Patents by Inventor Gaurav Banga

Gaurav Banga has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9727534
    Abstract: Approaches for synchronizing cookie data across a virtualized web browser. When a user instructs a virtualized web browser, executing on a host operating system, to display a web page, a host module executing on the host operating system instructs a particular virtual machine to retrieve the web page within the particular virtual machine. The host module provides cookie data for the user to the guest module. The cookie data identifies one or more cookies deemed to be pertinent to the retrieval of the web page. The guest module provides, to the host module, screen data content for use in displaying the web page.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: August 8, 2017
    Assignee: Bromium, Inc.
    Inventors: Prakash Buddhiraja, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
  • Patent number: 9680873
    Abstract: Approaches for processing network requests based upon the perceived trustworthiness of the network. A software component renders a judgment, based on a policy that weighs one or more factors, about whether a network accessible to a device should be trusted. If the software component renders a judgment that the network should be trusted, then a network resource identified on a white list of trusted resources is allowed to be retrieved within a host operating system or in a first virtual machine. Conversely, if the software component renders a judgment that the network should not be trusted, then the network resource identified on the white list of trusted resources is prevented from be retrieved within the host operating system or the first virtual machine, and may instead be retrieved within a second virtual machine, which has a more restrictive set of access privileges than the first virtual machine.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: June 13, 2017
    Assignee: Bromium, Inc.
    Inventors: David Halls, Gaurav Banga, Ian Pratt, Vikram Kapoor, Xin Li
  • Patent number: 9626204
    Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. In response to receiving a request to perform an action, an isolated environment (such as but not limited to a virtual machine) is instantiated without receiving an explicit user instruction to do so. To instantiate the isolated environment, one or more templates for use in instantiating the isolated environment are identified using a policy. The one or more templates describe isolated environment characteristics for different types of activity. After the isolated environment has been instantiated using one or more identified templates, the action may be performed in the isolated environment.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: April 18, 2017
    Assignee: Bromium, Inc.
    Inventors: Gaurav Banga, Kiran Bondalapati, Ian Pratt, Vikram Kapoor
  • Patent number: 9454735
    Abstract: A system and method for integrating data with a contact is disclosed. The technology initially receives a first data element from a contact and provides a representation of the first data element. The representation of the first data element is then coupled with the contact on a contact list. A second data element is then received from the contact and a representation of the second data element received is also provided. The representation of the second data element is then coupled with the contact on the contact list, such that the representation of the first data element and the representation of the second data element are concurrently coupled with the contact on the contact list.
    Type: Grant
    Filed: June 30, 2006
    Date of Patent: September 27, 2016
    Assignee: NOKIA CORPORATION
    Inventors: Gaurav Banga, Woodson Hobbs
  • Publication number: 20160232380
    Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.
    Type: Application
    Filed: April 19, 2016
    Publication date: August 11, 2016
    Inventors: Ian Pratt, Rahul C. Kashyap, Gaurav Banga
  • Patent number: 9384026
    Abstract: Approaches for selectively sharing cookies between virtual machines responsible for retrieving web content. A request to display a web page is received. The web page includes top-level content served by a top-level domain and secondary content served by one or more other domains. A determination that at least a portion of the web page should be retrieved from within a virtual machine is made. A policy is consulted to identify a set of cookies to inject into the virtual machine. The policy considers whether the virtual machine is responsible for retrieving one or more of top-level content and secondary content in identifying the set of cookies to inject into the virtual machine. After injecting the set of cookies into the virtual machine, the portion of the web page is retrieved from within the virtual machine.
    Type: Grant
    Filed: January 30, 2014
    Date of Patent: July 5, 2016
    Assignee: Bromium, Inc.
    Inventors: Gaurav Banga, Ian Pratt, Vikram Kapoor, Prakash Buddhiraja, Kiran Bondalapati
  • Publication number: 20160154539
    Abstract: Approaches for composing the display of a virtualized web browser. Upon a host module, executing in a host operating system, of a virtualized web browser being instructed to display a new web page, policy data is consulted to determine if one or more trigger conditions are satisfied. Upon determining that at least one of the one or more trigger conditions is satisfied, the virtualized web browser, transparently to a user, retrieving and rendering the new web page in a location different than where the previous web page was retrieved and rendered by the virtualized web browser. After the new web page has been retrieved and rendered at the location specified by the policy data, the host module displays the new web page. The policy data may operate to specify the behavior of individual tabs of the virtualized web browser.
    Type: Application
    Filed: November 30, 2015
    Publication date: June 2, 2016
    Inventors: Prakash Buddhiraja, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
  • Patent number: 9354906
    Abstract: Managing the guest operating system's eviction of memory pages from a virtual machine. A guest operating system or a hypervisor may cause one or more memory pages within a guest physical frame to become unlikely or ineligible for selection as a candidate for eviction by the guest operating system. Each of the one or more memory pages may also reside, or be intended to reside, in the memory of one or more other virtual machines. In this way, memory pages that are shared across multiple virtual machines may become less likely to be evicted, thereby using memory more efficiently.
    Type: Grant
    Filed: May 10, 2012
    Date of Patent: May 31, 2016
    Assignee: Bromium, Inc.
    Inventors: Krzysztof Uchronski, Martin O'Brien, Jacob Gorm Hansen, Kiran Bondalapati, Ian Pratt, Gaurav Banga, Vikram Kapoor
  • Patent number: 9348636
    Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: May 24, 2016
    Assignee: Bromium, Inc.
    Inventors: Deepak Khajuria, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
  • Patent number: 9349008
    Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print or digitally transfer at least a portion of the digital file, the virtual machine converts at least a portion of the digital file from an original format to a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print or digitally transfer the portion of the digital file. The host OS may consult policy data in determining how to service the instruction to print or digitally transfer the digital file.
    Type: Grant
    Filed: May 2, 2014
    Date of Patent: May 24, 2016
    Assignee: Bromium, Inc.
    Inventors: Deepak Khajuria, Gaurav Banga, Vikram Kapoor, Ian Pratt, Vivek Srivastava
  • Patent number: 9245108
    Abstract: Approaches for an operating system to ascertain whether files stored its file system have been deemed trustworthy. When an operating system receives a request to perform an operation involving a file that is stored within the file system maintained by the operating system, the operating system requests the file from a driver. In turn, the driver consults a set of trust data to identify whether the file has been previously deemed trustworthy. Upon the driver determining that the file has been deemed trustworthy, the driver provides the file to the operating system in a first format. On the other hand, upon the driver determining that the file has not been deemed trustworthy, the driver provides the file to the operating system in a second format that is different than the first format. Advantageously, the file is stored in a single format in the file system.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: January 26, 2016
    Assignee: Bromium, Inc.
    Inventors: Deepak Khajuria, Mahesh Pisal, Krzysztof Uchronski, Vikram Kapoor, Ian Pratt, Gaurav Banga
  • Patent number: 9244705
    Abstract: Programmatically adjusting the operational state of one or more virtual machines based on policy. Resource consumption on a hardware device is monitored. A policy that considers at least a present level of resource consumption and an amount of available resources of the hardware device is consulted. An operational state of a particular virtual machine that resides on the hardware device is changed. The change in operational state may be performed to optimize performance of a virtual machine with which a user is interacting, to enforce behavior constraints upon the virtual machine, or to adjust its execution in view of the available resources on the device.
    Type: Grant
    Filed: June 19, 2012
    Date of Patent: January 26, 2016
    Assignee: Bromium, Inc.
    Inventors: Kiran Bondalapati, Gaurav Banga, Vikram Kapoor, Ian Pratt
  • Patent number: 9239909
    Abstract: Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.
    Type: Grant
    Filed: January 25, 2012
    Date of Patent: January 19, 2016
    Assignee: Bromium, Inc.
    Inventors: Gianni Tedesco, Anushree Pole, Andrew Southgate, Ian Pratt, Vikram Kapoor, Gaurav Banga
  • Patent number: 9201850
    Abstract: Approaches for composing the display of a virtualized web browser. A virtualized web browser is instructed to display a web page. The virtualized web browser, in turn, instructs one or more virtual machines to retrieve content for at least a portion of the web page. Each of the one or more virtual machines renders the content retrieved thereby. Upon the virtualized web browser obtaining the rendered screen data content from the one or more virtual machines, the virtualized web browser displays the web page using the rendered content.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: December 1, 2015
    Assignee: Bromium, Inc.
    Inventors: Prakash Buddhiraja, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
  • Patent number: 9148428
    Abstract: Approaches for managing potentially malicious files using one or more virtual machines. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, a virtual machine, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different virtual machine from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.
    Type: Grant
    Filed: March 13, 2012
    Date of Patent: September 29, 2015
    Assignee: Bromium, Inc.
    Inventors: Gaurav Banga, Sergei Vorobiev, Deepak Khajura, Ian Pratt, Vikram Kapoor, Simon Crosby
  • Patent number: 9135038
    Abstract: Reducing an amount of memory used by a virtual machine. A system includes multiple virtual machines that share common pages of memory. The number of private pages associated with each virtual machine is minimized by ensuring that pages that a guest operating system regards as now free or zeroed are efficiently mapped by the hypervisor to a shared zero page. Upon a hypervisor determining that one or more guest physical frame numbers are assigned to free memory pages, the hypervisor updates mapping data to map the one or more guest physical frame numbers to a shared zero page within the machine frame.
    Type: Grant
    Filed: May 10, 2012
    Date of Patent: September 15, 2015
    Assignee: Bromium, Inc.
    Inventors: Krzysztof Uchronski, Martin O'Brien, Jacob Gorm Hansen, Kiran Bondalapati, Ian Pratt, Gaurav Banga, Vikram Kapoor
  • Patent number: 9128743
    Abstract: Representing a non-executing virtual machine with a graphical representation. Resource consumption on a hardware device is monitored. A policy that considers at least a present level of resource consumption and an amount of available resources of the hardware device is consulted. An operational state of a particular virtual machine that resides on the hardware device is changed to a non-executing state. An image that represents the virtual machine is displayed. The image is based upon the state of the virtual machine immediately prior to the virtual machine entering the non-executing state.
    Type: Grant
    Filed: June 19, 2012
    Date of Patent: September 8, 2015
    Assignee: Bromium, Inc.
    Inventors: Kiran Bondalapati, Gaurav Banga, Vikram Kapoor, Ian Pratt, Prakash Buddhiraja, Stephen Rice
  • Patent number: 9116733
    Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: August 25, 2015
    Assignee: Bromium, Inc.
    Inventors: Gaurav Banga, Kiran Bondalapati, Ian Pratt, Vikram Kapoor
  • Patent number: 9110701
    Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: August 18, 2015
    Assignee: Bromium, Inc.
    Inventors: Gaurav Banga, Kiran Bondalapati, Ian Pratt, Vikram Kapoor
  • Patent number: 9104837
    Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: August 11, 2015
    Assignee: Bromium, Inc.
    Inventors: Deepak Khajuria, Gaurav Banga, Ian Pratt, Vikram Kapoor