Patents by Inventor Binyuan Chen
Binyuan Chen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11798044Abstract: Embodiments are directed to a pluggable architecture for performance of pricing operations. An embodiment of a storage medium includes instructions for installing multiple pricing methods at a pricing service including a pluggable architecture for pricing methods, each pricing method including a set of pricing functions; receiving a pricing request for a sales transaction including one or more sales items, the pricing request including a pricing context for each sales item; and performing a price calculation for the sales transaction, including resolving a pricing method for each sales item, applying the set of pricing functions for the resolved pricing method for each sales item, the application of the set of pricing functions being based at least in part on the pricing context for the sales item, calculating a price for each sales item based upon an outcome of the pricing functions, and aggregating the calculated prices for the sales items.Type: GrantFiled: January 31, 2020Date of Patent: October 24, 2023Assignee: Salesforce, Inc.Inventors: Mitchell Christensen, Parth Vijay Vaishnav, Wei Gao, Binyuan Chen
-
Publication number: 20210241329Abstract: Embodiments are directed to a pluggable architecture for performance of pricing operations. An embodiment of a storage medium includes instructions for installing multiple pricing methods at a pricing service including a pluggable architecture for pricing methods, each pricing method including a set of pricing functions; receiving a pricing request for a sales transaction including one or more sales items, the pricing request including a pricing context for each sales item; and performing a price calculation for the sales transaction, including resolving a pricing method for each sales item, applying the set of pricing functions for the resolved pricing method for each sales item, the application of the set of pricing functions being based at least in part on the pricing context for the sales item, calculating a price for each sales item based upon an outcome of the pricing functions, and aggregating the calculated prices for the sales items.Type: ApplicationFiled: January 31, 2020Publication date: August 5, 2021Inventors: Mitchell Christensen, Parth Vijay Vaishnav, Wei Gao, Binyuan Chen
-
Patent number: 10726119Abstract: In a virtualized computer system, gray applications that are selected to be executed in a first virtual computing instance are executed and monitored in a second virtual computing instance that is a clone of the first virtual computing instance, and classified according to their monitored behavior. This process is conducted in real-time, in response to a notification that a gray application has been selected for execution in the first virtual computing instance. The execution of the gray application in the first virtual computing instance is delayed until the first virtual computing instance receives a notification from an application admission control manager that the gray application is safe to be executed in the first virtual computing instance.Type: GrantFiled: December 8, 2014Date of Patent: July 28, 2020Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen
-
Publication number: 20200195612Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: ApplicationFiled: October 21, 2019Publication date: June 18, 2020Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Patent number: 10454895Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: GrantFiled: September 12, 2016Date of Patent: October 22, 2019Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Publication number: 20190155938Abstract: In various embodiments, a system of synchronizing data is described. The system may store data associated with a plurality of data vendors. The system may synchronize the stored data with data from a first data vendor. The received data may be parsed by identifying data values indicated by associated metadata, and modifying the data values based on a universal data format. The system may also receive synchronization requests from a user of the service. The synchronization requests may indicate requested data and a list of processing operations. The requested data may correspond to data received from multiple data vendors. The system may perform the list of processing operations and return the data. Accordingly, the system may manage data received from multiple data vendors even if the data vendors have different synchronization conditions and provide the data in different formats. The data may be analyzed and output together to a user.Type: ApplicationFiled: June 12, 2018Publication date: May 23, 2019Inventors: Dmytro Kudriavtsev, Pawan Nachnani, Dmytro Kashyn, Binyuan Chen, Satya Venkata Kamuju, Harini Vaidhyanathan, Venkata Muralidhar Tejomurtula, Shouzhong Shi, Ajitesh Jain, Prabhjot Singh
-
Patent number: 9760712Abstract: Methods and systems for protecting a virtual machine network are disclosed. In an embodiment, a method involves storing an application whitelist including application-to-user associations in memory such that the application whitelist is immutable by a guest virtual machine, receiving a request to execute an application including an application identifier and a user identifier, comparing the application identifier and the user identifier of the request with the application whitelist, and generating an execution decision indicating whether the requested application can execute on the guest virtual machine.Type: GrantFiled: May 23, 2014Date of Patent: September 12, 2017Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Prasad Sharad Dabak
-
Publication number: 20160380972Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: ApplicationFiled: September 12, 2016Publication date: December 29, 2016Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Patent number: 9444841Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: GrantFiled: February 14, 2013Date of Patent: September 13, 2016Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Publication number: 20160162685Abstract: In a virtualized computer system, gray applications that are selected to be executed in a first virtual computing instance are executed and monitored in a second virtual computing instance that is a clone of the first virtual computing instance, and classified according to their monitored behavior. This process is conducted in real-time, in response to a notification that a gray application has been selected for execution in the first virtual computing instance. The execution of the gray application in the first virtual computing instance is delayed until the first virtual computing instance receives a notification from an application admission control manager that the gray application is safe to be executed in the first virtual computing instance.Type: ApplicationFiled: December 8, 2014Publication date: June 9, 2016Inventors: Azeem FEROZ, Binyuan CHEN
-
Publication number: 20150339475Abstract: Methods and systems for protecting a virtual machine network are disclosed. In an embodiment, a method involves storing an application whitelist including application-to-user associations in memory such that the application whitelist is immutable by a guest virtual machine, receiving a request to execute an application including an application identifier and a user identifier, comparing the application identifier and the user identifier of the request with the application whitelist, and generating an execution decision indicating whether the requested application can execute on the guest virtual machine.Type: ApplicationFiled: May 23, 2014Publication date: November 26, 2015Applicant: VMWARE, INC.Inventors: Azeem Feroz, Binyuan Chen, Prasad Sharad Dabak
-
Publication number: 20140230008Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: ApplicationFiled: February 14, 2013Publication date: August 14, 2014Applicant: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra