公开(公告)号：US11356454B2

公开(公告)日：2022-06-07

申请号：US16678171

申请日：2019-11-08

Applicant: Oracle International Corporation

Inventor： Lokesh Gupta ,  Vadim Lander

IPC: H04L29/06 ,  H04L9/40 ,  G06F21/53 ,  G06F21/41 ,  G06F9/455

Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.

公开(公告)号：US11088993B2

公开(公告)日：2021-08-10

申请号：US16537722

申请日：2019-08-12

Applicant: Oracle International Corporation

Inventor： Stephan Wardell ,  Andrew B Folkins ,  Vadim Lander ,  Prateek Mishra ,  Rich Levinson ,  Cory Womacks ,  Dino E. Cuthbert

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04W12/062 ,  H04W12/069

Abstract: An embodiment controls access to a resource, the access controlled by a multi-tenant system. Embodiments receive, at a web server, a request for the resource from a user via a web browser, the request including a Uniform Resource Locator (“URL”) associated with the resource and an identity of a tenant corresponding to the user. Embodiments determine an access policy for authenticating the user that is associated with the resource, the access policy based in part on the identity of the tenant. Embodiments then authenticate the user based on the determined access policy.

公开(公告)号：US10516672B2

公开(公告)日：2019-12-24

申请号：US15609321

申请日：2017-05-31

Applicant: Oracle International Corporation

Inventor： Lokesh Gupta ,  Vadim Lander

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/41 ,  G06F9/455

Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.

公开(公告)号：US11528262B2

公开(公告)日：2022-12-13

申请号：US17149163

申请日：2021-01-14

Applicant: Oracle International Corporation

Inventor： Damien Carru ,  Vasukiammaiyar Asokkumar ,  Vadim Lander

IPC: H04L9/40 ,  H04L41/28 ,  H04L9/32

Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.

公开(公告)号：US10255061B2

公开(公告)日：2019-04-09

申请号：US15661024

申请日：2017-07-27

Applicant: Oracle International Corporation

Inventor： Vadim Lander ,  Lokesh Gupta

IPC: G06F8/656 ,  G06F11/36 ,  H04L29/06 ,  H04L12/751

Abstract: A system provides cloud-based identity and access management. The system receives a request for performing an identity management service. The request identifies the service and a current version of a microservice. The current version of the microservice is in a first stateless middle tier in a first topology that includes a first web tier. The system performs the identity management service by the current version of the microservice using tenant data stored in a database. The system then determines an upgrade to be applied to the microservice, and deploys a second topology that implements the upgrade. The second topology includes a second web tier and a second stateless middle tier including a new version of the microservice. The system tests the new version of the microservice in the second topology using test data stored in the database, promotes the second topology, and drains and shuts down the first topology.

公开(公告)号：US09838376B1

公开(公告)日：2017-12-05

申请号：US15450512

申请日：2017-03-06

Applicant: Oracle International Corporation

Inventor： Vadim Lander ,  Damien Carru ,  Gary P. Cole ,  Ajay Sondhi ,  Gregg Wilson

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/104 ,  H04L67/02 ,  H04L67/10

Abstract: A system provides cloud-based identity and access management. The system receives a request for performing an identity management service, where the request includes a call to an application programming interface (“API”) that identifies the identity management service and a microservice configured to perform the identity management service. The system authenticates the request, accesses the microservice, and performs the identity management service by the microservice.

公开(公告)号：US11463488B2

公开(公告)日：2022-10-04

申请号：US16891135

申请日：2020-06-03

Applicant: Oracle International Corporation

Inventor： Mohamad Raja Gani Mohamad Abdul ,  Vadim Lander

IPC: H04L65/1073 ,  H04L9/40 ,  H04L67/10

Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.

公开(公告)号：US10693861B2

公开(公告)日：2020-06-23

申请号：US15822477

申请日：2017-11-27

Applicant: Oracle International Corporation

Inventor： Vadim Lander ,  Damien Carru ,  Gary P. Cole ,  Ajay Sondhi ,  Gregg Wilson

IPC: H04L29/06 ,  H04L29/08

Abstract: Embodiments provide cloud-based identity management by receiving a request to perform an identity management service that includes real-time tasks and near-real-time tasks. Embodiments synchronously execute the real-time tasks by accessing at least one microservice using a corresponding application programming interface (“API”). Embodiments asynchronously execute the near-real-time tasks by offloading the near-real-time tasks to one or more message queues.

公开(公告)号：US10581820B2

公开(公告)日：2020-03-03

申请号：US15589133

申请日：2017-05-08

Applicant: Oracle International Corporation

Inventor： Rakesh Keshava ,  Sreedhar Katti ,  Sirish Vepa ,  Vadim Lander ,  Prateek Mishra

IPC: H04L29/06 ,  H04L9/08

Abstract: Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.

公开(公告)号：US10200358B2

公开(公告)日：2019-02-05

申请号：US15816168

申请日：2017-11-17

Applicant: Oracle International Corporation

Inventor： Vadim Lander ,  Damien Carru ,  Gary P. Cole ,  Ajay Sondhi ,  Gregg Wilson

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08

Abstract: A system provides cloud-based identity and access management. The system receives a request for performing an identity management service, where the request includes a call to an application programming interface (“API”) that identifies the identity management service and a microservice configured to perform the identity management service. The system authenticates the request, accesses the microservice, and performs the identity management service by the microservice.