SECURITY TOKENS FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

US 20170331829A1
Filed: 03/27/2017
Published: 11/16/2017
Est. Priority Date: 05/11/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:

receiving a request from a client for obtaining an access token for a user to access a resource;

determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource;

accessing a microservice based on the request; and

performing an identity management service by the microservice based on the request, wherein the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides cloud-based identity and access management. The system receives a request from a client for obtaining an access token for a user to access a resource. The system determines, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource. The system accesses a microservice based on the request, and performs an identity management service by the microservice based on the request, where the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.

63 Citations

View as Search Results

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a request from a client for obtaining an access token for a user to access a resource;
  
  determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource;
  
  accessing a microservice based on the request; and
  
  performing an identity management service by the microservice based on the request, wherein the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer readable medium of claim 1, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are the same tenancy.
  - 3. The computer readable medium of claim 1, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are different tenancies.
  - 4. The computer readable medium of claim 1, wherein the request includes a client assertion token identifying the tenancy of the client.
  - 5. The computer readable medium of claim 1, wherein the request includes a user assertion token identifying the tenancy of the user.
  - 6. The computer readable medium of claim 1, wherein a header of the request indicates the tenancy of the resource.
  - 7. The computer readable medium of claim 1, wherein the request is a Hypertext Transfer Protocol (HTTP) request.
  - 8. The computer readable medium of claim 1, wherein the request indicates an authorization standard for authenticating the user and obtaining the access token.
  - 9. The computer readable medium of claim 8, wherein the authorization standard is OAuth.
  - 10. The computer readable medium of claim 9, wherein the client is an OAuth client.
  - 11. The computer readable medium of claim 1, wherein the token is a JavaScript Object Notation (JSON) Web Token (JWT).
  - 12. The computer readable medium of claim 1, wherein data of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are stored in a database, wherein the database and the microservice are configured to scale independently of one another.
  - 13. The computer readable medium of claim 12, wherein the database comprises a distributed data grid.

14. A method of providing cloud-based identity and access management, comprising:
- receiving a request from a client for obtaining an access token for a user to access a resource;
  
  determining, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource;
  
  accessing a microservice based on the request; and
  
  performing an identity management service by the microservice based on the request, wherein the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are the same tenancy.
  - 16. The method of claim 14, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are different tenancies.
  - 17. The method of claim 14, wherein the request includes a client assertion token identifying the tenancy of the client.
  - 18. The method of claim 14, wherein the request includes a user assertion token identifying the tenancy of the user.
  - 19. The method of claim 14, wherein a header of the request indicates the tenancy of the resource.

20. A system for providing cloud-based identity and access management, comprising:
- a receiving module that receives a request from a client for obtaining an access token for a user to access a resource;
  
  a determining module that determines, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource;
  
  an accessing module that accesses a microservice based on the request; and
  
  a performing module that performs an identity management service by the microservice based on the request, wherein the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
LANDER, Vadim, SONDHI, Ajay

Granted Patent

US 10,341,410 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/53   using third party service p...

H04L 67/535   Tracking the activity of th...

H04L 67/56   Provisioning of proxy servi...

SECURITY TOKENS FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY TOKENS FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links