GENERATING DERIVED CREDENTIALS FOR A MULTI-TENANT IDENTITY CLOUD SERVICE

US 20180077138A1
Filed: 09/07/2017
Published: 03/15/2018
Est. Priority Date: 09/14/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud based identity management, the providing comprising:

receiving a request to execute a job, wherein the job has a scheduled start time, or a timeframe to complete, that exceeds a validity time of a request access token;

generating the request access token corresponding to the job, the request access token comprising access privileges;

scheduling the job;

persisting the request access token;

triggering the job at the scheduled start time;

generating a derived access token based on the request access token, wherein the derived access token comprises the access privileges;

injecting the derived access token during runtime of the job; and

calling a microservice using the derived access token to execute the job.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.

Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud based identity management, the providing comprising:
- receiving a request to execute a job, wherein the job has a scheduled start time, or a timeframe to complete, that exceeds a validity time of a request access token;
  
  generating the request access token corresponding to the job, the request access token comprising access privileges;
  
  scheduling the job;
  
  persisting the request access token;
  
  triggering the job at the scheduled start time;
  
  generating a derived access token based on the request access token, wherein the derived access token comprises the access privileges;
  
  injecting the derived access token during runtime of the job; and
  
  calling a microservice using the derived access token to execute the job.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer readable medium of claim 1, wherein the derived access token comprises a validity that exceeds the scheduled start time, or the timeframe to complete.
  - 3. The non-transitory computer readable medium of claim 1, further comprising signing the derived access token using current signing keys.
  - 4. The non-transitory computer readable medium of claim 1, wherein the calling the microservice comprises invoking an application programming interface that corresponds to the microservice.
  - 5. The non-transitory computer readable medium of claim 1, wherein the request access token is persisted with metadata corresponding to the job.
  - 6. The non-transitory computer readable medium of claim 5, wherein the request access token is retrieved from the metadata and decoded.
  - 7. The non-transitory computer readable medium of claim 1, wherein the request comprises an identity of a tenant of a plurality of tenants that comprises a resource needed to execute the job.

8. A method to provide cloud based identity management, the method comprising:
- receiving a request to execute a job, wherein the job has a scheduled start time, or a timeframe to complete, that exceeds a validity time of a request access token;
  
  generating the request access token corresponding to the job, the request access token comprising access privileges;
  
  scheduling the job;
  
  persisting the request access token;
  
  triggering the job at the scheduled start time;
  
  generating a derived access token based on the request access token, wherein the derived access token comprises the access privileges;
  
  injecting the derived access token during runtime of the job; and
  
  calling a microservice using the derived access token to execute the job.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the derived access token comprises a validity that exceeds the scheduled start time, or the timeframe to complete.
  - 10. The method of claim 8, further comprising signing the derived access token using current signing keys.
  - 11. The method of claim 8, wherein the calling the microservice comprises invoking an application programming interface that corresponds to the microservice.
  - 12. The method of claim 8, wherein the request access token is persisted with metadata corresponding to the job.
  - 13. The method of claim 12, wherein the request access token is retrieved from the metadata and decoded.
  - 14. The method of claim 8, wherein the request comprises an identity of a tenant of a plurality of tenants that comprises a resource needed to execute the job.

15. A system for providing cloud-based identity and access management, comprising:
- a plurality of tenants;
  
  a plurality of microservices; and
  
  one or more processors that;
  
  receive a request to execute a job, wherein the job has a scheduled start time, or a timeframe to complete, that exceeds a validity time of a request access token;
  
  generate the request access token corresponding to the job, the request access token comprising access privileges;
  
  schedule the job;
  
  persist the request access token;
  
  trigger the job at the scheduled start time;
  
  generate a derived access token based on the request access token, wherein the derived access token comprises the access privileges;
  
  inject the derived access token during runtime of the job; and
  
  call a microservice using the derived access token to execute the job.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the derived access token comprises a validity that exceeds the scheduled start time, or the timeframe to complete.
  - 17. The system of claim 15, further comprising signing the derived access token using current signing keys.
  - 18. The system of claim 15, wherein the call the microservice comprises invoking an application programming interface that corresponds to the microservice.
  - 19. The system of claim 15, wherein the request access token is persisted with metadata corresponding to the job.
  - 20. The system of claim 19, wherein the request access token is retrieved from the metadata and decoded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
BANSAL, Ajeet, LANDER, Vadim, WILSON, Gregg

Granted Patent

US 10,594,684 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 2209/5018   Thread allocation

G06F 9/4843   by program, e.g. task dispa...

G06F 9/4881   Scheduling strategies for d...

G06F 9/5027   the resource being a machin...

G06Q 20/325   using wireless networks

G06Q 20/3821   Electronic credentials

G06Q 20/4014   Identity check for transact...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04W 12/08   Access security

GENERATING DERIVED CREDENTIALS FOR A MULTI-TENANT IDENTITY CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GENERATING DERIVED CREDENTIALS FOR A MULTI-TENANT IDENTITY CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links