公开(公告)号：US11120108B2

公开(公告)日：2021-09-14

申请号：US16147279

申请日：2018-09-28

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Amit Agarwal ,  Dongguang Zhou ,  Vineet Garg ,  Krishnakumar Sriramadhesikan ,  Supriya Kalyanasundaram ,  Yulong Cao ,  Srivatsa Manjunath ,  Anant D. Kadam ,  Deepika Damojipurapu

IPC: G06F21/31 ,  G06F21/60

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

公开(公告)号：US20210014056A1

公开(公告)日：2021-01-14

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20190173674A1

公开(公告)日：2019-06-06

申请号：US15948405

申请日：2018-04-09

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0822 ,  H04L9/0894

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20190102526A1

公开(公告)日：2019-04-04

申请号：US16147279

申请日：2018-09-28

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Amit Agarwal ,  Dongguang Zhou ,  Vineet Garg ,  Krishnakumar Sriramadhesikan ,  Supriya Kalyanasundaram ,  Yulong Cao ,  Srivatsa Manjunath ,  Anant D. Kadam ,  Deepika Damojipurapu

IPC: G06F21/31 ,  G06F21/60

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

公开(公告)号：US10986056B2

公开(公告)日：2021-04-20

申请号：US15465973

申请日：2017-03-22

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Gurudutta Ramanathaiah

IPC: H04L12/58 ,  G06F16/9535 ,  G06Q10/10 ,  G06F16/9032

Abstract: Techniques, including systems and methods for distributing electronic messages, are disclosed. In an embodiment, information relating to a message thread is maintained. The information includes information identifying one or more members of a distribution list to be excluded from receiving messages in the message thread. When it has been determined to prevent distribution of the electronic message to one or more members of the distribution list, the electronic message is distributed to members of the distribution list excluding the one or more members to whom distribution is to be prevented. The distributed electronic message may identify the distribution list as an intended recipient.

公开(公告)号：US10819513B2

公开(公告)日：2020-10-27

申请号：US15948405

申请日：2018-04-09

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L29/06 ,  H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20170195270A1

公开(公告)日：2017-07-06

申请号：US15465973

申请日：2017-03-22

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Gurudutta Ramanathaiah

IPC: H04L12/58 ,  G06F17/30

CPC classification number: H04L51/14 ,  G06F16/90324 ,  G06F16/9535 ,  G06Q10/107 ,  H04L51/12 ,  H04L51/16

Abstract: Techniques, including systems and methods for distributing electronic messages, are disclosed. In an embodiment, information relating to a message thread is maintained. The information includes information identifying one or more members of a distribution list to be excluded from receiving messages in the message thread. When it has been determined to prevent distribution of the electronic message to one or more members of the distribution list, the electronic message is distributed to members of the distribution list excluding the one or more members to whom distribution is to be prevented. The distributed electronic message may identify the distribution list as an intended recipient.

公开(公告)号：US11374749B2

公开(公告)日：2022-06-28

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L29/06 ,  H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US10805350B2

公开(公告)日：2020-10-13

申请号：US15897651

申请日：2018-02-15

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Vineet Garg ,  Dongguang Zhou ,  Amit Agarwal ,  Yu Long Cao

IPC: G06F21/00 ,  H04L29/06 ,  H04L29/08

Abstract: In accordance with an embodiment, described herein is a system and method for providing security services using a security configuration template in a multi-tenant environment. The system can load a security configuration template in memory when the multi-tenant environment starts, and can use the security configuration template to create a multi-headed tree to represent tenant-specific security configurations. Each head of the multi-headed tree can represent a root node of either the security configuration template or a tenant-specific security configuration. Each tenant-specific security configuration can reuse one or more nodes in the security configuration template by referencing those nodes, and can include one or more new nodes created from the security configuration template by replacing each placeholder therein with tenant-specific values. By creating tenant-specific security configurations on the fly in memory, the system can simplify the tenant onboarding process and save precious computing and storage resources, e.g., in a cloud environment.