Patents by Inventor VIPIN ANAPARAKKAL KOOTTAYI

VIPIN ANAPARAKKAL KOOTTAYI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210281560
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Application
    Filed: May 20, 2021
    Publication date: September 9, 2021
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Patent number: 11050730
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: June 29, 2021
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Patent number: 10880292
    Abstract: The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: December 29, 2020
    Assignee: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew
  • Patent number: 10666643
    Abstract: Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: May 26, 2020
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Kukehalli Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10581826
    Abstract: Techniques are disclosed for facilitating impersonation for accessing resources through an access management system. When a user (“impersonator”) requests access to impersonate another user (“impersonatee”), the access management system may generate security data having two parts. One part may include a first security key that is sent to the impersonator and a second part may include a second security key that is sent to the impersonatee. Receipt of the second security key notifies the impersonatee about a request for impersonation to access a resource according to access permitted to the impersonatee. The impersonatee, if consenting to impersonation, may provide the security key received to the impersonator, thereby implicitly providing the impersonator with trust at run-time to access the resource. Upon verification of both security keys, by the access management system, access to a resource is provided to the impersonator based on access to the resource permitted to the impersonatee.
    Type: Grant
    Filed: October 12, 2016
    Date of Patent: March 3, 2020
    Assignee: Oracle International Corporation
    Inventors: Ramya Kukehalli Subramanya, Stephen Mathew, Vipin Anaparakkal Koottayi
  • Patent number: 10572649
    Abstract: Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: February 25, 2020
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi
  • Publication number: 20200007531
    Abstract: The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
    Type: Application
    Filed: June 28, 2018
    Publication date: January 2, 2020
    Applicant: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew
  • Patent number: 10454936
    Abstract: Techniques are disclosed for managing session information stored by an access management system. Certain techniques are disclosed for updating session information based characteristics of the session information to be updated. The disclose techniques disclose how session information is updated and the frequency in which the session information is updated. Certain embodiments may enable a decrease in computing performance overhead and/or memory usage overhead caused by managing session information (e.g., performing authentication or determining authorization to access a resource) for a session.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: October 22, 2019
    Assignee: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew, Madhu Martin
  • Patent number: 10257205
    Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: April 9, 2019
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
  • Publication number: 20190097994
    Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.
    Type: Application
    Filed: May 23, 2018
    Publication date: March 28, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Madhu Martin
  • Publication number: 20190089698
    Abstract: Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.
    Type: Application
    Filed: November 15, 2018
    Publication date: March 21, 2019
    Applicant: Oracle International Corporation
    Inventors: Stephen MATHEW, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10225283
    Abstract: Techniques are disclosed for protecting a user from denial of service (DOS) to access his/her a user account that has been locked. An access management system can provide features that enable an owner of an account to prevent the account from becoming locked. Specifically, the techniques disclosed herein enable an account holder to circumvent procedures of the access management system that lock an account after several unsuccessful attempts to access the account. The access management system may operate according to a configuration for managing access to account. The access management system can manage access to an account by presenting a user with an interface to received access information (e.g., account information and credential information) for the account to determine whether to unlock the account. The access management system can deny access to an account upon determining that the credential information is not correct for the account.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: March 5, 2019
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10164971
    Abstract: Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.
    Type: Grant
    Filed: October 22, 2015
    Date of Patent: December 25, 2018
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Patent number: 10009335
    Abstract: Techniques are disclosed for using a global unified session identifier across data centers. Upon creating an initial session in the data center for a user first accessing the data center, a session identifier is generated for the user session. Because the initial session is the first session created for that user, the initial session identifier is designated as the global unified session identifier for all sessions that may be created for the user in other data centers within the enterprise network. Data centers may then map the global unified session identifiers to locally generated session identifiers for the user. A global unified session identifier enables various user session actions to be performed globally across the data centers, including global logout, global session termination, global session updates, and/or the like. A global unified session identifier prevents the risk of collision that can occur between randomly generated numbers of different data centers.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: June 26, 2018
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Ramya Kukehalli Subramanya
  • Publication number: 20180046794
    Abstract: Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
    Type: Application
    Filed: September 18, 2017
    Publication date: February 15, 2018
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi
  • Patent number: 9866640
    Abstract: An enterprise software system access manager saves cookies for users' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them instead of the associated cookie.
    Type: Grant
    Filed: September 19, 2014
    Date of Patent: January 9, 2018
    Assignee: Oracle International Corporation
    Inventors: Vamsi Motukuru, Vikas Pooven Chathoth, Vipin Anaparakkal Koottayi
  • Patent number: 9769147
    Abstract: Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: September 19, 2017
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi
  • Publication number: 20170126733
    Abstract: Techniques are disclosed for protecting a user from denial of service (DOS) to access his/her a user account that has been locked. An access management system can provide features that enable an owner of an account to prevent the account from becoming locked. Specifically, the techniques disclosed herein enable an account holder to circumvent procedures of the access management system that lock an account after several unsuccessful attempts to access the account. The access management system may operate according to a configuration for managing access to account. The access management system can manage access to an account by presenting a user with an interface to received access information (e.g., account information and credential information) for the account to determine whether to unlock the account. The access management system can deny access to an account upon determining that the credential information is not correct for the account.
    Type: Application
    Filed: October 20, 2016
    Publication date: May 4, 2017
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Vipin Anaparakkal Koottayi
  • Publication number: 20170118223
    Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.
    Type: Application
    Filed: October 14, 2016
    Publication date: April 27, 2017
    Applicant: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
  • Publication number: 20170118222
    Abstract: Techniques are disclosed for facilitating impersonation for accessing resources through an access management system. When a user (“impersonator”) requests access to impersonate another user (“impersonatee”), the access management system may generate security data having two parts. One part may include a first security key that is sent to the impersonator and a second part may include a second security key that is sent to the impersonatee. Receipt of the second security key notifies the impersonatee about a request for impersonation to access a resource according to access permitted to the impersonatee. The impersonatee, if consenting to impersonation, may provide the security key received to the impersonator, thereby implicitly providing the impersonator with trust at run-time to access the resource. Upon verification of both security keys, by the access management system, access to a resource is provided to the impersonator based on access to the resource permitted to the impersonatee.
    Type: Application
    Filed: October 12, 2016
    Publication date: April 27, 2017
    Applicant: Oracle International Corporation
    Inventors: Ramya Subramanya, Stephen Mathew, Vipin Anaparakkal Koottayi