公开(公告)号：US12261834B2

公开(公告)日：2025-03-25

申请号：US18543902

申请日：2023-12-18

Applicant: Oracle International Corporation

Inventor： Chuang Wang ,  Girish Nagaraja ,  Ghazanfar Ahmed ,  Divya Jain ,  Weisong Lin ,  Zheng Guo ,  Roberto Anthony Franco ,  Philip Kevin Newman

IPC: H04L9/40 ,  H04L67/306

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

公开(公告)号：US20250007843A1

公开(公告)日：2025-01-02

申请号：US18375374

申请日：2023-09-29

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martin John Sleeman ,  Thomas Ray Bakita ,  Richard Benjamin Stockton ,  Troy Ari Levin ,  Jinsu Choi ,  Thomas James Andrews

IPC: H04L47/20 ,  H04L9/40 ,  H04L47/2483

Abstract: Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer, where the traffic is generated by a customer network of the customer, such as a customer tenancy or an on-premise network, or by a multi-tenancy service on behalf of the customer. The traffic can be destined to the target service. The traffic can be tagged by the customer network (e.g., by a gateway of the customer network) or by the multi-tenancy service. The customer network can be associated with the egress policy. The target service can determine the egress policy based on the information tagged to the traffic and can enforce the egress policy on the traffic that the target service is receiving.

公开(公告)号：US20240137268A1

公开(公告)日：2024-04-25

申请号：US18543967

申请日：2023-12-18

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Martinus Petrus Lambertus van den Dungen ,  Lokesh Gupta ,  Girish Nagaraja ,  Nikhil Yograj Vaishnavi

IPC: H04L41/0803

CPC classification number: H04L41/0803

Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

公开(公告)号：US11706260B2

公开(公告)日：2023-07-18

申请号：US17393347

申请日：2021-08-03

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

CPC classification number: H04L63/205 ,  H04L63/10 ,  H04L63/102 ,  H04L63/107 ,  H04L63/20 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US20230113325A1

公开(公告)日：2023-04-13

申请号：US17934846

申请日：2022-09-23

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martinus Petrus Lambertus van den Dungen ,  Gregg Alan Wilson ,  Gary Philip Cole ,  Venkata Subbarao Evani

IPC: H04L9/40

Abstract: Described herein is a framework for generating an integrated identity and access management (IAM) system from a first IAM system and a second IAM system that is different than the first IAM system. The integrated IAM system is generated by: (i) creating a domain in a customer tenancy associated with the first IAM system, and (ii) embedding an identity provider of the second IAM system within the domain. The integrated IAM system receives a request from a user to perform an operation with respect to resource associated with the second IAM system. Upon the user being successfully authenticated by the integrated IAM system, the request is executed.

公开(公告)号：US20230098641A1

公开(公告)日：2023-03-30

申请号：US17957146

申请日：2022-09-30

Applicant: Oracle International Corporation

Inventor： Shobhank Sharma ,  Venkata Subbarao Evani ,  Kranthi Kiran Pandiri ,  Girish Nagaraja ,  Martinus Petrus Lambertus van den Dungen ,  Ashok Kumar Subbaiyan ,  Ari M. Kermaier

IPC: H04L9/40

Abstract: Systems and methods for a single logout between two independent systems are described herein. The system includes a first access control system having a first login protocol. The first access control system includes at least one first processor, and a memory comprising a plurality of instructions executable by the at least one first processor. The system includes a second access control system. The second access control system has a second login protocol independent of the first login protocol. The first access control system can receive a logout request from a user at the first access control system, logging the user out of the first access control system, and utilizing a trust mechanism to log the user out of the second access control system.

公开(公告)号：US20230094990A1

公开(公告)日：2023-03-30

申请号：US17935718

申请日：2022-09-27

Applicant: Oracle International Corporation

Inventor： Venkata Rama Prasad Tammana ,  Gregg Alan Wilson ,  Vanja Oljaca ,  Swarupa Ramakrishnan ,  Girish Nagaraja ,  Bhumikaben Rashmikant Patel ,  Nikhil Yograj Vaishnavi

IPC: G06F9/50 ,  G06F9/48 ,  G06F21/60 ,  G06F21/62

Abstract: A framework for migrating a customer tenancy from a first identity and access management (TAM) system to a second IAM system. A first snapshot of the customer tenancy is obtained from a first data storage. The first snapshot is processed and migrated to the second IAM system. A second snapshot of the customer tenancy is obtained from a second data storage and migrated to the second IAM system. A state of a lock associated with the second data storage is modified, where after a third snapshot of the customer tenancy is obtained from the second data storage and migrated to the second IAM system. Responsive to the third snapshot being migrated, directing a request regarding the customer tenancy to the second IAM system.

公开(公告)号：US11418343B2

公开(公告)日：2022-08-16

申请号：US17198024

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a token renewal mechanism is provided for extending the duration in which a first resource can access another resource. The token renewal mechanism can involve the first resource periodically causing a new credential to be generated for itself and then communicating the new credential to an identity and access management (IAM) system. The new credential may be generated for compliance with a credential rotation policy specifying that credentials should be changed after a certain period of time. The IAM system may associate a digital access token with the new credential so that for subsequent requests, the IAM system will only recognize the resource principal based upon the new credential. The digital token can be invalidated if a new credential is not changed within the specified period of time.

公开(公告)号：US20210288794A1

公开(公告)日：2021-09-16

申请号：US17069561

申请日：2020-10-13

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Kevin Ross O'Neill ,  Daniel Music Vogel ,  Girish Nagaraja ,  Shobhank Sharma

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Techniques are provided for establishing a session with an application using asymmetric cryptography. Techniques include secure single-sign on capabilities using asymmetric cryptography. With asymmetric signatures, the use of browser local storage and the Web Crypto application programming interface (API), the key cannot be extracted from the browser that it was generated for. The mechanism allows a web domain to track a user login session using a non-extractable asymmetric key stored in the client's web browser, and leverage the non-extractable asymmetric key for single sign-on.

公开(公告)号：US12301556B2

公开(公告)日：2025-05-13

申请号：US18162947

申请日：2023-02-01

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Venkata Subbarao Evani ,  Daniel M. Vogel ,  Atul Goyal ,  Norka Beatriz Lucena Mogollon

IPC: H04L9/40 ,  G06F9/455 ,  H04L9/32 ,  H04L67/10 ,  H04L67/306

Abstract: Techniques are described for providing a multi-cloud control plane (MCCP) in a first cloud infrastructure (included in a first cloud environment provided by a first cloud services provider) that enables services and/or resources provided in the first cloud infrastructure to be utilized by users of a second cloud environment. The first cloud infrastructure receives a request from a user associated with an account in the second cloud infrastructure. The request corresponding to using a service provided by the first cloud infrastructure. A tenancy is created for the user in the first cloud infrastructure to enable the user to utilize the service, and a link-resource object is created that includes information linking the tenancy of the user in the first cloud infrastructure to the account of the user in the second cloud infrastructure, the link-resource object enabling the user to utilize the service provided by the first cloud infrastructure.