PRIVILEGED ACCOUNT PLUG-IN FRAMEWORK - STEP-UP VALIDATION

US 20150082372A1
Filed: 03/20/2014
Published: 03/19/2015
Est. Priority Date: 09/19/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory storing computer-executable instructions;

a privileged access management module that provides a privileged access management service configured with a plug-in framework for accessing secure resources; and

a processor configured to access the memory and execute the computer-executable instructions to at least;

receive, from an entity associated with the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access at least one secure resource of the secure resources;

generate instructions for implementing the workflow based at least in part on the received plug-in code;

receive, from the user, a log-in request including at least first authentication information, the log-in request corresponding to the privileged access management service;

provide access to the at least one secure resource when the user is authenticated with respect to the privileged access management service;

receive, from a computing device of the user, a request to access a second secure resource of the secure resources; and

implement the workflow to perform the step-up validation at least in response to the request to access the second secure resource, the workflow implemented based at least in part on an attribute associated with the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, plug-in code for implementing a workflow that includes step-up validation associated with a user attempting to access at least one secure resource may be received. Access to the at least one secure resource may be provided when the user is authenticated with respect to the service. In some examples, a request to access a second secure resource may be received. Additionally, in some examples, the workflow to perform the step-up validation may be implemented at least in response to the request to access the second secure resource. The workflow implemented based at least in part on an attribute associated with the request.

41 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory storing computer-executable instructions;
  
  a privileged access management module that provides a privileged access management service configured with a plug-in framework for accessing secure resources; and
  
  a processor configured to access the memory and execute the computer-executable instructions to at least;
  
  receive, from an entity associated with the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access at least one secure resource of the secure resources;
  
  generate instructions for implementing the workflow based at least in part on the received plug-in code;
  
  receive, from the user, a log-in request including at least first authentication information, the log-in request corresponding to the privileged access management service;
  
  provide access to the at least one secure resource when the user is authenticated with respect to the privileged access management service;
  
  receive, from a computing device of the user, a request to access a second secure resource of the secure resources; and
  
  implement the workflow to perform the step-up validation at least in response to the request to access the second secure resource, the workflow implemented based at least in part on an attribute associated with the request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the step-up validation is performed by further executing the computer-executable instructions to at least:
    - provide a validation request to a second user;
      
      receive a validation response from the second user; and
      
      provide, to the user, access to the second secure resource when the step-up validation is satisfied based at least in part on the received validation response.
  - 3. The system of claim 2, wherein the validation request is an authorization request.
  - 4. The system of claim 1, wherein the validation request is provided to the user as an electronic message comprising at least one of a text message, an email message, a telephone call, a pop-up window message, a push notification message, or another type of message.
  - 5. The system of claim 1, wherein the step-up validation is performed by further executing the computer-executable instructions to at least:
    - provide a validation request to the entity associated with the secure resources;
      
      receive a validation response from the entity; and
      
      provide, to the user, access to the second secure resource when the step-up validation is satisfied based at least in part on received validation response.
  - 6. The system of claim 1, wherein the access to the at least one secure resource is provided by checking out a password, to the user, for accessing the at least one secure resource or is provided by enabling a secure session, with the user, for accessing the at least one secure resource.

7. A non-transitory computer-readable storage memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- instructions that cause the one or more processors to manage a privileged access management service configured with a plug-in framework for accessing secure resources;
  
  instructions that cause the one or more processors to receive, from an entity associated with the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access at least one secure resource of the secure resources;
  
  instructions that cause the one or more processors to provide access to the at least one secure resource when the user is authenticated with respect to the privileged access management service;
  
  instructions that cause the one or more processors to receive, from a computing device of the user, a request to access a second secure resource of the secure resources; and
  
  instructions that cause the one or more processors to implement the workflow to perform the step-up validation at least in response to the request to access the second secure resource, the workflow implemented based at least in part on an attribute associated with the request.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The non-transitory computer-readable storage memory of claim 7, wherein the plurality of instructions further comprise instructions that cause the one or more processors to generate instructions for implementing the workflow based at least in part on the received plug-in code.
  - 9. The non-transitory computer-readable storage memory of claim 7, wherein the plurality of instructions further comprise instructions that cause the one or more processors to receive, from the user, a log-in request including at least first authentication information, the log-in request corresponding to the privileged access management service.
  - 10. The non-transitory computer-readable storage memory of claim 9, wherein the privileged access management service enables the entity associated with the secure resources to update a policy associated with accessing the secure resources while the user is logged into the privileged access management service.
  - 11. The non-transitory computer-readable storage memory of claim 7, wherein the attribute associated with the request includes information about at least one of the user, the second secure resource, a window of time, or a condition associated with accessing the second secure resource.
  - 12. The non-transitory computer-readable storage memory of claim 7, wherein the validation request is an authentication request or an authorization request.
  - 13. The non-transitory computer-readable storage memory of claim 7, wherein the plug-in code for implementing the workflow comprises a passcode plugin configured to request a passcode from the user or a challenge question plugin configured to request an answer to a challenge question from the user.

14. A computer-implemented method, comprising:
- managing, by a computer system, a privileged access management service configured with a plug-in framework for accessing secure resources;
  
  receiving, from an entity associated with the secure resources, plug-in code for implementing a workflow that includes at least a step-up validation associated with a user attempting to access at least one secure resource of the secure resources;
  
  providing access to the at least one secure resource when the user is authenticated with respect to the privileged access management service;
  
  receiving, from a computing device of the user, a request to access a second secure resource of the secure resources; and
  
  implementing, by the computer system, the workflow to perform the step-up validation at least in response to the request to access the second secure resource, the workflow implemented based at least in part on an attribute associated with the request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-implemented method of claim 14, further comprising generating instructions for implementing the workflow based at least in part on the received plug-in code.
  - 18. The computer-implemented method of claim 14, wherein the attribute associated with the request includes information about at least one of the user, the second secure resource, a window of time, or a condition associated with accessing the second secure resource.
  - 19. The computer-implemented method of claim 14, wherein the access to the at least one secure resource is provided by checking out a password, to the user, for accessing the at least one secure resource or is provided by enabling a secure session, with the user, for accessing the at least one secure resource.
  - 20. The computer-implemented method of claim 14, wherein the plug-in code for implementing the workflow comprises a passcode plugin configured to request a passcode from the user or a challenge question plugin configured to request an answer to a challenge question from the user.

15. The computer-implemented method of 14, further comprising receiving, from the user, a log-in request including at least first authentication information, the log-in request corresponding to the privileged access management service.

16. The computer-implemented method of 15, wherein the plug-in framework enables the entity associated with the secure resources to update a policy associated with accessing the secure resources while the user is logged into the privileged access management service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kottahachchi, Buddhika, Sharma, Himanshu, Sathyanarayan, Ramaprakash Hosalli, Ho, Fannie, Theebaprakasam, Arun, Lee, Kwan-I, Wang, Zhe

Granted Patent

US 9,674,168 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/604   Tools and structures for ma...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 67/562   Brokering proxy services

PRIVILEGED ACCOUNT PLUG-IN FRAMEWORK - STEP-UP VALIDATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVILEGED ACCOUNT PLUG-IN FRAMEWORK - STEP-UP VALIDATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links