a plurality of resources accessible by the tenants and an automated upgrade framework for upgrading the global database and the tenant databases in response to an upgrade of a first release of the system to a second release of the system. For the automated upgrade framework, embodiments determine resource changes between the first release and the second release, generate an upgrade patch based on the resource changes and apply the upgrade patch to the global database.

公开(公告)号：US11258786B2

公开(公告)日：2022-02-22

申请号：US16737147

申请日：2020-01-08

Applicant: Oracle International Corporation

Inventor： Ajeet Bansal ,  Vadim Lander ,  Gregg Wilson

IPC: H04W12/08 ,  H04L29/06 ,  G06Q20/32 ,  G06F9/48 ,  G06Q20/40 ,  G06F9/50 ,  G06Q20/38

Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a service using the derived access token to execute the job.

公开(公告)号：US11258775B2

公开(公告)日：2022-02-22

申请号：US16249045

申请日：2019-01-16

Applicant: Oracle International Corporation

Inventor： Vadim Lander ,  Balakumar Balu ,  Venkateswara Reddy Medam ,  Kuang-Yu Shih ,  Lokesh Gupta ,  Vasukiammaiyar Asokkumar ,  Gregg Wilson

IPC: H04L29/06 ,  H04L9/08 ,  G06F16/27

Abstract: Embodiments perform write operations in a multi-tenant cloud system that includes a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. Embodiments receive a request from a first client to perform a first write for a resource at the second data center. Embodiments generate a call to the first data center including a second write for the resource at the first data center. Embodiments retrieve data corresponding to the first write and send the retrieved data to the first data center. Embodiments write on the data based on the first write, the writing on the data including changing the data to generate changed data.

公开(公告)号：US10834137B2

公开(公告)日：2020-11-10

申请号：US15991281

申请日：2018-05-29

Applicant: Oracle International Corporation

Inventor： Ashutosh Pitre ,  Gregg Wilson ,  Prashant Srinivasan

IPC: H04L29/06 ,  G06F21/62 ,  H04L29/08

Abstract: One embodiment performs policy evaluation in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives a request for an IAM service for a tenant of the multi-tenant cloud-based IAM system, and determines an applicable policy associated with the IAM service. The embodiment determines a policy expression of the applicable policy, where the policy expression includes a reference to an attribute value, and where the reference either includes a function or includes an application programming interface (“API”) of an attribute retriever class. The embodiment obtains the attribute value by invoking the function or by invoking the API of the attribute retriever class. The embodiment evaluates the applicable policy at run-time using at least the obtained attribute value, and performs the IAM service based on the result of the evaluating of the policy.

公开(公告)号：US10831789B2

公开(公告)日：2020-11-10

申请号：US15991083

申请日：2018-05-29

Applicant: Oracle International Corporation

Inventor： Sudhir Kumar Srinivasan ,  Shruthi Chikkanna ,  Nikhil Yograj Vaishnavi ,  Xiaoxiao Xu ,  Gregg Wilson ,  Venkateswara R. Medam

IPC: G06F16/2457 ,  G06F16/28 ,  G06F16/21 ,  H04L29/06 ,  G06F9/50

Abstract: A system performs reference attribute query processing in a multi-tenant cloud-based identity and access management (IAM) system by: receiving a request from a client of the multi-tenant cloud-based IAM system, where the request indicates one or more reference attributes associated with a resource that is persisted in a database of the multi-tenant cloud-based IAM system, and the request indicates one or more filter conditions configured to be applied on the one or more reference attributes; building a query based on the one or more reference attributes and the one or more filter conditions; retrieving resource data by executing the query on a database of the multi-tenant cloud-based IAM system, where the retrieved resource data is associated with the one or more reference attributes and satisfies the one or more filter conditions; and returning the retrieved data to the client of the multi-tenant cloud-based IAM system.

公开(公告)号：US10594684B2

公开(公告)日：2020-03-17

申请号：US15697862

申请日：2017-09-07

Applicant: Oracle International Corporation

Inventor： Ajeet Bansal ,  Vadim Lander ,  Gregg Wilson

IPC: H04L29/06 ,  G06Q20/32 ,  G06F9/48 ,  H04W12/08 ,  G06Q20/40 ,  G06F9/50 ,  G06Q20/38

Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.

公开(公告)号：US09781122B1

公开(公告)日：2017-10-03

申请号：US15485532

申请日：2017-04-12

Applicant: Oracle International Corporation

Inventor： Gregg Wilson ,  Tomas Knappek

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/101 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/0884 ,  H04W12/06 ,  H04W12/08

Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for an identity management service, authenticates the request, and accesses a microservice based on the request. The system determines, based on the request, a tenancy of the client, a tenancy of a user, and a tenancy of a resource. The system retrieves data from the determined tenancies as required to process the request, where the data is retrieved by the microservice using a connection pool that provides connections to the database. The system then performs the identity management service by the appropriate microservice responsible for processing the received request.