公开(公告)号：US20250088499A1

公开(公告)日：2025-03-13

申请号：US18466474

申请日：2023-09-13

Applicant: Oracle International Corporation

Inventor： Sneha Sudhakaran Nair ,  Tony Long ,  Mauruthi Geetha Mohan ,  Akshay Krishnath Dagade ,  Jakub Wojciak

IPC: H04L9/40

Abstract: Operations of a certificate bundle distribution service may include: detecting a trigger condition to distribute a certificate bundle that includes a set of one or more certificate authority certificates; partitioning each particular network entity of a plurality of network entities associated with a computer network into one of a plurality of certificate distribution groups based on a network address of the particular network entity, in which each particular certificate distribution group includes a particular subset of network entities from the plurality of network entities; selecting a particular certificate distribution group, of the plurality of certificate distribution groups, for distribution of the certificate bundle; and transmitting the certificate bundle to the particular subset of network entities in the particular certificate distribution group.

公开(公告)号：US20250055710A1

公开(公告)日：2025-02-13

申请号：US18447993

申请日：2023-08-10

Applicant: Oracle International Corporation

Inventor： Tony Long ,  Mauruthi Geetha Mohan ,  Karthik Venkatesh

IPC: H04L9/32

Abstract: Operations of a digital signature manager may include detecting, in a certificate repository on a first virtual cloud network, set of one or more new certificate authority (CA) certificates; transmitting, to a key management service hosted on a second virtual cloud network, a CA dataset that includes the set of one or more new CA certificates; receiving, from the key management service, a digital signature of the CA dataset generated based at least on a global private key stored on the second virtual cloud network in a private key repository associated with the key management service; and storing the digital signature in the certificate repository in a data structure that associates the digital signature with the CA dataset.

公开(公告)号：US20250015988A1

公开(公告)日：2025-01-09

申请号：US18764594

申请日：2024-07-05

Applicant: Oracle International Corporation

Inventor： Apurv Awasthi ,  Frederick Anthonisamy Bosco ,  Bharat Shivram ,  Madhu Manjunath ,  Deepak Kumar ,  Raj Miglani ,  Akshay Mall ,  Mayank Bajpai ,  Jun Tong ,  Mukesh Shah ,  Mauruthi Geetha Mohan

IPC: H04L9/08 ,  H04L9/40

Abstract: A key management service (KMS) in a cloud computing environment has an internal vault for cryptographic operations by an internal cryptographic key within the cloud environment and a proxy key vault communicatively coupled to an external key manager (EKM) that stores an external cryptographic key. The KMS uses a provider-agnostic application program interface (API) that permits the cloud service customer to use the same interface request and format for cryptographic operation requests regardless of whether the request is for an operation directed to an internal vault or to an external vault and regardless of the particular vendor of the external key management service operating on the external hardware device.

公开(公告)号：US20250088374A1

公开(公告)日：2025-03-13

申请号：US18466483

申请日：2023-09-13

Applicant: Oracle International Corporation

Inventor： Jodi Robertson ,  Tony Long ,  Mauruthi Geetha Mohan ,  Mina Anes

IPC: H04L9/32 ,  H04L67/568

Abstract: Operations may include receiving, from a first network entity, a first request for a first certificate revocation list (CRL) that identifies a first CRL distribution point (CDP) corresponding to the first CRL; mapping the first CDP to a first CRL identifier of a set of available CRL identifiers; locating, in a CRL repository, a first CRL based on the first CRL identifier; and transmitting the first CRL to the first network entity.

公开(公告)号：US20250088514A1

公开(公告)日：2025-03-13

申请号：US18466447

申请日：2023-09-13

Applicant: Oracle International Corporation

Inventor： Haya Majeed ,  Tony Long ,  Mauruthi Geetha Mohan

IPC: H04L9/40

Abstract: Operations of a certificate authority (CA) service may include aggregating in a certificate repository, a plurality of sets of CA certificates, in which each set of CA certificates is issued by a particular CA that is associated with a particular trust zone and that is trusted by a particular set of network entities located in the particular trust zone. The operations may further include distributing for access by an additional set of network entities, an aggregate set of CA certificates that includes the plurality of sets of CA certificates. The additional set of network entities may utilize the plurality of sets of CA certificates to authenticate network entities located in different trust zones.

公开(公告)号：US20250015977A1

公开(公告)日：2025-01-09

申请号：US18764683

申请日：2024-07-05

Applicant: Oracle International Corporation

Inventor： Apurv Awasthi ,  Frederick Anthonisamy Bosco ,  Bharat Shivram ,  Madhu Manjunath ,  Deepak Kumar ,  Raj Miglani ,  Akshay Mall ,  Mayank Bajpai ,  Jun Tong ,  Mukesh Shah ,  Mauruthi Geetha Mohan

IPC: H04L9/08

Abstract: An identity service in a cloud environment is communicatively coupled to a proxy key vault in the cloud environment and to an external key manager (EKM) located outside of the cloud environment. The identity service receives a token request for a communication credential from the proxy key vault and verifies the request based on a client credential associated with the proxy key vault. The identity service generates the client credential and signs the communication credential with a private key associated with the EKM. The identify service transmits the signed communication credential to the proxy key vault. The communication credential can be used to substantiate cryptographic operation requests to the EKM.

公开(公告)号：US20250097211A1

公开(公告)日：2025-03-20

申请号：US18467350

申请日：2023-09-14

Applicant: Oracle International Corporation

Inventor： Burak Uzun ,  Mauruthi Geetha Mohan ,  Saranya Mani ,  Geetha Ravi

IPC: H04L9/40

Abstract: Operations of a certificate bundle distribution service may include: detecting a trigger condition to distribute a certificate bundle that includes a set of certificate authority certificates; determining, for each of a plurality of network entities associated with a computer network, a fault domain representing at least one single point of failure; partitioning the plurality of network entities into a plurality of certificate distribution groups, based on a set of partitioning criteria that includes a fault domain of each particular network entity, in which each particular certificate distribution group includes a particular subset of network entities, and the particular subset of network entities are associated with a particular fault domain; selecting a particular certificate distribution group, of the plurality of certificate distribution groups, for distribution of the certificate bundle; and transmitting the certificate bundle to the particular subset of network entities in the particular certificate distribution group.

公开(公告)号：US20250088373A1

公开(公告)日：2025-03-13

申请号：US18466466

申请日：2023-09-13

Applicant: Oracle International Corporation

Inventor： Burak Uzun ,  Mauruthi Geetha Mohan ,  Tony Long ,  Owen Cliffe

IPC: H04L9/32 ,  H04L9/08

Abstract: Operations of a certificate bundle validation service may include receiving a first certificate bundle that includes a first set of one or more digital certificates, and a digital signature, associated with the first certificate bundle; determining, using a public key of an asymmetric key pair associated with a second set of one or more digital certificates, that the digital signature is generated using a private key of the asymmetric key pair; and responsive to determining that the digital signature is generated using the private key, storing the first certificate bundle in a certificate repository as a trusted certificate bundle.

公开(公告)号：US20240340272A1

公开(公告)日：2024-10-10

申请号：US18131479

申请日：2023-04-06

Applicant: Oracle International Corporation

Inventor： Anthony Long ,  Brady Turner ,  Mina Anes ,  Mauruthi Geetha Mohan ,  Adam Franklin Wilford ,  Bill Chau ,  Timothy Kraus ,  David Dale Becker

IPC: H04L9/40

CPC classification number: H04L63/0442 ,  H04L63/0823

Abstract: A method may include transmitting a request for metadata associated with a compute instance and receiving, by a computing system, metadata associated with the compute instance signed with a private key. The private key may be associated with a public key. The method may include receiving a request to access a cloud resource and transmitting the request for the metadata. The method may also include receiving the metadata. The metadata may indicate that the compute instance is hosted on the computing system. The method may also include transmitting, to an instance principal service, a request for an instance principal certificate. The request may include the metadata signed with the private key and be cryptographically verified by the instance principal service using the public key. The method may also include receiving the instance principal certificate and providing access to the could resource based on the instance principal certificate.

公开(公告)号：US20240119133A1

公开(公告)日：2024-04-11

申请号：US17963134

申请日：2022-10-10

Applicant: Oracle International Corporation

Inventor： Mauruthi Geetha Mohan ,  Anthony Long ,  Mina Michel Gorgy Anes ,  Sanjeeb Kumar Sahoo ,  Yingyu Yang ,  Bakhtiyar Uddin ,  Thomas James Andrews

IPC: G06F21/33

CPC classification number: G06F21/33

Abstract: Techniques described herein relate to authorization between integrated cloud products. An example includes receiving, by a computing device and from a first resource, a first request for permission to access a certificate to verify a requestor's identity. The computing device can transmit a second request to a second resource to authorize permitting access to the certificate. The computing device can receive a response from the second resource comprising an authorization to permit access to the certificate. The computing device can grant permission to the first resource to access the certificate, wherein the first resource is configured to verify the requestor's identity based on accessing the certificate. The computing device can receive a third request from the first resource to generate an association object between the first resource and the certificate. The computing device can generate the association object, wherein the association object associates the first resource and the certificate.