Patents by Inventor Atul Mahamuni
Atul Mahamuni has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10033698Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.Type: GrantFiled: August 4, 2016Date of Patent: July 24, 2018Assignee: Juniper Networks, Inc.Inventors: Anand Ammundi, Atul Mahamuni
-
Patent number: 9735957Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.Type: GrantFiled: December 19, 2014Date of Patent: August 15, 2017Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Wei Hong, Alec Woo
-
Patent number: 9531716Abstract: In one embodiment, a service enabled network (SEN) controller receives, from a control plane of a network service device, service instructions for corresponding network services. The SEN controller may then distribute the service instructions for the network services to appropriate network access devices within the computer network, such that each of the network access devices may correspondingly implement the network services at their respective data planes, thus providing a distributed implementation of the network service within the computer network.Type: GrantFiled: August 7, 2009Date of Patent: December 27, 2016Assignee: Cisco Technology, Inc.Inventors: Pere Monclus, Valentina Alaria, Vina Ermagan, Atul Mahamuni
-
Publication number: 20160344697Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.Type: ApplicationFiled: August 4, 2016Publication date: November 24, 2016Inventors: Anand AMMUNDI, Atul MAHAMUNI
-
Patent number: 9413662Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.Type: GrantFiled: January 13, 2009Date of Patent: August 9, 2016Assignee: Juniper Networks, Inc.Inventors: Anand Ammundi, Atul Mahamuni
-
Patent number: 9270560Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.Type: GrantFiled: February 7, 2014Date of Patent: February 23, 2016Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni
-
Patent number: 9071611Abstract: In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.Type: GrantFiled: February 23, 2011Date of Patent: June 30, 2015Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni, Azim Ozakil, Bora A. Akyol, Peirong Feng, Thomas J. Enderwick, Aji Joseph, Shashi Kumar, Sambasivam Valliappan
-
Publication number: 20150106625Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.Type: ApplicationFiled: December 19, 2014Publication date: April 16, 2015Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Wei Hong, Alec Woo
-
Patent number: 8990892Abstract: Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.Type: GrantFiled: July 6, 2011Date of Patent: March 24, 2015Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Alec Woo
-
Patent number: 8959607Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.Type: GrantFiled: August 3, 2011Date of Patent: February 17, 2015Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Wei Hong, Alec Woo
-
Patent number: 8848724Abstract: Methods and systems consistent with the present invention provide dynamic buffer allocation to a plurality of queues of differing priority levels. Each queue is allocated fixed minimum number of buffers that will not be de-allocated during buffer reassignment. The rest of the buffers are intelligently and dynamically assigned to each queue depending on their current need. The system then monitors and learns the incoming traffic pattern and resulting drops in each queue due to traffic bursts. Based on this information, the system readjusts allocation of buffers to each traffic class. If a higher priority queue does not need the buffers, it gradually relinquishes them. These buffers are then assigned to other queues based on the input traffic pattern and resultant drops. These buffers are aggressively reclaimed and reassigned to higher priority queues when needed.Type: GrantFiled: April 16, 2012Date of Patent: September 30, 2014Assignee: Juniper Networks, Inc.Inventors: Sreenivas Voruganti, Atul Mahamuni
-
Patent number: 8806573Abstract: Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.Type: GrantFiled: August 9, 2011Date of Patent: August 12, 2014Assignee: Cisco Technology, Inc.Inventors: Atul Mahamuni, Navindra Yadav, Jonathan Hui, Alec Woo, Wei Hong
-
Publication number: 20140156840Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.Type: ApplicationFiled: February 7, 2014Publication date: June 5, 2014Applicant: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni
-
Patent number: 8688828Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.Type: GrantFiled: August 29, 2011Date of Patent: April 1, 2014Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni
-
Publication number: 20130054784Abstract: Techniques are provided to facilitate monitoring of utility application traffic streams. At a network device that routes utility application traffic for utility devices, control information is received, where the control information is configured to cause the network device to monitor utility application traffic that passes through the network device. The network device monitors a header inserted into utility application traffic messages based on the control information.Type: ApplicationFiled: August 29, 2011Publication date: February 28, 2013Applicant: Cisco Technology, Inc.Inventors: Navindra Yadav, Atul Mahamuni
-
Publication number: 20130042301Abstract: Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.Type: ApplicationFiled: August 9, 2011Publication date: February 14, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Atul Mahamuni, Navindra Yadav, Jonathan Hui, Alec Woo, Wei Hong
-
Publication number: 20130036305Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.Type: ApplicationFiled: August 3, 2011Publication date: February 7, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Wei Hong, Alec Woo
-
Publication number: 20130014217Abstract: Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.Type: ApplicationFiled: July 6, 2011Publication date: January 10, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Alec Woo
-
Publication number: 20120275464Abstract: Methods and systems consistent with the present invention provide dynamic buffer allocation to a plurality of queues of differing priority levels. Each queue is allocated fixed minimum number of buffers that will not be de-allocated during buffer reassignment. The rest of the buffers are intelligently and dynamically assigned to each queue depending on their current need. The system then monitors and learns the incoming traffic pattern and resulting drops in each queue due to traffic bursts. Based on this information, the system readjusts allocation of buffers to each traffic class. If a higher priority queue does not need the buffers, it gradually relinquishes them. These buffers are then assigned to other queues based on the input traffic pattern and resultant drops. These buffers are aggressively reclaimed and reassigned to higher priority queues when needed.Type: ApplicationFiled: April 16, 2012Publication date: November 1, 2012Applicant: JUNIPER NETWORKS, INC.Inventors: Sreenivas Voruganti, Atul Mahamuni
-
Publication number: 20120216239Abstract: In one embodiment, a method includes receiving a communication from an endpoint device at a network access device located within a data path between the endpoint device and a network, identifying a network admission control policy for the endpoint device, enforcing at the network access device, the network admission control policy for traffic received from the endpoint device, and forwarding at the network access device, traffic from the endpoint device to the network in accordance with the network admission control policy. An apparatus is also disclosed.Type: ApplicationFiled: February 23, 2011Publication date: August 23, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Navindra Yadav, Atul Mahamuni, Azim Ozakil, Bora A. Akyol, Peirong Feng, Thomas J. Enderwick, Aji Joseph, Shashi Kumar, Sambasivam Valliappan