Patents by Inventor Balaji PARIMI
Balaji PARIMI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240039960Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: ApplicationFiled: October 9, 2023Publication date: February 1, 2024Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
-
Patent number: 11818175Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: GrantFiled: February 25, 2021Date of Patent: November 14, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shaun Applegate-Swanson, Carl Waldspurger, Balaji Parimi, Naveen Jangalapalli, Maya Neelakandhan, Venkata Adusumilli, Parag Bajaria
-
Patent number: 11632373Abstract: A security server provides dynamic permissions for an enterprise data source. The security server establishes permissions rules for a data source of the enterprise. For example, the permissions rules describe permissions policies applicable to users of the enterprise in given contexts. The security server evaluates the permissions rules in view of a context to produce a dynamic permissions policy for the data source. The context describes the environment of the data source at a point in time (e.g., a current time). The dynamic permissions policy describes permissions of users of the enterprise with respect to the data source and the context. The security server transmits the dynamic permissions policy to the enterprise such that the enterprise is able to implement the dynamic permissions policy at the data source.Type: GrantFiled: June 17, 2020Date of Patent: April 18, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Balaji Parimi, Venkata Adusumilli, Maya Neelakandhan, Naga Venkata Naveen Teja Jangalapalli
-
Publication number: 20220263851Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for assigning a security risk score to a resource. In one example, resource access data is collected for a resource. Based at least on the resource access data, a data risk index (DRI) score is generated for the resource. The DRI score comprises a value that is indicative of a level of risk that the resource will be compromised. At least one of the DRI score, an alert based at least on the DRI score, or a policy change for the resource based at least on the generated DRI score is reported to an administrator.Type: ApplicationFiled: January 28, 2022Publication date: August 18, 2022Inventors: Carl Alan WALDSPURGER, Shaun Robert APPLEGATE-SWANSON, Venkata ADUSUMILLI, Balaji PARIMI, Naga Venkata Naveen Teja JANGALAPALLI, Nicholas James BARRETTA, Guruprasad RAMPRAKASH, Parag Mahendrakumar BAJARIA
-
Publication number: 20210281610Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: ApplicationFiled: February 25, 2021Publication date: September 9, 2021Applicant: CloudKnox Security, Inc.Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
-
Publication number: 20200403996Abstract: A security server provides dynamic permissions for an enterprise data source. The security server establishes permissions rules for a data source of the enterprise. For example, the permissions rules describe permissions policies applicable to users of the enterprise in given contexts. The security server evaluates the permissions rules in view of a context to produce a dynamic permissions policy for the data source. The context describes the environment of the data source at a point in time (e.g., a current time). The dynamic permissions policy describes permissions of users of the enterprise with respect to the data source and the context. The security server transmits the dynamic permissions policy to the enterprise such that the enterprise is able to implement the dynamic permissions policy at the data source.Type: ApplicationFiled: June 17, 2020Publication date: December 24, 2020Inventors: Balaji Parimi, Venkata Adusumilli, Maya Neelakandhan, Naga Venkata Naveen Teja Jangalapalli
-
Patent number: 10454934Abstract: A method, a system and/or an apparatus of activity based access control in heterogeneous information technology infrastructure is disclosed. The infrastructure security server authenticates that a user is authorized to access a set of heterogeneous cloud-based services using at least one heterogeneous authorization system. The method monitors an activity of the user when accessing any of the set of heterogeneous cloud-based services over a period of time using a processor and a memory. The method dynamically adjusts access privileges to the set of heterogeneous cloud-based services. The adjustment to the access privileges includes a revocation of access to the user to a particular service of the set of heterogeneous cloud-based services and/or dynamically granting of access to the user to the particular service of the set of heterogeneous cloud-based services.Type: GrantFiled: April 7, 2017Date of Patent: October 22, 2019Assignee: CloudKnox Security Inc.Inventors: Balaji Parimi, Koteswara Rao Cherukuri
-
Patent number: 10454935Abstract: A method, system and/or an apparatus to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments is disclosed. A method of an infrastructure security server communicatively coupled with a set of heterogeneous infrastructures translates a set of security best practice configurations of the heterogeneous infrastructures and/or a set of common vulnerabilities and exposures (CVE) of the heterogeneous infrastructures to programmatic execution. The method monitors the infrastructure security configurations associated with the heterogeneous infrastructures using a processor and a memory. The method analyzes the infrastructure security configurations based on the translated security best practice configurations and/or the translated common vulnerabilities and exposures (CVE).Type: GrantFiled: April 7, 2017Date of Patent: October 22, 2019Assignee: CloudKnox Security Inc.Inventors: Balaji Parimi, Koteswara Rao Cherukuri
-
Publication number: 20170295197Abstract: A method, system and/or an apparatus to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments is disclosed. A method of an infrastructure security server communicatively coupled with a set of heterogeneous infrastructures translates a set of security best practice configurations of the heterogeneous infrastructures and/or a set of common vulnerabilities and exposures (CVE) of the heterogeneous infrastructures to programmatic execution. The method monitors the infrastructure security configurations associated with the heterogeneous infrastructures using a processor and a memory. The method analyzes the infrastructure security configurations based on the translated security best practice configurations and/or the translated common vulnerabilities and exposures (CVE).Type: ApplicationFiled: April 7, 2017Publication date: October 12, 2017Inventors: Balaji Parimi, Koteswara Rao Cherukuri
-
Publication number: 20170295181Abstract: A method, a system and/or an apparatus of activity based access control in heterogeneous information technology infrastructure is disclosed. The infrastructure security server authenticates that a user is authorized to access a set of heterogeneous cloud-based services using at least one heterogeneous authorization system. The method monitors an activity of the user when accessing any of the set of heterogeneous cloud-based services over a period of time using a processor and a memory. The method dynamically adjusts access privileges to the set of heterogeneous cloud-based services. The adjustment to the access privileges includes a revocation of access to the user to a particular service of the set of heterogeneous cloud-based services and/or dynamically granting of access to the user to the particular service of the set of heterogeneous cloud-based services.Type: ApplicationFiled: April 7, 2017Publication date: October 12, 2017Inventors: Balaji Parimi, Koteswara Rao Cherukuri
-
Patent number: 9063768Abstract: Disclosed herein is a method of verifying that a reconstructed inventory of a virtualized computer system has been accurately reproduced from an original inventory of a virtualized computer system. A first snapshot and a second snapshot are received, where the first snapshot is a snapshot of the original inventory and the second snapshot is a snapshot of the reconstructed inventory. The first snapshot and the second snapshot are then analyzed to determine that hierarchical relationships, roles and permissions, configuration settings, and/or custom definitions of items in the original inventory match hierarchical relationships of corresponding items in the reconstructed inventory.Type: GrantFiled: October 10, 2011Date of Patent: June 23, 2015Assignee: VMware, Inc.Inventors: Vijayaraghavan Soundararajan, Balaji Parimi
-
Patent number: 9049257Abstract: A server system is configured to provide an e-mail based interface for executing management operations on a virtualized infrastructure which includes a plurality of virtual machines (VMs), underlying host computers, clusters, and/or data centers. Such an interface may be provided in a virtualized infrastructure to enable a system administrator to execute administrative operations remotely from a mobile device without requiring custom installation of an application on the mobile device or a secure connection to the server system. The server system receives e-mails at a pre-determined e-mail address, authenticates the sender of the e-mail, and extracts and executes commands from the e-mail. A number of techniques for validating the e-mail containing server commands may also be provided.Type: GrantFiled: December 19, 2011Date of Patent: June 2, 2015Assignee: VMware, Inc.Inventors: Vijayaraghavan Soundararajan, Conrad Herbert Albrecht-Buehler, Balaji Parimi, Raja Rao Dv
-
Patent number: 8938680Abstract: A technique for remotely managing virtual machines employs a user interface (UI) of a rich e-mail client that is configured to interpret metadata included in a communication received from a management server for the virtual machines and, in response, generate one or more UI elements. The UI includes a first region that displays a message from the management server and a second region that displays the one or more UI elements for causing a command to be generated and sent to the management server in response to a predetermined input made thereon.Type: GrantFiled: February 22, 2012Date of Patent: January 20, 2015Assignee: VMware, Inc.Inventors: Vijayaraghavan Soundararajan, Balaji Parimi, Raja Rao Dv
-
Patent number: 8909602Abstract: A snapshot of an inventory of a virtualized computer system is produced and a user-editable code is generated therefrom, so that the inventory can be reconstructed entirely or partially. The snapshot includes identifying data for items in the virtualized computer system, and relationship data that indicate hierarchical and non-hierarchical relationships between the items. The items in the inventory of the virtualized computer system include virtual machines, servers on which the virtual machines are running, one or more data centers in which the servers reside, and logical containers such as folders for virtual machines, resource pools that each contain one or more virtual machines, and server clusters that each contain one or more servers.Type: GrantFiled: February 3, 2011Date of Patent: December 9, 2014Assignee: VMware, Inc.Inventors: Vijayaraghavan Soundararajan, Balaji Parimi
-
Publication number: 20130219297Abstract: A technique for remotely managing virtual machines employs a user interface (UI) of a rich e-mail client that is configured to interpret metadata included in a communication received from a management server for the virtual machines and, in response, generate one or more UI elements. The UI includes a first region that displays a message from the management server and a second region that displays the one or more UI elements for causing a command to be generated and sent to the management server in response to a predetermined input made thereon.Type: ApplicationFiled: February 22, 2012Publication date: August 22, 2013Applicant: VMware, Inc.Inventors: Vijayaraghavan SOUNDARARAJAN, Balaji PARIMI, Raja RAO DV
-
Publication number: 20130159428Abstract: A server system is configured to provide an e-mail based interface for executing management operations on a virtualized infrastructure which includes a plurality of virtual machines (VMs), underlying host computers, clusters, and/or data centers. Such an interface may be provided in a virtualized infrastructure to enable a system administrator to execute administrative operations remotely from a mobile device without requiring custom installation of an application on the mobile device or a secure connection to the server system. The server system receives e-mails at a pre-determined e-mail address, authenticates the sender of the e-mail, and extracts and executes commands from the e-mail. A number of techniques for validating the e-mail containing server commands may also be provided.Type: ApplicationFiled: December 19, 2011Publication date: June 20, 2013Applicant: VMWARE, INC.Inventors: Vijayaraghavan SOUNDARARAJAN, Conrad Herbert ALBRECHT-BUEHLER, Balaji PARIMI, Raja RAO DV
-
Publication number: 20130091499Abstract: Disclosed herein is a method of verifying that a reconstructed inventory of a virtualized computer system has been accurately reproduced from an original inventory of a virtualized computer system. A first snapshot and a second snapshot are received, where the first snapshot is a snapshot of the original inventory and the second snapshot is a snapshot of the reconstructed inventory. The first snapshot and the second snapshot are then analyzed to determine that hierarchical relationships, roles and permissions, configuration settings, and/or custom definitions of items in the original inventory match hierarchical relationships of corresponding items in the reconstructed inventory.Type: ApplicationFiled: October 10, 2011Publication date: April 11, 2013Applicant: VMWARE, INC.Inventors: Vijayaraghavan SOUNDARARAJAN, Balaji PARIMI
-
Publication number: 20120203739Abstract: A snapshot of an inventory of a virtualized computer system is produced and a user-editable code is generated therefrom, so that the inventory can be reconstructed entirely or partially. The snapshot includes identifying data for items in the virtualized computer system, and relationship data that indicate hierarchical and non-hierarchical relationships between the items. The items in the inventory of the virtualized computer system include virtual machines, servers on which the virtual machines are running, one or more data centers in which the servers reside, and logical containers such as folders for virtual machines, resource pools that each contain one or more virtual machines, and server clusters that each contain one or more servers.Type: ApplicationFiled: February 3, 2011Publication date: August 9, 2012Applicant: VMWARE, INC.Inventors: Vijayaraghavan SOUNDARARAJAN, Balaji PARIMI