公开(公告)号：US11895106B2

公开(公告)日：2024-02-06

申请号：US17463493

申请日：2021-08-31

Applicant: Oracle International Corporation

Inventor： Chuang Wang ,  Girish Nagaraja ,  Ghazanfar Ahmed ,  Divya Jain ,  Weisong Lin ,  Zheng Guo ,  Roberto Anthony Franco ,  Philip Kevin Newman

IPC: H04L9/40 ,  H04L67/306

CPC classification number: H04L63/0815 ,  H04L63/0807 ,  H04L63/0892 ,  H04L67/306

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

公开(公告)号：US11876613B2

公开(公告)日：2024-01-16

申请号：US18050455

申请日：2022-10-27

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Martinus Petrus Lambertus van den Dungen ,  Lokesh Gupta ,  Girish Nagaraja ,  Nikhil Yograj Vaishnavi

IPC: G06F15/173 ,  H04L41/0803

CPC classification number: H04L41/0803

Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

公开(公告)号：US11811679B2

公开(公告)日：2023-11-07

申请号：US17198019

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L47/70 ,  G06F9/50

CPC classification number: H04L47/82 ,  G06F9/50 ,  G06F9/5077

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a base identifier assigned to a first resource is extended by mapping the base identifier onto a second identifier assigned to a logical resource that is built upon the first resource. This allows the first resource to have two identities, one identity indicating what the first resource is (e.g., a particular compute instance) and another identity indicating the purpose of the first resource (e.g., operating as a database for a particular tenancy). Consequently, the first resource may be provided with access privileges different from those associated with the base identifier. For example, the first resource may access another resource in the tenancy using the second identifier, but may have no access to the other resource using the base identifier.

公开(公告)号：US20230247087A1

公开(公告)日：2023-08-03

申请号：US18162924

申请日：2023-02-01

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Girish Nagaraja ,  Venkata Subbarao Evani ,  Daniel M. Vogel ,  Matthew Victor Rushton

IPC: H04L67/10 ,  H04L67/306 ,  H04L9/40

CPC classification number: H04L67/10 ,  H04L67/306 ,  H04L63/08

Abstract: Techniques are described for providing a multi-cloud control plane (MCCP) in a first cloud infrastructure (included in a first cloud environment provided by a first cloud services provider) that enables services and/or resources provided in the first cloud infrastructure to be utilized by users of a second cloud environment. The first cloud infrastructure receives a request from a user associated with an account in the second cloud infrastructure. The request corresponding to using a service provided by the first cloud infrastructure. A tenancy is created for the user in the first cloud infrastructure to enable the user to utilize the service, and a link-resource object is created that includes information linking the tenancy of the user in the first cloud infrastructure to the account of the user in the second cloud infrastructure, the link-resource object enabling the user to utilize the service provided by the first cloud infrastructure.

公开(公告)号：US20230140149A1

公开(公告)日：2023-05-04

申请号：US18050457

申请日：2022-10-27

Applicant: Oracle International Corporation

Inventor： Gregg Alan Wilson ,  Martinus Petrus Lambertus van den Dungen ,  Arsalan Ahmad ,  Robert Lee Tesch, II ,  Girish Nagaraja ,  Lokesh Gupta ,  Nikhil Yograj Vaishnavi

IPC: G06F11/20

Abstract: An approach of performing data center failover using an address that indicates a backup data center. The address includes common names indicating a data center with a domain and a backup datacenter with a replica of the domain. A cloud service provider can receive the address, establish a connection with an available data center, and failover to the backup data center if the data center with the connection becomes unavailable.

公开(公告)号：US20230132987A1

公开(公告)日：2023-05-04

申请号：US18050455

申请日：2022-10-27

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Martinus Petrus Lambertus Van den Dungen ,  Lokesh Gupta ,  Girish Nagaraja ,  Nikhil Yograi Vaishavi

IPC: H04L41/0803

Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

公开(公告)号：US20230101337A1

公开(公告)日：2023-03-30

申请号：US17832283

申请日：2022-06-03

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Pradyumna Reddy Vajja ,  Ashwin Kumar Vajantri ,  Nikhil Yograj Vaishnavi ,  Girish Yashawant Mande ,  Girish Nagaraja ,  Gregg Alan Wilson

IPC: H04L67/1095 ,  G06F9/54

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

公开(公告)号：US20230100200A1

公开(公告)日：2023-03-30

申请号：US17953172

申请日：2022-09-26

Applicant: Oracle International Corporation

Inventor： Venkata Subbarao Evani ,  Girish Nagaraja ,  Norka Beatriz Lucena Mogollon

IPC: H04L9/32

Abstract: Techniques are discloses for exchanging tokens between different identity systems that follow different identity models. A token exchange system of an integrated identity management system of a cloud service can determine that that an entity is authorized to access a first identity system based on credentials of the entity entered in the first identity system. The token exchange system can exchange a first token for the first identity system for a second token for the second identity system without requiring entry of credentials to access the second identity system.

公开(公告)号：US20230097521A1

公开(公告)日：2023-03-30

申请号：US17952957

申请日：2022-09-26

Applicant: Oracle International Corporation

Inventor： Venkata Rama Prasad Tammana ,  Kedar Nitin Mishra ,  Matthew Hoover ,  Girish Nagaraja

IPC: H04L9/40

Abstract: A host computing device may receive a request to authorize an entity, the authorization request comprising an entity tag. The host may send a domain request, containing an entity tag, for a domain tag to a first fleet. The host may receive the domain tag from the first fleet and store the domain tag in a cache memory. The host may identify a data stripe tag, stored in a host database, associated with the domain tag. The host may send a fleet request for a fleet tag, with the data stripe tag, to a second fleet. The host may receive the fleet tag. The host may send an information request for a plurality of authentication information to an identified fleet associated with the fleet tag. The host may receive the plurality of authentication information. The host may determine whether to authorize the entity based on the authentication information.

公开(公告)号：US20250007956A1

公开(公告)日：2025-01-02

申请号：US18375382

申请日：2023-09-29

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martin John Sleeman ,  Thomas Ray Bakita ,  Richard Benjamin Stockton ,  Troy Ari Levin ,  Jinsu Choi ,  Thomas James Andrews

IPC: H04L9/40 ,  H04L47/2483

Abstract: Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer, where the traffic is generated by a customer network of the customer, such as a customer tenancy or an on-premise network. The traffic can be destined to the target service. The traffic can be tagged by the customer network (e.g., by a gateway of the customer network). The customer network can be associated with the egress policy. The target service can determine the egress policy based on the information tagged to the traffic and can enforce the egress policy on the traffic that the target service is receiving.