Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Identity information including a schemaless portion
US10708253B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10708253-B2 |
| Application number | US-201415112389-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 20, 2014 |
| Priority date | Jan 20, 2014 |
| Publication date | Jul 7, 2020 |
| Grant date | Jul 7, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In response to a request of a first user, identity information for users is searched to retrieve a portion of the identity information corresponding to the first user. The identity information including fields, where a first subset of the fields is schemaless, and a second subset of the fields is interpreted according to a specified schema. Searching the identity information includes searching the first subset and the second subset of fields. An action for the request is authorized by using information included in at least one field of the first subset included in the retrieved portion of the identity information.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a system including a processor, a request of a user; searching, by the system in response to the request, identity information for a plurality of users to retrieve a portion of the identity information corresponding to the user, the identity information including fields, wherein a first subset of the fields is schemaless, and a second subset of the fields is interpreted according to a specified schema, and wherein searching the identity information comprises searching the first subset and the second subset of fields; authenticating the request from the user by providing, by the system, the identity information from the first subset to an authenticating engine, wherein the identity information from the first subset is third party identity information; authorizing, by the system, an action for the request based on information from one field included in the first subset provided in the retrieved portion of the identity information; and adding, by the system, a new field that includes the third party identity information from the first subset which is determined based on a key-value map, wherein the key value-map identifies structure of schemaless data structures and the processor extracts the schemaless data based on the key-value map; and maintaining the specified schema of the second subset without changing identity information associated with the specified schema. 2. The method of claim 1 , further comprising a further action using identity information from a second subset of the fields. 3. The method of claim 1 , wherein the identity information is stored in a schemaless database, and wherein interpreting the second subset of fields according to the specified schema uses logic that enforces presence of the second subset of the fields according to the specified schema in the schemaless database. 4. The method of claim 1 , wherein the identity information is stored in a schemaful database, and wherein one data structure in the schemaful database is used to store the first subset of the fields. 5. The method of claim 4 , wherein the one data structure is in one field of the schemaful database. 6. The method of claim 1 , further comprising: storing the first subset of the fields in the schemaless database; and storing the second subset of the fields in the schemaful database. 7. The method of claim 1 , further comprising: generating an index using field from the first and second subsets of fields, wherein searching the identity information uses the index. 8. The method of claim 1 , further comprising: dynamically removing an existing field of the first subset of the fields in the identity information. 9. The method of claim 1 , further comprising: dynamically modifying an existing field of the first subset of the fields in the identity information. 10. A system comprising: a storage medium to store a semi-schemaless identity information repository that stores identity information for users, the identity information including fields, wherein a first subset of the fields is schemaless, and a second subset of the fields is interpreted according to a specified schema; and a processor to: in response to a request of a user, search the semi-schemaless identity information repository to retrieve a portion of the identity information corresponding to the user, wherein searching the semi-schemaless identity information repository comprises: searching the first subset and the second subset of fields; and authenticating the request from the user by providing the identity information from the first subset to an authenticating engine, wherein the identity information from the first subset is third party identity information; provide information from one field of the first subset included in the retrieved portion of the identity information for use in authorizing an action for the request; and add, by the system, a new field that includes the third party identity information from the first subset which is determined based on a key-value map, wherein the key value-map identifies structure of schemaless data structures and the processor extracts the schemaless data based on the key-value map; and maintain the specified schema of the second subset without changing identity information associated with the specified schema. 11. The system of claim 10 , wherein the the processor is to further provide information included in one field of the second subset included in the retrieved portion of the identity information for use in authorizing the action for the request. 12. The system of claim 10 , wherein the semi-schemaless identity information repository includes a schemaless database containing the second subset of the fields, and wherein the processor is to further: emulate storage of the second subset of the fields according to the specified schema. 13. The system of claim 10 , wherein the semi-schemaless identity information repository includes a schemaful database containing the first subset of the fields, and wherein the processor is to further: emulate storage of the first subset of the fields in a schemaless manner. 14. An article comprising a non-transitory machine-readable storage medium storing instructions that upon execution cause a processor to: receive a request of a user to access a cloud resource or cloud service of a cloud system; search identity information, in response to the request, for a plurality of users to retrieve a portion of the identity information corresponding to the user, the identity information including fields, wherein a first subset of the fields is schemaless, and a second subset of the fields is interpreted according to a specified schema, and wherein searching the identity information comprises: searching the first subset and the second subset of fields; and authenticating the request from the user by providing the identity information from the first subset to an authenticating engine, wherein the new field includes the third party identity information from the first subset; provide information from one field of the first subset included in the retrieved portion of the identity information for authorizing access of the cloud resource or cloud service for the request; add a new field that includes the third party identity information from the first subset which is determined based on a key-value map, wherein the key value-map identifies structure of schemaless data structures and the processor extracts the schemaless data based on the key-value map; and maintain the specified schema of the second subset without changing identity information associated with the specified schema.
Assignees
Inventors
Classifications
- H04L63/0815Primary
providing single-sign-on or federations · CPC title
where a single sign-on provides access to a plurality of computers · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10708253B2 cover?
- In response to a request of a first user, identity information for users is searched to retrieve a portion of the identity information corresponding to the first user. The identity information including fields, where a first subset of the fields is schemaless, and a second subset of the fields is interpreted according to a specified schema. Searching the identity information includes searching …
- Who is the assignee on this patent?
- Hewlett Packard Development Co
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 07 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).