Patents Assigned to Ping Identity Corporation
-
Patent number: 11075885Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.Type: GrantFiled: February 11, 2020Date of Patent: July 27, 2021Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Nagabhushana Angadi, Ashwani Kumar, Santosh Sahu, Abdu Raheem Poonthiruthi, Avinash Kumar Sahu, Yasar Kundottil
-
Patent number: 11062106Abstract: A method of confirming receipt, including iteratively capturing by a receiving device visual codes in a series of visual codes displayed on a sending device. A corresponding captured visual code being from a display block that resulted from a partition of an original data file into display blocks, and wherein each display block is converted to a corresponding string and header including an ordered identifying display block number and a total count of the display blocks. Each corresponding string is converted to a corresponding visual code. Each of the captured visual codes is converted into a corresponding string and a header is read for the corresponding string. Captured display blocks are determined. A confirmation message is generated including information indicating which display blocks have been received. The confirmation message is sent over a wireless communication link to the sending device to reduce the number of visual codes being displayed.Type: GrantFiled: November 26, 2019Date of Patent: July 13, 2021Assignee: Ping Identity CorporationInventors: Armin Ebrahimi, Gaurav Khot, Bhavya Chauhan
-
Publication number: 20210192166Abstract: Software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.Type: ApplicationFiled: August 6, 2020Publication date: June 24, 2021Applicant: Ping Identity CorporationInventors: Armin EBRAHIMI, Gaurav KHOT
-
Patent number: 10979227Abstract: A method for login, including making a login request to an entity through a federation server that generates a session identifier. A QR code is sent to the federation server to receive the session identifier. A secure envelope including user personal information is sent to the federation server to verify user registration with the federation server. A login token generated by the federation server is received and is associated with a smart contract generated by the federation server and stored on a blockchain. The login token is signed using user private key and sent to the blockchain for inclusion in the smart contract. A transaction identifier is received from the blockchain, and is sent to the federation server that generates a session record based on the login token. The federation server sends user verification to the entity to authorize a communication session between the user device and the entity.Type: GrantFiled: October 17, 2019Date of Patent: April 13, 2021Assignee: Ping Identity CorporationInventor: Armin Ebrahimi
-
Publication number: 20210004460Abstract: In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.Type: ApplicationFiled: June 23, 2020Publication date: January 7, 2021Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Isidore ROSENBLUM, Yasar KUNDOTTIL, Aditya GUNUGANTI, Amit Kumar SHARMA, Avinash Kumar SAHU
-
Patent number: 10834054Abstract: The invention provides methods, computer program products, proxies and proxy clusters configured for forwarding, routing and/or load balancing of client requests or messages between multiple different APIs and/or multiple instances of an API. The invention further provides for efficient session information based routing of client requests for a target API, wherein multiple instances of the target API are simultaneously implemented across one or more API servers. The invention additionally enables separation of a control plane (i.e. control logic) and run time execution logic within a data plane within proxies in a proxy cluster, and also enables implementation of a plurality of data planes within each proxy—thereby ensuring security, high availability and scalability. An invention embodiment additionally implements two-stage rate limiting protection for API servers combining rate limiting between client and each proxy, and rate limiting between a proxy cluster and a server backend.Type: GrantFiled: May 25, 2016Date of Patent: November 10, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Abdu Raheem Poonthiruthi
-
Publication number: 20200336467Abstract: The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise.Type: ApplicationFiled: May 22, 2020Publication date: October 22, 2020Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Anoop Krishnan GOPALAKRISHNAN, Abdu Raheem POONTHIRUTHI
-
Publication number: 20200304470Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.Type: ApplicationFiled: June 5, 2020Publication date: September 24, 2020Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Anoop Krishnan GOPALAKRISHNAN, Nagabhushana ANGADI, Ashwani KUMAR, Santosh SAHU, Abdu Raheem POONTHIRUTHI, Avinash Kumar SAHU, Yasar KUNDOTTIL
-
Patent number: 10776384Abstract: A method of replicating changes to a dataset includes receiving from a client a request for an operation on the dataset, dynamically selecting from a plurality of replication assurance policies a selected replication assurance policy for the operation, the selected replication assurance policy determining a selected assurance level, wherein the selection is based on at least one of an operation criteria or a connection criteria, submitting, to a first replica of the dataset, a command comprising the operation, and reporting to the client the result of the operation according to the selected assurance level.Type: GrantFiled: April 29, 2014Date of Patent: September 15, 2020Assignee: Ping Identity CorporationInventors: Patrick Edward Jackson, David Michael Ely, Bjorn Aannestad
-
Patent number: 10740584Abstract: Software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.Type: GrantFiled: June 26, 2018Date of Patent: August 11, 2020Assignee: Ping Identity CorporationInventors: Armin Ebrahimi, Gaurav Khot
-
Publication number: 20200220875Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.Type: ApplicationFiled: January 3, 2020Publication date: July 9, 2020Applicant: Ping Identity CorporationInventors: Bernard HARGUINDEGUY, Udayakumar SUBBARAYAN, Isidore ROSENBLUM, Abduraheem POONTHIRUTHI, Anoop Krishnan GOPALAKRISHNAN, Ashwani KUMAR
-
Patent number: 10699010Abstract: In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.Type: GrantFiled: October 12, 2018Date of Patent: June 30, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Isidore Rosenblum, Yasar Kundottil, Aditya Gunuganti, Amit Kumar Sharma, Avinash Kumar Sahu
-
Patent number: 10701037Abstract: The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.Type: GrantFiled: May 25, 2016Date of Patent: June 30, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Abdu Raheem Poonthiruthi
-
Patent number: 10681012Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.Type: GrantFiled: October 25, 2017Date of Patent: June 9, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Nagabhushana Angadi, Ashwani Kumar, Santosh Sahu, Abdu Raheem Poonthiruthi, Avinash Kumar Sahu, Yasar Kundottil
-
Publication number: 20200177556Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.Type: ApplicationFiled: February 11, 2020Publication date: June 4, 2020Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Anoop Krishnan GOPALAKRISHNAN, Nagabhushana ANGADI, Ashwani KUMAR, Santosh SAHU, Abdu Raheem POONTHIRUTHI, Avinash Kumar SAHU, Yasar KUNDOTTIL
-
Patent number: 10666621Abstract: The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise.Type: GrantFiled: July 31, 2018Date of Patent: May 26, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Abdu Raheem Poonthiruthi
-
Publication number: 20200162433Abstract: The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.Type: ApplicationFiled: November 18, 2019Publication date: May 21, 2020Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Anoop Krishnan GOPALAKRISHNAN, Abdu Raheem POONTHIRUTHI
-
Patent number: 10587580Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.Type: GrantFiled: October 25, 2017Date of Patent: March 10, 2020Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Nagabhushana Angadi, Ashwani Kumar, Santosh Sahu, Abdu Raheem Poonthiruthi, Avinash Kumar Sahu, Yasar Kundottil
-
Patent number: 10484337Abstract: The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.Type: GrantFiled: July 31, 2018Date of Patent: November 19, 2019Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Abdu Raheem Poonthiruthi
-
Publication number: 20190114417Abstract: In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.Type: ApplicationFiled: October 12, 2018Publication date: April 18, 2019Applicant: Ping Identity CorporationInventors: Udayakumar SUBBARAYAN, Bernard HARGUINDEGUY, Isidore ROSENBLUM, Yasar KUNDOTTIL, Aditya GUNUGANTI, Amit Kumar SHARMA, Avinash Kumar SAHU