公开(公告)号：US20240037973A1

公开(公告)日：2024-02-01

申请号：US18379091

申请日：2023-10-11

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Kulbhushan Pachauri

IPC: G06V30/414 ,  G06V30/19

CPC classification number: G06V30/414 ,  G06V30/19187 ,  G06V30/19173 ,  G06V30/19147

Abstract: A computing device may access visually rich documents comprising an image and metadata. A graph, based on the image or metadata, can be generated for a visually rich document. The graph's nodes can correspond to words from the visually rich document. Features for nodes can be determined by the device. The device may generate model labeled graphs by assigning a pseudo-label to nodes using a pretrained model. The device may generate a plurality of graph labeled graphs by assigning a pseudo-label to nodes by matching a first node from a first graph to at least a second node from a second graph. The device may generate a plurality of updated graphs by cross referencing labels from the model labeled graphs and the graph labeled graphs. Until a change in labels is below a threshold, a model can be trained to perform key-value extraction using the updated graphs.

公开(公告)号：US20230326224A1

公开(公告)日：2023-10-12

申请号：US17714806

申请日：2022-04-06

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Kulbhushan Pachauri

IPC: G06V30/414 ,  G06V30/19

CPC classification number: G06V30/414 ,  G06V30/19147 ,  G06V30/19173 ,  G06V30/19187

Abstract: A computing device may access visually rich documents comprising an image and metadata. A graph, based on the image or metadata, can be generated for a visually rich document. The graph's nodes can correspond to words from the visually rich document. Features for nodes can be determined by the device. The device may generate model labeled graphs by assigning a pseudo-label to nodes using a pretrained model. The device may generate a plurality of graph labeled graphs by assigning a pseudo-label to nodes by matching a first node from a first graph to at least a second node from a second graph. The device may generate a plurality of updated graphs by cross referencing labels from the model labeled graphs and the graph labeled graphs. Until a change in labels is below a threshold, a model can be trained to perform key-value extraction using the updated graphs.

公开(公告)号：US20230146501A1

公开(公告)日：2023-05-11

申请号：US17524157

申请日：2021-11-11

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Kulbhushan Pachauri ,  Iman Zadeh ,  Jun Qian

IPC: G06K9/00 ,  G06N20/00

CPC classification number: G06K9/00442 ,  G06N20/00 ,  G06K2209/01

Abstract: A computing device may receive a set of user documents. Data may be extracted from the documents to generate a first graph data structure with one or more initial graphs containing key-value pairs. A model may be trained on the first graph data structure to classify the pairs. Until a set of evaluation metrics for the model exceeds a set of deployment thresholds: generating, a set of evaluation metrics may be generated for the model. The set of evaluation metrics may be compared to the set of deployment thresholds. In response to a determination that the set of evaluation metrics are below the set of deployment thresholds: one or more new graphs may be generated from the one or more initial graphs in the first graph data structure to produce a second graph data structure. The first and second graph can be used to train the model.

公开(公告)号：US20210014056A1

公开(公告)日：2021-01-14

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US10699020B2

公开(公告)日：2020-06-30

申请号：US15197463

申请日：2016-06-29

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai ,  Krishnakumar Sriramadhesikan

IPC: G06F21/60 ,  G06F21/62 ,  H04W4/60 ,  H04W12/02 ,  H04L9/32 ,  H04L29/06 ,  H04W4/12

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

公开(公告)号：US20190354695A1

公开(公告)日：2019-11-21

申请号：US16510424

申请日：2019-07-12

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai ,  Krishnakumar Sriramadhesikan

IPC: G06F21/60 ,  G06F21/62 ,  H04W12/02 ,  H04L29/06 ,  H04W4/60 ,  H04L9/32

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

公开(公告)号：US20190173674A1

公开(公告)日：2019-06-06

申请号：US15948405

申请日：2018-04-09

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0822 ,  H04L9/0894

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20190109831A1

公开(公告)日：2019-04-11

申请号：US16211540

申请日：2018-12-06

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai

IPC: H04L29/06

Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.

公开(公告)号：US10171437B2

公开(公告)日：2019-01-01

申请号：US15136734

申请日：2016-04-22

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai

IPC: H04L29/06

Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.

公开(公告)号：US20170006064A1

公开(公告)日：2017-01-05

申请号：US15197478

申请日：2016-06-29

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Srikant Krishnapuram Tirumalai ,  Krishnakumar Sriramadhesikan

IPC: H04L29/06 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F21/629 ,  H04L9/3263 ,  H04L63/10 ,  H04L63/20 ,  H04W4/12 ,  H04W4/60 ,  H04W12/02

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract translation: 公开了一种用于管理资源数据加密的集中式框架。 公开了提供与资源的数据加密的管理相关的各种服务的数据加密服务。 服务可以包括管理与应用有关的应用策略，加密策略和加密对象。 加密对象可以包括用于保护资源的加密密钥和证书。 在一个实施例中，可以在云计算环境中包括或实现数据加密服务，并且可以提供用于有效管理由不同客户系统托管或提供的各种应用的数据加密要求的集中式框架。 公开的数据加密服务可以提供与由数据加密服务管理的加密对象有关的监视和警报服务，并通过各种通信信道发送与加密对象有关的警报。