Oracle International Corporation (Redwood Shores, CA)

Methods to be described for creating and using rules-enhanced access tokens with authorization for access to resources. Access tokens are generated in response to determining that an authorized user has the right to access the protected resource. The access token contains rule information that includes one or more constraints each of which is the conditions for granting access or disallowing access to the protected resource. Upon receiving the access token, a client application can use the access token for accessing the protected resource. The client application can be configured to implement one or more of the rules that are outlined in the rule information. The client application may, for example, determine by analyzing one or more constraints that a requirement to grant access has not been met and, in response, end a pending access request for the protected resource.

Authentication and authorization are sometimes required for accessing resources within a computing environment. Many enterprise clients prefer to use cloud-based identity servers (e.g. one that runs Identity Cloud Services (IDCS), software from Oracle Corporation.RTM.). for performing authentication and authorization when connecting with resources through clients, such as Web and mobile apps. Sometimes authentication is performed using the OpenID Connect protocol (OIDC) which is an overlay of the Open Authorization 2 Protocol (OAuth 2). Certain identity servers hosted in cloud can be set up to use rules to determine the access rights to resources that are protected. But, these rules are not enforced when dealing withgenerating an access token through an authorization process. When authorization is carried out in accordance with the OAuth 2 protocol, OAuth access tokens are checked for authenticity on the basis of the presence of an authentic digital signature issued by the authority that issued the token and examined for token validity. The OAuth 2 specification, as specified in Request For Comments (RFC) 749 is not able to support rules enforcement. Therefore, the entity that performs token validation (e.g. an access server hosting the resource that is to be accessible) does not enforce access rules.

Client applications are not able to implement access rules directly. Client applications cannot enforce access rules in-person. Instead, clients have to send a backchannel request through the identity server to ensure that the rules are followed. The identity server will examine the request and give an answer that is based on rules. One issue with this server-centric approach is that even while the identity server may have generated an access token for a user of the client application and for a defined set of scopes, the client application is still required to submit the backchannel request each time a user wants access to an protected resource for which the access token needs to be displayed.

The present disclosure relates generally to the enforcement of rules associated with access authorization to resources. Particularly the disclosure outlines methods for creating an enhanced token that is rule-based and can be utilized by a entity that receives tokens (e.g. or a client app or a WebGate acting as a single-sign-on agent), which contains rule information that allows the token-receiving entity to establish and implement one or several rules. This way rules can be enforced without making a trip to an identity server each time resources is requested by a user application. There are many inventive embodiments that are described in this document including systems, methods and non-transitory computer-readable storage media storingprograms and code.

In certain instances, a rule-enhanced token for access includes one or more restrictions which each constraint corresponds to a requirement for granting or denying access. The constraints of an access token can correspond to the following conditions: a period during which access can be granted, a period of time during which access is not denied, a group of users that is permitted access, a group of users that is denied acces or access, an Internet Protocol address that allows access or an IP address that denies access, a geographical location that is allowed and restricted access. The constraints are access rules.

A constraint may be defined in a variety of ways including, for example using machine-readable code that is embedded in the access token, or as a parameter value (e.g., a text string or a number) that is added to an allocated location within the access token. It is then parsed to determine the corresponding conditions.

In some embodiments the token-receiving entity can be configured to request an access token replacement upon determining that an access token is no longer valid (e.g. expired) or upon determining that the constraintscontained in the existing access token are no longer valid. This permits the token-receiving entity to receive any updates that have been configured for the constraints. For instance, the rules may be based on a rule created by an authorization engine on an access management (AM) server that acts as the authority for issuance of tokens. If the policy has been changed and the constraints are changed, they can be modified on the server side. The request for the access token allows the updated constraints to be propagated to the entity receiving the token. Once the access token is issued or constraints/rules in the access token are determined to be invalid (e.g., expired), the access token may be renewed, for example using a refresh token or a JWT (JavaScriptObject Notation (JSON) Web Token) authorization grant flow. This is a two-legged flow that allows the receiving entity directly communicates with the authority that issued the token. A three-legged flow, such as an authorization code grant flow could also be used to obtain an access token. This allows an Web browser to contact the token issuing authorities on behalf of the token receiver entity.

In certain embodiments the method involves receiving, by an access management system (AMS or AM system) an access token request from a client program an access token request identifying a person as well as a resource that is to be accessible. Furthermore, the method comprises determining whether the user is authorized to access the resource. The initial access token is generated by the AMS in response to this decision. The first access token is subject to various restrictions. Each constraint is a condition that allows or hinders access to the resource. This procedure also includes sending of the first access token using the AMS to the client application. Access requests for access to the resource require that the first access token be provided. The constraints are taken from the first access token to determine if it is appropriate to proceed with the request for access.

The above and other features and embodiments will become more apparent upon referring to the specification, claims, and the accompanying drawings.

Click here to view the patent on USPTO website.


Get Patents with PatentPC

What is a patent?

A patent is issued by the government to safeguard the invention. The patent grants the inventor the rights to create, utilize and sell the invention. Society gains when new technologies are introduced to the market. These benefits may be directly realized as individuals are able to accomplish previously unattainable feats, or indirectly, through the economic opportunities that innovation provides (business expansion, job creation).

Many drug firms and researchers from universities are seeking patent protection for their work and research. Patents are granted to the creation of a product, process or method of making new materials. In order to be granted protection under a patent the invention must be innovative, novel and not apparent to others within the same field.

Patents are awarded to inventors who have commercially viable inventions. They provide a reason for inventors to invent. Patents allow entrepreneurs and small companies to be confident that there’s a good chance they will be paid back for their efforts, time, and money invested in the development of technology. They can earn a living from their work.

Patents are essential to firms and can be used to:

Protect new products and services that are innovative;

Improve the value, the visibility, and attractiveness of your products on the market

Make your brand stand out from others.

Access business and technical expertise and other information;

Avoid accidentally using content from third party sources or losing valuable information, innovative outputs or any other outputs that are creative.

Patents can transform an inventor’s knowledge into a marketable asset that opens up new possibilities for job creation and business growth through joint ventures or licensing.

Small businesses that have patent protection are more attractive to investors involved in the development and commercialization of technology.

Patents can lead to innovative ideas and inventions. This information could be protected by patents.

Patents can be used to stop untrustworthy third parties from profiting through the work of inventions.

The profits from technology patents that are successful and commercially viable can be used to finance technological research and development (R&D), which will improve the chances of developing better technology in the future.

Intellectual property ownership can be used to convince investors and lenders that there are real chances to commercialize your product. Sometimes, a single patent can lead to multiple financing options. Patents as well as other IP assets can be utilized as collateral or security to finance debt. Investors are also able to view your patent assets in order to boost the value of their company. Forbes and others have noted that each patent can add anywhere from $500,000 to one million dollars to your company’s valuation.

Start-ups need a well-constructed business plan that builds on the IP to demonstrate that your product/service is distinct and innovative, superior, or superior. Investors will also be amazed if your IP rights are secure or in the process to becoming secure, and that they support your business plan.

It is vital to protect an invention prior to filing for patent protection. Public disclosure of an invention, prior to its filing, can often ruin the novelty of the invention and render it invalid. Therefore, pre-filing disclosures (e.g. for testing-marketing investors, test-marketing, or any other business partners) should only be filed after signing a confidentiality agreement.

There are several types of patents and knowing the different types is crucial to protect your invention. Utility patents cover new processes and machine creations. Design patents cover ornamental designs. Patents for utility are the most effective because they shield the owner from copycats as well as other competitors. Utility patents are often granted to enhance or modify existing inventions. Utility patents can also be used to improve or modify existing inventions. A process patent will describe the methods or actions to perform a specific action. However, a chemical composition could be an amalgamation of components.

What is the length average of a patent? Patents for utility last 20 years from the earliest date of filing, however their expiration dates can be extended because of delays in the patent office for instance.

Do you want to patent your ideas? Patents are granted only for first-to-file applicants and you must file quickly – call a patent attorney at PatentPC to patent your idea today!

When you are writing a patent application when you are writing a patent application, it is advised to conduct an internet search for patents, since the search can provide some insights into other people’s concepts. You’ll be able to limit the nature of your invention. Also, you can find out about the current state of the art within the field you’re inventing. You’ll get a better understanding of what your invention should be and be more prepared for writing your patent application.

How to Search for Patents

The first step in obtaining your patent is to conduct an internet search for patents. You can do a google patent search or do a USPTO search. Once the patent application is filed, the product that is covered by the patent application could be called patent-pending, and you can find the patent application on public pair. After the patent office has approved the application, you can conduct a patent number search to find the patent that was issued which means that your product has been granted patent. It is also possible to use the USPTO search engine. Read on for more details. It is possible to seek help from a patent lawyer. Patents granted in the United States are granted by the US trademark and patent office as well as the United States Patent and Trademark office. The office also examines trademark applications.

Interested in finding more similar patents? Here are the steps to follow:

1. Think of terms to describe your invention, based on the intention, composition, and application.

Write down a brief, but precise explanation of your invention. Don’t use generic terms like “device”, “process” and “system”. Consider synonyms for the terms you chose initially. Also, make note of key technical terms as well as keywords.

Utilize the following questions to help you find key words or concepts.

  • What is the goal of the invention Is it a utilitarian device or an ornamental design?
  • Invention is a method to create something or perform a function? Or is it a product or process?
  • What is the composition and function of the invention? What is the physical composition of the invention?
  • What is the goal of the invention?
  • What are the technical terms and keywords that describe an invention’s nature? A technical dictionary will help you identify the correct phrases.

2. Use these terms to search for relevant Cooperative Patent Classifications at the Classification Text Search Tool. If you’re unable to locate the appropriate classification to describe your invention through the classification’s class Schemas (class schedules) and try again. You may want to consider substituting the terms you’re using for describing your invention, if you fail to get any results from your Classification Text Search with synonyms similar to the words you used in the first step.

3. Review 3. Go over the CPC Classification Definition to verify the relevancy of the CPC classification that you have discovered. If the chosen classification is a blue box that has a “D” to its left, the hyperlink will take you to a CPC classification’s description. CPC classification definitions will help determine the scope of the classification and therefore you’re sure to select the most pertinent. These definitions may also include search tips or other suggestions that can be useful for further investigation.

4. Retrieve patent documents with the CPC classification from the Patents Full-Text and Image Database. By focusing your search on abstracts and representative drawings you can narrow your search to find the relevant patent documents.

5. This selection of patent publications is the best to examine for connections to your invention. Pay attention to the claims and specification. Consult the applicant and patent examiner to obtain additional patents.

6. Find patent applications published in the public domain using the CPC classification you chose in Step 3 of the Applications Full-Text and Image Database. You may also employ the same strategy of searching you utilized in Step 4 to narrow down your search results to the most relevant patents by reading the abstracts and representative drawings for every page. Next, carefully examine the patent applications that have been published with particular attention paid to the claims and the additional drawings.

7. Find additional US patent publications using keyword searching in PatFT or AppFT databases, searching for classification of non-U.S. patents using the below, and searching non-patent patent disclosures in the literature of inventions using web search engines. Here are a few examples:

  • Add keywords to your search. Keyword searches may turn up documents that are not well-categorized or have missed classifications during Step 2. For example, US patent examiners often supplement their classification searches with keyword searches. Think about the use of technical engineering terminology rather than everyday words.
  • Search for foreign patents using the CPC classification. Then, re-run the search using international patent office search engines such as Espacenet, the European Patent Office’s worldwide patent publication database of over 130 million patent publications. Other national databases include:
  • Search non-patent literature. Inventions can be made public in many non-patent publications. It is recommended that you search journals, books, websites, technical catalogs, conference proceedings, and other print and electronic publications.

To review your search, you can hire a registered patent attorney to assist. A preliminary search will help one better prepare to talk about their invention and other related inventions with a professional patent attorney. In addition, the attorney will not spend too much time or money on patenting basics.