Session activity tracking for session adoption across multiple data centers

US 10,572,649 B2
Filed: 09/18/2017
Issued: 02/25/2020
Est. Priority Date: 06/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first computer system, a request to authenticate a user for a first session previously established at the first computer system, wherein the first session is inactive;

determining, by the first computer system, based on session adoption data, that a second session hosted on a second computer system is associated with the first session;

determining, by the first computer system, based on second session activity data of the second session obtained by the first computer system from the second computer system using the session adoption data, that the second session is active; and

based on determining that the second session is active, authenticating, by the first computer system, the user for the first session without requesting any credentials from the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.

160 Citations

20 Claims

1. A method comprising:
- receiving, by a first computer system, a request to authenticate a user for a first session previously established at the first computer system, wherein the first session is inactive;
  
  determining, by the first computer system, based on session adoption data, that a second session hosted on a second computer system is associated with the first session;
  
  determining, by the first computer system, based on second session activity data of the second session obtained by the first computer system from the second computer system using the session adoption data, that the second session is active; and
  
  based on determining that the second session is active, authenticating, by the first computer system, the user for the first session without requesting any credentials from the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the request to authenticate the user is received from a client device based on the client device detecting that the first session is inactive.
  - 3. The method of claim 1, wherein the session adoption data is configured based on a session adoption policy that causes the first computer system to authenticate the user based on the second session activity data of the second session at the second computer system;
    - wherein the session adoption policy further specifies one or more requirements for session adoption; and
      
      wherein the method further comprises;
      
      sending, by the first computer system, based on the session adoption data, a request to the second computer system for the second session activity data; and
      
      authenticating, by the first computer system, the user based on determining that the second session satistifies the session adoption policy.
  - 4. The method of claim 3, further comprising:
    - determining, by the first computer system and based on the session adoption policy, that the first computer system supports session adoption; and
      
      sending, by the first computer system and based on the determination that the first computer system supports session adoption, the request to the second computer system for the second session activity data;
      
      wherein the second session activity data is obtained from the second computer system based on the request for the second session activity data.
  - 5. The method of claim 1:
    - wherein the second session activity data includes a second session activity status indicating whether the second session is active.
  - 6. The method of claim 1:
    - wherein the second session activity data includes a second timestamp indicating when a second activity is last detected at the second session; and
      
      wherein the determination that the second session is active is based on the second timestamp.
  - 7. The method of claim 6, wherein the second activity is associated with a duration that exceeds a threshold period according to a session requirement of the first session.
  - 8. The method of claim 1:
    - wherein the request to authenticate the user is received via a first protocol over a first network;
      
      wherein the second session activity data is obtained via a second protocol over a second network; and
      
      wherein the first protocol and the second protocol are different.
  - 9. The method of claim 1, further comprising:
    - generating, by the first computer system and from first session activity data, a cookie including a threshold session time period after which the first session becomes inactive; and
      
      sending, by the first computer system, the cookie to a client device,wherein the request to authenticate a user is sent by the client device to the first computer system based on the threshold session time period included in the cookie.
  - 10. The method of claim 1,further comprising, before the first session becomes inactive:
    - receiving, by the first computer system, a second request for session adoption of the first session from the second computer system; and
      
      sending, by the first computer system, session data of the first session to the second computer system based on the request for session adoption of the first session; and
      
      wherein the second session is created based on the session data of the first session.
  - 11. The method of claim 10, wherein the session data of the first session includes an indication of a status of the first session at the first computer system.
  - 12. The method of claim 10:
    - wherein the second request is sent by the second computer system based on the second computer system receiving an authorization request for a resource from the user; and
      
      wherein the sending of the session data of the first session enables the second computer system to determine whether the user is authenticated, and to grant the user access to the resource based on the user being authenticated.

13. A system comprising:
- one or more processors; and
  
  a memory accessible to the one or more processors, the memory storing a set of instructions which, when executed by the one or more processors, causes the one or more processors to perform;
  
  receiving a request to authenticate a user for a first session previously established at a first computer system, wherein the first session is inactive;
  
  determining, based on session adoption data, that a second session hosted on a second computer system is associated with the first session;
  
  determining, by the first computer system, based on second session activity data of the second session obtained by the first computer system from the second computer system using the session adoption data, that the second session is active; and
  
  based on determining that the second session is active, authenticating, by the first computer system, the user for the first session without requesting any credentials from the user.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the request to authenticate the user is received from a client device based on the client device detecting that the first session is inactive.
  - 15. The system of claim 13:
    - wherein the request to authenticate the user is received via a first protocol over a first network;
      
      wherein the second session activity data is obtained via a second protocol over a second network; and
      
      wherein the first protocol and the second protocol are different.

16. A non-transitory computer-readable medium storing a set of instructions that are executable by one or more processors to cause the one or more processors to:
- receive a request to authenticate a user for a first session previously established at a first computer system, wherein the first session is inactive;
  
  determine, based on session adoption data, that a second session hosted on a second computer system is associated with the first session;
  
  determine, based on second session activity data of the second session obtained by the first computer system from the second computer system using the session adoption data, that the second session is active; and
  
  based on a determination that the second session is active, authenticate the user for the first session without requesting any credentials from the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the request to authenticate the user is received from a client device based on the client device detecting that the first session is inactive.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the session adoption data is configured based on a session adoption policy that causes the first computer system to authenticate the user based on the second session activity data of the second session at the second computer system;
    - wherein the session adoption policy further specifies one or more requirements for session adoption; and
      
      wherein the set of instructions are executable by the one or more processors to further cause the one or more processors to;
      
      based on the session adoption data, send a request to the second computer system for the second session activity data; and
      
      authenticate the user based on determining that the second session satisfies the session adoption policy.
  - 19. The non-transitory computer-readable medium of claim 18, wherein the set of instructions are executable by the one or more processors to further cause the one or more processors to:
    - determine, based on the session adoption policy, that the first computer system supports session adoption; and
      
      based on the determination that the first computer system supports session adoption, send a second request to the second computer system for the second session activity data;
      
      wherein the second session activity data is obtained from the second computing computer system based on the second request.
  - 20. The non-transitory computer-readable medium of claim 16,wherein the set of instructions are executable by the one or more processors to further cause the one or more processors to, before the first session becomes inactive:
    - receive a request for session adoption of the first session from the second computer system; and
      
      send session data of the first session to the second computer system based on the request for session adoption of the first session; and
      
      wherein the second session is created based on the session data of the first session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mathew, Stephen, Koottayi, Vipin Anaparakkal
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/707,261
Publication Number

US 20180046794A1
Time in Patent Office

890 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0846   using time-dependent-passwo...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/1066   Session management

H04L 67/142   Managing session states for...

Session activity tracking for session adoption across multiple data centers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

160 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Session activity tracking for session adoption across multiple data centers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links