Session activity tracking for session adoption across multiple data centers

US 9,769,147 B2
Filed: 06/29/2015
Issued: 09/19/2017
Est. Priority Date: 06/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a first session for a user at a first computing system, wherein the first session is established based on authentication of the user;

receiving, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system;

storing, by the first computing system, session adoption data indicating an association between the second session and the first session for the user;

detecting that the first session has expired;

requesting, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system;

determining, based on the session activity data, that the second session has not expired; and

upon determining that the second session has not expired, providing authentication to the user for the first session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.

109 Citations

View as Search Results

20 Claims

1. A method comprising:
- establishing a first session for a user at a first computing system, wherein the first session is established based on authentication of the user;
  
  receiving, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system;
  
  storing, by the first computing system, session adoption data indicating an association between the second session and the first session for the user;
  
  detecting that the first session has expired;
  
  requesting, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system;
  
  determining, based on the session activity data, that the second session has not expired; and
  
  upon determining that the second session has not expired, providing authentication to the user for the first session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first session is different from the second session, and wherein the second session is established based on determining authorization for the user to access the resource.
  - 3. The method of claim 1, wherein the first computing system is located at a first geographical location that is different from a second geographical location of the second computing system.
  - 4. The method of claim 1, further comprising:
    - based upon receiving the session adoption request, sending, to the second computing system, session data corresponding to the first session for the user, wherein the second session is established using the session data for the user at the second computing system.
  - 5. The method of claim 1, wherein requesting session activity data includes:
    - identifying, based on the session adoption data, the second session as adopted by the first session;
      
      sending a request to the second computing system for the session activity data of the second session for the user; and
      
      receiving the session activity data from the second computing system.
  - 6. The method of claim 1, wherein detecting that the first session has expired includes determining, based on the session activity, that the first session is inactive for a threshold time period, and wherein the authentication of the user to the first session is based on satisfying the threshold time period.
  - 7. The method of claim 6, wherein authentication is provided to the user for the first session based on determining, using the session activity data, that the second session is active for the threshold time period.
  - 8. The method of claim 6, wherein the session activity data indicates that the second session has not expired, and wherein the second session has not expired when the second session is active for the threshold time period.
  - 9. The method of claim 1, wherein authorization for the user to access the resource is provided based on authentication of the user.
  - 10. The method of claim 1, further comprising:
    - receiving, by the first computing system, from a third computing system, a session adoption request for the first computing system to adopt a third session for the first session, wherein the third session provides the user with access to a resource managed by the third computing system, and wherein the resource managed by the third computing system is different from the resource managed by the second computing system; and
      
      updating the session adoption data to indicating an association between first session, the second session, and the third session for the user.
  - 11. The method of claim 10, further comprising:
    - requesting, based on the session adoption data, session activity data of the third session from the third computing system;
      
      upon determining that the first session has expired and that the second session has expired, determining, based on the session activity data, that the third session has not expired; and
      
      upon determining that the third session has not expired, providing authentication to the user for the first session.
  - 12. The method of claim 1, wherein the first computing system and the second computing system are included in a multi-data center (MDC) system.

13. A system comprising:
- a first computing system and a second computing system communicatively coupled to each other; and
  
  wherein the first computing system performs operations to;
  
  establish a first session for a user at a first computing system, wherein the first session is established based on authentication of the user;
  
  receive, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system;
  
  based upon receiving the session adoption request, send, to the second computing system, session data corresponding to the first session for the user;
  
  store session adoption data indicating an association between the second session and the first session for the user;
  
  detect that the first session has expired;
  
  request, based on the session adoption data, session activity data of the second session from the second computing system;
  
  determine, based on the session activity data, that the second session has not expired; and
  
  upon determining that the second session has not expired, provide authentication to the user for the first session; and
  
  wherein the second computing system performs operations to;
  
  receive a request for the user to access the resource managed by the second computing system;
  
  upon determining that the second session has not been established, send the session adoption request to the first computing system;
  
  receive the session data from the first computing system;
  
  establish, using the session data, the second session for the user to access the resource; and
  
  in response to the request for session activity data, send the session activity data of the second session to the first computing system.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the first computing system is located at a first geographical location that is different from a second geographical location of the second computing system.
  - 15. The system of claim 13, wherein the first computing system communicates with the second computing system using an open access protocol (OAP).

16. A non-transitory computer-readable medium storing a set of instructions that are executable by one or more processors to:
- establish a first session for a user at a first computing system, wherein the first session is established based on authentication of the user;
  
  receive, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system;
  
  store, by the first computing system, session adoption data indicating an association between the second session and the first session for the user;
  
  detect that the first session has expired;
  
  request, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system;
  
  determine, based on the session activity data, that the second session has not expired; and
  
  upon determining that the second session has not expired, provide authentication to the user for the first session.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein requesting session activity data includes:
    - identifying, based on the session adoption data, the second session as adopted by the first session;
      
      sending a request to the second computing system for the session activity data of the second session for the user; and
      
      receiving the session activity data from the second computing system.
  - 18. The non-transitory computer-readable medium of claim 16, wherein detecting that the first session has expired includes determining, based on the session activity, that the first session is inactive for a threshold time period, and wherein the authentication of the user to the first session is based on satisfying the threshold time period.
  - 19. The non-transitory computer-readable medium of claim 18, wherein authentication is provided to the user for the first session based on determining, using the session activity data, that the second session is active for the threshold time period.
  - 20. The non-transitory computer-readable medium of claim 16, wherein the instructions that are further executable by the one or more processors tobased upon receiving the session adoption request, send, to the second computing system, session data corresponding to the first session for the user, wherein the second session is established using the session data for the user at the second computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mathew, Stephen, Koottayi, Vipin Anaparakkal
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US14/754,222
Publication Number

US 20160381000A1
Time in Patent Office

813 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0846   using time-dependent-passwo...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/1066   Session management

H04L 67/142   Managing session states for...

Session activity tracking for session adoption across multiple data centers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Session activity tracking for session adoption across multiple data centers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others