公开(公告)号：US20250015977A1

公开(公告)日：2025-01-09

申请号：US18764683

申请日：2024-07-05

Applicant: Oracle International Corporation

Inventor： Apurv Awasthi ,  Frederick Anthonisamy Bosco ,  Bharat Shivram ,  Madhu Manjunath ,  Deepak Kumar ,  Raj Miglani ,  Akshay Mall ,  Mayank Bajpai ,  Jun Tong ,  Mukesh Shah ,  Mauruthi Geetha Mohan

IPC: H04L9/08

Abstract: An identity service in a cloud environment is communicatively coupled to a proxy key vault in the cloud environment and to an external key manager (EKM) located outside of the cloud environment. The identity service receives a token request for a communication credential from the proxy key vault and verifies the request based on a client credential associated with the proxy key vault. The identity service generates the client credential and signs the communication credential with a private key associated with the EKM. The identify service transmits the signed communication credential to the proxy key vault. The communication credential can be used to substantiate cryptographic operation requests to the EKM.

公开(公告)号：US20220060517A1

公开(公告)日：2022-02-24

申请号：US17393347

申请日：2021-08-03

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L29/06

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US12301631B2

公开(公告)日：2025-05-13

申请号：US18329417

申请日：2023-06-05

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US11706260B2

公开(公告)日：2023-07-18

申请号：US17393347

申请日：2021-08-03

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

CPC classification number: H04L63/205 ,  H04L63/10 ,  H04L63/102 ,  H04L63/107 ,  H04L63/20 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US12261889B2

公开(公告)日：2025-03-25

申请号：US17393334

申请日：2021-08-03

Applicant: Oracle International Corporation

Inventor： Sreenivas Gattu ,  Qian Wei ,  Jonathan Jorge Nadal ,  Jun Tong ,  Thoulfekar Alrahem

IPC: H04L9/40 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a centralized application programming Interface (API) system and a security zone policy enforcement system in a cloud service provider infrastructure. The centralized API system receives an API request that identifies an operation to be performed on a resource in the CSPI. The system determines, from the API request, compartment information and context information associated with the resource. Responsive to determining the compartment information and the context information associated with the resource, the system determines that the resource resides in a compartment that is associated with a security zone. The system then processes the API request and transmits a result of processing of the API request to a user of the centralized API processing system.

公开(公告)号：US20250015988A1

公开(公告)日：2025-01-09

申请号：US18764594

申请日：2024-07-05

Applicant: Oracle International Corporation

Inventor： Apurv Awasthi ,  Frederick Anthonisamy Bosco ,  Bharat Shivram ,  Madhu Manjunath ,  Deepak Kumar ,  Raj Miglani ,  Akshay Mall ,  Mayank Bajpai ,  Jun Tong ,  Mukesh Shah ,  Mauruthi Geetha Mohan

IPC: H04L9/08 ,  H04L9/40

Abstract: A key management service (KMS) in a cloud computing environment has an internal vault for cryptographic operations by an internal cryptographic key within the cloud environment and a proxy key vault communicatively coupled to an external key manager (EKM) that stores an external cryptographic key. The KMS uses a provider-agnostic application program interface (API) that permits the cloud service customer to use the same interface request and format for cryptographic operation requests regardless of whether the request is for an operation directed to an internal vault or to an external vault and regardless of the particular vendor of the external key management service operating on the external hardware device.

公开(公告)号：US20230328114A1

公开(公告)日：2023-10-12

申请号：US18329417

申请日：2023-06-05

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L9/40 ,  H04L67/10

CPC classification number: H04L63/205 ,  H04L63/20 ,  H04L63/102 ,  H04L63/107 ,  H04L63/10 ,  H04L67/10

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.