COMPARTMENT LEVEL BINDING FOR WORKLOAD IDENTITY
Granted: January 23, 2025
Application Number:
20250030680
Techniques are described for mapping a namespace to a compartment. An example method includes receiving, by a manager instance and from a pod, a first request for a token. The manager instance can transmit, to a token issuance service, a second request for the token. The token issuance service can identify a mapping object that maps the namespace to the resource. The token issuance service can transmit, to an identity service, the mapping object and a third request for the token. The…
AUTOMATICALLY INFERRING SOFTWARE-DEFINED NETWORK POLICIES FROM THE OBSERVED WORKLOAD IN A COMPUTING ENVIRONMENT
Granted: January 23, 2025
Application Number:
20250030603
Techniques are disclosed for automatically inferring software-defined network policies from the observed workload in a computing environment. The disclosed techniques include monitoring network traffic flow originating from network interfaces corresponding to containers that execute components of an application, recording details of a new network connection or a change in the existing network connection, obtaining information concerning the components of the application, identifying…
UPDATING DIGITAL CERTIFICATES ASSOCIATED WITH A VIRTUAL CLOUD NETWORK
Granted: January 23, 2025
Application Number:
20250030561
Techniques for updating certificate bundles may include receiving, at an entity associated with a virtual cloud network, a certificate bundle that includes an updated set of certificate authority (CA) certificates. The techniques may include applying a validation process to an entity certificate based on the certificate bundle, with the entity certificate having been issued to the entity prior to the entity receiving the certificate bundle. The validation process may include validating,…
REPLICATION OF CUSTOMER KEYS STORED IN A VIRTUAL VAULT
Granted: January 23, 2025
Application Number:
20250030542
Techniques are described for replicating encryption keys using a write ahead log (WAL). An example method can include receiving a request from a user device to transmit encryption keys stored in a first virtual vault of a first hardware security module (HSM) of a first data center to a second virtual vault of a second HSM of a second data center, the request comprising an account identifier. The method can further include identifying a first account-specific WAL of a plurality of…
USING MACHINE LEARNING FOR EXECUTING BATCH JOBS IN DISTRIBUTED CLOUD ENVIRONMENT
Granted: January 16, 2025
Application Number:
20250021388
A method includes estimating a number of threads to execute batch job within maximum completion time by executing a thread estimation algorithm. Executing the thread estimation algorithm includes: determining, using an ML model, a collection of one or more combinations, each including an estimated number of threads and an actual completion time for processing the batch job using the estimated number of threads, the actual completion time being less than or equal to the maximum completion…
CLIENT COOKIE MANAGEMENT SYSTEM
Granted: January 16, 2025
Application Number:
20250023952
A client cookie management system is disclosed that includes capabilities for securely managing a session between a web-based application and a user interacting with the web-based application using session cookies. The system receives a request from a user to access a resource provided by a web server and forwards the request to the web server. The web server generates a session cookie comprising a session identifier associated with a session created for the user. The system receives the…
SINGLE SIGN-ON ENABLED WITH OAUTH TOKEN
Granted: January 16, 2025
Application Number:
20250023862
Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the…
Semi-Automated Deployment For An Intra-Service Communication Infrastructure
Granted: January 16, 2025
Application Number:
20250023789
Techniques are disclosed for generating a topology of components based on a set of components provided by a user. The system identifies, for each particular component of the first set of components, one or more characteristics. The characteristics may include at least one of: a rule associated with the particular component, a requirement associated with the particular component, a data input type corresponding to the particular component, and data output type corresponding to the…
SYNCHRONIZING DOCUMENT OBJECT MODEL TREES RESPECTIVELY MAINTAINED BY A SERVER AND A BROWSER
Granted: January 16, 2025
Application Number:
20250021743
A system synchronizes a server-side DOM tree and a browser-side DOM tree with one another. Server may receive from a browser, a hash value of the browser-side DOM tree, and a server-side update instruction for applying a first server-side update to the server-side DOM tree to synchronize with a first browser-side update by the browser to the browser-side DOM tree. The server may identify the server-side DOM tree based on the hash value. The server may execute upon the server-side DOM…
Secure Modular Machine Learning Platform
Granted: January 16, 2025
Application Number:
20250021641
A secure, modular multi-tenant machine learning platform is configured to: receive untrusted code supplied by a first tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies a set of one or more security requirements; responsive to determining that the untrusted code satisfies the security requirement(s): deploy the untrusted code to a runtime execution environment; deploy a machine learning model associated with the first tenant to the…
System And Method For Providing External Key Management For Use With A Cloud Computing Infrastructure
Granted: January 9, 2025
Application Number:
20250015988
A key management service (KMS) in a cloud computing environment has an internal vault for cryptographic operations by an internal cryptographic key within the cloud environment and a proxy key vault communicatively coupled to an external key manager (EKM) that stores an external cryptographic key. The KMS uses a provider-agnostic application program interface (API) that permits the cloud service customer to use the same interface request and format for cryptographic operation requests…
System and Method for Two Way Trust Between an External Key Management System and a Cloud Computing Infrastructure
Granted: January 9, 2025
Application Number:
20250015977
An identity service in a cloud environment is communicatively coupled to a proxy key vault in the cloud environment and to an external key manager (EKM) located outside of the cloud environment. The identity service receives a token request for a communication credential from the proxy key vault and verifies the request based on a client credential associated with the proxy key vault. The identity service generates the client credential and signs the communication credential with a…
OUT OF DISTRIBUTION ELEMENT DETECTION FOR INFORMATION EXTRACTION
Granted: January 9, 2025
Application Number:
20250014374
Techniques for extracting information from unstructured documents that enable an ML model to be trained such that the model can accurately distinguish in-distribution (“in-D”) elements and out-of-distribution (“OO-D”) elements within an unstructured document. Novel training techniques are used that train an ML model using a combination of a regular training dataset and an enhanced augmented training dataset. The regular training dataset is used to train an ML model to identify…
TECHNIQUES FOR ADAPTIVE PIPELINING COMPOSITION FOR MACHINE LEARNING (ML)
Granted: January 9, 2025
Application Number:
20250013884
The present disclosure relates to systems and methods for an adaptive pipelining composition service that can identify and incorporate one or more new models into the machine learning application. The machine learning application with the new model can be tested off-line with the results being compared with ground truth data. If the machine learning application with the new model outperforms the previously used model, the machine learning application can be upgraded and auto-promoted to…
Storing And Versioning Hierarchical Data In A Binary Format
Granted: January 9, 2025
Application Number:
20250013670
A database manager is disclosed that retrieves database records having binary encoded data from a database and instantiating objects in an in-memory database. Binary encoding compresses data, allowing many subrecords to be stored a single blob field of a database record. Retrieving chunks from storage reduces transfer time by reducing the size of data and the number of operations needed to retrieve all the subrecords. The database manager receives database access requests from a database…
CONSOLIDATING CHANGE REQUESTS IN DATA HIERARCHIES
Granted: January 9, 2025
Application Number:
20250013627
A data hierarchy including individual data nodes may be used to represent a wide variety of data collections. Requests to change or add nodes in the data hierarchy may be received from many different sources over time. Instead of considering these change requests individually, an interface allows a plurality of change requests to be consolidated together into a single consolidated request. The consolidated request may be displayed in an interface such that changes from each of the…
DOMAIN ADAPTION FOR SERVICE REQUESTS USING A GENERATIVE ADVERSARIAL NETWORK
Granted: January 2, 2025
Application Number:
20250005590
Techniques for processing incomplete service requests are disclosed. A system identifies reference service requests similar to the information of an incomplete service request received from a user. Using an adversarial domain adapter, the system generates an enhanced service augmenting the incomplete service request with predicted information. The system then identifies a subset of the reference service requests meeting a similarity threshold with the enhanced service request. The system…
TECHNIQUES FOR ROTATING NETWORK ADDRESSES IN PREFAB REGIONS
Granted: January 2, 2025
Application Number:
20250007879
Techniques are disclosed for rotating network addresses following the installation of a prefab region network at a destination site. A manager service executing within a distributed computing system can allocate a rotation network address pool to a root allocator service that may be configured to provide network addresses from network address pools to dependent nodes within the distributed computing system, with each dependent node associated with a corresponding first network address of…
EGRESS TRAFFIC POLICY DEFINITION AND ENFORCEMENT AT TARGET SERVICE
Granted: January 2, 2025
Application Number:
20250007845
Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer, where the traffic is generated by a customer network of the customer, such as a customer tenancy or an on-premise network. The traffic can be destined to the target service. The traffic can be tagged by the customer network (e.g., by a gateway of the customer network). The customer network can be associated with the egress policy. The customer can define the…
EGRESS TRAFFIC POLICY ENFORCEMENT AT TARGET SERVICE ON TRAFFIC FROM SERVICE TENANCY
Granted: January 2, 2025
Application Number:
20250007832
Techniques for enforcing an egress policy at a target service are described. In an example, traffic is generated for a customer tenancy, where the traffic is generated by a multi-tenancy service. The traffic can be destined to the target service. The traffic can be tagged by the multi-tenancy service with information indicating that the traffic is egressing therefrom on behalf of the customer tenancy. The customer tenancy can be associated with the egress policy. The target service can…
