公开(公告)号：US20250007832A1

公开(公告)日：2025-01-02

申请号：US18741635

申请日：2024-06-12

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Martin John Sleeman ,  Thomas Ray Bakita ,  Richard Benjamin Stockton ,  Troy Ari Levin ,  Jinsu Choi ,  Thomas James Andrews

IPC: H04L45/74 ,  H04L45/00 ,  H04L47/20

Abstract: Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer tenancy, where the traffic is generated by a multi-tenancy service. The traffic can be destined to the target service. The traffic can be tagged by the multi-tenancy service with information indicating that the traffic is egressing therefrom on behalf of the customer tenancy. The customer tenancy can be associated with the egress policy. The target service can determine the egress policy based on the information tagged to the traffic and can enforce the egress policy on the traffic that the target service is receiving.

公开(公告)号：US20240314133A1

公开(公告)日：2024-09-19

申请号：US18679365

申请日：2024-05-30

Applicant: Oracle International Corporation

Inventor： A M Helali Mortuza Bhuiyan ,  Girish Nagaraja ,  Jyotishman Nag ,  Sahitya Gollapudi

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: Techniques are disclosed for restricting operations between two attached two compute instances. An infrastructure and a generalized method is described for attaching two or more cloud resources (e.g., two compute instances) in spite of the compute resources being provisioned by two different services from different cloud tenancies, and then modifying the allowed operations that can be performed due to the attachment.

公开(公告)号：US12047377B2

公开(公告)日：2024-07-23

申请号：US17459167

申请日：2021-08-27

Applicant: Oracle International Corporation

Inventor： A M Helali Mortuza Bhuiyan ,  Girish Nagaraja ,  Jyotishman Nag ,  Sahitya Gollapudi

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: Techniques are disclosed for restricting operations between two attached two compute instances. An infrastructure and a generalized method is described for attaching two or more cloud resources (e.g., two compute instances) in spite of the compute resources being provisioned by two different services from different cloud tenancies, and then modifying the allowed operations that can be performed due to the attachment.

公开(公告)号：US20240121233A1

公开(公告)日：2024-04-11

申请号：US18543902

申请日：2023-12-18

Applicant: Oracle International Corporation

Inventor： Chuang Wang ,  Girish Nagaraja ,  Ghazanfar Ahmed ,  Divya Jain ,  Weisong Lin ,  Zheng Guo ,  Roberto Anthony Franco ,  Philip Kevin Newman

IPC: H04L9/40 ,  H04L67/306

CPC classification number: H04L63/0815 ,  H04L63/0807 ,  H04L63/0892 ,  H04L67/306

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

公开(公告)号：US20230403323A1

公开(公告)日：2023-12-14

申请号：US18455561

申请日：2023-08-24

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Pradyumna Reddy Vajja ,  Ashwin Kumar Vajantri ,  Nikhil Yograj Vaishnavi ,  Girish Yashawant Mande ,  Girish Nagaraja ,  Gregg Alan Wilson

IPC: H04L67/1095 ,  G06F9/54

CPC classification number: H04L67/1095 ,  G06F9/547

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

公开(公告)号：US11785082B2

公开(公告)日：2023-10-10

申请号：US17832283

申请日：2022-06-03

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Pradyumna Reddy Vajja ,  Ashwin Kumar Vajantri ,  Nikhil Yograj Vaishnavi ,  Girish Yashawant Mande ,  Girish Nagaraja ,  Gregg Alan Wilson

IPC: H04L67/1095 ,  G06F9/54

CPC classification number: H04L67/1095 ,  G06F9/547

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

公开(公告)号：US11757636B2

公开(公告)日：2023-09-12

申请号：US17198021

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L9/32 ,  H04L9/40 ,  H04L47/70

CPC classification number: H04L9/3213 ,  H04L47/82 ,  H04L63/10

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a resource is assigned a digital token that provides certain access privileges for the duration in which the digital token is valid. The digital token permits the resource to have access for a duration sufficient to perform some operation (e.g., run one-time code or the same code periodically on a scheduled basis), but without extending the level of access for significantly longer than necessary to complete the operation. Each time the resource principal is to perform the operation, the token can be reissued to the resource to provide the resource with time-limited access privileges. The use of this short-lived token avoids having to create permanent credentials for the resource.

公开(公告)号：US20230244517A1

公开(公告)日：2023-08-03

申请号：US18162963

申请日：2023-02-01

Applicant: Oracle International Corporation

Inventor： Girish Nagaraja ,  Venkata Subbarao Evani ,  Daniel M. Vogel

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques are described for providing a multi-cloud control plane (MCCP) in a first cloud infrastructure (included in a first cloud environment provided by a first cloud services provider) that enables services and/or resources provided in the first cloud infrastructure to be utilized by users of a second cloud environment. The first cloud infrastructure receives a request from a user associated with an account in the second cloud infrastructure. The request corresponding to using a service provided by the first cloud infrastructure. A tenancy is created for the user in the first cloud infrastructure to enable the user to utilize the service, and a link-resource object is created that includes information linking the tenancy of the user in the first cloud infrastructure to the account of the user in the second cloud infrastructure, the link-resource object enabling the user to utilize the service provided by the first cloud infrastructure.

公开(公告)号：US20230137359A1

公开(公告)日：2023-05-04

申请号：US18050453

申请日：2022-10-27

Applicant: Oracle International Corporation

Inventor： Martinus Petrus Lambertus van den Dungen ,  Gregg Alan Wilson ,  Girish Nagaraja ,  Ghazanfar Ahmed ,  Taoran Li

IPC: H04L9/40

Abstract: A system for providing login to a network of a cloud service provider via more than one region is described herein. For example, the system and approaches may store authentication information in multiple regions allowing for authentication in the multiple regions.

公开(公告)号：US20230101303A1

公开(公告)日：2023-03-30

申请号：US17956227

申请日：2022-09-29

Applicant: Oracle International Corporation

Inventor： Venkata Rama Prasad Tammana ,  Kedar Nitin Mishra ,  Matthew Hoover ,  Girish Nagaraja ,  Arsalan Ahmad

IPC: H04L9/40

Abstract: In some aspects, an authentication service may divide authentication data into one or more data stripes, the authentication data including at least one of: user identifier (userID); group identifier (groupID); group membership; client identifier (clientID); dynamic group (DG) membership; or dynamic group identifier. The authentication service may store the one or more data stripes in one or more databases, the databases being contained in a host machine of a fleet, where the fleet contains one or more host machines. The authentication service may update the databases from the data stripe via a background thread. Numerous other aspects are described.