公开(公告)号：US10791145B2

公开(公告)日：2020-09-29

申请号：US15408760

申请日：2017-01-18

Applicant: Oracle International Corporation

Inventor： Jeffrey Jason Bryan ,  Nickolas Kavantzas ,  Prakash Yamuna

IPC: H04L29/06 ,  G06F21/60

Abstract: In one set of embodiments, methods, systems, and apparatus are provided to attach one or more service policies to resources in an enterprise by receiving a first service policy, receiving a first policy attachment that identifies one or more policy attachment attributes of resources in the enterprise, and generate a first global policy attachment that references the first policy attachment and the first service policy. The method can include receiving a request to access a resource including an attribute that matches one of the policy attachment attributes. The method can include determining that the first service policy is an effective policy for the resource based on the matching resource attribute with the policy attachment attribute. The method can include controlling access to the resource responsive to the request using the effective policy.

公开(公告)号：US09648043B2

公开(公告)日：2017-05-09

申请号：US14696432

申请日：2015-04-25

Applicant: Oracle International Corporation

Inventor： Nitin Handa ,  Prakash Yamuna

IPC: H04L29/06 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L63/20 ,  G06F17/30893 ,  G06F17/30899 ,  H04L41/06 ,  H04L41/0893 ,  H04L63/0209 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/105 ,  H04L65/105 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2823

Abstract: Embodiments of the invention provide techniques for processing messages transmitted between computer networks. Messages, such as requests from client devices for web services and other web content may be transmitted between multiple computer networks. Intermediary devices or applications such as proxy servers may receive, process, and transmit the messages between the communication endpoints. In some embodiments, a reverse proxy server may be configured to dynamically generate Representational State Transfer (REST) services and REST resources within the reverse proxy server. The REST services and REST resources within the reverse proxy server may handle incoming requests from client devices and invoke backend web services, thereby allowing design abstraction and/or enforcement of various security policies on the reverse proxy server.

公开(公告)号：US20140109195A1

公开(公告)日：2014-04-17

申请号：US14106037

申请日：2013-12-13

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Nickolas Kavantzas ,  Prakash Yamuna

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F9/461 ,  G06F21/44

Abstract: Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.

Abstract translation: 提出了用于在复合应用中传播身份信息的各种方法和系统。 对于特定实体执行的复合应用的状态数据可以被传送到计算机可读存储介质并由计算机可读存储介质存储。 状态数据可以包括与该实体链接的一组主题信息的一部分。 在传送到非暂时计算机可读存储介质的状态数据中，被摄体的安全属性可能不存在于该组主题信息的部分中。 经过一段时间（例如一小时或一天），可以检索对该实体执行的复合应用的状态数据，并且可以确定与该实体链接的一组主题信息的安全属性。复合应用可以 然后继续为该实体执行。

公开(公告)号：US20140129706A1

公开(公告)日：2014-05-08

申请号：US14148400

申请日：2014-01-06

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Prakash Yamuna ,  Nickolas Kavantzas

IPC: H04L12/26

CPC classification number: H04L43/04 ,  H04L12/66 ,  H04L63/102 ,  H04L67/02

Abstract: Methods, systems, and devices are described for identifying compatible web service policies between a web service and a web service client. A first and second set of one or more identifiers linked to web service policies supported by the web service and web service client may be calculated, respectively. The sets of identifiers may be compared. Using the comparison, a number of common identifiers present in the first set of one or more identifiers linked to the web service policies supported by the web service and the second set of one or more identifiers linked to the web service policies supported by the web service client may be identified. Using the number of common identifiers, a web service policy of the web service compatible with a web service policy of the web service client may be identified.

Abstract translation: 描述了用于识别Web服务和Web服务客户端之间的兼容Web服务策略的方法，系统和设备。 可以分别计算链接到由web服务和web服务客户端支持的web服务策略的一个或多个标识符的第一和第二集合。 可以比较标识符集合。 使用比较，存在于链接到由web服务支持的web服务策略的一个或多个标识符的第一组中的多个公共标识符以及链接到由web服务支持的web服务策略的一个或多个标识符的第二组 客户可能被识别。 使用公共标识符的数量，可以识别与web服务客户端的web服务策略兼容的web服务的web服务策略。

公开(公告)号：US20220198322A1

公开(公告)日：2022-06-23

申请号：US17130867

申请日：2020-12-22

Applicant: Oracle International Corporation

Inventor： Leonid Kuperman ,  Ramakrishna Raju Uppalapati ,  Prakash Yamuna ,  Vardhaman Parasmal Modi ,  Mukarram Baig ,  Rohit Srivastava

IPC: G06N20/00 ,  H04L29/06 ,  G06K9/62 ,  G06N5/04 ,  H04L12/24

Abstract: Techniques for auto-remediating security issues with artificial intelligence. One technique includes obtaining a problem detected within a signal from an emitter associated with a user, inferring a first response, using a global model having a global set of model parameters learned from mappings between problems and responses globally with respect to preferences of all users using a security architecture, inferring a second response, using a local model having a local set of model parameters learned from mappings between problems and responses locally with respect to preferences of the user; evaluating the first response and the second response using criteria, determining a final response for the problem based on the evaluation of the first response and the second response, and selecting a responder from a set of responders based on the final response. The responder is adapted to take one or more actions to respond to the problem.

公开(公告)号：US09742640B2

公开(公告)日：2017-08-22

申请号：US14148400

申请日：2014-01-06

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Prakash Yamuna ,  Nickolas Kavantzas

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/66 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L43/04 ,  H04L12/66 ,  H04L63/102 ,  H04L67/02

Abstract: Methods, systems, and devices are described for identifying compatible web service policies between a web service and a web service client. A first and second set of one or more identifiers linked to web service policies supported by the web service and web service client may be calculated, respectively. The sets of identifiers may be compared. Using the comparison, a number of common identifiers present in the first set of one or more identifiers linked to the web service policies supported by the web service and the second set of one or more identifiers linked to the web service policies supported by the web service client may be identified. Using the number of common identifiers, a web service policy of the web service compatible with a web service policy of the web service client may be identified.

公开(公告)号：US08973117B2

公开(公告)日：2015-03-03

申请号：US14106037

申请日：2013-12-13

Applicant: Oracle International Corporation

Inventor： Nickolas Kavantzas ,  Prakash Yamuna

IPC: H04L29/00 ,  H04L29/06 ,  G06F9/46 ,  G06F21/44

CPC classification number: H04L63/08 ,  G06F9/461 ,  G06F21/44

Abstract: Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.

Abstract translation: 提出了用于在复合应用中传播身份信息的各种方法和系统。 对于特定实体执行的复合应用的状态数据可以被传送到计算机可读存储介质并由计算机可读存储介质存储。 状态数据可以包括与该实体链接的一组主题信息的一部分。 在传送到非暂时计算机可读存储介质的状态数据中，被摄体的安全属性可能不存在于该组主题信息的部分中。 经过一段时间（例如一小时或一天），可以检索对该实体执行的复合应用的状态数据，并且可以确定与该实体链接的一组主题信息的安全属性。复合应用可以 然后继续为该实体执行。

公开(公告)号：US20170126743A1

公开(公告)日：2017-05-04

申请号：US15408760

申请日：2017-01-18

Applicant: Oracle International Corporation

Inventor： Jeffrey Jason Bryan ,  Nickolas Kavantzas ,  Prakash Yamuna

IPC: H04L29/06

Abstract: In one set of embodiments, methods, systems, and apparatus are provided to attach one or more service policies to resources in an enterprise by receiving a first service policy, receiving a first policy attachment that identifies one or more policy attachment attributes of resources in the enterprise, and generate a first global policy attachment that references the first policy attachment and the first service policy. The method can include receiving a request to access a resource including an attribute that matches one of the policy attachment attributes. The method can include determining that the first service policy is an effective policy for the resource based on the matching resource attribute with the policy attachment attribute. The method can include controlling access to the resource responsive to the request using the effective policy.

公开(公告)号：US20160088023A1

公开(公告)日：2016-03-24

申请号：US14696432

申请日：2015-04-25

Applicant: Oracle International Corporation

Inventor： Nitin Handa ,  Prakash Yamuna

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F17/30893 ,  G06F17/30899 ,  H04L41/06 ,  H04L41/0893 ,  H04L63/0209 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/105 ,  H04L65/105 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2823

Abstract: Embodiments of the invention provide techniques for processing messages transmitted between computer networks. Messages, such as requests from client devices for web services and other web content may be transmitted between multiple computer networks. Intermediary devices or applications such as proxy servers may receive, process, and transmit the messages between the communication endpoints. In some embodiments, a reverse proxy server may be configured to dynamically generate Representational State Transfer (REST) services and REST resources within the reverse proxy server. The REST services and REST resources within the reverse proxy server may handle incoming requests from client devices and invoke backend web services, thereby allowing design abstraction and/or enforcement of various security policies on the reverse proxy server.

Abstract translation: 本发明的实施例提供了用于处理在计算机网络之间传送的消息的技术。 可以在多个计算机网络之间传送消息，诸如来自客户端设备的用于web服务和其他web内容的请求。 诸如代理服务器的中间设备或应用可以在通信端点之间接收，处理和传送消息。 在一些实施例中，反向代理服务器可以被配置为在反向代理服务器内动态生成表示状态转移（REST）服务和REST资源。 反向代理服务器中的REST服务和REST资源可以处理来自客户端设备的传入请求，并调用后端Web服务，从而允许逆向代理服务器上的各种安全策略的设计抽象和/或执行。