System and method for graduated security in user authentication
US-9195820-B2 · Nov 24, 2015 · US
Session activity tracking for session adoption across multiple data centers
US2018046794A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018046794-A1 |
| Application number | US-201715707261-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 18, 2017 |
| Priority date | Jun 29, 2015 |
| Publication date | Feb 15, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: receiving, by a first computer system, a request to authenticate a user for a first session established at the first computer system; determining, by the first computer system, based on session adoption data, that a second session hosted on a second computer system is associated with the first session; determining, by the first computer system, based on first session activity data of the first session, and based on second session activity data of the second session obtained from the second computing system using the session adoption data, that at least one of the first session or the second session is active; and based on determining that the second session is active, and based on the first session being associated with the second session, providing, by the first computing system, authentication to the user for the first session. 2 . The method of claim 1 , wherein the request to authenticate the user is based on the first session being inactive. 3 . The method of claim 1 , wherein the session adoption data indicates that the second computing system adopts the second session for the user; wherein the request to authenticate the user for the first session established at the first computer system is a first request; and wherein the method further comprises: sending, by the first computing system, based on the session adoption data, a second request to the second computing system for the second session activity data. 4 . The method of claim 3 , further comprising: determining, by the first computer system, that the first computer system supports session adoption, the determination being based on that the first computer system manages authentication of the user and that the second computer system manages the user's access right to a resource; and sending, by the first computer system and based on the determination that the first computer system supports session adoption, the second request to the second computer system; wherein the second session activity data is obtained from the second computer system based on the second request. 5 . The method of claim 1 , wherein the first session activity data includes a first session activity status indicating whether the first session is active; wherein the second session activity data includes a second session activity status indicating whether the second session is active; and wherein determining that at least one of the first session or the second session is active includes: determining whether the first session is active based on the first session activity status; and determining whether the second session is active based on the second session activity status. 6 . The method of claim 1 , wherein the first session activity data includes a first timestamp indicating when a first activity is last detected at the first session; wherein the second session data includes a second timestamp indicating when a second activity is last detected at the second session; and wherein the determination that at least one of the first session or the second session is active is based on at least one of the first timestamp or the second timestamp. 7 . The method of claim 6 , wherein at least one of the first activity or the second activity is associated with a duration that exceeds a threshold period. 8 . The method of claim 1 , wherein the request to authenticate the user is received via a first protocol over a first network; wherein the second session activity data is obtained via a second protocol over a second network; and wherein the first protocol and the second protocol are different. 9 . The method of claim 1 , further comprising: generating, by the first computer system and from the first session activity data, a cookie including a threshold session time period after which the first session becomes inactive; sending, by the first computer system, the cookie to a client device; and receiving, by the first computer system and from the client device, a request to re-authenticate the user for the first session, the request to re-authenticate the user being based on the threshold session time period included in the cookie. 10 . The method of claim 1 , wherein the request to authenticate the user for the first session established at the first computer system is a first request; wherein the method further comprises: receiving, by the first computer system, a second request for session adoption of the first session from the second computer system; and sending, by the first computer system, session data of the first session to the second computer system based on the second request; and wherein the second session is created based on the session data of the first session. 11 . The method of claim 10 , wherein the session data of the first session includes an indication of a status of the first session at the first computing system. 12 . The method of claim 10 , wherein the sending of the session data of the first session enables the second computing system to determine whether the first session is valid, and to deny access to a resource based on the first session being invalid. 13 . A system comprising: one or more processors; and a memory accessible to the one or more processors, the memory storing a set of instructions which, when executed by the one or more processors, causes the one or more processors to perform: receiving a request to authenticate a user for a first session established at a first computing system; determining, based on session adoption data, that a second session hosted on a second computer system is associated with the first session; determining, based on first session activity data of the first session, and based on second session activity data of the second session obtained from the second computing system using the session adoption data, that at least one of the first session or the second session is active; and based on determining that the second session is active, and based on the first session being associated with the second session, providing authentication to the user for the first session. 14 . The system of claim 13 , wherein the request to authenticate the user is based on the first session being inactive. 15 . The system of claim 13 , wherein the request to authenticate the user is received via a first protocol over a first network; wherein the second session activity data is obtained via a second protocol over a second network; and wherein the first protocol and the second protocol are different. 16 . A non-transitory computer-readable medium storing a set of instructions that are executable by one or more processors to cause the one or more processors to: receive a request to authenticate a user for a first session established at a first computing system; determine, based on session adoption data, that a second session hosted on a second computer system is associated with the first session; determine, based on first session activity data of the first session, and based on second session activity data of the second session obtained from the second computing system using the session adoption data, that at least one of the first session or the second session is active; and based on a determination that the second session is active, and based on the first session being associated with the second session, provide authentication to the user for the first session. 17 . The non-transitory computer-readable medium of claim 16 , wherein the request to authenticate the user is based on the first ses
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
Entity profiles · CPC title
Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms · CPC title
- G06F21/41Primary
where a single sign-on provides access to a plurality of computers · CPC title
Session management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018046794A1 cover?
- Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information …
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/41. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Feb 15 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).