Patents by Inventor Biju Kaimal
Biju Kaimal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11930036Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.Type: GrantFiled: August 31, 2022Date of Patent: March 12, 2024Assignee: Pulse Secure, LLCInventors: Biju Kaimal, Bandam Radha Shravan, Thiyagu Rajendran, Clifford E. Kahn
-
Publication number: 20230007012Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.Type: ApplicationFiled: August 31, 2022Publication date: January 5, 2023Applicant: Pulse Secure, LLCInventors: Biju Kaimal, Bandam Radha Shravan, Thiyagu Rajendran, Clifford E. Kahn
-
Patent number: 11533320Abstract: The techniques described herein relate to authorizing networked devices to access protected network zones and/or network resources in a private network. In response to a first access request, a network appliance requests full compliance information from the networked device. The received compliance information is stored in a database. Subsequently, when the compliance information on the networked device changes, the network device sends updated compliance information to the network appliance. The network appliance reevaluates the compliance state of the networked device based on the updated compliance information and the compliance information stored in the database.Type: GrantFiled: March 4, 2020Date of Patent: December 20, 2022Assignee: Pulse Secure, LLCInventors: Bandam Radha Shravan, Robert Koeten, Biju Kaimal
-
Patent number: 11483339Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.Type: GrantFiled: December 18, 2019Date of Patent: October 25, 2022Assignee: Pulse Secure, LLCInventors: Biju Kaimal, Bandam Radha Shravan, Thiyagu Rajendran, Clifford E. Kahn
-
Publication number: 20210281576Abstract: The techniques described herein relate to authorizing networked devices to access protected network zones and/or network resources in a private network. In response to a first access request, a network appliance requests full compliance information from the networked device. The received compliance information is stored in a database. Subsequently, when the compliance information on the networked device changes, the network device sends updated compliance information to the network appliance. The network appliance reevaluates the compliance state of the networked device based on the updated compliance information and the compliance information stored in the database.Type: ApplicationFiled: March 4, 2020Publication date: September 9, 2021Inventors: Bandam Radha Shravan, Robert Koeten, Biju Kaimal
-
Patent number: 9122546Abstract: An improved technique of identifying particular events for alerting within an ENMS involves tagging each incoming event notification as having high priority or normal priority according to a set of rules. Those event notifications tagged as having a normal priority are sent directly to a reporting database, while those tagged as having a high priority are sent directly to an alert evaluation module which is configured to generate an alert as a result of an alert evaluation operation performed on an event notification. In order to comply with reporting requirements, however, the improved technique further involves generating a copy of the event notifications tagged as high priority and sending the copies to the reporting database.Type: GrantFiled: September 27, 2011Date of Patent: September 1, 2015Assignee: EMC CorporationInventor: Biju Kaimal
-
Patent number: 8498995Abstract: Embodiments of the invention relate to a method for retrieving event data. The method includes receiving, by an event management device, an event query requesting event data corresponding to a filtering parameter, the filtering parameter being a non-indexed database parameter of an Internet Protocol database (IPDB). The method includes generating, by the event manager device, a Bloom filter value based upon the filtering parameter included in the event query. The method includes comparing, by the event manager device, the Bloom filter value with a Bloom filter index entry of an index file of the IPDB, the index file corresponding to the requested event data, the Bloom filter index entry indicating existence of the filtering parameter as part of the IPDB and reading, by the event manager device, the entry from the index file database when the Bloom filter value matches the Bloom filter index entry.Type: GrantFiled: March 24, 2011Date of Patent: July 30, 2013Assignee: EMC CorporationInventors: Sandeep Kumar Gond, Biju Kaimal
-
Publication number: 20070049265Abstract: A method and apparatus for local device management. A signing server can generate a local provisioning packet and send the local provisioning packet to a requesting device management server. The device management server can transfer the local provisioning packet to a wireless communication device. The wireless communication device can compare a device identifier to a unique identifier in the wireless communication device and install a bootstrap packet in the wireless communication device if the device identifier matches the unique identifier in the wireless communication device. The wireless communication device may also verify that the packet was signed by the signing server as a condition on installing the bootstrap packet.Type: ApplicationFiled: August 30, 2005Publication date: March 1, 2007Inventors: Biju Kaimal, Richard Chow, Vadim Draluk, Guy Martin
-
Publication number: 20060271796Abstract: A method and system for protecting information in an electronic device (100) is provided. The method includes calculating a MAC value (112) of a meta-file (110). The meta-file comprises file information of at least one file (108) in the electronic device. The method further includes tagging the meta-file with an identifier value (206). The identifier value is the same as a value stored in a secure hardware monotonic counter (204).Type: ApplicationFiled: May 25, 2005Publication date: November 30, 2006Inventors: Biju Kaimal, Richard Chow
-
Publication number: 20060143715Abstract: A method and wireless mobile device invokes (802), under control of at least one of a plurality of applications, such as JAVA applications that run in a plurality of different execution environments, one or more common application interface (API), such as a JSR, that is common for use by the plurality of applications. The method and wireless mobile device also invoke (804) a zone permission check, in response to the invocation of the common API, that determines which execution environment a calling application is in, in response to zone identification data associated with each call in a group of calls in a call stack for the shared API. Once the environment is determined, a security permission check is invoked in a determined execution environment for the calling application to check permissions associated with the calling application.Type: ApplicationFiled: December 28, 2004Publication date: June 29, 2006Applicant: Motorola, Inc.Inventors: Richard Chow, Alice Chu, Sheshadri Iyengar, Biju Kaimal, Dmitri Latypov, Samir Saxena
-
Publication number: 20060143179Abstract: A client device (701) of a communication system (700) includes, for example, a processor (304) programmed to include a device management tree wherein the processor is operative to receive security policy information (1000), such as that associated with a non-server entity, such as an application on the device, for example, and updates the device management tree with the received security policy information (1002). The device management tree is then accessed in response to a security policy access request, such as from a application or other non server entity during runtime of the wireless client device (1004). As such, not only does the device management tree include external security policy subjects, such as server identities, but different internal security policy subjects are also used to configure a device management tree with suitable security policy enforcement information.Type: ApplicationFiled: December 29, 2004Publication date: June 29, 2006Applicant: Motorola, Inc.Inventors: Vadim Draluk, John Bruner, Biju Kaimal, Boris Klots
-
Publication number: 20060136705Abstract: A communication unit (101) includes a transceiver (105) for communication over a communication network (107), and a processor (103). The processor (103) can install software components, including a first software component and a second software component. Responsive to a boot, the processor (103) can verifying the first software component against a first pre-determined value corresponding to at least the first software component; and subsequent to completion of the boot, verify the second software component against a second pre-determined value corresponding to at least the second software component.Type: ApplicationFiled: December 21, 2004Publication date: June 22, 2006Inventors: Biju Kaimal, Wayne Badger, John Bruner, Steve Bunch, Richard Chow, Boris Klots