公开(公告)号：US11122019B2

公开(公告)日：2021-09-14

申请号：US16570364

申请日：2019-09-13

Applicant: Oracle International Corporation

Inventor： Abhishek Dadhich ,  Kant C. Patel ,  Feroz Alam Khan ,  Bhaskar Mathur ,  Srinivas Pamu

IPC: H04L29/06 ,  H04L29/08

Abstract: Described is an improved approach to ensure high availability for established sessions (e.g., application layer sessions) over network connections that negotiates and renegotiates encryption keys (e.g., TLS/SSL) at clean boundaries to ensure in-transit data are properly handled during migration of an application (e.g., a reverse proxy server instance). Connected TCP sessions may be handed off to another application (e.g., from existing proxy server to new/upgraded proxy server) and after establishing a new TLS session with a new encryption key, data transfer may be resumed between a client and a server using the new/upgraded application in a client-server architecture.

公开(公告)号：US09621964B2

公开(公告)日：2017-04-11

申请号：US13632139

申请日：2012-09-30

Applicant: Oracle International Corporation

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Kant C. Patel

IPC: G06F15/16 ,  H04N21/845 ,  H04N21/44 ,  H04N21/6332 ,  H04L1/00

CPC classification number: H04N21/8455 ,  H04N21/44008 ,  H04N21/6332

Abstract: Techniques and systems that allow receiving a data stream and a location value. The location value, in one embodiment, is indicative of a location in the data stream at which the data stream has been aborted. This value may be determined by a sending entity and sent to a receiving entity. In various embodiments, the receiving entity may compute the remaining amount of data to be received in the data stream, and then receive that amount of data. In some embodiments, a checkpoint value may be used in conjunction with the location value to indicate an abort location for a data stream. A checkpoint value may correspond to an amount of data between successive checkpoints in the data stream. In some embodiments, upon aborting a data stream, a receiving entity receives data until a next checkpoint in the data stream.

公开(公告)号：US20140095665A1

公开(公告)日：2014-04-03

申请号：US13632139

申请日：2012-09-30

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Kant C. Patel

IPC: G06F15/16

CPC classification number: H04N21/8455 ,  H04N21/44008 ,  H04N21/6332

Abstract: Techniques and systems that allow receiving a data stream and a location value. The location value, in one embodiment, is indicative of a location in the data stream at which the data stream has been aborted. This value may be determined by a sending entity and sent to a receiving entity. In various embodiments, the receiving entity may compute the remaining amount of data to be received in the data stream, and then receive that amount of data. In some embodiments, a checkpoint value may be used in conjunction with the location value to indicate an abort location for a data stream. A checkpoint value may correspond to an amount of data between successive checkpoints in the data stream. In some embodiments, upon aborting a data stream, a receiving entity receives data until a next checkpoint in the data stream.

Abstract translation: 允许接收数据流和位置值的技术和系统。 在一个实施例中，位置值指示数据流已被中止的数据流中的位置。 该值可以由发送实体确定并发送给接收实体。 在各种实施例中，接收实体可以计算要在数据流中接收的数据的剩余量，然后接收该数据量。 在一些实施例中，检查点值可以与位置值结合使用以指示数据流的中止位置。 检查点值可以对应于数据流中连续检查点之间的数据量。 在一些实施例中，在中止数据流时，接收实体接收数据直到数据流中的下一个检查点。

公开(公告)号：US11792153B1

公开(公告)日：2023-10-17

申请号：US17805449

申请日：2022-06-03

Applicant: Oracle International Corporation

Inventor： Srinivas Pamu ,  Feroz Alam Khan ,  Kant C. Patel

IPC: H04L61/25 ,  H04L61/255 ,  H04L45/64 ,  H04L61/251

CPC classification number: H04L61/255 ,  H04L45/64 ,  H04L61/251

Abstract: A computer program product, system, and computer implemented method for application-level redirect trapping and creation of NAT mapping to work with routing infrastructure for private connectivity in cloud and customer networks. The approach disclosed herein generally comprises a method of leveraging a reverse connection endpoint and IP address mapping controller to capture redirection messages from a private cloud or network (e.g., a service consumer network or a service consumer hybrid cloud). This allows at least the IP address mapping controller to manage a cloud networking infrastructure to provide for a service provider network (e.g., a public cloud) to support applications that overcome the isolation requirements of a private cloud or network to perform useful work. For example, without saddling the private cloud or network user with a heavy pre-configuration burden, the approach disclosed herein supports redirection to dynamically determined IP addresses at the private cloud or network.

公开(公告)号：US20170302673A1

公开(公告)日：2017-10-19

申请号：US15635418

申请日：2017-06-28

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

公开(公告)号：US08838535B2

公开(公告)日：2014-09-16

申请号：US13645819

申请日：2012-10-05

Applicant: Oracle International Corporation

Inventor： Wei-Ming Hu ,  Lakshminaray Chidambaran ,  Mark Dilman ,  Feroz A. Khan ,  Bhaskar Mathur ,  Kevin S. Neel ,  Leonid Novak ,  Kant C. Patel ,  Saravanakumar Ramasubramanian ,  Michael J. Stewart ,  Hubert Sun

IPC: G06F17/30

CPC classification number: G06F17/30595 ,  H04L41/02 ,  H04L67/1002

Abstract: Techniques are provided to allow users to define a global service that is offered across multiple replicated databases. Database clients connect to and use a global service just as they do with regular services on a single database today. Upon receiving a connection request, a collection of components, referred to collectively as the Global Data Service framework (GDS framework), automatically chooses the best database server instances to which to connect a client. Once those connections have been established, the clients determine which database server instance, of those database server instances to which they are connected, to send requests to based, at least in part, on advisory messages sent to the clients by the GDS framework.

Abstract translation: 提供技术以允许用户定义跨多个复制数据库提供的全局服务。 数据库客户端连接到并使用全局服务，就像现在一个数据库上的常规服务一样。 一旦接收到连接请求，将统称为全局数据服务框架（GDS框架）的组件集合自动选择连接客户端的最佳数据库服务器实例。 一旦建立了这些连接，客户端将确定哪些数据库服务器实例（与其连接的数据库服务器实例）发送请求至少部分地基于由GDS框架发送给客户端的咨询消息。

公开(公告)号：US20250126183A1

公开(公告)日：2025-04-17

申请号：US18765133

申请日：2024-07-05

Applicant: Oracle International Corporation

Inventor： Shuvabrata Ganguly ,  Soumya Kailasa ,  Satish Panchumarthy ,  Bhaskar Mathur ,  Jinesh Udaykumar Vora ,  Feroz Alam Khan ,  Kant C. Patel ,  Srinivas Pamu

IPC: H04L67/56 ,  H04L12/46 ,  H04L69/165

Abstract: The present disclosure relates generally to establishing a connection between a client and an endpoint in a manner that reduces network latency. In an example, a network layer proxy receives a request of a client for an endpoint connection establishment, the request including endpoint information. The network layer proxy sends, to an application layer proxy, the endpoint information, the endpoint information sent using a connection-less protocol. Thereafter, the network layer proxy receives, from the application layer proxy, a network address of an endpoint selected by the application layer proxy based on the endpoint information and application layer information. The network layer proxy sends a response to the client such that a connection is established to the endpoint using a connection-based protocol and such that the connection bypasses the application layer proxy.

公开(公告)号：US12170643B2

公开(公告)日：2024-12-17

申请号：US18244815

申请日：2023-09-11

Applicant: Oracle International Corporation

Inventor： Srinivas Pamu ,  Feroz Alam Khan ,  Kant C. Patel

IPC: H04L61/25 ,  H04L45/64 ,  H04L61/251 ,  H04L61/255

Abstract: A computer program product, system, and computer implemented method for application-level redirect trapping and creation of NAT mapping to work with routing infrastructure for private connectivity in cloud and customer networks. The approach disclosed herein generally comprises a method of leveraging a reverse connection endpoint and IP address mapping controller to capture redirection messages from a private cloud or network (e.g., a service consumer network or a service consumer hybrid cloud). This allows at least the IP address mapping controller to manage a cloud networking infrastructure to provide for a service provider network (e.g., a public cloud) to support applications that overcome the isolation requirements of a private cloud or network to perform useful work. For example, without saddling the private cloud or network user with a heavy pre-configuration burden, the approach disclosed herein supports redirection to dynamically determined IP addresses at the private cloud or network.

公开(公告)号：US09825960B2

公开(公告)日：2017-11-21

申请号：US14724874

申请日：2015-05-29

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Feroz Alam Khan ,  Bhaskar Mathur ,  Kant C. Patel

IPC: H04L29/06

CPC classification number: H04L63/102 ,  H04L63/0263 ,  H04L63/16 ,  H04L63/20

Abstract: Systems, methods, and other embodiments are disclosed that are configured to generate a hierarchy of access rules in a protocol stack. Access rules corresponding to a first layer in a protocol stack are analyzed. The access rules determine, at the first layer, whether network sources are permitted access to a computing device. Dependent access rules are generated based at least in part on a combination of the access rules from the first layer. The dependent access rules are pushed down to a second layer in the protocol stack by implementing the dependent access rules at the second layer to determine, at the second layer, whether the network sources are permitted access to the computing device.

公开(公告)号：US20190102216A1

公开(公告)日：2019-04-04

申请号：US16052473

申请日：2018-08-01

Applicant: Oracle International Corporation

Inventor： Bhaskar Mathur ,  Feroz Alam Khan ,  Kant C. Patel

IPC: G06F9/48

Abstract: A process or thread is implemented to issue a command which executes without use of a processor that issues the command, retain control of the processor to check whether the issued command has completed, and when the issued command has not completed repeat the checking without relinquishing the processor, until a limiting condition is satisfied. The limiting condition may be determined specifically for a current execution of the command, based on one or more factors, such as durations of executions of the command after start of the process or thread and/or an indicator of delay in a current execution of the command. When the limiting condition is satisfied, the processor is relinquished by the process or thread issuing a sleep command, after setting an interrupt. After the command completes, the limiting condition is determined anew based on the duration of the current execution, for use in a next execution.