Patents by Inventor Srikant Krishnapuram Tirumalai
Srikant Krishnapuram Tirumalai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11374749Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.Type: GrantFiled: September 24, 2020Date of Patent: June 28, 2022Assignee: Oracle International CorporationInventors: Amit Agarwal, Rohit Koul, Srikant Krishnapuram Tirumalai, Jie Wang, Xinnong Wang
-
Patent number: 11244061Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: GrantFiled: July 12, 2019Date of Patent: February 8, 2022Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Patent number: 11216539Abstract: Techniques for brokering authorization between a user-facing service and a backend service are disclosed. A proxy service, operating independently of the user-facing service and the backend service, exposes an application programming interface (API) configured to receive requests from the user-facing services to perform functions of the plurality of backend services. The proxy service stores user authorization data that authorizes a user of a particular user-facing service to use a function of a backend service. The proxy service receives, via the API, a request to perform the function for an account associated with the user. Responsive to receiving to the request, the proxy service uses the user authorization data to access the backend service to perform the function for the account associated with the user.Type: GrantFiled: April 11, 2019Date of Patent: January 4, 2022Assignee: Oracle International CorporationInventors: Tuck Chang, Srikant Krishnapuram Tirumalai, Zhengming Zhang
-
Patent number: 11038861Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.Type: GrantFiled: December 6, 2018Date of Patent: June 15, 2021Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai
-
Publication number: 20210014056Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.Type: ApplicationFiled: September 24, 2020Publication date: January 14, 2021Applicant: Oracle International CorporationInventors: Amit Agarwal, Rohit Koul, Srikant Krishnapuram Tirumalai, Jie Wang, Xinnong Wang
-
Patent number: 10819513Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.Type: GrantFiled: April 9, 2018Date of Patent: October 27, 2020Assignee: Oracle International CorporationInventors: Amit Agarwal, Rohit Koul, Srikant Krishnapuram Tirumalai, Jie Wang, Xinnong Wang
-
Patent number: 10699020Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: GrantFiled: June 29, 2016Date of Patent: June 30, 2020Assignee: Oracle International CorporationInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Publication number: 20200125700Abstract: Techniques for brokering authorization between a user-facing service and a backend service are disclosed. A proxy service, operating independently of the user-facing service and the backend service, exposes an application programming interface (API) configured to receive requests from the user-facing services to perform functions of the plurality of backend services. The proxy service stores user authorization data that authorizes a user of a particular user-facing service to use a function of a backend service. The proxy service receives, via the API, a request to perform the function for an account associated with the user. Responsive to receiving to the request, the proxy service uses the user authorization data to access the backend service to perform the function for the account associated with the user.Type: ApplicationFiled: April 11, 2019Publication date: April 23, 2020Applicant: Oracle International CorporationInventors: Tuck Chang, Srikant Krishnapuram Tirumalai, Zhengming Zhang
-
Patent number: 10541988Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.Type: GrantFiled: August 3, 2017Date of Patent: January 21, 2020Assignee: Oracle International CorporationInventors: Buddhika Kottahachchi, Himanshu Sharma, Ramaprakash Hosalli Sathyanarayan, Fannie Ho, Arun Theebaprakasam, Srikant Krishnapuram Tirumalai, Olaf Stullich
-
Patent number: 10489599Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: GrantFiled: June 29, 2016Date of Patent: November 26, 2019Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Publication number: 20190354695Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: ApplicationFiled: July 12, 2019Publication date: November 21, 2019Applicant: Oracle International CorporationInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Patent number: 10395042Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: GrantFiled: June 29, 2016Date of Patent: August 27, 2019Assignee: Oracle International CorporationInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Publication number: 20190173674Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.Type: ApplicationFiled: April 9, 2018Publication date: June 6, 2019Applicant: Oracle International CorporationInventors: Amit Agarwal, Rohit Koul, Srikant Krishnapuram Tirumalai, Jie Wang, Xinnong Wang
-
Publication number: 20190109831Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.Type: ApplicationFiled: December 6, 2018Publication date: April 11, 2019Applicant: Oracle International CorporationInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai
-
Patent number: 10171437Abstract: Techniques are provided to manage security artifacts. Specifically, a security management system is disclosed for implementing security artifact archives to manage security artifacts. A security artifact archive may include information for managing one or more security artifacts that can be referenced or included in the security artifact archive. The security management system can create, edit, read, send, and perform other management operations for security artifact archives. Objects can be bundled in an object-specific security artifact archive. Security artifact archives may be named, versioned, tagged and/or labeled for identification. Security artifact archives may be transmitted to a destination (e.g., a service provider or a client system) that provides access to an object whose access is dependent on security artifacts. The destination may can manage access to the object using a security artifact archive that includes relevant and current security artifacts for the object.Type: GrantFiled: April 22, 2016Date of Patent: January 1, 2019Assignee: Oracle International CorporationInventors: Amit Agarwal, Srikant Krishnapuram Tirumalai
-
Publication number: 20170359327Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.Type: ApplicationFiled: August 3, 2017Publication date: December 14, 2017Applicant: Oracle International CorporationInventors: Buddhika Kottahachchi, Himanshu Sharma, Ramaprakash Hosalli Sathyanarayan, Fannie Ho, Arun Theebaprakasam, Srikant Krishnapuram Tirumalai, Olaf Stullich
-
Patent number: 9787657Abstract: Techniques for managing privileged accounts via a privileged access management service are provided. In some examples, the service may be configured with a plug-in framework for accessing secure resources. In some aspects, a log-in request that includes authentication information and corresponds to the service may be received. Session access to at least one secure resource may be provided when a user is authenticated. In some examples, a request to perform an action associated with the secure resource may be received during the session. Additionally, in some examples, the plug-in framework may be implemented to determine whether the user is allowed to perform the action. Further, performance of the action may be allowed or denied during the session based on the determination.Type: GrantFiled: March 20, 2014Date of Patent: October 10, 2017Assignee: Oracle International CorporationInventors: Buddhika Kottahachchi, Himanshu Sharma, Ramaprakash Hosalli Sathyanarayan, Fannie Ho, Arun Theebaprakasam, Srikant Krishnapuram Tirumalai, Olaf Stullich
-
Publication number: 20170006064Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: ApplicationFiled: June 29, 2016Publication date: January 5, 2017Inventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Publication number: 20170004312Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: ApplicationFiled: June 29, 2016Publication date: January 5, 2017Inventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
-
Publication number: 20170004313Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.Type: ApplicationFiled: June 29, 2016Publication date: January 5, 2017Inventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan