Aravindan V Ranganathan, Age 562794 George Blauer Pl, San Jose, CA 95135

6711681, Mar 23, 2004

May 5, 1999

09/306009

Sangeeta Varma - Sunnyvale CA
Aravindan Ranganathan - San Jose CA

Sun Microsystems, Inc. - Santa Clara CA

H04K 100

713184, 713166, 713168, 713182, 713183, 713185, 707 9, 709225, 709227, 709229

A system and associated method for authorizing, or withholding authorization of, user access to a selected computer application or other resource, based on the users response to one or more user authentication tests. If the user satisfies one or more authentication tests but satisfies less than all the tests, the system optionally allows the user access to a selected subset of the resource. Alternatively, the user loses access to a selected subset of the application for each test not satisfied by the user. An authentication test or its associated weight may change at a selected time, and the selected time may be determined with reference to a time at which the resource changes.

7032014, Apr 18, 2006

Jan 18, 2002

10/053986

Pirasenna Velandi Thiyagarajan - Santa Clara CA, US
Aravindan Ranganathan - San Jose CA, US
Deepa Mahendraker - San Jose CA, US

Sun Microsystems, Inc. - Santa Clara CA

G06F 15/177

709220, 709221, 709222, 709224

A method for system management of configuration data used by server or groups of servers. In one embodiment, the present invention is comprised of providing information relative to components of the system being managed. A common language is utilized to express the information. An interface is provided to enable inputting of said information. The interface also enables management of the inputted information. In one embodiment, the information is validated during inputting. The validation of inputted information ensures that the information inputted is compliant with a schema of the information. In one embodiment, the information is comprised of defined tasks that are performed by the components of the system. The information is further comprised of specified configurations relative to the defined tasks. The information further comprises a declared schema for representing the information.

7237256, Jun 26, 2007

Jul 14, 2003

10/619657

Qingwen Cheng - Fremont CA, US
Bhavna Bhatnagar - Sunnyvale CA, US
Hong Xu - Palo Alto CA, US
Wei Sun - Los Altos CA, US
Ping Luo - Union City CA, US
Shivaram Bhat - Sunnyvale CA, US
Aravindan Ranganathan - San Jose CA, US

Sun Microsystems, Inc. - Santa Clara CA

H04L 9/32

726 3, 726 4, 726 8

Embodiments of the present invention provide an open and interoperable single sign-on session in a heterogeneous communication network. The open and interoperable single sign-on system is configured by exchanging an entity identifier, an account mapping, an attribute mapping, a site attribute list, an action mapping and/or the like. The entity identifier, account mapping, attribute mapping, site attribute list, action mapping and the like for each partner entity is stored in a partner list accessable to the particular entity. Thereafter, the open and interoperable single sign-on session may be provided upon receipt of a SAML request or assertion containing an entity identifier. The entity identifier contained in the SAML request or assertion is looked-up in the partner list of the particular entity which received the SAML request or assertion. A record containing a matching entity identifier provides the applicable account mapping, attribute mapping, site attribute list, and/or action mapping. The one or more mappings are then utilized to process the SAML request or assertion.

7296235, Nov 13, 2007

Oct 10, 2002

10/269152

Shivaram Bhat - Sunnyvale CA, US
Hua Cui - Fremont CA, US
Ping Luo - Union City CA, US
Dilli Dorai Minnal Arumugam - Cupertino CA, US
Aravindan Ranganathan - San Jose CA, US

Sun Microsystems, Inc. - Santa Clara CA

G06F 3/00

715744, 715747

An architecture for allowing extensibility to policies. The architecture has a policy component program that is able to evaluate and enforce polices. The architecture also has plugin modules for allowing a user to customize the polices. The policy component program is able to present interfaces to the user for customizing the polices. The policy component program is further able to integrate customized polices into a framework of the policy component program in response to user input that is based on the interfaces presented to the user. The presented interfaces may be for defining subjects in the policy program, defining conditions in the policy program, defining referrals in the policy program, defining resource names in the policy program, and defining how conflicts will be resolved in the policy program. The interfaces may be compliant with the JAVA programming language.

7594256, Sep 22, 2009

Jun 26, 2003

10/608882

Shivaram Bhat - Sunnyvale CA, US
Hua Cui - Fremont CA, US
Ping Luo - Union City CA, US
Dilli Dorai Minnal Arumugam - Cupertino CA, US
Aravindan Ranganathan - San Jose CA, US

Sun Microsystems, Inc. - Santa Clara CA

H04L 9/00

726 1, 726 14

Methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.

7610390, Oct 27, 2009

Dec 3, 2002

10/309773

Peter Yared - San Francisco CA, US
Gary Ellison - San Mateo CA, US
Mark Hapner - San Jose CA, US
Larry Abrahams - Los Altos CA, US
Sheldon J. Finkelstein - Los Altos Hills CA, US
Hal Stern - Livingston NJ, US
John D. Beatty - San Francisco CA, US
Aravindan Ranganathan - San Jose CA, US
Sai Allavarpu - Pleasanton CA, US

Sun Microsystems, Inc. - Santa Clara CA

G06F 15/16

709229, 709227

A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

7640574, Dec 29, 2009

Jun 2, 2004

10/858763

Beomsuk Kim - San Jose CA, US
Mrudul Pradeep Uchil - San Jose CA, US
Aravindan Ranganathan - San Jose CA, US

Sun Microsystems, Inc. - Santa Clara CA

G06F 7/04
H04L 9/00

726 1, 726 8, 726 9, 726 10

A method and system for resource based authentication may include, in response to a client attempting to access a protected resource of a system, implementing resource based authentication. A policy agent may intercept the client access request and redirect it to an appropriate authentication gateway module based upon authentication polices. If the protected resource is not associated with any resource specific authentication technique, the policy agent may apply a default authentication technique. If, however, the protected resource is associated with a particular resource specific authentication technique, the policy agent may apply the resource specific authentication technique without applying the default authentication technique.

7716469, May 11, 2010

Jul 25, 2003

10/627019

Bhavna Bhatnagar - Sunnyvale CA, US
Ping Luo - Union City CA, US
Qingwen Cheng - Fremont CA, US
Shivaram Bhat - Sunnyvale CA, US
Hong Xu - Palo Alto CA, US
Wei Sun - Los Altos CA, US
Aravindan Ranganathan - San Jose CA, US

Oracle America, Inc. - Redwood Shores CA

H04L 29/06
H04L 9/32
G06F 7/04

713156, 713173, 726 8

Embodiments of the present invention provide a circle of trust on a network. The circle of trust is configured by exchanging credential of a first and a second affiliated entity. The credentials of the first affiliated entity is stored in a trusted partner list of the second affiliated entity. The credentials of the second affiliated entity is stored in a trusted partner list of the first affiliated entity. Thereafter, a circle of trust session may be provided when a client device initiates use of a resource on a relying party device by providing an authentication assertion reference. The identity of the issuing party of the authentication is determined as a function of the authentication assertion reference. The relying party sends an authentication query containing its credential to the issuing party. The issuing party determines if the relying party is a trusted entity based upon whether the relying party's credential is contained in the trusted partner list of the issuing party.