Patents by Inventor Amarnath Mullick

Amarnath Mullick has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12137121
    Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
    Type: Grant
    Filed: May 25, 2022
    Date of Patent: November 5, 2024
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Publication number: 20220294830
    Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
    Type: Application
    Filed: May 25, 2022
    Publication date: September 15, 2022
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Patent number: 11368490
    Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: June 21, 2022
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Publication number: 20200186573
    Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
    Type: Application
    Filed: February 17, 2020
    Publication date: June 11, 2020
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Patent number: 10609083
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes monitoring a content item sent from or requested by an external system which is external from a network edge of the external system; and responsive to a security policy associated with the external system, performing one of allowing the content item through the processing node; precluding the content item at the processing node; and threat detecting the content item at the processing node and one of allowing or precluding the content item based on the threat detecting.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: March 31, 2020
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Patent number: 10601870
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes obtaining security policy data associated with the user and the enterprise from an authority node; monitoring data communications between the user, the enterprise, and the Internet in a processing node; and controlling the data communications between the user, the enterprise, and the Internet based on the monitoring to provide security measures between the user, the enterprise, and the Internet.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: March 24, 2020
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Publication number: 20180146012
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes monitoring a content item sent from or requested by an external system which is external from a network edge of the external system; and responsive to a security policy associated with the external system, performing one of allowing the content item through the processing node; precluding the content item at the processing node; and threat detecting the content item at the processing node and one of allowing or precluding the content item based on the threat detecting.
    Type: Application
    Filed: December 29, 2017
    Publication date: May 24, 2018
    Inventors: Kailash KAILASH, Shashidhara Mysore NANJUNDASWAMY, Amarnath MULLICK, Jose Kolenchery RAPPEL
  • Patent number: 9497198
    Abstract: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: November 15, 2016
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Amarnath Mullick, Charu Venkatraman, Junxiao He, Shashi Nanjundaswamy, James Harris, Ajay Soni
  • Publication number: 20160269447
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes obtaining security policy data associated with the user and the enterprise from an authority node; monitoring data communications between the user, the enterprise, and the Internet in a processing node; and controlling the data communications between the user, the enterprise, and the Internet based on the monitoring to provide security measures between the user, the enterprise, and the Internet.
    Type: Application
    Filed: May 24, 2016
    Publication date: September 15, 2016
    Inventors: Kailash KAILASH, Shashidhara Mysore NANJUNDASWAMY, Amarnath MULLICK, Jose Kolenchery RAPPEL
  • Patent number: 9407608
    Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: August 2, 2016
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Amarnath Mullick, Charu Venkatraman, Shashi Nanjundaswamy, Junxiao He, Ajay Soni, Nicholas Stavrakos, Chris Koopmans
  • Patent number: 9379895
    Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.
    Type: Grant
    Filed: July 24, 2008
    Date of Patent: June 28, 2016
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Raphel
  • Patent number: 9294439
    Abstract: A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.
    Type: Grant
    Filed: July 16, 2013
    Date of Patent: March 22, 2016
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Charu Venkatraman, Junxiao He, Amarnath Mullick, Shashi Nanjundaswamy, James Harris, Ajay Soni
  • Patent number: 9009327
    Abstract: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.
    Type: Grant
    Filed: August 3, 2007
    Date of Patent: April 14, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Saibal Adhya, Akshat Choudhary, Shashi Nanjundaswamy, Sergey Verzunov, Arkesh Kumar, Amarnath Mullick
  • Patent number: 9003186
    Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.
    Type: Grant
    Filed: July 24, 2008
    Date of Patent: April 7, 2015
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Raphel
  • Publication number: 20150020220
    Abstract: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
    Type: Application
    Filed: September 26, 2014
    Publication date: January 15, 2015
    Applicant: CITRIX SYSTEMS, INC.
    Inventors: Amarnath Mullick, Charu Venkatraman, Junxiao He, Shashi Nanjundaswamy, James Harris, Ajay Soni
  • Patent number: 8904475
    Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: December 2, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Amarnath Mullick, Charu Venkatraman, Shashi Nanjundaswamy, Junxiao He, Ajay Soni
  • Publication number: 20140344891
    Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.
    Type: Application
    Filed: July 31, 2014
    Publication date: November 20, 2014
    Inventors: Amarnath Mullick, Charu Venkatraman, Shashi Nanjundaswamy, Junxiao He, Ajay Soni, Nicholas Stavrakos, Chris Koopmans
  • Patent number: 8869262
    Abstract: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
    Type: Grant
    Filed: August 3, 2006
    Date of Patent: October 21, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Amarnath Mullick, Shashi Nanjundaswamy, Charu Venkatraman, Junxiao He, James Harris, Ajay Soni
  • Patent number: 8819809
    Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.
    Type: Grant
    Filed: March 26, 2013
    Date of Patent: August 26, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Amarnath Mullick, Shashi Nanjundaswamy, Ajay Soni
  • Patent number: 8806201
    Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.
    Type: Grant
    Filed: July 24, 2008
    Date of Patent: August 12, 2014
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Raphel