What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Dynamic policy and network security zone generation

US12574420B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12574420-B2
Application number	US-202418651208-A
Country	US
Kind code	B2
Filing date	Apr 30, 2024
Priority date	Apr 30, 2024
Publication date	Mar 10, 2026
Grant date	Mar 10, 2026

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An authentication server of an identity management system may establish an authentication policy for a tenant of a multi-tenant system and receive device access signals from one or more network identifiers. In some examples, the authentication server may receive an indication from machine learning (ML) models to update the authentication policy of a tenant based on a set of authentication rules of one or more second tenants that are for one or more applications common between the tenant and the one or more second tenants. In some other examples, the ML model may monitor a set of device access signals received at the authentication server to obtain a set of assurance scores for associated network identifiers. The authentication server may then update the authentication policy for a tenant, generate a set of network zones, or both based on the ML model outputs.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method for authentication policy management, comprising: establishing an authentication policy for a first tenant of a multi-tenant authentication platform, the authentication policy being associated with a plurality of applications associated with the first tenant, wherein the authentication policy indicates a first set of authentication rules for users associated with the first tenant to access the plurality of applications; receiving, from one or more users associated with one or more respective tenants, one or more access request messages to access a respective application, the one or more access request messages comprising data associated with the one or more users, wherein the data associated with the one or more users indicates an affiliation of a user with a respective tenant; receiving, from a machine learning model, an indication to update the authentication policy of the first tenant based at least in part on a second set of authentication rules associated with one or more second tenants of the multi-tenant authentication platform, the second set of authentication rules being associated with one or more applications of the plurality of applications that are common to the first tenant and the one or more second tenants, wherein the indication indicates that the second set of authentication rules satisfy a first threshold for accessing the one or more applications, and wherein the first threshold is based at least in part on a first quantity of successful access requests and a second quantity of unsuccessful access requests, and wherein the first threshold for a respective authentication rule is satisfied based at least in part on the first quantity of successful access requests and the second quantity of unsuccessful access requests; and updating the authentication policy of the first tenant based at least in part on receiving the indication from the machine learning model. 2 . The method of claim 1 , further comprising: receiving, via one or more user inputs for a first user associated with the first tenant, an indication of one or more authentication rules associated with access to the one or more applications of the plurality of applications, the first set of authentication rules comprising the one or more authentication rules, wherein establishing the authentication policy for the first tenant is based at least in part on receiving the one or more user inputs. 3 . The method of claim 1 wherein establishing the authentication policy for the first tenant comprises: generating, via the machine learning model, the first set of authentication rules for the authentication policy of the first tenant based at least in part on one or more authentication rules used by the one or more second tenants of the multi-tenant authentication platform that are associated with accessing the one or more applications of the plurality of applications, wherein the first set of authentication rules are generated via the machine learning model in accordance with a privacy preservation scheme. 4 . The method of claim 1 , further comprising: training the machine learning model using a first set of data associated with a type of application for each application of the one or more applications, a second set of data associated with user metadata of one or more sets of users of each tenant of the multi-tenant authentication platform, a third set of data associated with a set of user device data of one or more user devices being used by the one or more sets of users, a fourth set of data associated with network conditions of an access request, or any combination thereof. 5 . The method of claim 4 , wherein the type of application for a respective application indicated by the first set of data is based at least in part on the respective application being associated with sensitive data of a respective tenant. 6 . The method of claim 1 , further comprising: receiving, from a user of the first tenant, an indication of an additional application to be accessed by the users associated with the first tenant, wherein the indication to update the authentication policy of the first tenant is received from the machine learning model based at least in part on the user of the first tenant adding the additional application to the plurality of applications being accessed by the users of the first tenant, a first set of attributes associated with the user of the first tenant, a second set of attributes associated with a device used by the user of the first tenant to access the additional application, or any combination thereof, and wherein the second set of authentication rules associated with the one or more second tenants are associated with the additional application, a third set of attributes associated with a set of users of the one or more second tenants, a fourth set of attributes associated with a set of devices used by the set of users to access the additional application, or any combination thereof. 7 . The method of claim 1 , further comprising: transmitting, to the one or more users, a second indication to indicate a successful access request or an unsuccessful access request based at least in part on the data associated with the one or more users of the one or more access request messages, wherein the first threshold for the respective authentication rule is satisfied based at least in part on the first quantity of successful access requests that are associated with an unaffiliated user satisfying a second threshold and the second quantity of unsuccessful access requests that are associated with an unaffiliated user satisfying a third threshold. 8 . The method of claim 1 , further comprising: receiving, from one or more users associated with each tenant and via the one or more access request messages, a first set of attributes associated with the one or more users and a second set of attributes associated with one or more devices used by the one or more users; and inputting the one or more access request messages into the machine learning model, wherein the indication from the machine learning model is based at least in part on the one or more access request messages that are input into the machine learning model. 9 . The method of claim 1 , wherein updating the authentication policy of the first tenant is automatically triggered based at least in part on receiving the indication from the machine learning model. 10 . An apparatus for authentication policy management, comprising: one or more memories storing processor-executable code; and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to: establish an authentication policy for a first tenant of a multi-tenant authentication platform, the authentication policy being associated with a plurality of applications associated with the first tenant, wherein the authentication policy indicates a first set of authentication rules for users associated with the first tenant to access the plurality of applications; receive, from one or more users associated with one or more respective tenants, one or more access request messages to access a respective application, the one or more access request messages comprising data associated with the one or more users, wherein the data associated with the one or more users indicates an affiliation of a user with a respective tenant; receive, from a machine learning model, an indication to update the authentication policy of the first tenant based at least in part on a second set of authentication rules associated with one or more second tenants of the multi-tenant authentication platform, the second set of authenticatio

Assignees

Okta Inc

Inventors

Classifications

H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 97449213

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12574420B2 cover?: An authentication server of an identity management system may establish an authentication policy for a tenant of a multi-tenant system and receive device access signals from one or more network identifiers. In some examples, the authentication server may receive an indication from machine learning (ML) models to update the authentication policy of a tenant based on a set of authentication rules…
Who is the assignee on this patent?: Okta Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).