公开(公告)号：US20160315926A1

公开(公告)日：2016-10-27

申请号：US15136734

申请日：2016-04-22

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/10 ,  H04L63/20

Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.

Abstract translation: 提供技术来管理安全工件。 具体地说，公开了一种安全管理系统，用于实现安全伪影档案以管理安全伪像。 安全工件存档可以包括用于管理可被引用或包括在安全工件存档中的一个或多个安全工件的信息。 安全管理系统可以为安全工件归档创建，编辑，读取，发送和执行其他管理操作。 对象可以捆绑在特定于对象的安全工件存档中。 安全工件存档可以被命名，版本化，标记和/或标记以用于识别。 安全伪影归档可以被发送到提供对其访问依赖于安全伪像的对象的访问的目的地（例如，服务提供商或客户端系统）。 目的地可以使用包括对象的相关和当前安全工件的安全工件归档来管理对象的访问。

公开(公告)号：US20250036962A1

公开(公告)日：2025-01-30

申请号：US18406905

申请日：2024-01-08

Applicant: Oracle International Corporation

Inventor： Edwin Thomas ,  Amit Agarwal ,  Sandeep Jana ,  Kulbhushan Pachauri

IPC: G06N3/098

Abstract: Techniques are described herein for generating block extender model. An example method includes a system accessing a base model trained for identifying a base class. The system can access an extender comprising block extenders, the extender class distinct from the base class. The system can connect the extender with the base model to generate an augmented model. The system can input training data to the augmented model, the training data is provided to the base model and the extender, the training data comprising data points associated with the extender class. The system can train the extender model to identify the extender class based at least in part on the training data and the signal received from the base machine learning model. The system can generate a trained extender based at least in part on the training, the extender trained to identify an object associated with the extender class.

公开(公告)号：US11989964B2

公开(公告)日：2024-05-21

申请号：US17524157

申请日：2021-11-11

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Kulbhushan Pachauri ,  Iman Zadeh ,  Jun Qian

IPC: G06V30/41 ,  G06N20/00 ,  G06V30/18

CPC classification number: G06V30/41 ,  G06N20/00 ,  G06V30/18181

Abstract: A computing device may receive a set of user documents. Data may be extracted from the documents to generate a first graph data structure with one or more initial graphs containing key-value pairs. A model may be trained on the first graph data structure to classify the pairs. Until a set of evaluation metrics for the model exceeds a set of deployment thresholds: generating, a set of evaluation metrics may be generated for the model. The set of evaluation metrics may be compared to the set of deployment thresholds. In response to a determination that the set of evaluation metrics are below the set of deployment thresholds: one or more new graphs may be generated from the one or more initial graphs in the first graph data structure to produce a second graph data structure. The first and second graph can be used to train the model.

公开(公告)号：US11823478B2

公开(公告)日：2023-11-21

申请号：US17714806

申请日：2022-04-06

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Kulbhushan Pachauri

IPC: G06V30/414 ,  G06V30/19

CPC classification number: G06V30/414 ,  G06V30/19147 ,  G06V30/19173 ,  G06V30/19187

Abstract: A computing device may access visually rich documents comprising an image and metadata. A graph, based on the image or metadata, can be generated for a visually rich document. The graph's nodes can correspond to words from the visually rich document. Features for nodes can be determined by the device. The device may generate model labeled graphs by assigning a pseudo-label to nodes using a pretrained model. The device may generate a plurality of graph labeled graphs by assigning a pseudo-label to nodes by matching a first node from a first graph to at least a second node from a second graph. The device may generate a plurality of updated graphs by cross referencing labels from the model labeled graphs and the graph labeled graphs. Until a change in labels is below a threshold, a model can be trained to perform key-value extraction using the updated graphs.

公开(公告)号：US11374749B2

公开(公告)日：2022-06-28

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L29/06 ,  H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US10805350B2

公开(公告)日：2020-10-13

申请号：US15897651

申请日：2018-02-15

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Vineet Garg ,  Dongguang Zhou ,  Amit Agarwal ,  Yu Long Cao

IPC: G06F21/00 ,  H04L29/06 ,  H04L29/08

Abstract: In accordance with an embodiment, described herein is a system and method for providing security services using a security configuration template in a multi-tenant environment. The system can load a security configuration template in memory when the multi-tenant environment starts, and can use the security configuration template to create a multi-headed tree to represent tenant-specific security configurations. Each head of the multi-headed tree can represent a root node of either the security configuration template or a tenant-specific security configuration. Each tenant-specific security configuration can reuse one or more nodes in the security configuration template by referencing those nodes, and can include one or more new nodes created from the security configuration template by replacing each placeholder therein with tenant-specific values. By creating tenant-specific security configurations on the fly in memory, the system can simplify the tenant onboarding process and save precious computing and storage resources, e.g., in a cloud environment.

公开(公告)号：US10395042B2

公开(公告)日：2019-08-27

申请号：US15197478

申请日：2016-06-29

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai ,  Krishnakumar Sriramadhesikan

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/60 ,  H04W4/60 ,  G06F21/62 ,  H04W12/02 ,  H04W4/12

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

公开(公告)号：US20250078556A1

公开(公告)日：2025-03-06

申请号：US18240344

申请日：2023-08-30

Applicant: Oracle International Corporation

Inventor： Srikant Panda ,  Amit Agarwal ,  Kulbhushan Pachauri

IPC: G06V30/412 ,  G06F40/169

Abstract: A method may include detecting one or more selection boxes and one or more text lines in a primary document. The method may include determining respective vectors associated with the selection box and adjacent text lines to the selection box in a plurality of directions. The method may include determining a set of respective vectors associated with a unique selection box. The method may include determining a variance between respective vectors in the set of respective vectors and identifying a particular direction corresponding to a minimal variance between the respective vectors in the set of respective vectors as compared to a variance of other sets of respective vectors. The method may include generating a key-value pair based on the set of respective vectors characterized by the minimal variance. The method may include generating a document model, including the key-value pair, and extracting data according to the document model.

公开(公告)号：US20250078555A1

公开(公告)日：2025-03-06

申请号：US18240343

申请日：2023-08-30

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Panda ,  Kulbhushan Pachauri

IPC: G06V30/412 ,  G06V30/19 ,  G06V30/413

Abstract: A method may include receiving a primary document including one or more selection boxes, one or more text lines, and one or more annotations. The method may include determining, a class based on the annotations. The method may include identifying the one or more selection boxes and one or more text lines of the primary document. The method may include generating a graph representing the one or more selection boxes and the one or more text lines. The method may include mapping each of the one or more selection boxes to a respective text line of the one or more text lines of the graph based at least in part on one or more characteristics associated with the selection boxes. The method may include generating a key-value pair associated with each of the one or more text lines and generating a document model of the primary document.

公开(公告)号：US20250014374A1

公开(公告)日：2025-01-09

申请号：US18347983

申请日：2023-07-06

Applicant: Oracle International Corporation

Inventor： Srikant Panda ,  Amit Agarwal ,  Gouttham Nambirajan ,  Kulbhushan Pachauri

IPC: G06V30/19 ,  G06F40/169 ,  G06F40/247 ,  G06V30/413

Abstract: Techniques for extracting information from unstructured documents that enable an ML model to be trained such that the model can accurately distinguish in-distribution (“in-D”) elements and out-of-distribution (“OO-D”) elements within an unstructured document. Novel training techniques are used that train an ML model using a combination of a regular training dataset and an enhanced augmented training dataset. The regular training dataset is used to train an ML model to identify in-D elements, i.e., to classify an element extracted from a document as belonging to one of the in-D classes contained in the regular training dataset. The augmented training dataset, which is generated based upon the regular training dataset may contain one or more augmented elements which are used to train the model to identify OO-D elements, i.e., to classify an augmented element extracted from a document as belonging to an OO-D class instead of to an in-D class.