Patents by Inventor STEPHEN MATHEW

STEPHEN MATHEW has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220237046
    Abstract: A system and method for access management for applications is disclosed. The system and method includes at least: initializing, at execution time of an application code, a scan of actions performed by the application code on resources of a cloud computing environment; identifying an existing set of permissions for the resources; identifying one or more accessed permissions by the application code based on the actions performed by the application code on the resources; generating a new set of permissions for accessing the resources based on the identifying the existing set of permissions and the one or more accessed permissions; transmitting the new set of permissions to a database for storage and later retrieval; and applying the new set of permissions to the resources when the application code is executed in a production environment.
    Type: Application
    Filed: January 25, 2021
    Publication date: July 28, 2022
    Applicant: Capital One Services, LLC
    Inventors: Ron MECK, Clayton MOTTLEY, Abhishek MATHEWS, Tianzhen LIN, Stephen SHERRARD
  • Publication number: 20220204241
    Abstract: Package having a flexible inner sheet having a first surface and a second surface. The package has an article reservoir for accepting an article to be shipped. The expansion chambers can be inflated or otherwise expanded to provide structure to the package and to protect the article in the article reservoir. The inner sheet of the package includes a shrinkable material that can be activated to immobilize articles disposed in the article reservoir.
    Type: Application
    Filed: March 10, 2022
    Publication date: June 30, 2022
    Inventors: Susana E. Borrero, Benjamin G. Hesford, Jun You, Jason M. Earl, Anthony Ogg, Stephen Michael Truesdell, Joseph Craig Lester, Lee Mathew Arent, Kenneth Stephen McGuire
  • Patent number: 11290438
    Abstract: The disclosure relates to techniques for enforcing a limit on single sign-on (SSO) sessions for users across multiple data centers in a multi data center deployment. Users may request access to resources that are governed by an access manager deployed across multiple data centers, with each data center being associated with its own identifier. Each user may be associated with an identity attribute preserved in identity stores across the multiple data centers. The prerequisite for session creation at a data center may be to update the identity attribute of the user to that data center's identifier. If the identity attribute can be updated successfully, the access manager can create a new SSO session at that data center. Updates to the identity attribute may be synchronized across all of the data centers, with each data center aware of any existing sessions based on the current value of the identity attribute.
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: March 29, 2022
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Koottayi
  • Publication number: 20210281560
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Application
    Filed: May 20, 2021
    Publication date: September 9, 2021
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Patent number: 11050730
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: June 29, 2021
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Patent number: 10880292
    Abstract: The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: December 29, 2020
    Assignee: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew
  • Patent number: 10693864
    Abstract: Techniques are disclosed for a single sign-on (SSO) enterprise system with multiple data centers that can use a lightweight cookie on a user's client device. The lightweight cookie can include a reference to a data center in which the user is already authenticated, and a new data center can contact the old data center for creating a session for the user on the new data center. If the old data center is unavailable, then the new data center may fall back to accessing a local security store, a backup of keys, security tokens, and/or other security data, in order to create a local session for the user on the new data center.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: June 23, 2020
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vamsi Motukuru, Madhu Martin, Vikas Pooven Chathoth
  • Patent number: 10693859
    Abstract: Techniques are disclosed for restricting access to resources accessible in a SSO session. An access management system may provide access one or more resources by implementing an SSO system to provide a SSO session. An SSO session may provide an authenticated user with access to protected resources to which the user is entitled to access. In some instances, a user sharing a computer with other users may want to access a particular protected resource so as to restrict other users sharing the computer from accessing other protected resources accessible to the user in an SSO session. The access management system may enable the user to dynamically choose, such as during login, the protected resources which to restrict and/or permit. Upon successful authentication, a session may be established for only those protected resources that are permitted based on the user's selection, while the other resources are restricted.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: June 23, 2020
    Assignee: Oracle International Corporation
    Inventors: Ramya Kukehalli Subramanya, Stephen Mathew
  • Patent number: 10666643
    Abstract: Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: May 26, 2020
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Kukehalli Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10623501
    Abstract: Techniques are disclosed for providing users of an access management system the capability to manage the user's active sessions. The system may receive a first request by a user at a first device to modify one or more sessions established for the user. The system may access session information about the one or more sessions that are associated with the user, wherein a session of the one or more sessions provides the user with access to one or more resources. The system may send the session information to the first device, the session information causing the first device to display a graphical interface including the session information about the one or more sessions. The system may receive, from the first device, a second request indicating a modification to the session. The system may modify the session in accordance with the modification indicated in the second request.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: April 14, 2020
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Kukehalli Subramanya, Aarathi Balakrishnan
  • Patent number: 10581826
    Abstract: Techniques are disclosed for facilitating impersonation for accessing resources through an access management system. When a user (“impersonator”) requests access to impersonate another user (“impersonatee”), the access management system may generate security data having two parts. One part may include a first security key that is sent to the impersonator and a second part may include a second security key that is sent to the impersonatee. Receipt of the second security key notifies the impersonatee about a request for impersonation to access a resource according to access permitted to the impersonatee. The impersonatee, if consenting to impersonation, may provide the security key received to the impersonator, thereby implicitly providing the impersonator with trust at run-time to access the resource. Upon verification of both security keys, by the access management system, access to a resource is provided to the impersonator based on access to the resource permitted to the impersonatee.
    Type: Grant
    Filed: October 12, 2016
    Date of Patent: March 3, 2020
    Assignee: Oracle International Corporation
    Inventors: Ramya Kukehalli Subramanya, Stephen Mathew, Vipin Anaparakkal Koottayi
  • Patent number: 10572649
    Abstract: Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: February 25, 2020
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi
  • Publication number: 20200007531
    Abstract: The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
    Type: Application
    Filed: June 28, 2018
    Publication date: January 2, 2020
    Applicant: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew
  • Patent number: 10454936
    Abstract: Techniques are disclosed for managing session information stored by an access management system. Certain techniques are disclosed for updating session information based characteristics of the session information to be updated. The disclose techniques disclose how session information is updated and the frequency in which the session information is updated. Certain embodiments may enable a decrease in computing performance overhead and/or memory usage overhead caused by managing session information (e.g., performing authentication or determining authorization to access a resource) for a session.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: October 22, 2019
    Assignee: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew, Madhu Martin
  • Patent number: 10257205
    Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: April 9, 2019
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
  • Publication number: 20190097994
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Application
    Filed: May 23, 2018
    Publication date: March 28, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Publication number: 20190089698
    Abstract: Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.
    Type: Application
    Filed: November 15, 2018
    Publication date: March 21, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen MATHEW, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10225283
    Abstract: Techniques are disclosed for protecting a user from denial of service (DOS) to access his/her a user account that has been locked. An access management system can provide features that enable an owner of an account to prevent the account from becoming locked. Specifically, the techniques disclosed herein enable an account holder to circumvent procedures of the access management system that lock an account after several unsuccessful attempts to access the account. The access management system may operate according to a configuration for managing access to account. The access management system can manage access to an account by presenting a user with an interface to received access information (e.g., account information and credential information) for the account to determine whether to unlock the account. The access management system can deny access to an account upon determining that the credential information is not correct for the account.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: March 5, 2019
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Publication number: 20190036907
    Abstract: Techniques are disclosed for a single sign-on (SSO) enterprise system with multiple data centers that can use a lightweight cookie on a user's client device. The lightweight cookie can include a reference to a data center in which the user is already authenticated, and a new data center can contact the old data center for creating a session for the user on the new data center. If the old data center is unavailable, then the new data center may fall back to accessing a local security store, a backup of keys, security tokens, and/or other security data, in order to create a local session for the user on the new data center.
    Type: Application
    Filed: September 24, 2018
    Publication date: January 31, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vamsi Motukuru, Madhu Martin, Vikas Pooven Chathoth
  • Publication number: 20190014102
    Abstract: The disclosure relates to techniques for enforcing a limit on single sign-on (SSO) sessions for users across multiple data centers in a multi data center deployment. Users may request access to resources that are governed by an access manager deployed across multiple data centers, with each data center being associated with its own identifier. Each user may be associated with an identity attribute preserved in identity stores across the multiple data centers. The prerequisite for session creation at a data center may be to update the identity attribute of the user to that data center's identifier. If the identity attribute can be updated successfully, the access manager can create a new SSO session at that data center. Updates to the identity attribute may be synchronized across all of the data centers, with each data center aware of any existing sessions based on the current value of the identity attribute.
    Type: Application
    Filed: October 13, 2017
    Publication date: January 10, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Koottayi