Patents by Inventor Thusitha Jayawardena
Thusitha Jayawardena has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9787701Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.Type: GrantFiled: March 16, 2017Date of Patent: October 10, 2017Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha Jayawardena, Jeffrey E. Bickford, Mikhail Istomin, John Liefert, Gokul Singaraju, Christopher Van Wart
-
Publication number: 20170187732Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.Type: ApplicationFiled: March 16, 2017Publication date: June 29, 2017Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha Jayawardena, Jeffrey E. Bickford, Mikhail Istomin, John Liefert, Gokul Singaraju, Christopher Van Wart
-
Patent number: 9606854Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.Type: GrantFiled: August 13, 2015Date of Patent: March 28, 2017Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha Jayawardena, Jeffrey E. Bickford, Mikhail Istomin, John Liefert, Gokul Singaraju, Christopher Van Wart
-
Publication number: 20170046211Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.Type: ApplicationFiled: August 13, 2015Publication date: February 16, 2017Inventors: Thusitha Jayawardena, Jeffrey E. Bickford, Mikhail Istomin, John Liefert, Gokul Singaraju, Christopher Van Wart
-
Publication number: 20170034220Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.Type: ApplicationFiled: July 29, 2015Publication date: February 2, 2017Inventors: Gokul Singaraju, Ashutosh Dutta, Thusitha Jayawardena, Christopher Van Wart
-
Publication number: 20160014031Abstract: A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.Type: ApplicationFiled: September 25, 2015Publication date: January 14, 2016Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha JAYAWARDENA, Gustavo DE LOS REYES, Xiao PAN, Gang XU
-
Patent number: 9148376Abstract: A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.Type: GrantFiled: December 8, 2010Date of Patent: September 29, 2015Assignee: AT&T INTELLECTUAL PROPERTY I, L.L.P.Inventors: Thusitha Jayawardena, Gustavo de los Reyes, Xiao Pan, Gang Xu
-
Patent number: 8924879Abstract: A computer readable storage medium storing a set of instructions that are executable by a processor, the set of instructions being operable to store a virtual representation of a plurality of physical components, display the virtual representation, receive user interaction with at least one of the virtual representations and send a command to the physical component corresponding to the user interaction.Type: GrantFiled: October 22, 2013Date of Patent: December 30, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Gustavo de los Reyes, Sanjay Macwan, Gang Xu, Howard Shirokmann, Rachel Rosencrantz, Thusitha Jayawardena
-
Patent number: 8844018Abstract: Example methods and apparatus to enhance security in residential networks and residential gateways are disclosed. A disclosed example apparatus includes a transceiver to receive an Internet protocol (IP) packet, a first packet processing module associated with a protected IP address, the first packet processing module to be communicatively coupled to a first network device, a second packet processing module associated with a public IP address, the second packet processing module to be communicatively coupled to a second network device, and a packet diverter to route the received IP packet to the first packet processing module when the IP packet contains the protected IP address and to route the IP packet to the second packet processing module when the IP packet does not contain the protected IP address.Type: GrantFiled: December 18, 2008Date of Patent: September 23, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Thusitha Jayawardena, Gustavo De Los Reyes, Gang Xu
-
Patent number: 8726380Abstract: An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.Type: GrantFiled: October 29, 2012Date of Patent: May 13, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Gustavo de los Reyes, Thusitha Jayawardena, Gang Xu
-
Publication number: 20140052277Abstract: A computer readable storage medium storing a set of instructions that are executable by a processor, the set of instructions being operable to store a virtual representation of a plurality of physical components, display the virtual representation, receive user interaction with at least one of the virtual representations and send a command to the physical component corresponding to the user interaction.Type: ApplicationFiled: October 22, 2013Publication date: February 20, 2014Applicant: AT & T Intellectual Property I, L.P.Inventors: Gustavo de los REYES, Sanjay MACWAN, Gang XU, Howard SHIROKMANN, Rachel ROSENCRANTZ, Thusitha JAYAWARDENA
-
System and method for location, time-of-day, and quality-of-service based prioritized access control
Patent number: 8644159Abstract: A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.Type: GrantFiled: July 25, 2012Date of Patent: February 4, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Thusitha Jayawardena, Gustavo de los Reyes -
Patent number: 8578287Abstract: A computer readable storage medium storing a set of instructions that are executable by a processor, the set of instructions being operable to store a virtual representation of a plurality of physical components, display the virtual representation, receive user interaction with at least one of the virtual representations and send a command to the physical component corresponding to the user interaction.Type: GrantFiled: December 22, 2008Date of Patent: November 5, 2013Assignee: AT & T Intellectual Property, LP.Inventors: Gustavo De Los Reyes, Sanjay MacWan, Gang Xu, Howard Shirokmann, Rachel Rosencrantz, Thusitha Jayawardena
-
Patent number: 8566465Abstract: A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.Type: GrantFiled: September 17, 2010Date of Patent: October 22, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Gang Xu, Gustavo de los Reyes, Thusitha Jayawardena, Xiao Pan
-
System and Method for Location, Time-of-Day, and Quality-of-Service Based Prioritized Access Control
Publication number: 20120291128Abstract: A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.Type: ApplicationFiled: July 25, 2012Publication date: November 15, 2012Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha Jayawardena, Gustavo de los Reyes -
Patent number: 8302189Abstract: An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.Type: GrantFiled: November 30, 2009Date of Patent: October 30, 2012Assignee: AT&T Intellectual Property I, L.P.Inventors: Gustavo de los Reyes, Thusitha Jayawardena, Gang Xu
-
System and method for location, time-of-day, and quality-of-service based prioritized access control
Patent number: 8254257Abstract: A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host. The priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event, and the characteristic is determined not solely by information included in the packets.Type: GrantFiled: December 11, 2009Date of Patent: August 28, 2012Assignee: AT&T Intellectual Property I, LPInventors: Thusitha Jayawardena, Gustavo de los Reyes -
Publication number: 20120147753Abstract: A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.Type: ApplicationFiled: December 8, 2010Publication date: June 14, 2012Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Thusitha JAYAWARDENA, Gustavo de los REYES, Xiao PAN, Gang XU
-
Publication number: 20120072605Abstract: A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.Type: ApplicationFiled: September 17, 2010Publication date: March 22, 2012Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Gang Xu, Gustavo de los Reyes, Thusitha Jayawardena, Xiao Pan
-
Patent number: 8139572Abstract: There are provided systems and methods for symmetric bi-directional routing in multi-homed IP networks which includes sending an IP packet having a source address from a first host and substituting the source address with an exterior routing address by a first network address translation gateway or firewall of the first host using conditional substitution. The IP packet, with the exterior routing address, is optionally routed via intermediate networks and firewalls and received by a first gateway or firewall of a second host. The second host responds to the first host along a route which traverses the same set of firewall gateways as the initial IP packet by using the exterior routing address as a destination address. The exterior routing address is converted back to the source address by the first network address translation gateway of the first host.Type: GrantFiled: August 19, 2005Date of Patent: March 20, 2012Assignee: AT & T Intellectual Property II, LPInventors: Rudi Distler, Mark N. Evans, Thusitha Jayawardena