Multi-tenant identity and data security management cloud service

US 9,781,122 B1
Filed: 04/12/2017
Issued: 10/03/2017
Est. Priority Date: 05/11/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:

receiving a request from a client for an identity management service;

authenticating the request;

accessing a microservice based on the request;

determining, based on the request, a tenancy of the client, a tenancy of a user related to the request, and a tenancy of a resource related to the request;

retrieving data from at least one of the tenancy of the client, the tenancy of the user, or the tenancy of the resource in a database, wherein the data is retrieved by the microservice using a connection pool that provides connections to the database; and

performing the identity management service by the microservice using the data;

wherein the microservice uses a proxy user to connect to a respective connection in the connection pool and the proxy user represents a tenant in the database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides cloud-based identity and access management. The system receives a request from a client for an identity management service, authenticates the request, and accesses a microservice based on the request. The system determines, based on the request, a tenancy of the client, a tenancy of a user, and a tenancy of a resource. The system retrieves data from the determined tenancies as required to process the request, where the data is retrieved by the microservice using a connection pool that provides connections to the database. The system then performs the identity management service by the appropriate microservice responsible for processing the received request.

100 Citations

View as Search Results

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a request from a client for an identity management service;
  
  authenticating the request;
  
  accessing a microservice based on the request;
  
  determining, based on the request, a tenancy of the client, a tenancy of a user related to the request, and a tenancy of a resource related to the request;
  
  retrieving data from at least one of the tenancy of the client, the tenancy of the user, or the tenancy of the resource in a database, wherein the data is retrieved by the microservice using a connection pool that provides connections to the database; and
  
  performing the identity management service by the microservice using the data;
  
  wherein the microservice uses a proxy user to connect to a respective connection in the connection pool and the proxy user represents a tenant in the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer readable medium of claim 1, wherein the identity management service includes obtaining an access token for the user to access the resource, wherein the token identifies the tenancy of the resource and the tenancy of the user.
  - 3. The computer readable medium of claim 1, wherein the microservice is stateless.
  - 4. The computer readable medium of claim 1, wherein the microservice comprises a OAuth microservice.
  - 5. The computer readable medium of claim 1, wherein Uniform Resource Locator (URL) token identifies the tenancy of the client, the tenancy of a user related to the request, and the tenancy of the resource.
  - 6. The computer readable medium of claim 1, wherein the database and the microservice are configured to scale independently of one another.
  - 7. The computer readable medium of claim 1, wherein the database comprises a distributed data grid.
  - 8. The computer readable medium of claim 1, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are the same tenancy.

9. A method of providing cloud-based identity and access management, comprising:
- receiving a request from a client for an identity management service;
  
  authenticating the request;
  
  accessing a microservice based on the request;
  
  determining, based on the request, a tenancy of the client, a tenancy of a user related to the request, and a tenancy of a resource related to the request;
  
  retrieving data from at least one of the tenancy of the client, the tenancy of the user, or the tenancy of the resource in a database, wherein the data is retrieved by the microservice using a connection pool that provides connections to the database; and
  
  performing the identity management service by the microservice using the data;
  
  wherein the microservice uses a proxy user to connect to a respective connection in the connection pool and the proxy user represents a tenant in the database.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the identity management service includes obtaining an access token for the user to access the resource, wherein the token identifies the tenancy of the resource and the tenancy of the user.
  - 11. The method of claim 9, wherein the microservice is stateless.
  - 12. The method of claim 9, wherein the microservice comprises a OAuth microservice.
  - 13. The method of claim 9, wherein a Uniform Resource Locator (URL) token identifies the tenancy of the client, the tenancy of a user related to the request, and the tenancy of the resource.
  - 14. The method of claim 9, wherein the database and the microservice are configured to scale independently of one another.
  - 15. The method of claim 9, wherein the database comprises a distributed data grid.
  - 16. The method of claim 9, wherein at least two of the tenancy of the client, the tenancy of the user, and the tenancy of the resource are the same tenancy.

17. A system for providing cloud-based identity and access management, comprising:
- one or more processors coupled to a storage device comprising instructions that when executed by the one or more processors implement a security gate and a microservice;
  
  the security gate that receives a request from a client for an identity management service;
  
  the security gate authenticating the request;
  
  the security gate accessing the microservice based on the request;
  
  the microservice determining, based on the request, a tenancy of the client, a tenancy of a user related to the request, and a tenancy of a resource related to the request;
  
  the microservice retrieving data from at least one of the tenancy of the client, the tenancy of the user, or the tenancy of the resource in a database, wherein the microservice retrieves the data using a connection pool that provides connections to the database; and
  
  the microservice performing the identity management service using the data;
  
  wherein the microservice uses a proxy user to connect to a respective connection in the connection pool and the proxy user represents a tenant in the database.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the identity management service includes obtaining an access token for the user to access the resource, wherein the token identifies the tenancy of the resource and the tenancy of the user.
  - 19. The system of claim 17, wherein the microservice is stateless.
  - 20. The system of claim 17, wherein the microservice comprises a OAuth microservice.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Immersion Corporation, Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Wilson, Gregg, Knappek, Tomas
Primary Examiner(s)
Pearson, David

Application Number

US15/485,532
Time in Patent Office

174 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

H04W 12/06   Authentication

H04W 12/08   Access security

Multi-tenant identity and data security management cloud service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-tenant identity and data security management cloud service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links