Patents by Inventor Sreenivasa R. Chitturi
Sreenivasa R. Chitturi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11283793Abstract: Techniques for securing user sessions using a time-based one-time password (TOTP) generated from a shared secret. The shared secret can be a cryptographic hash of one or more user credentials. In response to a successful authentication based on the user credential(s), a session is created. The authentication is performed in connection with an initial access request from a client application. A subsequent access request for a protected resource during the session is processed by extracting a session cookie and a TOTP and generating a corresponding TOTP using the shared secret. The TOTP can be generated by combining the shared secret with one or more additional parameters such as a Uniform Resource Locator associated with the resource, or the session cookie. Access to the protected resource is conditioned upon the session, which is identified by the session cookie, being valid and upon the TOTPs matching.Type: GrantFiled: October 18, 2018Date of Patent: March 22, 2022Assignee: Oracle International CorporationInventors: Ranjan Khanna, Sreenivasa R. Chitturi
-
Patent number: 10735196Abstract: An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geo-graphic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.Type: GrantFiled: November 7, 2018Date of Patent: August 4, 2020Assignee: Oracle International CorporationInventors: Venugopal Padmanabhan Shastri, Sreenivasa R. Chitturi, Vamsi Motukuru, Mandar Bhatkhande, Sunil Kumar Joshi
-
Publication number: 20200128002Abstract: Techniques for securing user sessions using a time-based one-time password (TOTP) generated from a shared secret. The shared secret can be a cryptographic hash of one or more user credentials. In response to a successful authentication based on the user credential(s), a session is created. The authentication is performed in connection with an initial access request from a client application. A subsequent access request for a protected resource during the session is processed by extracting a session cookie and a TOTP and generating a corresponding TOTP using the shared secret. The TOTP can be generated by combining the shared secret with one or more additional parameters such as a Uniform Resource Locator associated with the resource, or the session cookie. Access to the protected resource is conditioned upon the session, which is identified by the session cookie, being valid and upon the TOTPs matching.Type: ApplicationFiled: October 18, 2018Publication date: April 23, 2020Applicant: Oracle International CorporationInventors: Ranjan Khanna, Sreenivasa R. Chitturi
-
Publication number: 20190074972Abstract: An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geo-graphic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.Type: ApplicationFiled: November 7, 2018Publication date: March 7, 2019Applicant: Oracle International CorporationInventors: Venugopal Padmanabhan Shastri, Sreenivasa R. Chitturi, Vamsi Motukuru, Mandar Bhatkhande, Sunil Kumar Joshi
-
Patent number: 10158489Abstract: An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geographic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.Type: GrantFiled: October 21, 2016Date of Patent: December 18, 2018Assignee: Oracle International CorporationInventors: Venugopal Padmanabhan Shastri, Sreenivasa R. Chitturi, Vamsi Motukuru, Mandar Bhatkhande, Sunil Kumar Joshi
-
Publication number: 20170118025Abstract: An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geographic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.Type: ApplicationFiled: October 21, 2016Publication date: April 27, 2017Applicant: Oracle International CorporationInventors: Venugopal Padmanabhan Shastri, Sreenivasa R. Chitturi, Vamsi Motukuru, Mandar Bhatkhande, Sunil Kumar Joshi