公开(公告)号：US20160072816A1

公开(公告)日：2016-03-10

申请号：US14848109

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

Abstract translation: 集成防火墙在多承租人环境中提供安全性，其具有直接连接数据库服务器的基于连接的交换结构，所述数据库服务器向承载具有不同数据库服务消费者身份的数据库服务消费者的应用服务器提供多个数据库服务。 集成到每个数据库服务器中的防火墙功能通过丢弃不包括数据库服务消费者身份的通信数据包并​​使用数据库服务消费者身份与访问控制列表组合来控制从数据库服务使用者到数据库服务的访问来提供访问控制 。 访问控制包括基于所述访问控制列表的地址解析访问控制，连接建立访问控制和数据交换访问控制。 集成防火墙可以通过InfiniBand网络直接连接数据库服务器和应用程序服务器，而无需单独的中间防火墙设备或安全节点。

公开(公告)号：US09268840B2

公开(公告)日：2016-02-23

申请号：US14448987

申请日：2014-07-31

Applicant: Oracle International Corporation

Inventor： Wei-Ming Hu ,  Lakshminaray Chidambaran ,  Mark Dilman ,  Feroz A. Khan ,  Bhaskar Mathur ,  Kevin S. Neel ,  Leonid Novak ,  Kant C. Patel ,  Saravanakumar Ramasubramanian ,  Michael J. Stewart ,  Hubert Sun

IPC: G06F17/30 ,  H04L29/08 ,  H04L12/24

CPC classification number: G06F17/30595 ,  H04L41/02 ,  H04L67/1002

Abstract: Techniques are provided to allow users to define a global service that is offered across multiple replicated databases. Database clients connect to and use a global service just as they do with regular services on a single database today. Upon receiving a connection request, a collection of components, referred to collectively as the Global Data Service framework (GDS framework), automatically chooses the best database server instances to which to connect a client. Once those connections have been established, the clients determine which database server instance, of those database server instances to which they are connected, to send requests to based, at least in part, on advisory messages sent to the clients by the GDS framework.

Abstract translation: 提供技术以允许用户定义跨多个复制数据库提供的全局服务。 数据库客户端连接到并使用全局服务，就像现在一个数据库上的常规服务一样。 一旦接收到连接请求，将统称为全局数据服务框架（GDS框架）的组件集合自动选择连接客户端的最佳数据库服务器实例。 一旦建立了这些连接，客户端将确定哪些数据库服务器实例（与其连接的数据库服务器实例）发送请求至少部分地基于由GDS框架发送给客户端的咨询消息。

公开(公告)号：US11522855B2

公开(公告)日：2022-12-06

申请号：US16937030

申请日：2020-07-23

Applicant: Oracle International Corporation

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Abhishek Dadhich ,  Kant C. Patel

IPC: H04L29/06 ,  H04L9/40 ,  G06F21/62

Abstract: Embodiments establish a pool of tunnel connections using a secure protocol. A pool of tunnels can be initiated from endpoint connection managers to cloud connection managers, where a request is received from the endpoint connection managers by the cloud connection managers. A request from a cloud client to communicate with a secure computing device using a first of the endpoint connection managers is received at a first of the cloud connection managers. One of the pool of tunnels that is connected to the first endpoint connection manager is identified. The identified tunnel is configured to connect the cloud client and the first endpoint connection manager.

公开(公告)号：US11036542B2

公开(公告)日：2021-06-15

申请号：US16052473

申请日：2018-08-01

Applicant: Oracle International Corporation

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Kant C. Patel

IPC: G06F9/46 ,  G06F9/48

Abstract: A process or thread is implemented to issue a command which executes without use of a processor that issues the command, retain control of the processor to check whether the issued command has completed, and when the issued command has not completed repeat the checking without relinquishing the processor, until a limiting condition is satisfied. The limiting condition may be determined specifically for a current execution of the command, based on one or more factors, such as durations of executions of the command after start of the process or thread and/or an indicator of delay in a current execution of the command. When the limiting condition is satisfied, the processor is relinquished by the process or thread issuing a sleep command, after setting an interrupt. After the command completes, the limiting condition is determined anew based on the duration of the current execution, for use in a next execution.

公开(公告)号：US09723009B2

公开(公告)日：2017-08-01

申请号：US14848111

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list. DoS attack prevention can also be performed based on consumer identities included in packets.

公开(公告)号：US20160072817A1

公开(公告)日：2016-03-10

申请号：US14848111

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list. DoS attack prevention can also be performed based on consumer identities included in packets.

Abstract translation: 安全解决方案在多租户环境中提供安全通信，其包括基于连接的结构，保存与不同租户相关联的数据的存储单元，使用所述数据提供多个数据库服务的数据库服务器，承载数据库服务使用者的应用服务器。 将结构配置为隔离存储单元与数据库服务使用者的分区。 应用程序服务器将唯一的数据库服务使用者身份与每个数据库服务使用者进行安全关联，并与数据库服务器进行所有通信。 数据库服务器拒绝来自不包括身份的应用服务器的所有通信，并使用访问控制列表来控制使用地址解析访问控制，连接建立访问控制和数据交换访问控制从数据库服务使用者到数据库服务的访问 基于所述访问控制列表。 DoS攻击预防也可以根据包中包含的消费者身份进行。

公开(公告)号：US09182941B2

公开(公告)日：2015-11-10

申请号：US14147875

申请日：2014-01-06

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Kant C. Patel ,  Sudeep Reguna

IPC: H04L12/801 ,  H04L12/54 ,  G06F5/16

CPC classification number: G06F5/16 ,  H04L47/10 ,  H04L47/26 ,  H04L47/27 ,  H04L47/39 ,  H04L47/70

Abstract: Systems and methods are described herein that include flow control mechanisms that provide a receiving device with the ability to reclaim buffers that have been previously advertised to a sending device. Data structures and communication methods are described that facilitate the communication of flow control messages between sending and receiving devices that allow an advertised window to be reduced, and buffers to be released, by a sending device in response to a flow control message from the receiving device.

Abstract translation: 这里描述的系统和方法包括流控制机制，其提供接收设备具有回收先前向发送设备通告的缓冲器的能力。 描述了数据结构和通信方法，其用于响应于来自接收设备的流控制消息，促使发送设备和接收设备之间的流控制消息的通信，允许发布的窗口被减少，以及缓冲区被发送设备发布 。

公开(公告)号：US20140101100A1

公开(公告)日：2014-04-10

申请号：US13645819

申请日：2012-10-05

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Wei-Ming Hu ,  Lakshminaray Chidambaran ,  Mark Dilman ,  Feroz A. Khan ,  Bhaskar Mathur ,  Kevin S. Neel ,  Leonid Novak ,  Kant C. Patel ,  Saravanakumar Ramasubramanian ,  Michael J. Stewart ,  Hubert Sun

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30595 ,  H04L41/02 ,  H04L67/1002

Abstract: Techniques are provided to allow users to define a global service that is offered across multiple replicated databases. Database clients connect to and use a global service just as they do with regular services on a single database today. Upon receiving a connection request, a collection of components, referred to collectively as the Global Data Service framework (GDS framework), automatically chooses the best database server instances to which to connect a client. Once those connections have been established, the clients determine which database server instance, of those database server instances to which they are connected, to send requests to based, at least in part, on advisory messages sent to the clients by the GDS framework.

Abstract translation: 提供技术以允许用户定义跨多个复制数据库提供的全局服务。 数据库客户端连接到并使用全局服务，就像现在一个数据库上的常规服务一样。 一旦接收到连接请求，将统称为全局数据服务框架（GDS框架）的组件集合自动选择连接客户端的最佳数据库服务器实例。 一旦建立了这些连接，客户端将确定哪些数据库服务器实例（与其连接的数据库服务器实例）发送请求至少部分地基于由GDS框架发送给客户端的咨询消息。