Patents by Inventor Vadim Lander
Vadim Lander has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11528262Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.Type: GrantFiled: January 14, 2021Date of Patent: December 13, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Damien Carru, Vasukiammaiyar Asokkumar, Vadim Lander
-
Patent number: 11463488Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: GrantFiled: June 3, 2020Date of Patent: October 4, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Mohamad Raja Gani Mohamad Abdul, Vadim Lander
-
Patent number: 11356454Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.Type: GrantFiled: November 8, 2019Date of Patent: June 7, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Lokesh Gupta, Vadim Lander
-
Patent number: 11258786Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a service using the derived access token to execute the job.Type: GrantFiled: January 8, 2020Date of Patent: February 22, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Ajeet Bansal, Vadim Lander, Gregg Wilson
-
Patent number: 11258775Abstract: Embodiments perform write operations in a multi-tenant cloud system that includes a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. Embodiments receive a request from a first client to perform a first write for a resource at the second data center. Embodiments generate a call to the first data center including a second write for the resource at the first data center. Embodiments retrieve data corresponding to the first write and send the retrieved data to the first data center. Embodiments write on the data based on the first write, the writing on the data including changing the data to generate changed data.Type: GrantFiled: January 16, 2019Date of Patent: February 22, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Vadim Lander, Balakumar Balu, Venkateswara Reddy Medam, Kuang-Yu Shih, Lokesh Gupta, Vasukiammaiyar Asokkumar, Gregg Wilson
-
Patent number: 11088993Abstract: An embodiment controls access to a resource, the access controlled by a multi-tenant system. Embodiments receive, at a web server, a request for the resource from a user via a web browser, the request including a Uniform Resource Locator (“URL”) associated with the resource and an identity of a tenant corresponding to the user. Embodiments determine an access policy for authenticating the user that is associated with the resource, the access policy based in part on the identity of the tenant. Embodiments then authenticate the user based on the determined access policy.Type: GrantFiled: August 12, 2019Date of Patent: August 10, 2021Assignee: Oracle International CorporationInventors: Stephan Wardell, Andrew B Folkins, Vadim Lander, Prateek Mishra, Rich Levinson, Cory Womacks, Dino E. Cuthbert
-
Publication number: 20210168128Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.Type: ApplicationFiled: January 14, 2021Publication date: June 3, 2021Inventors: Damien CARRU, Vasukiammaiyar ASOKKUMAR, Vadim LANDER
-
Patent number: 10931656Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.Type: GrantFiled: July 17, 2018Date of Patent: February 23, 2021Assignee: Oracle International CorporationInventors: Damien Carru, Vasukiammaiyar Asokkumar, Vadim Lander
-
Patent number: 10878079Abstract: A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.Type: GrantFiled: May 9, 2017Date of Patent: December 29, 2020Assignee: Oracle International CorporationInventors: Sirish V. Vepa, Sreedhar Katti, Maheshkumar Shivlal Dhaduk, Vadim Lander
-
Patent number: 10848543Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for obtaining an access token for a user to access a resource. The system determines, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource. The system accesses a microservice based on the request, and performs an identity management service by the microservice based on the request, where the identity management service includes generating the access token that identifies the tenancy of the resource and the tenancy of the user.Type: GrantFiled: January 14, 2019Date of Patent: November 24, 2020Assignee: Oracle International CorporationInventors: Vadim Lander, Ajay Sondhi
-
Publication number: 20200296143Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: ApplicationFiled: June 3, 2020Publication date: September 17, 2020Inventors: Mohamad Raja Gani MOHAMAD ABDUL, Vadim LANDER
-
Patent number: 10715564Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.Type: GrantFiled: January 29, 2018Date of Patent: July 14, 2020Assignee: Oracle International CorporationInventors: Mohamad Raja Gani Mohamad Abdul, Vadim Lander
-
Patent number: 10693861Abstract: Embodiments provide cloud-based identity management by receiving a request to perform an identity management service that includes real-time tasks and near-real-time tasks. Embodiments synchronously execute the real-time tasks by accessing at least one microservice using a corresponding application programming interface (“API”). Embodiments asynchronously execute the near-real-time tasks by offloading the near-real-time tasks to one or more message queues.Type: GrantFiled: November 27, 2017Date of Patent: June 23, 2020Assignee: Oracle International CorporationInventors: Vadim Lander, Damien Carru, Gary P. Cole, Ajay Sondhi, Gregg Wilson
-
Publication number: 20200186515Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a service using the derived access token to execute the job.Type: ApplicationFiled: January 8, 2020Publication date: June 11, 2020Inventors: Ajeet BANSAL, Vadim LANDER, Gregg WILSON
-
Patent number: 10594684Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.Type: GrantFiled: September 7, 2017Date of Patent: March 17, 2020Assignee: Oracle International CorporationInventors: Ajeet Bansal, Vadim Lander, Gregg Wilson
-
Patent number: 10585682Abstract: A system provides cloud-based identity and access management. The system provides a user interface (“UI”) to a tenant of an identity-management service. The system enables diagnostics functionality for the tenant based on a user input received via the UI, where the diagnostics functionality allows for a user in the tenant to configure and receive diagnostics reports related to the identity-management service. The system then receives a request for the identity-management service, accesses a microservice based on the request, performs the identity-management service by the microservice, collects and records diagnostics information during the performing of the identity-management service, and displays the diagnostics information to the user via the UI.Type: GrantFiled: July 12, 2017Date of Patent: March 10, 2020Assignee: Oracle International CorporationInventors: Vikrant Jain, Ashish Gupta, Gary P. Cole, Vadim Lander
-
Publication number: 20200076817Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.Type: ApplicationFiled: November 8, 2019Publication date: March 5, 2020Inventors: Lokesh GUPTA, Vadim LANDER
-
Patent number: 10579367Abstract: Embodiments implement data versioning in a cloud-based identity management system. Embodiments provide a first microservice for performing an identity management service and having a corresponding first version application programming interface (“API”) that identifies the first microservice. Embodiments provide a second microservice for performing the identity management service, the second microservice comprising a new version of the first microservice and having a corresponding second version API that identifies the second microservice. Embodiments receive a request for performing the identity management service from a client of the identity management system, the request including a uniform resource locator (“URL”), where the first version API or the second version API are identified in the URL. Embodiments then perform the identity management service using either the first microservice or the second microservice based on the request and using tenant data stored in a database.Type: GrantFiled: January 23, 2019Date of Patent: March 3, 2020Assignee: Oracle International CorporationInventors: Vadim Lander, Lokesh Gupta
-
Patent number: 10581820Abstract: Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.Type: GrantFiled: May 8, 2017Date of Patent: March 3, 2020Assignee: Oracle International CorporationInventors: Rakesh Keshava, Sreedhar Katti, Sirish Vepa, Vadim Lander, Prateek Mishra
-
Patent number: 10516672Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.Type: GrantFiled: May 31, 2017Date of Patent: December 24, 2019Assignee: Oracle International CorporationInventors: Lokesh Gupta, Vadim Lander