Dynamic client registration for an identity cloud service

US 10,715,564 B2
Filed: 01/29/2018
Issued: 07/14/2020
Est. Priority Date: 01/29/2018
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to dynamically register a client for a multi-tenant cloud based authentication system, the dynamically registering comprising:

creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system;

creating a template client, based on a security blueprint, in a second tenancy;

creating a registration client in the first tenancy;

receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client;

authenticating, using the template client, a user of the installed client application;

sending the registration access token to the installed client application over the network;

receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token;

authenticating, using the template client, the registration access token; and

sending the client assertion token, bound to an identity of the registration client, to the installed client application over the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.

382 Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to dynamically register a client for a multi-tenant cloud based authentication system, the dynamically registering comprising:
- creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system;
  
  creating a template client, based on a security blueprint, in a second tenancy;
  
  creating a registration client in the first tenancy;
  
  receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client;
  
  authenticating, using the template client, a user of the installed client application;
  
  sending the registration access token to the installed client application over the network;
  
  receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token;
  
  authenticating, using the template client, the registration access token; and
  
  sending the client assertion token, bound to an identity of the registration client, to the installed client application over the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable medium of claim 1, wherein the registering further comprises:
    - receiving a request for a service access token from the installed client application over the network, the request including the client assertion token;
      
      authenticating the client assertion token; and
      
      sending the service access token to the installed client application over the network.
  - 3. The computer readable medium of claim 2, wherein the registering further comprises:
    - receiving a request to access the service from the installed client application over the network, the request including the service access token;
      
      authenticating the service access token; and
      
      forwarding the service request to the service instance.
  - 4. The computer readable medium of claim 1, wherein the registration access token is bound to the template client and the user in the first tenancy.
  - 5. The computer readable medium of claim 4, wherein the client assertion token is a JavaScript Object Notation (JSON) web token that is bound to the registration client, the user, and a user device in the first tenancy.
  - 6. The computer readable medium of claim 1, wherein the security blueprint includes metadata describing a service type provided by the service, and one or more client applications supported by the service instance.
  - 7. The computer readable medium of claim 1, wherein a registration client is created in each tenancy in which the user subscribes to the service.

8. A method for dynamically registering a client for a multi-tenant cloud based authentication system, the method comprising:
- creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system IDCS;
  
  creating a template client, based on a security blueprint, in a second tenancy;
  
  creating a registration client in the first tenancy;
  
  receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client;
  
  authenticating, using the template client, a user of the installed client application;
  
  sending the registration access token to the installed client application over the network;
  
  receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token;
  
  authenticating, using the template client, the registration access token; and
  
  sending the client assertion token to the installed client application over the network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - receiving a request for a service access token from the installed client application over the network, the request including the client assertion token;
      
      authenticating the client assertion token; and
      
      sending the service access token to the installed client application over the network.
  - 10. The method of claim 9, further comprising:
    - receiving a request to access the service from the installed client application over the network, the request including the service access token;
      
      authenticating the service access token; and
      
      forwarding the service request to the service instance.
  - 11. The method of claim 8, wherein the registration access token is bound to the template client and the user in the first tenancy.
  - 12. The method of claim 11, wherein the client assertion token is a JavaScript Object Notation (JSON) web token that is bound to the registration client, the user, and a user'"'"'s device in the first tenancy.
  - 13. The method of claim 8, wherein the security blueprint includes metadata describing a service type provided by the service, and one or more client applications supported by the service instance.
  - 14. The method of claim 8, wherein a registration client is created in each tenancy in which the user subscribes to the service.

15. A system, comprising:
- a memory; and
  
  a processor, coupled to the memory and a network, the processor configured to dynamically register a client for a multi-tenant cloud based authentication system, the registering comprising;
  
  creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system,creating a template client, based on a security blueprint, in a second tenancy,creating a registration client in the first tenancy,receiving a request for a registration access token from an installed client application over the network, the request including an ID of the template client,authenticating, using the template client, a user of the installed client application,sending the registration access token to the installed client application over the network,receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token,authenticating, using the template client, the registration access token, andsending the client assertion token to the installed client application over the network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the registering further comprises:
    - receiving a request for a service access token from the installed client application over the network, the request including the client assertion token;
      
      authenticating the client assertion token; and
      
      sending the service access token to the installed client application over the network.
  - 17. The system of claim 16, wherein the registering further comprises:
    - receiving a request to access the service from the installed client application over the network, the request including the service access token;
      
      authenticating the service access token; and
      
      forwarding the service request to the service instance.
  - 18. The system of claim 15, wherein the registration access token is bound to the template client and the user in the first tenancy.
  - 19. The system of claim 18, wherein the client assertion token is a JavaScript Object Notation (JSON) web token that is bound to the registration client, the user, and a user'"'"'s device in the first tenancy.
  - 20. The system of claim 15, wherein the security blueprint includes metadata describing a service type provided by the service, and one or more client applications supported by the service instance, and wherein a registration client is created in each tenancy in which the user subscribes to the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mohamad Abdul, Mohamad Raja Gani, Lander, Vadim
Primary Examiner(s)
Recek, Jason D
Assistant Examiner(s)
Kennedy, Lesa M

Application Number

US15/882,159
Publication Number

US 20190238598A1
Time in Patent Office

897 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 65/1073   Registration or de-registra...

H04L 67/10   in which an application is ...

Dynamic client registration for an identity cloud service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

382 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic client registration for an identity cloud service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

382 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links