Flexible Authentication Framework

US 20070208744A1
Filed: 02/28/2007
Published: 09/06/2007
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating users in a secure search system, comprising:

providing a framework operable to accept user identification information in an arbitrary format;

receiving user identification information from a user requesting access to a secure data source;

validating the user against an identity management system for the secure data source; and

if the user is validated, calling back into the identity management system for the secure data source to obtain access information for the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.

Citations

17 Claims

1. A method for authenticating users in a secure search system, comprising:
- providing a framework operable to accept user identification information in an arbitrary format;
  
  receiving user identification information from a user requesting access to a secure data source;
  
  validating the user against an identity management system for the secure data source; and
  
  if the user is validated, calling back into the identity management system for the secure data source to obtain access information for the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein:
    - calling back into the identity management system includes obtaining access information selected from the group consisting of role information, group information, and project information.
  - 3. A method according to claim 1, wherein:
    - providing a framework includes providing a plurality of application program interfaces (APIs), each API operable to communicate with a respective data source and associated identity management system.
  - 4. A method according to claim 1, further comprising:
    - if the user cannot be validated, denying the user access to the secure data source.
  - 5. A method according to claim 1, further comprising:
    - refreshing access information for the user.
  - 6. A method according to claim 1, further comprising:
    - providing an additional API to allow the user identification information to be passed to an additional secure data source.

7. A system for authenticating users in a secure search system, comprising:
- an authentication module operable to receive user identification information in an arbitrary format, the user requesting access to a secure data source;
  
  a plurality of APIs, each API operable to communicate with one of a plurality of identity management systems, each identity management system being associated with one of a plurality of secure data sources, the authentication module being operable to pass the user identification information through an appropriate API for the requested secure data source to a respective identity management system, and receive back validation information for the user from the respective identity management system for the secure data source; and
  
  a callback mechanism operable to call back into the respective identity management system when the user is validated in order to obtain access information for the user.
- View Dependent Claims (8, 9, 10, 11)
- - 8. A system according to claim 7, wherein:
    - the callback mechanism is operable to obtain access information selected from the group consisting of role information, group information, and project information.
  - 9. A system according to claim 7, wherein:
    - the authentication module is further operable to denying the user access to the secure data source when the user cannot be validated.
  - 10. A system according to claim 7, wherein:
    - the authentication module is further operable to refresh access information for the user.
  - 11. A system according to claim 7, wherein:
    - the authentication module is further operable to receive an additional API to allow the user identification information to be passed to an additional secure data source.

12. A computer program product embedded in a computer readable medium for authenticating users in a secure search system, comprising:
- program code for providing a framework operable to accept user identification information in an arbitrary format;
  
  program code for receiving user identification information from a user requesting access to a secure data source;
  
  program code for validating the user against an identity management system for the secure data source; and
  
  program code for calling back into the identity management system for the secure data source to obtain access information for the user when the user is validated.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. A computer program product according to claim 12, wherein:
    - program code for calling back into the identity management system includes program code for obtaining access information selected from the group consisting of role information, group information, and project information.
  - 14. A computer program product according to claim 12, wherein:
    - program code for providing a framework includes program code for providing a plurality of application program interfaces (APIs), each API operable to communicate with a respective data source and associated identity management system.
  - 15. A computer program product according to claim 12, further comprising:
    - program code for denying the user access to the secure data source when the user cannot be validated.
  - 16. A computer program product according to claim 12, further comprising:
    - program code for refreshing access information for the user.
  - 17. A computer program product according to claim 12, further comprising:
    - program code for providing an additional API to allow the user identification information to be passed to an additional secure data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Davis, Mark, Krishnaprasad, Muralidhar, Bhavsar, Meeten, Koide, Hiroshi, Bhatkar, Sachin, Chang, Thomas, Yang, Chi-Ming, Hsin, Cindy, Delgado, Joaquin, Ouyang, Hui, Ture, Mark, Nimani, Visar

Granted Patent

US 9,177,124 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 16/93   Document management systems

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 21/31   User authentication

G06F 21/6227   where protection concerns t...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

Flexible Authentication Framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible Authentication Framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links