Patents by Inventor Ayyappan Nair

Ayyappan Nair has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11398953
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.
    Type: Grant
    Filed: June 1, 2020
    Date of Patent: July 26, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 11233794
    Abstract: Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy.
    Type: Grant
    Filed: June 30, 2019
    Date of Patent: January 25, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Chetan S. Shankar, LiLei Cui, Sandeep Kalarickal S, Thomas Charles Knudson, Pavan Gopal Bandla, Pradeep Ayyappan Nair, Aaron Keith Rosenfeld, Tyler S. Wiegers, Sudharshan Reddy Bommu, Margus Janese, Mario Mett, Chi Zhou
  • Patent number: 10924497
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: February 16, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Thomas Keane
  • Patent number: 10848522
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to users who meet the screening criteria. Screening information for a user associated with the request is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: November 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Doug Kirschner, Ryan Meyer, Thomas Keane
  • Publication number: 20200320418
    Abstract: Described herein is a third party data management system that uses a classification algorithm trained using a machine learning process to analyze type(s) of data that will be shared with the third party to determine a risk of sharing data with the third party. Periodically data provided to a particular third party can be analyzed to identify privacy issue(s). In response to the analysis, an action to be taken with respect to the particular third party can be identified and provided to a user. In some embodiments, information from trusted news feeds can be processed using natural language processing to determine a potential privacy or security issue regarding a third party with whom data has been shared.
    Type: Application
    Filed: April 2, 2019
    Publication date: October 8, 2020
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Pouyan AMINIAN, Ashutosh Raghavender CHICKERUR, Piyush JOSHI, Leili POURNASSEH, Pradeep AYYAPPAN NAIR
  • Publication number: 20200295999
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.
    Type: Application
    Filed: June 1, 2020
    Publication date: September 17, 2020
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 10762218
    Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: September 1, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20200233977
    Abstract: A computing system comprises a dataset including a plurality of data entries, at least some which include personally identifiable information (PII). A personal data oversight machine of the computing system is configured to receive an indication that a particular data entry includes PII, and based on the contents of the data entry, classify the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags of a set of candidate data classification tags to the data entry. Based on the data classification tags applied to the data entry, the personal data oversight machine applies one of a set of data management tags to the data entry, the set of data management tags including deletion, retention, and anonymization tags, and based on the data management tag, applies a data management operation to the data entry.
    Type: Application
    Filed: January 18, 2019
    Publication date: July 23, 2020
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ashutosh CHICKERUR, Piyush JOSHI, Pouyan AMINIAN, Gustavo T. SEMENCATO, Leili POURNASSEH, Pradeep Ayyappan NAIR, Thomas William KEANE
  • Patent number: 10708136
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: July 7, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 10623472
    Abstract: Releases to the production environment of a cloud computing environment are deployed in a manner that maintains control over restricted data and the data plane of the cloud computing environment. A DevOps personnel is tasked with developing the release. However, the DevOps personnel is not authorized to deploy the release to the cloud computing environment because the DevOps personnel does not have access to restricted data in the cloud computing environment or the ability to modify the cloud computing environment to gain access to restricted data. Operating personnel who has access to restricted data and the right to modify the cloud computing environment is notified of the release and given release specifications providing details of the release. If the operator approves the release, the release is transferred to the cloud computing environment. A deployment engine then automatically deploys the release to the production environment of the cloud computing environment.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: April 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Karthik Palanivel, Jason Ward, Maksim Libenson, Rajesh Korada, Mike Kippen, William Bartholomew, Izabella Lankerovich, Pradeep Ayyappan Nair
  • Patent number: 10567356
    Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: February 18, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 10560463
    Abstract: Techniques allow DevOps personnel to perform incident management for cloud computing environments in a manner that maintains control over restricted data and the data plane. The DevOps personnel do not have access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. The incident management techniques include executing automatic operations to resolve an incident and allowing DevOps personnel to execute remote operations without providing the DevOps personnel access. A further incident management technique provides DevOps personnel with just-in-time (JIT) access that is limited to a certain level or type of access and limited in time. Still another technique for incident management is using an escort model, in which an escort session between operating personnel and DevOps personnel is established and connected to the cloud computing environment to allow the DevOps personnel access to the production environment while escorted by the operating personnel.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: February 11, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Somak Chattopadhyay, Thomas Knudson, Chetan Shankar, Maisem Ali, Lilei Cui, Sandeep Kalarickal, Pradeep Ayyappan Nair, Tom Keane, Siddhartha Pasumarthy, Shont Miller, Lu Jin, Qin Zhou, Maria Black, Elaine Lu, Damien Gallot, Christopher Geisbush, David Sauntry, Peter Miller
  • Publication number: 20200045056
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.
    Type: Application
    Filed: October 14, 2019
    Publication date: February 6, 2020
    Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, THOMAS KEANE
  • Publication number: 20200045083
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to users who meet the screening criteria. Screening information for a user associated with the request is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.
    Type: Application
    Filed: October 14, 2019
    Publication date: February 6, 2020
    Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, DOUG KIRSCHNER, RYAN MEYER, THOMAS KEANE
  • Patent number: 10484430
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to DevOps personnel who meeting the screening criteria. Screening information for the DevOps personnel is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: November 19, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Doug Kirschner, Ryan Meyer, Thomas Keane
  • Patent number: 10476886
    Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the DevOps device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: November 12, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Thomas Keane
  • Publication number: 20190058753
    Abstract: Releases to the production environment of a cloud computing environment are deployed in a manner that maintains control over restricted data and the data plane of the cloud computing environment. A DevOps personnel is tasked with developing the release. However, the DevOps personnel is not authorized to deploy the release to the cloud computing environment because the DevOps personnel does not have access to restricted data in the cloud computing environment or the ability to modify the cloud computing environment to gain access to restricted data. Operating personnel who has access to restricted data and the right to modify the cloud computing environment is notified of the release and given release specifications providing details of the release. If the operator approves the release, the release is transferred to the cloud computing environment. A deployment engine then automatically deploys the release to the production environment of the cloud computing environment.
    Type: Application
    Filed: October 16, 2018
    Publication date: February 21, 2019
    Inventors: Karthik PALANIVEL, Jason WARD, Maksim LIBENSON, Rajesh KORADA, Mike KIPPEN, William BARTHOLOMEW, Izabella LANKEROVICH, Pradeep Ayyappan NAIR
  • Publication number: 20180367407
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20180364996
    Abstract: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Yun Wu, George Chen, Jie Mao, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20180367515
    Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane