Patents by Inventor Azeem Feroz
Azeem Feroz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240095245Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes receiving a match query from a customer relationship management system that transmitted the match query responsive to a user using an interface to trigger an update of records in the customer relationship management system that were previously imported from the DAAS system, querying for records in the dataset that match records in the customer relationship management system previously imported from the DAAS system, the querying configured at run time according to metadata that identifies, for records in the dataset, a field to match on and a match threshold, and producing a match query result that includes records in the dataset to be imported to update records that were previously imported from the DAAS system.Type: ApplicationFiled: November 30, 2023Publication date: March 21, 2024Applicant: Salesforce, Inc.Inventors: Kaushal Bansal, Venkata Muralidhar TEJOMURTULA, Azeem FEROZ, Dmytro KASHYN, Dmytro KUDRIAVTSEV, Shouzhong SHI, Ajitesh JAIN
-
Patent number: 11893024Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes at least one of configuring ingestion of a vendor dataset to produce an ingested dataset and which analysis operations to perform on the vendor dataset to produce an analyzed dataset, and the configuring also includes at least one of how to search the vendor dataset based on a search query from a customer to allow the customer to locate a new record from the vendor dataset and how to match records in the vendor dataset with a match query from the customer to provide an updated record to the customer.Type: GrantFiled: January 25, 2023Date of Patent: February 6, 2024Assignee: Salesforce, Inc.Inventors: Kaushal Bansal, Venkata Muralidhar Tejomurtula, Azeem Feroz, Dmytro Kashyn, Dmytro Kudriavtsev, Shouzhong Shi, Ajitesh Jain
-
Publication number: 20230362130Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.Type: ApplicationFiled: July 3, 2023Publication date: November 9, 2023Inventors: Anirban Sengupta, Subrahmanyam Manuguri, Mitchell T. Christensen, Azeem Feroz, Todd Sabin
-
Patent number: 11736530Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.Type: GrantFiled: December 4, 2021Date of Patent: August 22, 2023Assignee: NICIRA, INC.Inventors: Sachin Mohan Vaidya, Azeem Feroz, Anirban Sengupta, James Christopher Wiese
-
Patent number: 11695731Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.Type: GrantFiled: October 5, 2020Date of Patent: July 4, 2023Assignee: NICIRA, INC.Inventors: Anirban Sengupta, Subrahmanyam Manuguri, Mitchell T. Christensen, Azeem Feroz, Todd Sabin
-
Publication number: 20230185805Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes at least one of configuring ingestion of a vendor dataset to produce an ingested dataset and which analysis operations to perform on the vendor dataset to produce an analyzed dataset, and the configuring also includes at least one of how to search the vendor dataset based on a search query from a customer to allow the customer to locate a new record from the vendor dataset and how to match records in the vendor dataset with a match query from the customer to provide an updated record to the customer.Type: ApplicationFiled: January 25, 2023Publication date: June 15, 2023Applicant: salesforce.com, inc.Inventors: Kaushal BANSAL, Venkata Muralidhar TEJOMURTULA, Azeem FEROZ, Dmytro KASHYN, Dmytro KUDRIAVTSEV, Shouzhong SHI, Ajitesh JAIN
-
Patent number: 11586628Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes at least one of configuring ingestion of a vendor dataset to produce an ingested dataset and which analysis operations to perform on the vendor dataset to produce an analyzed dataset, and the configuring also includes at least one of how to search the vendor dataset based on a search query from a customer to allow the customer to locate a new record from the vendor dataset and how to match records in the vendor dataset with a match query from the customer to provide an updated record to the customer.Type: GrantFiled: November 16, 2020Date of Patent: February 21, 2023Assignee: salesforce.com, inc.Inventors: Kaushal Bansal, Venkata Muralidhar Tejomurtula, Azeem Feroz, Dmytro Kashyn, Dmytro Kudriavtsev, Shouzhong Shi, Ajitesh Jain
-
Patent number: 11533301Abstract: For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments.Type: GrantFiled: October 5, 2020Date of Patent: December 20, 2022Assignee: NICIRA, INC.Inventors: Sonia Jahid, Ganesan Chandrashekhar, Bin Qian, Azeem Feroz
-
Publication number: 20220164456Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.Type: ApplicationFiled: February 10, 2022Publication date: May 26, 2022Inventors: Kiran Kumar Thota, Azeem Feroz, James C. Wiese
-
Publication number: 20220094717Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.Type: ApplicationFiled: December 4, 2021Publication date: March 24, 2022Inventors: Sachin Mohan Vaidya, Azeem Feroz, Anirban Sengupta, James Christopher Wiese
-
Patent number: 11281485Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.Type: GrantFiled: May 3, 2019Date of Patent: March 22, 2022Assignee: NICIRA, INC.Inventors: Vasantha Kumar, Prasad Sharad Dabak, Azeem Feroz, Amit Vasant Patil
-
Patent number: 11196773Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.Type: GrantFiled: November 14, 2019Date of Patent: December 7, 2021Assignee: NICIRA, INC.Inventors: Sachin Mohan Vaidya, Azeem Feroz, Anirban Sengupta, James Christopher Wiese
-
Patent number: 11087006Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.Type: GrantFiled: June 30, 2014Date of Patent: August 10, 2021Assignee: NICIRA, INC.Inventors: Azeem Feroz, Kiran Kumar Thota, James C. Wiese
-
Publication number: 20210073220Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes at least one of configuring ingestion of a vendor dataset to produce an ingested dataset and which analysis operations to perform on the vendor dataset to produce an analyzed dataset, and the configuring also includes at least one of how to search the vendor dataset based on a search query from a customer to allow the customer to locate a new record from the vendor dataset and how to match records in the vendor dataset with a match query from the customer to provide an updated record to the customer.Type: ApplicationFiled: November 16, 2020Publication date: March 11, 2021Applicant: salesforce.com, inc.Inventors: Kaushal BANSAL, Venkata Muralidhar TEJOMURTULA, Azeem FEROZ, Dmytro KASHYN, Dmytro KUDRIAVTSEV, Shouzhong SHI, Ajitesh JAIN
-
Publication number: 20210036997Abstract: For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments.Type: ApplicationFiled: October 5, 2020Publication date: February 4, 2021Inventors: Sonia Jahid, Ganesan Chandrashekhar, Bin Qian, Azeem Feroz
-
Publication number: 20210036990Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.Type: ApplicationFiled: October 5, 2020Publication date: February 4, 2021Inventors: Anirban Sengupta, Subrahmanyam Manuguri, Mitchell T. Christensen, Azeem Feroz, Todd Sabin
-
Patent number: 10838962Abstract: A method for configuring the operation of the software of a data as a service (DAAS) system during run time is described. The configuring includes at least one of configuring ingestion of a vendor dataset to produce an ingested dataset and which analysis operations to perform on the vendor dataset to produce an analyzed dataset, and the configuring also includes at least one of how to search the vendor dataset based on a search query from a customer to allow the customer to locate a new record from the vendor dataset and how to match records in the vendor dataset with a match query from the customer to provide an updated record to the customer.Type: GrantFiled: November 30, 2017Date of Patent: November 17, 2020Assignee: salesforce.com, inc.Inventors: Kaushal Bansal, Venkata Muralidhar Tejomurtula, Azeem Feroz, Dmytro Kashyn, Dmytro Kudriavtsev, Shouzhong Shi, Ajitesh Jain
-
Patent number: 10810233Abstract: A method for linking records from different datasets based on record similarities is described. The method includes ingesting a first dataset, including a first set of records with a first set of fields, wherein the first dataset is associated with a first vendor and a first type of data, and a second dataset, including a second set of records with a second set of fields, wherein the second dataset is associated with a second vendor and a second type of data; determining that a first record from the first set of records is similar to a second record from the second set of records based on similarities between fields in the first and second set of fields; and linking the first and second records in response to determining that the similarity, wherein the first and second vendors are different and/or the first and second types of data are different.Type: GrantFiled: December 15, 2017Date of Patent: October 20, 2020Assignee: salesforce.com, inc.Inventors: Kaushal Bansal, Venkata Muralidhar Tejomurtula, Azeem Feroz, Dmytro Kashyn, Dmytro Kudriavtsev
-
Patent number: 10798058Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.Type: GrantFiled: July 20, 2018Date of Patent: October 6, 2020Assignee: NICIRA, INC.Inventors: Anirban Sengupta, Subrahmanyam Manuguri, Mitchell T. Christensen, Azeem Feroz, Todd Sabin
-
Patent number: 10798073Abstract: For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments.Type: GrantFiled: January 31, 2017Date of Patent: October 6, 2020Assignee: NICIRA, INC.Inventors: Sonia Jahid, Ganesan Chandrashekhar, Bin Qian, Azeem Feroz