Whitelist construction

US 10,643,149 B2
Filed: 08/26/2016
Issued: 05/05/2020
Est. Priority Date: 10/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

constructing, by an access manager of an access management system executing an access manager application, a whitelist of valid redirection addresses, wherein the whitelist is constructed based on redirection addresses that are approved by a user during a prior logout from the application or based on preapproved logout redirection addresses;

receiving, by the access manager, a request to log out the user from the application executing on a device;

determining, by the access manager, a redirection address for redirecting the user after logging out from the application, wherein the redirection address comprises a Uniform Resource Locator (URL) to which the user is redirected after log out from the application, wherein the URL comprises a logout Uniform Resource Locator (URL) and an end URL associated with the application of the access management system;

validating, by the access manager, the redirection address, wherein the validating the redirection address comprises determining whether the redirection address is on the constructed whitelist of valid redirection addresses to which the user can be redirected after logging out from the application; and

based on the validation, causing, by the access manager, the application to perform one of redirecting the user to the redirection address and determining whether to add the redirection address to the whitelist of valid redirection addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for of constructing a whitelist of redirection uniform resource locators (URLs). A method can include receiving, by a computing system executing an access manager application, a request to log out a user from an application executing on a device; determining, by the access manager application, a redirection address for the application; validating, by the access manager application, the redirection address; and based on the validation, causing, by the access manager application, the application to perform one of redirecting the user to the redirection address and determining addition of the redirection address to a list of valid redirection addresses.

25 Citations

View as Search Results

19 Claims

1. A method comprising:
- constructing, by an access manager of an access management system executing an access manager application, a whitelist of valid redirection addresses, wherein the whitelist is constructed based on redirection addresses that are approved by a user during a prior logout from the application or based on preapproved logout redirection addresses;
  
  receiving, by the access manager, a request to log out the user from the application executing on a device;
  
  determining, by the access manager, a redirection address for redirecting the user after logging out from the application, wherein the redirection address comprises a Uniform Resource Locator (URL) to which the user is redirected after log out from the application, wherein the URL comprises a logout Uniform Resource Locator (URL) and an end URL associated with the application of the access management system;
  
  validating, by the access manager, the redirection address, wherein the validating the redirection address comprises determining whether the redirection address is on the constructed whitelist of valid redirection addresses to which the user can be redirected after logging out from the application; and
  
  based on the validation, causing, by the access manager, the application to perform one of redirecting the user to the redirection address and determining whether to add the redirection address to the whitelist of valid redirection addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein the application redirects the user to the redirection address in response to the redirection address being on the whitelist of valid redirection addresses.
  - 3. The method according to claim 2, wherein the whitelist of valid redirection addresses comprises one or more approved redirection addresses.
  - 4. The method according to claim 2, wherein the whitelist of valid redirection addresses comprises one of a machine-learned address based on learned previous activity and a user-based address that is based on a user activity.
  - 5. The method according to claim 1, wherein the determining the addition of the redirection address to the whitelist of valid redirection addresses comprises:
    - determining that the redirection address corresponds to a predetermined event; and
      
      in response to the determining that the redirection address corresponds to the predetermined event, adding the redirection address to the whitelist of valid redirection addresses.
  - 6. The method according to claim 5, wherein the predetermined event comprises one of application registration during which the application is registered with the access management system, product integration during which one or more products are added to operate with the access management system, and log-in page addition in which a new log-in page for the application is added.
  - 7. The method according to claim 1, wherein the determining the addition of the redirection address to the whitelist of valid redirection addresses comprises:
    - determining that the redirection address corresponds to a predetermined user action; and
      
      in response to the determining that the redirection address corresponds to the predetermined user action, adding the redirection address to the whitelist of valid redirected addresses.
  - 8. The method according to claim 7, wherein the predetermined user action comprises user confirmation of the redirection address.
  - 9. The method according to claim 1, wherein the whitelist of valid redirection addresses comprises at least one of a system-level list that applies to users of the access management system and a user-level list that applies to particular users of the access management system.
  - 10. The method according to claim 9, wherein the system-level list comprises end URLs that are applicable to all access management system users.
  - 11. The method according to claim 9, wherein the user-level list comprises one or more end URLs that are applicable to a particular access management system user.
  - 12. The method according to claim 1, wherein the redirection address comprises a logout Uniform Resource Locator (URL) and an end URL.

13. A non-transitory computer-readable storage medium storing a plurality of instructions executable by one or more processors to cause the one or more processors to perform operations, comprising:
- constructing, by an access manager of an access management system executing an access manager application, a whitelist of valid redirection addresses, wherein the whitelist is constructed based on redirection addresses that are approved by a user during a prior logout from the application or based on preapproved logout redirection addresses;
  
  receiving, by the access manager, a request to log out the user from the application executing on a device;
  
  determining, by the access manager, a redirection address for redirecting the user after logging out from the application, wherein the redirection address comprises a Uniform Resource Locator (URL) to which the user is redirected after log out from the application, wherein the URL comprises a logout Uniform Resource Locator (URL) and an end URL associated with the application of the access management system;
  
  validating, by the access manager, the redirection address, wherein the validating the redirection address comprises determining whether the redirection address is on the constructed whitelist of valid redirection addresses to which the user can be redirected after logging out from the application; and
  
  based on the validation, causing, by the access manager, the application to perform one of redirecting the user to the redirection address, and determining addition of the redirection address to a list of valid redirection addresses.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer-readable storage medium according to claim 13, wherein the application redirects the user to the redirection address in response to the redirection address being on the whitelist of valid redirection addresses.
  - 15. The non-transitory computer-readable storage medium according to claim 14, wherein the whitelist of valid redirection addresses comprises one or more approved redirection addresses.
  - 16. The non-transitory computer readable medium according to claim 14, wherein the whitelist of valid redirection addresses comprises one of a machine-learned address based on learned previous activity and a user-based address that is based on a user activity.

17. An access management system comprising:
- a memory; and
  
  one or more processors coupled to the memory and configured to;
  
  construct, by an access manager of the access management system executing an access manager application, a whitelist of valid redirection addresses, wherein the whitelist is constructed based on redirection addresses that are approved by a user during a prior logout from the application or based on preapproved logout redirection addresses;
  
  receive, by the access manager, a request to log out the user from the application executing on a device;
  
  determine, by the access manager, a redirection address for redirecting the user after logging out from the application, wherein the redirection address comprises a Uniform Resource Locator (URL) to which the user is redirected after log out from the application, wherein the URL comprises a logout Uniform Resource Locator (URL) and an end URL associated with the application of the access management system;
  
  validate, by the access manager, the redirection address, wherein the validating the redirection address comprises determining whether the redirection address is on the constructed whitelist of valid redirection addresses to which the user can be redirected after logging out from the application; and
  
  based on the validation, cause, by the access manager, the application to perform one of redirecting the user to the redirection address, and determining addition of the redirection address to the whitelist of valid redirection addresses.
- View Dependent Claims (18, 19)
- - 18. The system according to claim 17, wherein the application redirects the user to the redirection address in response to the redirection address being on the whitelist of valid redirection addresses.
  - 19. The system according to claim 17, wherein the whitelist of valid redirection addresses comprises at least one of a system-level list that applies to users of the access management system and a user-level list that applies to particular users of the access management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kukehalli Subramanya, Ramya, Martin, Madhu, Uppalapati, Venkatesh
Primary Examiner(s)
Thieu, Benjamin M

Application Number

US15/249,232
Publication Number

US 20170118167A1
Time in Patent Office

1,348 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/958   Organisation or management ...

G06N 20/00   Machine learning

H04L 2101/35   containing special prefixes

H04L 41/0806   for initial configuration o...

H04L 41/0895   Configuration of virtualise...

H04L 41/40   using virtualisation of net...

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/20   the monitoring system or th...

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

Whitelist construction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Whitelist construction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others