FLEXIBLE AUTHENTICATION FRAMEWORK

US 20170039282A1
Filed: 10/20/2016
Published: 02/09/2017
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for building and using a secure index to service queries for a plurality of secure data stores, the method comprising:

crawling, by a computer system, the plurality of secure data stores residing on a plurality of different computer systems;

generating, by the computer system, an index of a plurality of documents from across the plurality of data stores, wherein each of the plurality of documents is associated with one or more security requirements from a corresponding one of the plurality of data stores;

storing, by the computer system, in the index, for each document in the plurality of documents, the corresponding one or more security requirements;

receiving, by the computer system, a query from a client device;

in response to receiving the query, obtaining, by the computer system, security information for a user of the client device;

selecting, by the computer system, each document in the index that is responsive to the query and where the corresponding one or more security requirements are satisfied by the security information of the user; and

transmitting, by the computer system, links to each selected document in the index as a result set to the client device to service the query from the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be received at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.

Citations

20 Claims

1. A method for building and using a secure index to service queries for a plurality of secure data stores, the method comprising:
- crawling, by a computer system, the plurality of secure data stores residing on a plurality of different computer systems;
  
  generating, by the computer system, an index of a plurality of documents from across the plurality of data stores, wherein each of the plurality of documents is associated with one or more security requirements from a corresponding one of the plurality of data stores;
  
  storing, by the computer system, in the index, for each document in the plurality of documents, the corresponding one or more security requirements;
  
  receiving, by the computer system, a query from a client device;
  
  in response to receiving the query, obtaining, by the computer system, security information for a user of the client device;
  
  selecting, by the computer system, each document in the index that is responsive to the query and where the corresponding one or more security requirements are satisfied by the security information of the user; and
  
  transmitting, by the computer system, links to each selected document in the index as a result set to the client device to service the query from the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the plurality of secure data stores reside both inside of an enterprise and outside of the enterprise.
  - 3. The method of claim 1, wherein the security information for the user is obtained from an identity management system associated with at least one of the plurality of secure data sources.
  - 4. The method of claim 1, wherein the one or more security requirements includes at least one grant attribute or at least one deny attribute.
  - 5. The method of claim 1, further comprising:
    - receiving, by the computer system, user identification information for the user;
      
      providing, by the computer system, the user identification information to a plurality of identity management systems, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); and
      
      validating, by the computer system, the user against at least one identity management system in the plurality of identity management systems.
  - 6. The method of claim 5, wherein a number or type of objects required from the user identification information by a first identity management system in the plurality of identity management systems is different from a number or type of objects required from the user identification information by a second identity management system in the plurality of identity management systems.
  - 7. The method of claim 1, wherein:
    - the one or more security requirements comprises one or more security attributes;
      
      each of the one or more security attributes for each of the plurality of documents is associated with a corresponding set of acceptable security attribute values;
      
      the security information for the user of the client device comprises one or more security attributes of the user and one or more security attribute values for each of the one or more security attributes of the user; and
      
      the one or more security requirements are satisfied by the security information of the user when, for each of the one or more security attributes of the document;
      
      the security attribute value of the document matches at least one of the one or more security attributes of the user; and
      
      at least one of the one or more security attribute values of the at least one of the one or more security attributes of the user falls within the set of acceptable security attribute values of the security attribute of the document.

8. A non-transitory, computer-readable storage medium comprising instructions that, when executed by one or more processors, cause the one or more processors to build and use a secure index to service queries for a plurality of secure data stores by performing operations comprising:
- crawling the plurality of secure data stores residing on a plurality of different computer systems;
  
  generating an index of a plurality of documents from across the plurality of data stores, wherein each of the plurality of documents is associated with one or more security requirements from a corresponding one of the plurality of data stores;
  
  storing, in the index, for each document in the plurality of documents, the corresponding one or more security requirements;
  
  receiving a query from a client device;
  
  in response to receiving the query, obtaining security information for a user of the client device;
  
  selecting each document in the index that is responsive to the query and where the corresponding one or more security requirements are satisfied by the security information of the user; and
  
  transmitting links to each selected document in the index as a result set to the client device to service the query from the client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable storage medium of claim 8, wherein the plurality of secure data stores reside both inside of an enterprise and outside of the enterprise.
  - 10. The non-transitory, computer-readable storage medium of claim 8, wherein the security information for the user is obtained from an identity management system associated with at least one of the plurality of secure data sources.
  - 11. The non-transitory, computer-readable storage medium of claim 8, wherein the one or more security requirements includes at least one grant attribute or at least one deny attribute.
  - 12. The non-transitory, computer-readable storage medium of claim 8, comprising additional instructions that cause the one or more processors to perform additional operations comprising:
    - receiving user identification information for the user;
      
      providing the user identification information to a plurality of identity management systems, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); and
      
      validating the user against at least one identity management system in the plurality of identity management systems.
  - 13. The non-transitory, computer-readable storage medium of claim 12, wherein a number or type of objects required from the user identification information by a first identity management system in the plurality of identity management systems is different from a number or type of objects required from the user identification information by a second identity management system in the plurality of identity management systems.
  - 14. The non-transitory, computer-readable storage medium of claim 8, wherein:
    - the one or more security requirements comprises one or more security attributes;
      
      each of the one or more security attributes for each of the plurality of documents is associated with a corresponding set of acceptable security attribute values;
      
      the security information for the user of the client device comprises one or more security attributes of the user and one or more security attribute values for each of the one or more security attributes of the user; and
      
      the one or more security requirements are satisfied by the security information of the user when, for each of the one or more security attributes of the document;
      
      the security attribute value of the document matches at least one of the one or more security attributes of the user; and
      
      at least one of the one or more security attribute values of the at least one of the one or more security attributes of the user falls within the set of acceptable security attribute values of the security attribute of the document.

15. A system comprising:
- one or more hardware processors; and
  
  one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to build and use a secure index to service queries for a plurality of secure data stores by configuring the one or more processors to;
  
  crawl the plurality of secure data stores residing on a plurality of different computer systems;
  
  generate an index of a plurality of documents from across the plurality of data stores, wherein each of the plurality of documents is associated with one or more security requirements from a corresponding one of the plurality of data stores;
  
  store, in the index, for each document in the plurality of documents, the corresponding one or more security requirements;
  
  receive a query from a client device;
  
  in response to receiving the query, obtain security information for a user of the client device;
  
  select each document in the index that is responsive to the query and where the corresponding one or more security requirements are satisfied by the security information of the user; and
  
  transmit links to each selected document in the index as a result set to the client device to service the query from the client device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the plurality of secure data stores reside both inside of an enterprise and outside of the enterprise.
  - 17. The system of claim 15, wherein the security information for the user is obtained from an identity management system associated with at least one of the plurality of secure data sources.
  - 18. The system of claim 15, comprising additional instructions that cause the one or more processors to perform additional operations comprising:
    - receiving user identification information for the user;
      
      providing the user identification information to a plurality of identity management systems, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); and
      
      validating the user against at least one identity management system in the plurality of identity management systems.
  - 19. The system of claim 18, wherein a number or type of objects required from the user identification information by a first identity management system in the plurality of identity management systems is different from a number or type of objects required from the user identification information by a second identity management system in the plurality of identity management systems.
  - 20. The system of claim 15, wherein:
    - the one or more security requirements comprises one or more security attributes;
      
      each of the one or more security attributes for each of the plurality of documents is associated with a corresponding set of acceptable security attribute values;
      
      the security information for the user of the client device comprises one or more security attributes of the user and one or more security attribute values for each of the one or more security attributes of the user; and
      
      the one or more security requirements are satisfied by the security information of the user when, for each of the one or more security attributes of the document;
      
      the security attribute value of the document matches at least one of the one or more security attributes of the user; and
      
      at least one of the one or more security attribute values of the at least one of the one or more security attributes of the user falls within the set of acceptable security attribute values of the security attribute of the document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Krishnaprasad, Muralidhar, Davis, Mark, Ture, Mark, Hsin, Cindy, Bhavsar, Meeten, Koide, Hiroshi, Delgado, Joaquin, Yang, Chi-Ming, Nimani, Visar, Ouyang, Hui, Bhatkar, Sachin, Chang, Thomas

Granted Patent

US 9,853,962 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 16/93   Document management systems

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 21/31   User authentication

G06F 21/6227   where protection concerns t...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

FLEXIBLE AUTHENTICATION FRAMEWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FLEXIBLE AUTHENTICATION FRAMEWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links