What technology area does this patent fall under?

Primary CPC classification H04L63/101. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 22 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Access manager session management strategy

US10454936B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10454936-B2
Application number	US-201615331613-A
Country	US
Kind code	B2
Filing date	Oct 21, 2016
Priority date	Oct 23, 2015
Publication date	Oct 22, 2019
Grant date	Oct 22, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques are disclosed for managing session information stored by an access management system. Certain techniques are disclosed for updating session information based characteristics of the session information to be updated. The disclose techniques disclose how session information is updated and the frequency in which the session information is updated. Certain embodiments may enable a decrease in computing performance overhead and/or memory usage overhead caused by managing session information (e.g., performing authentication or determining authorization to access a resource) for a session.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, at a computer system of an access management system, a request for access to a resource, wherein the request is received from a user operating a client device; obtaining, by the computer system, user identity information associated with the user from an identity data store of the access management system; authenticating, by the computer system, the user to access the resource; using the user identity information about the user obtained from the identity data store and based on the authentication of the user for access to the resource, establishing, by the computer system, a session for the user to access the resource, wherein the establishing the session comprises: generating session information for the session, wherein the session information includes: (i) common attributes, and (ii) specific attributes, the common attributes include user access information that is shared between sessions, and the specific attributes include information that changes between sessions, and wherein the session information includes one or more of: a list of partners accessed in session, an Internet protocol (IP) address of the client device, an authentication level of the session, an authentication scheme of the session, an authentication timestamp of the session, or application domain information for one or more accessed resources using the session; storing the common attributes in a data store of the access management system, wherein the data store is implemented as a cache accessible in a distributed manner to the access management system, and the common attributes are stored associated with an identifier in the cache; and sending an access claim to the client device for the session that is established, wherein the access claim includes the specific attributes and the identifier for the common attributes; receiving, at the computing system, from the user operating the client device, another request for access to another resource, wherein the another request includes the access claim; accessing, from the data store, based on the identifier, the common attributes for the session; determining, based on the specific attributes received in the access claim and the common attributes accessed from the data store, the session established for the user; based on authorization of the user to access the another resource, providing, by the computer system, the user with access to the another resource using the determined session; updating, by the computer system, the session information including the specific attributes for the session based on the access to the another resource using the session; and sending, by the computer system, the access claim to the client device for the session that is established, wherein the access claim includes the updated specific attributes and the identifier for the common attributes. 2. The method of claim 1 , wherein the access claim is a pre-defined response from the computing system that includes: (i) a portion of the session information including the specific attributes, and (ii) the identifier for the common attributes. 3. The method of claim 2 , wherein the pre-defined response further includes an access token, and wherein the another request for access to the another resource includes the access token sent in the response to the client device. 4. The method of claim 2 , wherein the pre-defined response further includes a domain name of the user. 5. The method of claim 1 , further comprising: based on the information accessed about the user, determining that access by the session is locked; and denying the user at the device with access to the resource based on the determined session. 6. A system comprising: one or more processors; and a memory accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to: receive a request for access to a resource, wherein the request is received from a user operating a client device; obtain user identity information associated with the user from an identity data store of an access management system; authenticate the user to access the resource; using the user identity information about the user obtained from the identity data store and based on the authentication of the user for access to the resource, establish, by the access management system, a session for the user to access the resource, wherein the establishing the session comprises: generating session information for the session, wherein the session information includes: (i) common attributes, and (ii) specific attributes, the common attributes include user access information that is shared between sessions, and the specific attributes include information that changes between sessions, and wherein the session information includes one or more of: a list of partners accessed in session, an Internet protocol (IP) address of the client device, an authentication level of the session, an authentication scheme of the session, an authentication timestamp of the session, or application domain information for one or more accessed resources using the session; storing the common attributes in a data store of the access management system, wherein the data store is implemented as a cache accessible in a distributed manner to the access management system, and the common attributes are stored associated with an identifier in the cache; and sending an access claim to the client device for the session that is established, wherein the access claim includes the specific attributes and the identifier for the common attributes; receive, from the user operating the client device, another request for access to a another resource, wherein the another request includes the access claim; access, from the data store, based on the identifier, the common attributes for the session; determine, based on the specific attributes received in the access claim and the common attributes accessed from the data store, the session established for the user; based on authorization of the user to access the another resource, provide the user with access to the another resource using the determined session; update the session information including the specific attributes for the session based on the access to the another resource using the session; and send the access claim to the client device for the session that is established, wherein the access claim includes the updated specific attributes and the identifier for the common attributes. 7. The system of claim 6 , wherein the access claim is a pre-defined response from the computing system that includes: (i) a portion of the session information including the specific attributes, and (ii) the identifier for the common attributes. 8. The system of claim 7 , wherein the pre-defined response further includes an access token, and wherein the another request for access to the another resource includes the access token sent in the response to the client device. 9. A non-transitory computer-readable medium storing one or more instructions that, upon execution by one or more processors, causes the one or more processors to: receive a request for access to a resource, wherein the request is received from a user operating a client device; obtain user identity information associated with the user from an identity data store of an access management system; authenticate the user to access the resource; using the user identity information about the user obtained from the identity data store and based on the authentication of the user for access to the resource, establish, by the access management system, a session for the user to access the r

Assignees

Oracle Int Corp

Inventors

Classifications

H04L63/0876
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
H04L63/101Primary
Access control lists [ACL] · CPC title
H04L67/14Primary
Session management (for real-time applications in data packet communications networks H04L65/1066) · CPC title
H04L63/102
Entity profiles · CPC title

Patent family

Related publications grouped by family.

View patent family 58559386

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10454936B2 cover?: Techniques are disclosed for managing session information stored by an access management system. Certain techniques are disclosed for updating session information based characteristics of the session information to be updated. The disclose techniques disclose how session information is updated and the frequency in which the session information is updated. Certain embodiments may enable a decrea…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 22 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).