公开(公告)号：US20250088360A1

公开(公告)日：2025-03-13

申请号：US18825689

申请日：2024-09-05

Applicant: Oracle International Corporation

Inventor： Venkata Subbarao Evani ,  Girish Nagaraja ,  Atul Goyal

IPC: H04L9/32 ,  G06F9/455

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

公开(公告)号：US20250086001A1

公开(公告)日：2025-03-13

申请号：US18825661

申请日：2024-09-05

Applicant: Oracle International Corporation

Inventor： Venkata Subbarao Evani ,  Girish Nagaraja ,  Atul Goyal

IPC: G06F9/455 ,  H04L9/40

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

公开(公告)号：US12229297B2

公开(公告)日：2025-02-18

申请号：US17953058

申请日：2022-09-26

Applicant: Oracle International Corporation

Inventor： Martinus Petrus Lambertus van den Dungen ,  James William Salmon ,  Girish Nagaraja

IPC: H04L29/06 ,  G06F21/62

Abstract: Techniques are disclosed for unifying a first identity management service with a second identity management service within a distributed computing system. The first identity management service can receive a request to perform an entity operation. The request may be formatted for an interface of the first identity service. The first identity service can determine that the account is in a second domain associated with the second identity service and transform the request to a format corresponding to an interface of the second identity service. The transformed request may be transmitted to the second identity service using an external proxy and based in part on the second domain corresponding to the second identity service.

公开(公告)号：US12147843B2

公开(公告)日：2024-11-19

申请号：US17935718

申请日：2022-09-27

Applicant: Oracle International Corporation

Inventor： Venkata Rama Prasad Tammana ,  Gregg Alan Wilson ,  Vanja Oljaca ,  Swarupa Ramakrishnan ,  Girish Nagaraja ,  Bhumikaben Rashmikant Patel ,  Nikhil Yograj Vaishnavi

IPC: G06F9/50 ,  G06F9/48 ,  G06F21/60 ,  G06F21/62 ,  H04L9/40

Abstract: A framework for migrating a customer tenancy from a first identity and access management (TAM) system to a second IAM system. A first snapshot of the customer tenancy is obtained from a first data storage. The first snapshot is processed and migrated to the second IAM system. A second snapshot of the customer tenancy is obtained from a second data storage and migrated to the second IAM system. A state of a lock associated with the second data storage is modified, where after a third snapshot of the customer tenancy is obtained from the second data storage and migrated to the second IAM system. Responsive to the third snapshot being migrated, directing a request regarding the customer tenancy to the second IAM system.

公开(公告)号：US12101377B2

公开(公告)日：2024-09-24

申请号：US18455561

申请日：2023-08-24

Applicant: Oracle International Corporation

Inventor： Arsalan Ahmad ,  Pradyumna Reddy Vajja ,  Ashwin Kumar Vajantri ,  Nikhil Yograj Vaishnavi ,  Girish Yashawant Mande ,  Girish Nagaraja ,  Gregg Alan Wilson

IPC: H04L67/1095 ,  G06F9/54

CPC classification number: H04L67/1095 ,  G06F9/547

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

公开(公告)号：US20230328114A1

公开(公告)日：2023-10-12

申请号：US18329417

申请日：2023-06-05

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

CPC classification number: H04L63/205 ,  H04L63/20 ,  H04L63/102 ,  H04L63/107 ,  H04L63/10 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US20230063458A1

公开(公告)日：2023-03-02

申请号：US17459167

申请日：2021-08-27

Applicant: Oracle International Corporation

Inventor： A M Helali Mortuza Bhuiyan ,  Girish Nagaraja ,  Jyotishman Nag ,  Sahitya Gollapudi

IPC: H04L29/06

Abstract: Techniques are disclosed for restricting operations between two attached two compute instances. An infrastructure and a generalized method is described for attaching two or more cloud resources (e.g., two compute instances) in spite of the compute resources being provisioned by two different services from different cloud tenancies, and then modifying the allowed operations that can be performed due to the attachment.

公开(公告)号：US11546271B2

公开(公告)日：2023-01-03

申请号：US16986160

申请日：2020-08-05

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Alok Goyal ,  Girish Nagaraja ,  Dan Vogel

IPC: H04L47/70 ,  G06F21/62 ,  G06F21/31 ,  G06F9/50 ,  G06F9/455 ,  H04L47/78

Abstract: Systems and methods described herein support tag based request context in a cloud infrastructure environment. Cloud administrators do not generally have the ability to restrict resource usage in existing clouds. Granting a user permission to create resources allows them to create and/or terminate any number of resources up to a predefined account limit. Tags are associated with requests for resources for allowing administrators to restrict a user's handling of resources to the appropriate level by allowing fine-tuned control of access to the resources based on the context of the request for the resources. Request context information of the request is compared against a required credential gate level for permitting handling of resources in a tenancy having the first privilege level classification, and the request is selectively granted based on the request context information matching the first required credential gate level.

公开(公告)号：US20220239640A1

公开(公告)日：2022-07-28

申请号：US17463493

申请日：2021-08-31

Applicant: Oracle International Corporation

Inventor： Chuang Wang ,  Girish Nagaraja ,  Ghazanfar Ahmed ,  Divya Jain ,  Weisong Lin ,  Zheng Guo ,  Roberto Anthony Franco ,  Philip Kevin Newman

IPC: H04L29/06 ,  H04L29/08

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

公开(公告)号：US11121863B1

公开(公告)日：2021-09-14

申请号：US17069561

申请日：2020-10-13

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Kevin Ross O'Neill ,  Daniel Music Vogel ,  Girish Nagaraja ,  Shobhank Sharma

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Techniques are provided for establishing a session with an application using asymmetric cryptography. Techniques include secure single-sign on capabilities using asymmetric cryptography. With asymmetric signatures, the use of browser local storage and the Web Crypto application programming interface (API), the key cannot be extracted from the browser that it was generated for. The mechanism allows a web domain to track a user login session using a non-extractable asymmetric key stored in the client's web browser, and leverage the non-extractable asymmetric key for single sign-on.