Patents by Inventor Sreedhar Katti
Sreedhar Katti has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11398900Abstract: Embodiments are directed to managing cryptographic keys in a multi-tenant cloud based system. Embodiments receive from a client a request for a wrapped data encryption key (“DEK”). Embodiments generate a random key and fetch encryption context that corresponds to the client. Embodiments generate the wrapped DEK including the random key and the encryption context encoded in the wrapped DEK. Embodiments then return the wrapped DEK to the client.Type: GrantFiled: February 7, 2019Date of Patent: July 26, 2022Assignee: Oracle International CorporationInventors: Sirish V. Vepa, Prateek Mishra, Sreedhar Katti, Varanasi Kumar Ravi, Harold William Lockhart, Rakesh Keshava
-
Patent number: 11089474Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: GrantFiled: October 16, 2018Date of Patent: August 10, 2021Assignee: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Patent number: 10878079Abstract: A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.Type: GrantFiled: May 9, 2017Date of Patent: December 29, 2020Assignee: Oracle International CorporationInventors: Sirish V. Vepa, Sreedhar Katti, Maheshkumar Shivlal Dhaduk, Vadim Lander
-
Patent number: 10581820Abstract: Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.Type: GrantFiled: May 8, 2017Date of Patent: March 3, 2020Assignee: Oracle International CorporationInventors: Rakesh Keshava, Sreedhar Katti, Sirish Vepa, Vadim Lander, Prateek Mishra
-
Patent number: 10530578Abstract: A key store microservice is provided for a cloud based identity management system. The key store microservice receives, over a network, a request from a client application to retrieve a key, the request including a tenancy identifier, and determines whether the key is present in a tenant specific memory cache associated with the tenancy identifier. When the key is determined to be present in the tenant specific memory cache, the key store microservice retrieves the key from the tenant specific memory cache, retrieves a decryption key from a key wallet, decrypts the key retrieved from the tenant specific memory cache using the decryption key retrieved from the key wallet, and sends, over the network, the key to the client.Type: GrantFiled: May 30, 2017Date of Patent: January 7, 2020Assignee: Oracle International CorporationInventors: Rakesh Keshava, Sreedhar Katti, Sirish Vepa, Hari Sastry
-
Publication number: 20190394024Abstract: Embodiments are directed to managing cryptographic keys in a multi-tenant cloud based system. Embodiments receive from a client a request for a wrapped data encryption key (“DEK”). Embodiments generate a random key and fetch encryption context that corresponds to the client. Embodiments generate the wrapped DEK including the random key and the encryption context encoded in the wrapped DEK. Embodiments then return the wrapped DEK to the client.Type: ApplicationFiled: February 7, 2019Publication date: December 26, 2019Inventors: Sirish V. VEPA, Prateek MISHRA, Sreedhar KATTI, Varanasi Kumar RAVI, Harold William LOCKHART, Rakesh KESHAVA
-
Patent number: 10454940Abstract: A system for authorizing access to a resource receives a request for an access token that corresponds to the resource, where the request includes user information and application information. The user information includes a role of the user and the application information includes a role of the application. The system evaluates the request by computing scopes for the access token, including determining an intersection between the user information and the application information. The system then provides the access token that includes the computed scopes, the scopes being based at least on the role of the user and the role of the application.Type: GrantFiled: March 30, 2017Date of Patent: October 22, 2019Assignee: Oracle International CorporationInventors: Vadim Lander, Hari Sastry, Sreedhar Katti, Sirish V. Vepa, Swathi Vinayak Shenoy
-
Publication number: 20190052624Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: ApplicationFiled: October 16, 2018Publication date: February 14, 2019Applicant: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Patent number: 10116647Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: GrantFiled: May 22, 2017Date of Patent: October 30, 2018Assignee: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Publication number: 20180041336Abstract: A key store microservice is provided for a cloud based identity management system. The key store microservice receives, over a network, a request from a client application to retrieve a key, the request including a tenancy identifier, and determines whether the key is present in a tenant specific memory cache associated with the tenancy identifier. When the key is determined to be present in the tenant specific memory cache, the key store microservice retrieves the key from the tenant specific memory cache, retrieves a decryption key from a key wallet, decrypts the key retrieved from the tenant specific memory cache using the decryption key retrieved from the key wallet, and sends, over the network, the key to the client.Type: ApplicationFiled: May 30, 2017Publication date: February 8, 2018Inventors: Rakesh Keshava, Sreedhar Katti, Sirish Vepa, Hari Sastry
-
Publication number: 20170331832Abstract: A system for authorizing access to a resource receives a request for an access token that corresponds to the resource, where the request includes user information and application information. The user information includes a role of the user and the application information includes a role of the application. The system evaluates the request by computing scopes for the access token, including determining an intersection between the user information and the application information. The system then provides the access token that includes the computed scopes, the scopes being based at least on the role of the user and the role of the application.Type: ApplicationFiled: March 30, 2017Publication date: November 16, 2017Inventors: VADIM LANDER, Hari SASTRY, Sreedhar KATTI, Sirish V. VEPA, Swathi Vinayak SHENOY
-
Publication number: 20170329957Abstract: A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.Type: ApplicationFiled: May 9, 2017Publication date: November 16, 2017Inventors: Sirish V. VEPA, Sreedhar KATTI, Maheshkumar Shivlal DHADUK, Vadim LANDER
-
Publication number: 20170331802Abstract: Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.Type: ApplicationFiled: May 8, 2017Publication date: November 16, 2017Inventors: Rakesh Keshava, Sreedhar Katti, Sirish Vepa, Vadim Lander, Prateek Mishra
-
Publication number: 20170257362Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: ApplicationFiled: May 22, 2017Publication date: September 7, 2017Applicant: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Patent number: 9692748Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: GrantFiled: April 17, 2015Date of Patent: June 27, 2017Assignee: Oracle International CorporationInventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Publication number: 20160087956Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.Type: ApplicationFiled: April 17, 2015Publication date: March 24, 2016Inventors: Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Sidhartha Das, Rajesh Pakkath, Sreedhar Katti
-
Patent number: 8407461Abstract: A plug-in framework is invoked within a plug-in, where the plug-in framework includes a software library configured to define, register, and configure plug-ins, where the plug-in includes a software module that extends or customizes functionality of a software application that is external to the plug-in, and where the plug-in includes a mapping name. A plug-in instance declaration is searched, by the plug-in framework, for a mapping that includes the mapping name, where the plug-in instance declaration is located within a plug-in file, and where the plug-in declaration comprises one or more mappings. When a mapping of the mapping name to the value is found, the value is returned, by the plug-in framework, to the plug-in based on the mapping. The plug-in framework also allows a plug-in provider to associate a plug-in with metadata.Type: GrantFiled: December 17, 2010Date of Patent: March 26, 2013Assignee: Oracle International CorporationInventors: Weng Cheong, Eswar Vandanapu, Sreedhar Katti
-
Publication number: 20120159145Abstract: A plug-in framework is invoked within a plug-in, where the plug-in framework includes a software library configured to define, register, and configure plug-ins, where the plug-in includes a software module that extends or customizes functionality of a software application that is external to the plug-in, and where the plug-in includes a mapping name. A plug-in instance declaration is searched, by the plug-in framework, for a mapping that includes the mapping name, where the plug-in instance declaration is located within a plug-in file, and where the plug-in declaration comprises one or more mappings. When a mapping of the mapping name to the value is found, the value is returned, by the plug-in framework, to the plug-in based on the mapping. The plug-in framework also allows a plug-in provider to associate a plug-in with metadata.Type: ApplicationFiled: December 17, 2010Publication date: June 21, 2012Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Weng CHEONG, Eswar VANDANAPU, Sreedhar KATTI