Patents by Inventor Mohamad Raja Gani Mohamad Abdul
Mohamad Raja Gani Mohamad Abdul has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230409724Abstract: A data platform for developing and deploying a data application. The data platform receives from a first user the data application and provider granted privileges including a consumer usage privilege and a consumer access to data privilege. The data platform authorizes the second user to access the data platform based on one or more consumer account privileges included in a set of account privileges. The data platform authorizes the second user to execute the data application based on the consumer usage privilege. During execution, the data platform authorizes the data application to access the provider database object based on the consumer access to data privilege, and authorizes the data application to access the consumer database object based on a provider access to data privilege provided by the second user.Type: ApplicationFiled: January 31, 2023Publication date: December 21, 2023Inventors: Damien Carru, Jeremy Yujui Chen, Mohamad Raja Gani Mohamad Abdul, William A. Pugh
-
Publication number: 20230401326Abstract: A data platform for managing an application as a first-class database object. The data object can include User Interface (UI) components. The data application can be shared by a provider account to a plurality of consumer accounts using a share object and based on grant commands. The consumer accounts can deploy and operate the UI component based on the share object.Type: ApplicationFiled: March 21, 2023Publication date: December 14, 2023Inventors: Damien Carru, Jeremy Yujui Chen, Pui Kei Johnston Chu, Scott C. Gray, Unmesh Jagtap, Mohamad Raja Gani Mohamad Abdul, William A. Pugh, Ahmed Waseef Shawkat, Xu Xu
-
Patent number: 11775669Abstract: A data platform for developing and deploying a data application. The data platform receives from a first user the data application and provider granted privileges including a consumer usage privilege and a consumer access to data privilege. The data platform authorizes the second user to access the data platform based on one or more consumer account privileges included in a set of account privileges. The data platform authorizes the second user to execute the data application based on the consumer usage privilege. During execution, the data platform authorizes the data application to access the provider database object based on the consumer access to data privilege, and authorizes the data application to access the consumer database object based on a provider access to data privilege provided by the second user.Type: GrantFiled: November 30, 2022Date of Patent: October 3, 2023Assignee: Snowflake Inc.Inventors: Damien Carru, Jeremy Yujui Chen, Mohamad Raja Gani Mohamad Abdul, William A. Pugh
-
Patent number: 11463488Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: GrantFiled: June 3, 2020Date of Patent: October 4, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Mohamad Raja Gani Mohamad Abdul, Vadim Lander
-
Patent number: 11411944Abstract: Embodiments provide session synchronization across multiple devices. Embodiments receive, at a single sign-in (“SSO”) service, user credentials from a user in response to the user signing into the first device. In response to receiving the user credentials, embodiments create a primary SSO session by the SSO service. In response to an attempt by the second device to create another SSO session, subsequent to the creating of the primary SSO session, embodiments create an alias SSO session linked to the primary SSO and set an encrypted session cookie containing the alias SSO session and returning an authorization code including the alias SSO session to the second device. Embodiments verify the second token using a second public key of the second device and send user information of the user to the second device, where the second device uses the user information to automatically sign the user into the second device.Type: GrantFiled: July 22, 2020Date of Patent: August 9, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Mohamad Raja Gani Mohamad Abdul, Kavita Tippanna
-
Patent number: 11134071Abstract: An example system and method facilitates establishment of secure communications between software systems, e.g., a client computing device and one or more servers (e.g., a cloud) using Multi Factor Authentication (MFA) via strategic use of tokens. An example method for overcoming longstanding security loopholes and usability issues with conventional MFA methods includes efficiently securing registration code (e.g., via public key cryptography and tokens) and exchanged data (e.g., message payloads), in part by embedding a signed token (e.g., a JWT token signed by a private key of the server system) in a registration link used by a client system to communicate with one or more servers of a server system.Type: GrantFiled: April 23, 2018Date of Patent: September 28, 2021Assignee: Oracle International CorporationInventors: Pruthvithej Ramesh Kumar, Nagaraj Pattar, Mohamad Raja Gani Mohamad Abdul, Parthipan Kandasamy, Samanvitha Kumar, S Ashok Kumar
-
Patent number: 11089474Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: GrantFiled: October 16, 2018Date of Patent: August 10, 2021Assignee: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Publication number: 20200358755Abstract: Embodiments provide session synchronization across multiple devices. Embodiments receive, at a single sign-in (“SSO”) service, user credentials from a user in response to the user signing into the first device. In response to receiving the user credentials, embodiments create a primary SSO session by the SSO service. In response to an attempt by the second device to create another SSO session, subsequent to the creating of the primary SSO session, embodiments create an alias SSO session linked to the primary SSO and set an encrypted session cookie containing the alias SSO session and returning an authorization code including the alias SSO session to the second device. Embodiments verify the second token using a second public key of the second device and send user information of the user to the second device, where the second device uses the user information to automatically sign the user into the second device.Type: ApplicationFiled: July 22, 2020Publication date: November 12, 2020Inventors: Mohamad Raja Gani Mohamad Abdul, Kavita TIPPANNA
-
Publication number: 20200296143Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: ApplicationFiled: June 3, 2020Publication date: September 17, 2020Inventors: Mohamad Raja Gani MOHAMAD ABDUL, Vadim LANDER
-
Patent number: 10764273Abstract: Embodiments provide session synchronization across multiple user devices in a cloud-based identity and access management (IAM) system by authenticating the user into an application on a first device; receiving a first request by a single-sign-on (SSO) service of the IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, where a second device of the user is already enrolled in CoT; sending a push notification to the second device to obtain user consent to enroll the first device in CoT, where the second device obtains user consent and sends a consent token to the first device; receiving a second request including the consent token from the first device; verifying the consent token; enrolling the first device in CoT; and performing SSO session synchronization across devices enrolled in CoT.Type: GrantFiled: June 28, 2018Date of Patent: September 1, 2020Assignee: Oracle International CorporationInventors: Mohamad Raja Gani Mohamad Abdul, Kavita Tippanna
-
Patent number: 10715564Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: GrantFiled: January 29, 2018Date of Patent: July 14, 2020Assignee: Oracle International CorporationInventors: Mohamad Raja Gani Mohamad Abdul, Vadim Lander
-
Publication number: 20200007530Abstract: Embodiments provide session synchronization across multiple user devices in a cloud-based identity and access management (IAM) system by authenticating the user into an application on a first device; receiving a first request by a single-sign-on (SSO) service of the IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, where a second device of the user is already enrolled in CoT; sending a push notification to the second device to obtain user consent to enroll the first device in CoT, where the second device obtains user consent and sends a consent token to the first device; receiving a second request including the consent token from the first device; verifying the consent token; enrolling the first device in CoT; and performing SSO session synchronization across devices enrolled in CoT.Type: ApplicationFiled: June 28, 2018Publication date: January 2, 2020Inventors: Mohamad Raja Gani MOHAMAD ABDUL, Kavita TIPPANNA
-
Publication number: 20190327223Abstract: An example system and method facilitates establishment of secure communications between software systems, e.g., a client computing device and one or more servers (e.g., a cloud) using Multi Factor Authentication (MFA) via strategic use of tokens. An example method for overcoming longstanding security loopholes and usability issues with conventional MFA methods includes efficiently securing registration code (e.g., via public key cryptography and tokens) and exchanged data (e.g., message payloads), in part by embedding a signed token (e.g., a JWT token signed by a private key of the server system) in a registration link used by a client system to communicate with one or more servers of a server system.Type: ApplicationFiled: April 23, 2018Publication date: October 24, 2019Applicant: Oracle International CorporationInventors: Pruthvithej Ramesh Kumar, Nagaraj Pattar, Mohamad Raja Gani Mohamad Abdul, Parthipan Kandasamy, Samanvitha Kumar, S Ashok Kumar
-
Patent number: 10454915Abstract: Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.Type: GrantFiled: October 30, 2017Date of Patent: October 22, 2019Assignee: Oracle International CorporationInventors: Mohamad Raja Gani Mohamad Abdul, Gregg Wilson
-
Publication number: 20190238598Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: ApplicationFiled: January 29, 2018Publication date: August 1, 2019Inventors: Mohamad Raja Gani MOHAMAD ABDUL, Vadim LANDER
-
Patent number: 10263947Abstract: An LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service is provided. The LDAP to SCIM proxy service receives an LDAP request from an LDAP-based application running on an LDAP-based application server, translates the LDAP request to a SCIM request, and forwards the SCIM request to a SCIM server within the IDCS. The LDAP to SCIM proxy service then receives a SCIM response from the SCIM server within the IDCS, translates the SCIM response to an LDAP response, and forwards the LDAP response to the LDAP-based application.Type: GrantFiled: June 28, 2017Date of Patent: April 16, 2019Assignee: Oracle International CorporationInventors: Kanika Vats, Loganathan Ramasamy, Anand Murugesan, Mohamad Raja Gani Mohamad Abdul
-
Publication number: 20190052624Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: ApplicationFiled: October 16, 2018Publication date: February 14, 2019Applicant: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Patent number: 10142327Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.Type: GrantFiled: October 19, 2017Date of Patent: November 27, 2018Assignee: Oracle International CorporationInventors: Mohamad Raja Gani Mohamad Abdul, Bhagavati Kumar Jayanti Venkata, Harsh Maheshwari, Nagaraj Pattar, Ravi Verma
-
Publication number: 20180337914Abstract: Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.Type: ApplicationFiled: October 30, 2017Publication date: November 22, 2018Inventors: Mohamad Raja Gani MOHAMAD ABDUL, Gregg WILSON
-
Patent number: 10116647Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: GrantFiled: May 22, 2017Date of Patent: October 30, 2018Assignee: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti