公开(公告)号：US20230098641A1

公开(公告)日：2023-03-30

申请号：US17957146

申请日：2022-09-30

Applicant: Oracle International Corporation

Inventor： Shobhank Sharma ,  Venkata Subbarao Evani ,  Kranthi Kiran Pandiri ,  Girish Nagaraja ,  Martinus Petrus Lambertus van den Dungen ,  Ashok Kumar Subbaiyan ,  Ari M. Kermaier

IPC: H04L9/40

Abstract: Systems and methods for a single logout between two independent systems are described herein. The system includes a first access control system having a first login protocol. The first access control system includes at least one first processor, and a memory comprising a plurality of instructions executable by the at least one first processor. The system includes a second access control system. The second access control system has a second login protocol independent of the first login protocol. The first access control system can receive a logout request from a user at the first access control system, logging the user out of the first access control system, and utilizing a trust mechanism to log the user out of the second access control system.

公开(公告)号：US20190253509A1

公开(公告)日：2019-08-15

申请号：US16051124

申请日：2018-07-31

Applicant: Oracle International Corporation

Inventor： Samanvitha Kumar ,  Nagaraj Pattar ,  Pruthvithej Ramesh Kumar ,  Parthipan Kandasamy ,  Ashok Kumar Subbaiyan

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/54

CPC classification number: H04L67/26 ,  G06F9/54 ,  H04L63/08 ,  H04L63/10

Abstract: Techniques related to authentication and authorization are disclosed. In some embodiments, an access management system is provided for increasing the reliability of notification-based authentication and/or authorization. Push notifications, for example, may be used as part of multifactor authentication processing or authorization processing. In certain embodiments, in response to an event triggering an authentication or authorization flow for a user, multiple different ways are provided for delivering notifications related to the authentication or authorization flow to the user's device (e.g., a client device registered for push notification-based authentication or authorization). By providing multiple ways for communicating notifications related to the authentication or authorization to the user's device, the chance that an authentication-related or authorization-related notification is missed or not delivered to the user's device is dramatically reduced. This, in turn, increases the reliability of using notifications for authenticating or authorizing the user.

公开(公告)号：US20220294788A1

公开(公告)日：2022-09-15

申请号：US17196907

申请日：2021-03-09

Applicant: Oracle International Corporation

Inventor： Nagaraj Pattar ,  Parthipan Kandasamy ,  Ashok Kumar Subbaiyan

IPC: H04L29/06 ,  G06F9/445

Abstract: Techniques are provided for customizing authentication and for handling pre-authentication and post-authentication plug-ins in an access management system. Users may want to access a protected resource, such as an application, and apply customizations to the protected resource. The customizations can be applied through the use of plug-ins, such as pre-authentication and post-authentication plug-ins. After it is determined that the user has permissions to apply a specified plug-in, analysis is performed to ensure that the plug-in complies with system requirements and that the criteria for implementing the plug-in has been satisfied. A browser session and control of the application can then be forwarded to the user.

公开(公告)号：US12238101B2

公开(公告)日：2025-02-25

申请号：US17196907

申请日：2021-03-09

Applicant: Oracle International Corporation

Inventor： Nagaraj Pattar ,  Parthipan Kandasamy ,  Ashok Kumar Subbaiyan

IPC: H04L9/40 ,  G06F9/445 ,  G06F21/41 ,  G06F21/45 ,  G06F21/64

Abstract: Techniques are provided for customizing authentication and for handling pre-authentication and post-authentication plug-ins in an access management system. Users may want to access a protected resource, such as an application, and apply customizations to the protected resource. The customizations can be applied through the use of plug-ins, such as pre-authentication and post-authentication plug-ins. After it is determined that the user has permissions to apply a specified plug-in, analysis is performed to ensure that the plug-in complies with system requirements and that the criteria for implementing the plug-in has been satisfied. A browser session and control of the application can then be forwarded to the user.

公开(公告)号：US10812473B2

公开(公告)日：2020-10-20

申请号：US16163468

申请日：2018-10-17

Applicant: Oracle International Corporation

Inventor： Pruthvithej Ramesh Kumar ,  Nagaraj Pattar ,  Samanvitha Kumar ,  Parthipan Kandasamy ,  Ashok Kumar Subbaiyan

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/31 ,  G06F21/34

Abstract: Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource.

公开(公告)号：US20190386981A1

公开(公告)日：2019-12-19

申请号：US16163468

申请日：2018-10-17

Applicant: Oracle International Corporation

Inventor： Pruthvithej Ramesh Kumar ,  Nagaraj Pattar ,  Samanvitha Kumar ,  Parthipan Kandasamy ,  Ashok Kumar Subbaiyan

IPC: H04L29/06 ,  H04L9/08

Abstract: Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource.