GLOBAL UNIFIED SESSION IDENTIFIER ACROSS MULTIPLE DATA CENTERS

US 20170085556A1
Filed: 12/07/2016
Published: 03/23/2017
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a computer system, a first identifier identifying a first session associated with a user at a first data center, the first session comprising at least a first authentication state of the user with respect to a first resource;

determining, by the computer system, a second identifier identifying a second session associated with the user at a second data center, the second session comprising at least a second authentication state of the user with respect to a second resource, wherein the second data center is different from the first data center;

based on determining the second identifier identifying the second session at the second data center, assigning, by the computer system, at the first data center, the second identifier as a global identifier that is associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global identifier is performed to the first session at the first data center and to the second session at the second data center; and

based on assigning the second identifier as the global identifier, associating the first identifier to the global identifier to associate the first session with the global identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for using a global unified session identifier across data centers. Upon creating an initial session in the data center for a user first accessing the data center, a session identifier is generated for the user session. Because the initial session is the first session created for that user, the initial session identifier is designated as the global unified session identifier for all sessions that may be created for the user in other data centers within the enterprise network. Data centers may then map the global unified session identifiers to locally generated session identifiers for the user. A global unified session identifier enables various user session actions to be performed globally across the data centers, including global logout, global session termination, global session updates, and/or the like. A global unified session identifier prevents the risk of collision that can occur between randomly generated numbers of different data centers.

27 Citations

View as Search Results

20 Claims

1. A method comprising:
- determining, by a computer system, a first identifier identifying a first session associated with a user at a first data center, the first session comprising at least a first authentication state of the user with respect to a first resource;
  
  determining, by the computer system, a second identifier identifying a second session associated with the user at a second data center, the second session comprising at least a second authentication state of the user with respect to a second resource, wherein the second data center is different from the first data center;
  
  based on determining the second identifier identifying the second session at the second data center, assigning, by the computer system, at the first data center, the second identifier as a global identifier that is associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global identifier is performed to the first session at the first data center and to the second session at the second data center; and
  
  based on assigning the second identifier as the global identifier, associating the first identifier to the global identifier to associate the first session with the global identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - receiving, at the first data center, a request for the first resource from a device; and
      
      creating the first session associated with the user at the first data center.
  - 3. The method of claim 2, further comprising:
    - determining whether any session associated with the user exists at the first data center, wherein the first session is created based on determining that no session associated with the user exists at the first data center; and
      
      based on determining that a session associated with the user exists at the first data center, identifying the first session associated with the user at the first data center.
  - 4. The method of claim 2, wherein the request is a first request, and wherein the method further comprises:
    - receiving, at the second data center, a second request from the device, the second request being for the second resource;
      
      wherein the second identifier is determined based on the second request.
  - 5. The method of claim 1, wherein determining includes generating the first identifier.
  - 6. The method of claim 1, wherein the first session is associated with the user for a device, wherein the first authentication state is for the user at the device, wherein the second session is associated with the user for the device, and wherein the second authentication state is for the user at the device, and wherein the global identifier is associated with any session that is associated with the user for the device.
  - 7. The method of claim 1, further comprising:
    - based on associating the first identifier to the global identifier, mapping the first identifier to the global identifier.
  - 8. The method of claim 1, wherein the execution of the one or more session actions is performed to any session of the user associated with the global identifier.
  - 9. The method of claim 1, wherein the one or more session actions includes logging out of any session of the user, synchronization of sessions of the user, updating any session of the user, terminating any session of the user, or a combination thereof
  - 10. The method of claim 1, further comprising:
    - generating the first identifier using a random number generator; and
      
      generating the second identifier using the random number generator.
  - 11. The method of claim 1, further comprising:
    - causing the first session of the user at the first data center to be terminated based on a request to terminate the first session at the first data center; and
      
      requesting the second data center to terminate the second session of the user that is associated with the global identifier.
  - 12. The method of claim 1, further comprisingcausing the second session of the user at the second data center to be terminated based on a request to terminate the second session at the second data center;
    - andrequesting the first data center to terminate the first session of the user that is associated with the global identifier.

13. A system comprising:
- one or more processors; and
  
  a memory accessible to the one or more processors, wherein the memory stores one or more instructions that, upon execution by the one or more processors, causes the one or more processors to;
  
  determine a first identifier identifying a first session associated with a user at a first data center, the first session comprising at least a first authentication state of the user with respect to a first resource;
  
  determine a second identifier identifying a second session associated with the user at a second data center, the second session comprising at least a second authentication state of the user with respect to a second resource, wherein the second data center is different from the first data center;
  
  based on determining the second identifier identifying the second session at the second data center, assign, at the first data center, the second identifier as a global identifier that is associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global identifier is performed to the first session at the first data center and to the second session at the second data center; and
  
  based on assigning the second identifier as the global identifier, associate the first identifier to the global identifier to associate the first session with the global identifier.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the first data center and the second data center are included in a multi-data center system.
  - 15. The system of claim 13, wherein the execution of the one or more session actions is performed to any session of the user associated with the global identifier.
  - 16. The system of claim 13, wherein the one or more session actions includes logging out of any session of the user, synchronization of sessions of the user, updating any session of the user, terminating any session of the user, or a combination thereof

17. A method comprising:
- determining, by a computer system, a first identifier identifying a first session associated with a user at a first data center, the first session comprising at least a first authentication state of the user with respect to a first resource;
  
  determining, by the computer system, a second identifier identifying a second session associated with the user at a second data center, the second session comprising at least a second authentication state of the user with respect to a second resource, wherein the second data center is different from the first data center;
  
  assigning the first identifier as a global identifier that is associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global identifier is performed to any session that associated with the user at the first data center and the second data center; and
  
  based on assigning the first identifier as the global identifier, associating the second identifier to the global identifier to associate the second session with the global identifier.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - based on associating the second identifier to the global identifier, mapping the second identifier to the global identifier.
  - 19. The method of claim 17, wherein the one or more session actions includes logging out of any session of the user, synchronization of sessions of the user, updating any session of the user, terminating any session of the user, or a combination thereof
  - 20. The method of claim 17, wherein the execution of the one or more session actions is performed to any session of the user associated with the global identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
MATHEW, STEPHEN, KOOTTAYI, VIPIN ANAPARAKKAL, Subramanya, Ramya Kukkehali

Granted Patent

US 10,009,335 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 65/1066   Session management

H04L 65/1069   Session establishment or de...

H04L 67/141   Setup of application sessio...

GLOBAL UNIFIED SESSION IDENTIFIER ACROSS MULTIPLE DATA CENTERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GLOBAL UNIFIED SESSION IDENTIFIER ACROSS MULTIPLE DATA CENTERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links