Patents by Inventor Amol Khare
Amol Khare has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11706237Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a baseline behavior profile for a gateway virtual machine is transmitted from a management service to a gateway security process executed in a gateway device. The management service receives an anomaly notification including an indication of an anomaly from the baseline behavior profile. The managements service generates a user interface that shows a description of the anomaly.Type: GrantFiled: October 25, 2021Date of Patent: July 18, 2023Assignee: VMWARE, INC.Inventors: Ravishankar Chamarajnager, Amit Vasant Patil, Amol Khare, Mandar Nadgouda, Mahesh Kumar, Gavin Lu, Tiejun Chen, Vasudev Yendapally
-
Publication number: 20220046043Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a baseline behavior profile for a gateway virtual machine is transmitted from a management service to a gateway security process executed in a gateway device. The management service receives an anomaly notification including an indication of an anomaly from the baseline behavior profile. The managements service generates a user interface that shows a description of the anomaly.Type: ApplicationFiled: October 25, 2021Publication date: February 10, 2022Inventors: Ravishankar Chamarajnager, Amit Vasant Patil, Amol Khare, Mandar Nadgouda, Mahesh Kumar, Gavin Lu, Tiejun Chen, Vasudev Yendapally
-
Patent number: 11184375Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior.Type: GrantFiled: January 17, 2019Date of Patent: November 23, 2021Assignee: VMWARE, INC.Inventors: Ravishankar Chamarajnager, Amit Vasant Patil, Amol Khare, Mandar Nadgouda, Mahesh Kumar, Gavin Lu, Tiejun Chen, Vasudev Yendapally
-
Publication number: 20200236119Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior.Type: ApplicationFiled: January 17, 2019Publication date: July 23, 2020Inventors: Ravishankar Chamarajnager, Amit Vasant Patil, Amol Khare, Mandar Nadgouda, Mahesh Kumar, Gavin Lu, Tiejun Chen, Vasudev Yendapally
-
Patent number: 9106525Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.Type: GrantFiled: September 12, 2013Date of Patent: August 11, 2015Assignee: Cisco Technology, Inc.Inventors: Anantha Ramaiah, Chandrashekhar Appanna, Amol Khare
-
Publication number: 20140016454Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.Type: ApplicationFiled: September 12, 2013Publication date: January 16, 2014Applicant: Cisco Technology, Inc.Inventors: ANANTHA RAMAIAH, CHANDRASHEKHAR APPANNA, AMOL KHARE
-
Patent number: 8537660Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.Type: GrantFiled: July 6, 2010Date of Patent: September 17, 2013Assignee: Cisco Technology, Inc.Inventors: Anantha Ramaiah, Chandrashekhar Appanna, Amol Khare
-
Patent number: 7930365Abstract: A method of modifying network identifiers at data servers is disclosed. A virtual private network (VPN) gateway server generates a Hypertext Transfer Protocol (HTTP) request. The HTTP request not only requests data from a data server that is within a VPN, but also instructs the data server to modify (“mangle”) URLs that are contained within the requested data so that the URLs refer to the VPN gateway server. The VPN gateway server sends the HTTP request toward the data server. As a result, the data server modifies the URLs so that the VPN gateway server does not need to. When such a modified URLs is selected in a web browser, the web browser generates an HTTP request that is directed to the VPN gateway server's URL, which, unlike the unmodified URLs, can be resolved by domain name servers that are outside of the VPN.Type: GrantFiled: February 16, 2005Date of Patent: April 19, 2011Assignee: Cisco Technology, Inc.Inventors: Vineet Ramesh Dixit, Mitesh Dalal, Amol Khare, Mahadev Somasundaram
-
Publication number: 20100296516Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.Type: ApplicationFiled: July 6, 2010Publication date: November 25, 2010Inventors: Anantha Ramaiah, Chandrashekhar Appanna, Amol Khare
-
Patent number: 7751311Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.Type: GrantFiled: May 19, 2005Date of Patent: July 6, 2010Assignee: Cisco Technology, Inc.Inventors: Anantha Ramaiah, Chandrashekhar Appanna, Amol Khare
-
Patent number: 7650635Abstract: A method of preventing an attack on a network, the method comprising the computer-implemented steps of receiving an ICMP packet that includes a copy of a header associated with a connection in a connection-oriented transport protocol; obtaining a packet sequence value from the header; determining if the packet sequence value is valid; and updating a parameter value associated with the transport protocol connection only if the packet sequence value is determined to be valid. Use of the disclosed method enables authenticating ICMP packets so that responsive measures of a network element, such as adjusting an MTU value, are performed only when the ICMP packet is determined to be authentic.Type: GrantFiled: April 7, 2004Date of Patent: January 19, 2010Assignee: Cisco Technology, Inc.Inventors: Amol Khare, Mitesh Dalal, Anantha Ramaiah, Sharad Ahlawat
-
Patent number: 7613118Abstract: A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.Type: GrantFiled: May 19, 2005Date of Patent: November 3, 2009Assignee: Cisco Technology, Inc.Inventors: Chandrashekhar Appanna, Anantha Ramaiah, Amol Khare
-
Patent number: 7606159Abstract: Techniques are provided for updating best path based on real-time congestion feedback. A method comprises monitoring packets received from an internetworked system, wherein the packets are received on one of a plurality of external interfaces of a networking device; detecting that a received packet includes real-time information that signals a present or pending congestion condition on a path from the external interfaces of the networking device to the internetworked system; notifying a control logic of the real-time information; receiving from the control logic control information defining a change in one or more paths from the external interfaces to the internetworked system; and changing the one or more paths from the external interfaces to the internetworked system. Examining ingress traffic on external interfaces of an internetworked system can cause changes to routes, routing policies and PBRs in routers of the first internetworked system in response to real-time congestion.Type: GrantFiled: August 30, 2005Date of Patent: October 20, 2009Assignee: Cisco Technology, Inc.Inventors: Mitesh Dalal, Pritam Shah, Amol Khare, Vamsidhar Valluri
-
Patent number: 7472416Abstract: Approaches for preventing TCP RST attacks intended to cause denial of service in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, an endpoint node determines whether the TCP segment contains valid authentication information. The TCP RST segment is accepted and the TCP connection is closed only when the authentication information is valid. Authentication information may comprise a reset type values, and either initial sequence numbers of both endpoints, or a copy of a TCP header and options values previously sent by the endpoint node that is performing the authentication. Thus, attacks are thwarted because an attacker cannot know or reasonably guess the required authentication information.Type: GrantFiled: May 6, 2004Date of Patent: December 30, 2008Assignee: Cisco Technology, Inc.Inventors: Anantha Ramaiah, Shrirang Bage, Amol Khare, Mitesh Dalal
-
Patent number: 7458097Abstract: Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.Type: GrantFiled: September 28, 2006Date of Patent: November 25, 2008Assignee: Cisco Technology, Inc.Inventors: Mitesh Dalal, Amol Khare, Randall Stewart
-
Patent number: 7412600Abstract: Approaches are disclosed for switching transport protocol connection keys. A method of automatically changing a message authentication key at each of two endpoints of a connection in a telecommunications network comprises testing a sequence value received in each of a plurality of data segments on the connection; and selecting a next message authentication key, from among a plurality of stored message authentication keys, for use in authenticating subsequently received data segments, when the sequence value matches a specified characteristic.Type: GrantFiled: October 28, 2005Date of Patent: August 12, 2008Assignee: Cisco Technology, Inc.Inventors: John C. Wong, Anantha Ramaiah, Amol Khare, Mitesh Dalal, Shrirang Bage, Lin Han
-
Publication number: 20070171828Abstract: A network element implementing a method for determining an optimal maximum transmission unit (MTU) value on a path between two nodes in a network is described. A sending node interested in learning the optimal MTU path value allows fragmentation of datagrams sent on the path, selects an initial MTU, and sends one or more data packets to a receiving node. Upon receiving the data the receiver determines if fragmentation occurred. If no fragmentation occurred then the MTU path selected is the optimal MTU for the given path between the nodes. If fragmentation did occur then the sender is notified that the selected MTU was not the optimal MTU for the path. Either the receiver proposes a new MTU for the path, or the sender selects a new, smaller MTU. The process repeats until the receiver detects no fragmentation.Type: ApplicationFiled: January 23, 2006Publication date: July 26, 2007Inventors: Mitesh Dalal, Randall Stewart, Amol Khare, Vineet Dixit, Srinivas Subramanian
-
Publication number: 20070101129Abstract: Approaches are disclosed for switching transport protocol connection keys. A method of automatically changing a message authentication key at each of two endpoints of a connection in a telecommunications network comprises testing a sequence value received in each of a plurality of data segments on the connection; and selecting a next message authentication key, from among a plurality of stored message authentication keys, for use in authenticating subsequently received data segments, when the sequence value matches a specified characteristic.Type: ApplicationFiled: October 28, 2005Publication date: May 3, 2007Inventors: John Wong, Anantha Ramaiah, Amol Khare, Mitesh Dalal, Shrirang Bage, Lin Han
-
Patent number: 7203961Abstract: Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.Type: GrantFiled: January 9, 2004Date of Patent: April 10, 2007Assignee: Cisco Technology, Inc.Inventors: Mitesh Dalal, Amol Khare, Randall Stewart
-
Publication number: 20070047446Abstract: Techniques are provided for updating best path based on real-time congestion feedback. A method comprises monitoring packets received from an internetworked system, wherein the packets are received on one of a plurality of external interfaces of a networking device; detecting that a received packet includes real-time information that signals a present or pending congestion condition on a path from the external interfaces of the networking device to the internetworked system; notifying a control logic of the real-time information; receiving from the control logic control information defining a change in one or more paths from the external interfaces to the internetworked system; and changing the one or more paths from the external interfaces to the internetworked system. Examining ingress traffic on external interfaces of an internetworked system can cause changes to routes, routing policies and PBRs in routers of the first internetworked system in response to real-time congestion.Type: ApplicationFiled: August 30, 2005Publication date: March 1, 2007Inventors: Mitesh Dalal, Pritam Shah, Amol Khare, Vamsidhar Valluri