Patents by Inventor Ajay Sondhi
Ajay Sondhi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150089570Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Ajay Sondhi, Shivaram Bhat, Ravi Hingarajiya
-
Publication number: 20150089571Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Uppili Srinivasan, Ajay Sondhi, Ching-Wen Chu, Shivaram Bhat, Venkata S. Evani
-
Publication number: 20150089596Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Ajay Sondhi, Ching-Wen Chu, Beomsuk Kim, Ravi Hingarajiya
-
Publication number: 20150089597Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Uppili Srinivasan, Ajay Sondhi, Ching-Wen Chu, Venkata S. Evani, Beomsuk Kim
-
Publication number: 20150089622Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Ajay Sondhi, Shivaram Bhat, Ravi Hingarajiya, Wai Leung William Wong
-
Publication number: 20150089623Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Ajay Sondhi, Ching-Wen Chu, Venkata S. Evani
-
Publication number: 20150089569Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: ApplicationFiled: April 30, 2014Publication date: March 26, 2015Applicant: Oracle International CorporationInventors: Ajay Sondhi, Ching-Wen Chu, Venkata S. Evani
-
Patent number: 8935757Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.Type: GrantFiled: September 28, 2012Date of Patent: January 13, 2015Assignee: Oracle International CorporationInventors: Venkataraman Uppili Srinivasan, Rajeev Angal, Ajay Sondhi
-
Publication number: 20130086657Abstract: A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality.Type: ApplicationFiled: May 4, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventors: Venkataraman Uppili Srinivasan, Rajeev Angal, Ajay Sondhi, Shivaram Bhat
-
Publication number: 20130086639Abstract: Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider.Type: ApplicationFiled: May 31, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventors: Ajay Sondhi, Ching-Wen Chu, Beomsuk Kim, Sean Brydon
-
Publication number: 20130086211Abstract: Techniques for a resource management advice service are provided. In some examples, resource management advice and/or instructions may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more resource management operations associated with a service provider. Based at least in part on the requested operation and/or the particular service provider, advice and/or instructions for managing the resource may be provided.Type: ApplicationFiled: May 31, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventors: Ajay Sondhi, Ching-Wen Chu, Beomsuk Kim
-
Publication number: 20130086669Abstract: Techniques for managing single sign-on are provided. in some examples, single sign-on functionality may be provided for use on mobile devices by utilizing mobile applications, cloud applications, and/or other web-based applications. For example, a mobile application or mobile web browser may request to authenticate with or access one or more service providers. Authentication credentials may be requested from a user of the mobile device to facilitate such authentication and/or access. Based at least in part on a successful log-in, access to server resources from other applications on the same mobile device may be provided without successive or repetitive credential requests to the user.Type: ApplicationFiled: May 31, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventors: Ajay Sondhi, Clayton Donley, Shivaram Bhat, Wai William Wong, Kwok Lun Alex Yiu
-
Patent number: 8051179Abstract: A distributed session failover mechanism is disclosed for facilitating the replication and retrieval of session information. A first server, in a trusted network, providing a single sign-on (SSO) solution, stores session information pertaining to a particular client requesting services associated with the server. In order to provide session failover, the first server sends a copy of the session information to a bus mechanism, which is connected to one or more persistent repositories. When a second server attempts to validate the client, the second server may discover that the first server failed. The second server then requests a copy of the session information pertaining to the client from the bus mechanism. The bus mechanism retrieves the copy from a persistent repository and provides the copy to the second server.Type: GrantFiled: February 1, 2006Date of Patent: November 1, 2011Assignee: Oracle America, Inc.Inventors: Rajeev Angal, Subash Penumatsa, Ching-Wen Chu, Ajay Sondhi
-
Patent number: 7908380Abstract: A method to limit active sessions connecting user access to a computer network is presented. First, a request to initiate a new user session in the computer network is authenticated. The authentication is operatively conducted within a single sign-on provider. A session quota is then determined through a session quota logic of the single sign-on provider with the session quota logic retrieving a stored session quota. Then the number of active sessions is compared with the determined session quota. The determined session quota is enforced though a session quota enforcement logic of the SSO provider.Type: GrantFiled: April 24, 2006Date of Patent: March 15, 2011Assignee: Oracle America, Inc.Inventors: Ching-Wen Chu, Rajeev Angal, Subash Penumatsa, Beomsuk Kim, Anant D. Kadam, Ajay Sondhi
-
Publication number: 20070192326Abstract: A distributed session failover mechanism is disclosed for facilitating the replication and retrieval of session information. A first server, in a trusted network, providing a single sign-on (SSO) solution, stores session information pertaining to a particular client requesting services associated with the server. In order to provide session failover, the first server sends a copy of the session information to a bus mechanism, which is connected to one or more persistent repositories. When a second server attempts to validate the client, the second server may discover that the first server failed. The second server then requests a copy of the session information pertaining to the client from the bus mechanism. The bus mechanism retrieves the copy from a persistent repository and provides the copy to the second server.Type: ApplicationFiled: February 1, 2006Publication date: August 16, 2007Inventors: Rajeev Angal, Subash Penumatsa, Ching-Wen Chu, Ajay Sondhi
-
Publication number: 20030037234Abstract: A method and apparatus for centralizing a certificate revocation list (CRL). Specifically, the present invention describes a method and system for centralizing a CRL in a certificate authority. The certificate authority is comprised of a master server coupled to a plurality of clone servers that form a cluster of servers. Each of the clone servers in the cluster has the capability to provide certificate authority services. The present invention centralizes the CRL at a database accessed by the lightweight directory access protocol that supports a Secure Sockets Layer. A CRL merger service located at the master server maintains the CRL. The master server also receives revocation information coming from the clone servers indicating a certificate has been revoked. Upon receipt of such revocation certificate record, the corresponding certificate is added to the CRL. In this way a centralized CRL is maintained for the entire certificate authority cluster of servers.Type: ApplicationFiled: August 17, 2001Publication date: February 20, 2003Inventors: Christina Fu, Ajay Sondhi