公开(公告)号：US12273343B2

公开(公告)日：2025-04-08

申请号：US18048710

申请日：2022-10-21

Applicant: Oracle International Corporation

Inventor： Gregg Alan Wilson ,  Venkata Subbarao Evani ,  Martinus Petrus Lambertus van den Dungen ,  Girish Nagaraja ,  Gary Philip Cole

IPC: G06F7/04 ,  H04L9/40

Abstract: An identity management and authorization system (IMAS) receives a request to download an application to a user device associated with a user. The IMAS downloads, to the user device, a template application instance corresponding to the requested application, the template application instance having a reduced functionality than the requested application. The IMAS receives, from the user device, a request to register to the downloaded template. Responsive to receiving the request to register the application, the IMAS causes the template application instance on the user device to transition to an application instance of the application with full functionality, generates an application instance-specific credential for the application instance, associates the generated application instance-specific credential with the application instance, and stores the application instance-specific credential in association with (1) an application identifier identifying the application instance, (2) a user identifier identifying the user, and (3) a user device identifier identifying the user device.

公开(公告)号：US20250086000A1

公开(公告)日：2025-03-13

申请号：US18825612

申请日：2024-09-05

Applicant: Oracle International Corporation

Inventor： Venkata Subbarao Evani ,  Girish Nagaraja ,  Atul Goyal

IPC: G06F9/455 ,  H04L9/40

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

公开(公告)号：US12206657B2

公开(公告)日：2025-01-21

申请号：US18162924

申请日：2023-02-01

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Girish Nagaraja ,  Venkata Subbarao Evani ,  Daniel M. Vogel ,  Matthew Victor Rushton ,  Kirils Zaicenko ,  Vladimir Nikolayevich Krayushkin

IPC: H04L9/40 ,  G06F9/455 ,  H04L9/32 ,  H04L67/10 ,  H04L67/306

Abstract: Techniques are described for providing a multi-cloud control plane (MCCP) in a first cloud infrastructure (included in a first cloud environment provided by a first cloud services provider) that enables services and/or resources provided in the first cloud infrastructure to be utilized by users of a second cloud environment. The first cloud infrastructure receives a request from a user associated with an account in the second cloud infrastructure. The request corresponding to using a service provided by the first cloud infrastructure. A tenancy is created for the user in the first cloud infrastructure to enable the user to utilize the service, and a link-resource object is created that includes information linking the tenancy of the user in the first cloud infrastructure to the account of the user in the second cloud infrastructure, the link-resource object enabling the user to utilize the service provided by the first cloud infrastructure.

公开(公告)号：US20250007845A1

公开(公告)日：2025-01-02

申请号：US18375387

申请日：2023-09-29

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martin John Sleeman ,  Thomas Ray Bakita ,  Richard Benjamin Stockton ,  Troy Ari Levin ,  Jinsu Choi ,  Thomas James Andrews

IPC: H04L47/24

Abstract: Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer, where the traffic is generated by a customer network of the customer, such as a customer tenancy or an on-premise network. The traffic can be destined to the target service. The traffic can be tagged by the customer network (e.g., by a gateway of the customer network). The customer network can be associated with the egress policy. The customer can define the egress policy at different granularity levels by using different attributes. The target service can determine the egress policy based on the information tagged to the traffic and can enforce the egress policy, based on the customer-defined attributes, on the traffic that the target service is receiving.

公开(公告)号：US12052172B1

公开(公告)日：2024-07-30

申请号：US18375366

申请日：2023-09-29

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martin John Sleeman ,  Thomas Ray Bakita ,  Richard Benjamin Stockton ,  Troy Ari Levin ,  Jinsu Choi ,  Thomas James Andrews

IPC: G06F15/173 ,  H04L45/00 ,  H04L45/74 ,  H04L47/20 ,  H04L9/40 ,  H04L47/24 ,  H04L47/2483

CPC classification number: H04L45/74 ,  H04L45/566 ,  H04L47/20

Abstract: Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer tenancy, where the traffic is generated by a multi-tenancy service. The traffic can be destined to the target service. The traffic can be tagged by the multi-tenancy service with information indicating that the traffic is egressing therefrom on behalf of the customer tenancy. The customer tenancy can be associated with the egress policy. The target service can determine the egress policy based on the information tagged to the traffic and can enforce the egress policy on the traffic that the target service is receiving.

公开(公告)号：US20230247016A1

公开(公告)日：2023-08-03

申请号：US18162947

申请日：2023-02-01

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Venkata Subbarao Evani ,  Daniel M. Vogel ,  Atul Goyal

IPC: H04L9/40 ,  H04L9/32

CPC classification number: H04L63/0815 ,  H04L9/3213

Abstract: Techniques are described for providing a multi-cloud control plane (MCCP) in a first cloud infrastructure (included in a first cloud environment provided by a first cloud services provider) that enables services and/or resources provided in the first cloud infrastructure to be utilized by users of a second cloud environment. The first cloud infrastructure receives a request from a user associated with an account in the second cloud infrastructure. The request corresponding to using a service provided by the first cloud infrastructure. A tenancy is created for the user in the first cloud infrastructure to enable the user to utilize the service, and a link-resource object is created that includes information linking the tenancy of the user in the first cloud infrastructure to the account of the user in the second cloud infrastructure, the link-resource object enabling the user to utilize the service provided by the first cloud infrastructure.

公开(公告)号：US20230132934A1

公开(公告)日：2023-05-04

申请号：US18048710

申请日：2022-10-21

Applicant: Oracle International Corporation

Inventor： Gregg Alan Wilson ,  Venkata Subbarao Evani ,  Martinus Petrus Lambertus van den Dungen ,  Girish Nagaraja ,  Gary Philip Cole

IPC: H04L9/40

Abstract: An identity management and authorization system (IMAS) receives a request to download an application to a user device associated with a user. The IMAS downloads, to the user device, a template application instance corresponding to the requested application, the template application instance having a reduced functionality than the requested application. The IMAS receives, from the user device, a request to register to the downloaded template. Responsive to receiving the request to register the application, the IMAS causes the template application instance on the user device to transition to an application instance of the application with full functionality, generates an application instance-specific credential for the application instance, associates the generated application instance-specific credential with the application instance, and stores the application instance-specific credential in association with (1) an application identifier identifying the application instance, (2) a user identifier identifying the user, and (3) a user device identifier identifying the user device.

公开(公告)号：US20210409219A1

公开(公告)日：2021-12-30

申请号：US17198024

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L9/32 ,  H04L9/30

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a token renewal mechanism is provided for extending the duration in which a first resource can access another resource. The token renewal mechanism can involve the first resource periodically causing a new credential to be generated for itself and then communicating the new credential to an identity and access management (IAM) system. The new credential may be generated for compliance with a credential rotation policy specifying that credentials should be changed after a certain period of time. The IAM system may associate a digital access token with the new credential so that for subsequent requests, the IAM system will only recognize the resource principal based upon the new credential. The digital token can be invalidated if a new credential is not changed within the specified period of time.

公开(公告)号：US20210042435A1

公开(公告)日：2021-02-11

申请号：US16986160

申请日：2020-08-05

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Alok Goyal ,  Girish Nagaraja ,  Dan Vogel

IPC: G06F21/62 ,  G06F21/31 ,  G06F9/50 ,  G06F9/455

Abstract: Systems and methods described herein support tag based request context in a cloud infrastructure environment. Cloud administrators do not generally have the ability to restrict resource usage in existing clouds. Granting a user permission to create resources allows them to create and/or terminate any number of resources up to a predefined account limit. Tags are associated with requests for resources for allowing administrators to restrict a user's handling of resources to the appropriate level by allowing fine-tuned control of access to the resources based on the context of the request for the resources. Request context information of the request is compared against a required credential gate level for permitting handling of resources in a tenancy having the first privilege level classification, and the request is selectively granted based on the request context information matching the first required credential gate level.

公开(公告)号：US12301631B2

公开(公告)日：2025-05-13

申请号：US18329417

申请日：2023-06-05

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.