Propagating user identities in a secure federated search system

US 9,081,816 B2
Filed: 10/23/2013
Issued: 07/14/2015
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method of implementing a universal framework for searching across multiple search platforms in a secure federated search, the method comprising:

receiving, at a federated broker, a query from an authenticated user;

obtaining, by the federated broker, a plurality of user credentials associated with the authenticated user, wherein each of the plurality of user credentials is used to access at least one source of a plurality of sources;

obtaining, by the federated broker, a plurality of security attributes associated with the authenticated user, wherein;

the plurality of security attributes are distinct from the plurality of user credentials; and

the plurality of user credentials are first used to access the plurality of sources, and then the plurality of security attributes are compared to security attributes of individual documents within the plurality of sources to determine if the authenticated user can access the individual documents;

determining, by the federated broker, a required query format for each of the plurality of sources;

translating, by the federated broker, the query into a plurality of queries formatted according to the required query format of each of the plurality of sources;

propagating, by the federated broker, the plurality of translated queries, the plurality of security attributes, and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authenticated user;

receiving, at the federated broker, results of each of the plurality of queries from each source of the plurality of sources; and

consolidating, by the federated broker, the results of each of the plurality of queries to be displayed in a uniform manner.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of implementing a universal framework for searching across multiple search platforms in a secure federated search. The method includes receiving, at a federated broker, a query from an authorized user, obtaining a plurality of user credentials associated with the authenticated user, wherein each of the plurality of user credentials are used to access at least one source of a plurality of sources, determining a required query format for each of the plurality of sources, translating the query into a plurality of queries formatted according to the required query format of each of the plurality of sources, propagating the plurality of translated queries and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authorized user, receiving, at the federated broker, results of each of the plurality of queries from each source of the plurality of sources, and consolidating the results of each of the plurality of queries to be displayed in a uniform manner.

230 Citations

19 Claims

1. A method of implementing a universal framework for searching across multiple search platforms in a secure federated search, the method comprising:
- receiving, at a federated broker, a query from an authenticated user;
  
  obtaining, by the federated broker, a plurality of user credentials associated with the authenticated user, wherein each of the plurality of user credentials is used to access at least one source of a plurality of sources;
  
  obtaining, by the federated broker, a plurality of security attributes associated with the authenticated user, wherein;
  
  the plurality of security attributes are distinct from the plurality of user credentials; and
  
  the plurality of user credentials are first used to access the plurality of sources, and then the plurality of security attributes are compared to security attributes of individual documents within the plurality of sources to determine if the authenticated user can access the individual documents;
  
  determining, by the federated broker, a required query format for each of the plurality of sources;
  
  translating, by the federated broker, the query into a plurality of queries formatted according to the required query format of each of the plurality of sources;
  
  propagating, by the federated broker, the plurality of translated queries, the plurality of security attributes, and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authenticated user;
  
  receiving, at the federated broker, results of each of the plurality of queries from each source of the plurality of sources; and
  
  consolidating, by the federated broker, the results of each of the plurality of queries to be displayed in a uniform manner.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 1, further comprising mapping, by the federated broker, the plurality of user credentials to the plurality of sources.
  - 3. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 2, wherein the mapping occurs prior to executing of the query.
  - 4. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 3, wherein the mapping comprises accessing an identity plug-in, that is registered on a search application based on a mapping attribute in an identity management (IDM) system.
  - 5. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 1, further comprising when the query is received from the authorized user, normalizing, by the federated broker, the plurality of user credentials to access each of the plurality of sources.
  - 6. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 1, wherein propagating, by the federated broker, the plurality of translated queries and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authorized user is implemented in a single sign-on (SSO) federation environment.
  - 7. The method for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 6, wherein the SSO federation environment protects the federated broker from unauthorized access.

8. A non-transitory computer-readable medium having sets of instructions stored thereon which, when executed by a computer, cause the computer to:
- receive, at a federated broker, a query from an authenticated user;
  
  obtain, by the federated broker, a plurality of user credentials associated with the authenticated user, wherein each of the plurality of user credentials is used to access at least one source of a plurality of sources;
  
  obtain, by the federated broker, a plurality of security attributes associated with the authenticated user, wherein;
  
  the plurality of security attributes are distinct from the plurality of user credentials; and
  
  the plurality of user credentials are first used to access the plurality of sources, and then the plurality of security attributes are compared to security attributes of individual documents within the plurality of sources to determine if the authenticated user can access the individual documents;
  
  determine, by the federated broker, a required query format for each of the plurality of sources;
  
  translate, by the federated broker, the query into a plurality of queries formatted according to the required query format of each of the plurality of sources;
  
  propagate, by the federated broker, the plurality of translated queries, the plurality of security attributes, and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authenticated user;
  
  receive, at the federated broker, results of each of the plurality of queries from each source of the plurality of sources; and
  
  consolidate, by the federated broker, the results of each of the plurality of queries to be displayed in a uniform manner.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium as in claim 8, wherein the sets of instructions when further executed by the computer, cause the computer to map, by the federated broker, the plurality of user credentials to the plurality of sources.
  - 10. The non-transitory computer-readable medium as in claim 8, wherein the mapping occurs prior to executing of the query.
  - 11. The non-transitory computer-readable medium as in claim 10, wherein the mapping comprises accessing an identity plug-in, that is registered on a search application based on a mapping attribute in an identity management (IDM) system.
  - 12. The non-transitory computer-readable medium as in claim 8, wherein the sets of instructions when further executed by the computer, cause the computer to when the query is received from the authorized user, normalize, by the federated broker, the plurality of user credentials to access each of the plurality of sources.
  - 13. The non-transitory computer-readable medium as in claim 8, wherein propagating, by the federated broker, the plurality of translated queries and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authorized user is implemented in a single sign-on (SSO) federation environment.
  - 14. The non-transitory computer-readable medium as in claim 13, wherein the SSO federation environment protects the federated broker from unauthorized access.

15. A system for implementing a universal framework for searching across multiple search platforms in a secure federated search, the system comprisinga computer processor;
- anda memory device in communication with the computer processor, the memory device having sets of instructions stored thereon which, when executed by the computer processor, cause the computer processor to;
  
  receive, at a federated broker, a query from an authenticated user;
  
  obtain, by the federated broker, a plurality of user credentials associated with the authenticated user, wherein each of the plurality of user credentials is used to access at least one source of a plurality of sources;
  
  obtain, by the federated broker, a plurality of security attributes associated with the authenticated user, wherein;
  
  the plurality of security attributes are distinct from the plurality of user credentials; and
  
  the plurality of user credentials are first used to access the plurality of sources, and then the plurality of security attributes are compared to security attributes of individual documents within the plurality of sources to determine if the authenticated user can access the individual documents;
  
  determine, by the federated broker, a required query format for each of the plurality of sources;
  
  translate, by the federated broker, the query into a plurality of queries formatted according to the required query format of each of the plurality of sources;
  
  propagate, by the federated broker, the plurality of translated queries, the plurality of security attributes, and the plurality of user credentials to each corresponding source to appear to each corresponding source to be the authenticated user;
  
  receive, at the federated broker, results of each of the plurality of queries from each source of the plurality of sources; and
  
  consolidate, by the federated broker, the results of each of the plurality of queries to be displayed in a uniform manner.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 15, wherein the sets of instructions when further executed by the computer processor, cause the computer processor to map, by the federated broker, the plurality of user credentials to the plurality of sources.
  - 17. The system for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 15, wherein the mapping occurs prior to executing of the query.
  - 18. The system for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 17, wherein the mapping comprises accessing an identity plug-in, that is registered on a search application based on a mapping attribute in an identity management (IDM) system.
  - 19. The system for implementing a universal framework for searching across multiple search platforms in a secure federated search as in claim 15, wherein the sets of instructions when further executed by the computer processor, cause the computer processor to when the query is received from the authorized user, normalize, by the federated broker, the plurality of user credentials to access each of the plurality of sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Krishnaprasad, Muralidhar, Bhatkar, Sachin, Nimani, Visar, Chang, Thomas, Bhavsar, Meeten
Primary Examiner(s)
PENG, HUAWEN A

Application Number

US14/060,635
Publication Number

US 20140046978A1
Time in Patent Office

629 Days
Field of Search

707/781
US Class Current

1/1
CPC Class Codes

G06F 16/2452   Query translation

G06F 16/2455   Query execution

H04L 63/0815   providing single-sign-on or...

Propagating user identities in a secure federated search system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Propagating user identities in a secure federated search system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links