Hierarchical criteria-based timeout protocols

US 9,596,328 B2
Filed: 08/09/2012
Issued: 03/14/2017
Est. Priority Date: 08/09/2012
Status: Active Grant

First Claim

Patent Images

1. A method of applying timeout protocols by an access manager to a plurality of resources that are spread across a plurality of separate application domains, the method comprising:

storing a plurality of timeout protocols, wherein each of the plurality of timeout protocols;

comprises at least one criterion specifying when the corresponding timeout protocol is to be applied to resources in the plurality of resources instead of domain-specific timeout protocols; and

determines when an authenticated session between a user and a resource should be terminated;

receiving a request for a first resource in the plurality of resources, wherein;

each of the plurality of separate application domains enforces at least one domain-specific timeout protocol;

the first resource has a first attribute; and

the first attribute is assigned a first value;

responsive to the request, determining that the first value satisfies the at least one criterion of a timeout protocol in the plurality of timeout protocols;

based on determining that the first value satisfies the at least one criterion, applying the timeout protocol to the first resource;

responsive to determining that the first value satisfies the at least one criterion of the timeout protocol, determining each resource in the plurality of resources that is associated with the first attribute and that has the first attribute assigned a value that satisfies the at least one criterion;

applying the timeout protocol to each determined resource;

enforcing the timeout protocol, by the access manager, on each determined resource in the plurality of the separate application domains, wherein the timeout protocol enforced by the access manager is distinct from any domain-specific timeout protocols enforced by any of the plurality of application domains; and

granting access to the first resource according to the timeout protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of applying a timeout protocol by an access manager to a plurality of resources may include storing the timeout protocol comprising at least one criterion, and receiving a request for a first resource. Each of the resources can be segregated into separate application domains, the first resource can be associated with a first attribute, and the first attribute can be assigned a first value. The method may also include determining that the first value satisfies the at least one criterion, associating the timeout protocol with the first resource, and associating the timeout protocol with each resource that is associated with the first attribute assigned a value that satisfies the at least one criterion. The method may further include granting access to the first resource according to the timeout protocol.

51 Citations

20 Claims

1. A method of applying timeout protocols by an access manager to a plurality of resources that are spread across a plurality of separate application domains, the method comprising:
- storing a plurality of timeout protocols, wherein each of the plurality of timeout protocols;
  
  comprises at least one criterion specifying when the corresponding timeout protocol is to be applied to resources in the plurality of resources instead of domain-specific timeout protocols; and
  
  determines when an authenticated session between a user and a resource should be terminated;
  
  receiving a request for a first resource in the plurality of resources, wherein;
  
  each of the plurality of separate application domains enforces at least one domain-specific timeout protocol;
  
  the first resource has a first attribute; and
  
  the first attribute is assigned a first value;
  
  responsive to the request, determining that the first value satisfies the at least one criterion of a timeout protocol in the plurality of timeout protocols;
  
  based on determining that the first value satisfies the at least one criterion, applying the timeout protocol to the first resource;
  
  responsive to determining that the first value satisfies the at least one criterion of the timeout protocol, determining each resource in the plurality of resources that is associated with the first attribute and that has the first attribute assigned a value that satisfies the at least one criterion;
  
  applying the timeout protocol to each determined resource;
  
  enforcing the timeout protocol, by the access manager, on each determined resource in the plurality of the separate application domains, wherein the timeout protocol enforced by the access manager is distinct from any domain-specific timeout protocols enforced by any of the plurality of application domains; and
  
  granting access to the first resource according to the timeout protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the timeout protocol comprises:
    - a session length;
      
      an idle timeout; and
      
      a number of sessions per user.
  - 3. The method of claim 1, wherein the first attribute comprises a security attribute that is used only with timeout protocols.
  - 4. The method of claim 3, wherein the security attribute can be assigned values comprising:
    - high, medium, and low.
  - 5. The method of claim 1, further comprising:
    - storing a global timeout protocol;
      
      receiving a second request for a second resource in the plurality of resources that is associated with the first attribute, wherein the first attribute is assigned a second value;
      
      determining that the second value does not satisfy the at least one criterion; and
      
      granting access to the second resource according to the global timeout protocol.
  - 6. The method of claim 1, further comprising:
    - storing an authentication policy, wherein the authentication policy comprises a policy timeout protocol;
      
      receiving a second request for a second resource in the plurality of resources that is associated with the first attribute, wherein the first attribute is assigned a second value;
      
      determining that the second value does not satisfy the at least one criterion;
      
      determining that the second resource is associated with the authentication policy; and
      
      granting access to the second resource according to the policy timeout protocol.
  - 7. The method of claim 6, wherein the authentication policy is applied to an entire application domain that comprises the first resource.
  - 8. The method of claim 1, wherein the first attribute is:
    - user-defined, andnot associated with all of the plurality of resources.

9. A non-transitory computer-readable memory having stored thereon a sequence of instructions which, when executed by one or more processors, causes the one or more processors to apply timeout protocols by an access manager to a plurality of resources that are spread across a plurality of separate application domains by:
- storing a plurality of timeout protocols, wherein each of the plurality of timeout protocols;
  
  comprises at least one criterion specifying when the corresponding timeout protocol is to be applied to resources in the plurality of resources instead of domain-specific timeout protocols; and
  
  determines when an authenticated session between a user and a resource should be terminated;
  
  receiving a request for a first resource in the plurality of resources, wherein;
  
  each of the plurality of separate application domains enforces at least one domain-specific timeout protocol;
  
  the first resource has a first attribute; and
  
  the first attribute is assigned a first value;
  
  responsive to the request, determining that the first value satisfies the at least one criterion of a timeout protocol in the plurality of timeout protocols;
  
  based on determining that the first value satisfies the at least one criterion, applying the timeout protocol to the first resource;
  
  responsive to determining that the first value satisfies the at least one criterion of the timeout protocol, determining each resource in the plurality of resources that is associated with the first attribute and that has the first attribute assigned a value that satisfies the at least one criterion;
  
  applying the timeout protocol to each determined resource;
  
  enforcing the timeout protocol, by the access manager, on each determined resource in the plurality of the separate application domains, wherein the timeout protocol enforced by the access manager is distinct from any domain-specific timeout protocols enforced by any of the plurality of application domains; and
  
  granting access to the first resource according to the timeout protocol.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable memory according to claim 9, wherein the timeout protocol comprises:
    - a session length;
      
      an idle timeout; and
      
      a number of sessions per user.
  - 11. The non-transitory computer-readable memory according to claim 9, wherein the first attribute comprises a security attribute that is used only with timeout protocols.
  - 12. The non-transitory computer-readable memory according to claim 9, wherein the security attribute can be assigned values comprising:
    - high, medium, and low.
  - 13. The non-transitory computer-readable memory according to claim 9, wherein the instructions further cause the one or more processors to apply a timeout protocol by an access manager to a plurality of resources that are spread across a plurality of separate application domains by:
    - storing a global timeout protocol;
      
      receiving a second request for a second resource in the plurality of resources that is associated with the first attribute, wherein the first attribute is assigned a second value;
      
      determining that the second value does not satisfy the at least one criterion; and
      
      granting access to the second resource according to the global timeout protocol.
  - 14. The non-transitory computer-readable memory according to claim 9, wherein the instructions further cause the one or more processors to apply a timeout protocol by an access manager to a plurality of resources that are spread across a plurality of separate application domains by:
    - storing an authentication policy, wherein the authentication policy comprises a policy timeout protocol;
      
      receiving a second request for a second resource in the plurality of resources that is associated with the first attribute, wherein the first attribute is assigned a second value;
      
      determining that the second value does not satisfy the at least one criterion;
      
      determining that the second resource is associated with the authentication policy; and
      
      granting access to the second resource according to the policy timeout protocol.
  - 15. The non-transitory computer-readable memory according to claim 9, wherein the authentication policy is applied to an entire application domain that comprises the first resource.
  - 16. The non-transitory computer-readable memory according to claim 9, wherein the first attribute is:
    - user-defined, andnot associated with all of the plurality of resources.

17. A system comprising:
- one or more processors; and
  
  a memory communicatively coupled with and readable by the one or more processors and having stored therein a sequence of instructions which, when executed by the one or more processors, cause the one or more processors to apply timeout protocols by an access manager to a plurality of resources that are spread across a plurality of separate application domains by;
  
  storing a plurality of timeout protocols, wherein each of the plurality of timeout protocols;
  
  comprises at least one criterion specifying when the corresponding timeout protocol is to be applied to resources in the plurality of resources instead of domain-specific timeout protocols; and
  
  determines when an authenticated session between a user and a resource should be terminated;
  
  receiving a request for a first resource in the plurality of resources, wherein;
  
  each of the plurality of separate application domains enforces at least one domain-specific timeout protocol;
  
  the first resource has a first attribute; and
  
  the first attribute is assigned a first value;
  
  responsive to the request, determining that the first value satisfies the at least one criterion of a timeout protocol in the plurality of timeout protocols;
  
  based on determining that the first value satisfies the at least one criterion, applying the timeout protocol to the first resource;
  
  responsive to determining that the first value satisfies the at least one criterion of the timeout protocol, determining each resource in the plurality of resources that is associated with the first attribute and that has the first attribute assigned a value that satisfies the at least one criterion;
  
  applying the timeout protocol to each determined resource;
  
  enforcing the timeout protocol, by the access manager, on each determined resource in the plurality of the separate application domains, wherein the timeout protocol enforced by the access manager is distinct from any domain-specific timeout protocols enforced by any of the plurality of application domains; and
  
  granting access to the first resource according to the timeout protocol.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17 wherein the instructions further cause the one or more processors to apply a timeout protocol by an access manager to a plurality of resources that are spread across a plurality of separate application domains by:
    - storing an authentication policy, wherein the authentication policy comprises a policy timeout protocol;
      
      receiving a second request for a second resource in the plurality of resources that is associated with the first attribute, wherein the first attribute is assigned a second value;
      
      determining that the second value does not satisfy the at least one criterion;
      
      determining that the second resource is associated with the authentication policy; and
      
      granting access to the second resource according to the policy timeout protocol.
  - 19. The system of claim 17 wherein the timeout protocol comprises:
    - a session length;
      
      an idle timeout; and
      
      a number of sessions per user.
  - 20. The system of claim 17 wherein the first attribute comprises a security attribute that is used only with timeout protocols.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Subramanya, Ramya, Koottayi, Vipin, Balakrishnan, Aarathi
Primary Examiner(s)
Christensen, Scott B
Assistant Examiner(s)
DO, LAM T

Application Number

US13/571,045
Publication Number

US 20140047113A1
Time in Patent Office

1,678 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 69/28 Timers or timing mechanisms...

Hierarchical criteria-based timeout protocols

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical criteria-based timeout protocols

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links