Patents by Inventor Aarathi Balakrishnan
Aarathi Balakrishnan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230336536Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.Type: ApplicationFiled: June 28, 2023Publication date: October 19, 2023Inventors: Mayank Maria, Aarathi Balakrishnan, Dharmvir Singh, Madhu Martin, Vikas Pooven Chathoth, Vamsi Motukuru
-
Patent number: 11736469Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.Type: GrantFiled: March 2, 2022Date of Patent: August 22, 2023Assignee: Oracle International CorporationInventors: Mayank Maria, Aarathi Balakrishnan, Dharmvir Singh, Madhu Martin, Vikas Pooven Chathoth, Vamsi Motukuru
-
Publication number: 20220191188Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.Type: ApplicationFiled: March 2, 2022Publication date: June 16, 2022Applicant: Oracle International CorporationInventors: Mayank Maria, Aarathi Balakrishnan, Dharmvir Singh, Madhu Martin, Vikas Pooven Chathoth, Vamsi Motukuru
-
Patent number: 11303627Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.Type: GrantFiled: October 18, 2018Date of Patent: April 12, 2022Assignee: Oracle International CorporationInventors: Mayank Maria, Aarathi Balakrishnan, Dharmvir Singh, Madhu Martin, Vikas Pooven Chathoth, Vamsi Motukuru
-
Patent number: 11265329Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.Type: GrantFiled: May 5, 2020Date of Patent: March 1, 2022Assignee: Oracle International CorporationInventors: Vipin Koottayi, Vikas Pooven Chathoth, Aarathi Balakrishnan, Madhu Martin, Deepak Ramakrishanan
-
Patent number: 11245682Abstract: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.Type: GrantFiled: February 26, 2019Date of Patent: February 8, 2022Assignee: Oracle International CorporationInventors: Chuni Lal Kukreja, Aarathi Balakrishnan, Deepak Ramakrishnan
-
Publication number: 20200267162Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.Type: ApplicationFiled: May 5, 2020Publication date: August 20, 2020Applicant: Oracle International CorporationInventors: Vipin Koottayi, Vikas Pooven Chathoth, Aarathi Balakrishnan, Madhu Martin, Deepak Ramakrishanan
-
Patent number: 10721239Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.Type: GrantFiled: March 29, 2018Date of Patent: July 21, 2020Assignee: Oracle International CorporationInventors: Vipin Koottayi, Vikas Pooven Chathoth, Aarathi Balakrishnan, Madhu Martin, Deepak Ramakrishanan
-
Patent number: 10637871Abstract: Location-based authentication may be provided by an access management system on a server. The location-based authentication may determine whether a device should be granted access to a resource. The resource may either be located on or remote from the server. The location-based authentication may provide an additional authentication factor that is based on a past location of a user and/or device associated with the user requesting authentication. The past location may be associated with a user-configured question. The user-configured question may be provided to the device for an additional level of security. An answer received in response to a user-configured question may be compared to a user-configured answer that is associated with the user-configured question. In other examples, the answer may be compared to one or more possible answers that are determined by the access management system.Type: GrantFiled: July 25, 2017Date of Patent: April 28, 2020Assignee: Oracle International CorporationInventors: Aarathi Balakrishnan, Vipin Koottayi, Vikas Pooven Chathoth
-
Publication number: 20200127994Abstract: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.Type: ApplicationFiled: February 26, 2019Publication date: April 23, 2020Applicant: Oracle International CorporationInventors: Chuni Lal Kukreja, Aarathi Balakrishnan, Deepak Ramakrishnan
-
Patent number: 10623501Abstract: Techniques are disclosed for providing users of an access management system the capability to manage the user's active sessions. The system may receive a first request by a user at a first device to modify one or more sessions established for the user. The system may access session information about the one or more sessions that are associated with the user, wherein a session of the one or more sessions provides the user with access to one or more resources. The system may send the session information to the first device, the session information causing the first device to display a graphical interface including the session information about the one or more sessions. The system may receive, from the first device, a second request indicating a modification to the session. The system may modify the session in accordance with the modification indicated in the second request.Type: GrantFiled: November 18, 2016Date of Patent: April 14, 2020Assignee: Oracle International CorporationInventors: Stephen Mathew, Ramya Kukehalli Subramanya, Aarathi Balakrishnan
-
Publication number: 20190372962Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.Type: ApplicationFiled: October 18, 2018Publication date: December 5, 2019Applicant: Oracle International CorporationInventors: Mayank Maria, Aarathi Balakrishnan, Dharmvir Singh, Madhu Martin, Vikas Pooven Chathoth, Vamsi Motukuru
-
Patent number: 10257205Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.Type: GrantFiled: October 14, 2016Date of Patent: April 9, 2019Assignee: Oracle International CorporationInventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
-
Publication number: 20190036940Abstract: Location-based authentication may be provided by an access management system on a server. The location-based authentication may determine whether a device should be granted access to a resource. The resource may either be located on or remote from the server. The location-based authentication may provide an additional authentication factor that is based on a past location of a user and/or device associated with the user requesting authentication. The past location may be associated with a user-configured question. The user-configured question may be provided to the device for an additional level of security. An answer received in response to a user-configured question may be compared to a user-configured answer that is associated with the user-configured question. In other examples, the answer may be compared to one or more possible answers that are determined by the access management system.Type: ApplicationFiled: July 25, 2017Publication date: January 31, 2019Applicant: Oracle International CorporationInventors: Aarathi Balakrishnan, Vipin Koottayi, Vikas Pooven Chathoth
-
Publication number: 20180288063Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.Type: ApplicationFiled: March 29, 2018Publication date: October 4, 2018Applicant: Oracle International CorporationInventors: Vipin Koottayi, Vikas Pooven Chathoth, Aarathi Balakrishnan, Madhu Martin, Deepak Ramakrishanan
-
Publication number: 20180077243Abstract: Techniques are disclosed for providing users of an access management system the capability to manage the user's active sessions. The system may receive a first request by a user at a first device to modify one or more sessions established for the user. The system may access session information about the one or more sessions that are associated with the user, wherein a session of the one or more sessions provides the user with access to one or more resources. The system may send the session information to the first device, the session information causing the first device to display a graphical interface including the session information about the one or more sessions. The system may receive, from the first device, a second request indicating a modification to the session. The system may modify the session in accordance with the modification indicated in the second request.Type: ApplicationFiled: November 18, 2016Publication date: March 15, 2018Applicant: Oracle International CorporationInventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan
-
Publication number: 20170118223Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.Type: ApplicationFiled: October 14, 2016Publication date: April 27, 2017Applicant: Oracle International CorporationInventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
-
Patent number: 9628465Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.Type: GrantFiled: June 29, 2015Date of Patent: April 18, 2017Assignee: Oracle International CorporationInventors: Aarathi Balakrishnan, Ramya Kukkehali Subramanya, Deepak Ramakrishnan
-
Patent number: 9596328Abstract: A method of applying a timeout protocol by an access manager to a plurality of resources may include storing the timeout protocol comprising at least one criterion, and receiving a request for a first resource. Each of the resources can be segregated into separate application domains, the first resource can be associated with a first attribute, and the first attribute can be assigned a first value. The method may also include determining that the first value satisfies the at least one criterion, associating the timeout protocol with the first resource, and associating the timeout protocol with each resource that is associated with the first attribute assigned a value that satisfies the at least one criterion. The method may further include granting access to the first resource according to the timeout protocol.Type: GrantFiled: August 9, 2012Date of Patent: March 14, 2017Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Ramya Subramanya, Vipin Koottayi, Aarathi Balakrishnan
-
Patent number: 9525682Abstract: Various arrangements for providing authentication information to a user are presented. A single-point authentication manager executed by a computer system may receive a request to access a resource from a remote client computer system. The single-point authentication manager may manage access to a plurality of resources including the resource. The single-point authentication manager may perform authentication using an authentication plug-in. In response to performing authentication of the user, the authentication plug-in may generate a parameter having a value that is a message to be transmitted to the remote client computer system. In response to receiving the parameter and the value from the authentication plug-in, the single-point authentication manager may transmit the value of the parameter to the application if the authentication is successful and to a credential collector if the authentication of the user failed.Type: GrantFiled: November 20, 2014Date of Patent: December 20, 2016Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Aarathi Balakrishnan, Ramya Subramanya