Patents by Inventor Deepak Khajuria
Deepak Khajuria has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11334526Abstract: Methods, systems and computer program products for content management and collaboration systems. Embodiments address handling remotely-stored preformatted previews of remotely stored content objects for display on a user device without having to store a local copy of the remotely stored content objects to the user device. A user operates a content object viewer that is provided as part of the operating system running on the user device. As provided, the content object viewer includes a graphical user interface for accessing files of the operating system. Using the graphical user interface capabilities of the content object viewer, the user selects a particular one of the remotely stored content objects. Upon such selection, the content object viewer displays a preview of the particular one of the remotely stored content objects without having to have a local copy of the particular one of the remotely stored content objects at the user device.Type: GrantFiled: December 21, 2018Date of Patent: May 17, 2022Assignee: Box, Inc.Inventors: Deepak Khajuria, Jeremy Spiegel
-
Patent number: 10911539Abstract: Methods, systems and computer program products for managing shared content directory structure metadata stored on client devices. A method embodiment includes identifying a collaboration system that stores one or more content objects that are organized in accordance with a directory structure. Requests pertaining to the content objects are raised by processing entities running on the client device. The requests include instructions to retrieve one or more of multiple types of metadata associated with the directory elements that constitute the directory structure. Based on timing and patterns of requests pertaining to the content objects, a monitoring function detects unwanted runaway retrieval by a runaway process. To prevent further unwanted runaway retrieval of the metadata, the runaway process is blocked from continuing its pattern of unwanted (runaway) retrieval. The collaboration system is notified of characteristics of the runaway process.Type: GrantFiled: January 8, 2019Date of Patent: February 2, 2021Assignee: Box, Inc.Inventors: Advait D. Karande, Alok Ojha, Deepak Khajuria
-
Publication number: 20200220928Abstract: Methods, systems and computer program products for managing shared content directory structure metadata stored on client devices. A method embodiment includes identifying a collaboration system that stores one or more content objects that are organized in accordance with a directory structure. Requests pertaining to the content objects are raised by processing entities running on the client device. The requests include instructions to retrieve one or more of multiple types of metadata associated with the directory elements that constitute the directory structure. Based on timing and patterns of requests pertaining to the content objects, a monitoring function detects unwanted runaway retrieval by a runaway process. To prevent further unwanted runaway retrieval of the metadata, the runaway process is blocked from continuing its pattern of unwanted (runaway) retrieval. The collaboration system is notified of characteristics of the runaway process.Type: ApplicationFiled: January 8, 2019Publication date: July 9, 2020Applicant: Box, Inc.Inventors: Advait D. Karande, Alok Ojha, Deepak Khajuria
-
Publication number: 20200201818Abstract: Methods, systems and computer program products for content management and collaboration systems. Embodiments address handling remotely-stored preformatted previews of remotely stored content objects for display on a user device without having to store a local copy of the remotely stored content objects to the user device. A user operates a content object viewer that is provided as part of the operating system running on the user device. As provided, the content object viewer includes a graphical user interface for accessing files of the operating system. Using the graphical user interface capabilities of the content object viewer, the user selects a particular one of the remotely stored content objects. Upon such selection, the content object viewer displays a preview of the particular one of the remotely stored content objects without having to have a local copy of the particular one of the remotely stored content objects at the user device.Type: ApplicationFiled: December 21, 2018Publication date: June 25, 2020Applicant: Box, Inc.Inventors: Deepak Khajuria, Jeremy Spiegel
-
Patent number: 9923926Abstract: Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.Type: GrantFiled: September 24, 2015Date of Patent: March 20, 2018Assignee: Bromium, Inc.Inventors: Gaurav Banga, Sergei Vorobiev, Deepak Khajuria, Vikram Kapoor, Ian Pratt, Simon Crosby
-
Patent number: 9921860Abstract: Approaches for launching an application within a virtual machine. In response to receiving a request to launch an application, a device instantiates, without human intervention and based on a policy, a virtual machine in which the application is to be launched. The policy determines which resources of a device, such as a mobile device or computer system, are accessible to the virtual machine. The policy may, but need not, determine whether the virtual machine has access to a type of resource which obligates the user of the device to make a monetary payment for the user of the resource.Type: GrantFiled: September 26, 2013Date of Patent: March 20, 2018Assignee: Bromium, Inc.Inventors: Gaurav Banga, Sergei Vorobiev, Deepak Khajuria, Vikram Kapoor, Ian Pratt, Simon Crosby, Adrian Taylor
-
Patent number: 9448898Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: GrantFiled: July 11, 2013Date of Patent: September 20, 2016Assignee: Ongoing Operations LLCInventors: Matt Ocko, George Tuma, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das, Manish Kalia
-
Patent number: 9384022Abstract: Approaches for rendering a file within a display mode. A guest module, executing within a virtual machine, determines that a process executing within the virtual machine is requesting to display a file. The guest module sends a request to display the file to a host module which executes within a host operating system. After the host module receives the request, the host module determines whether a user initiated the display of the file. Upon the host module determining that the file is permitted to be displayed, the host module determines a particular display mode for the file. Thereafter, the host module causes the file to be displayed in the particular display mode. Files may be automatically displayed in a configurable display mode in a secure manner.Type: GrantFiled: July 18, 2013Date of Patent: July 5, 2016Assignee: Bromium, Inc.Inventors: Vikram Kapoor, Deepak Khajuria
-
Patent number: 9348636Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.Type: GrantFiled: September 5, 2014Date of Patent: May 24, 2016Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
-
Patent number: 9349008Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print or digitally transfer at least a portion of the digital file, the virtual machine converts at least a portion of the digital file from an original format to a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print or digitally transfer the portion of the digital file. The host OS may consult policy data in determining how to service the instruction to print or digitally transfer the digital file.Type: GrantFiled: May 2, 2014Date of Patent: May 24, 2016Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Gaurav Banga, Vikram Kapoor, Ian Pratt, Vivek Srivastava
-
Patent number: 9245108Abstract: Approaches for an operating system to ascertain whether files stored its file system have been deemed trustworthy. When an operating system receives a request to perform an operation involving a file that is stored within the file system maintained by the operating system, the operating system requests the file from a driver. In turn, the driver consults a set of trust data to identify whether the file has been previously deemed trustworthy. Upon the driver determining that the file has been deemed trustworthy, the driver provides the file to the operating system in a first format. On the other hand, upon the driver determining that the file has not been deemed trustworthy, the driver provides the file to the operating system in a second format that is different than the first format. Advantageously, the file is stored in a single format in the file system.Type: GrantFiled: July 8, 2014Date of Patent: January 26, 2016Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Mahesh Pisal, Krzysztof Uchronski, Vikram Kapoor, Ian Pratt, Gaurav Banga
-
Patent number: 9104837Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.Type: GrantFiled: June 18, 2012Date of Patent: August 11, 2015Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Gaurav Banga, Ian Pratt, Vikram Kapoor
-
Publication number: 20140380315Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.Type: ApplicationFiled: September 5, 2014Publication date: December 25, 2014Inventors: Deepak Khajuria, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
-
Patent number: 8839245Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.Type: GrantFiled: June 18, 2012Date of Patent: September 16, 2014Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Kiran Bondalapati, Vikram Kapoor, Gaurav Banga, Ian Pratt
-
Patent number: 8719933Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print, fax, or email the digital file, the virtual machine creates, from the digital file existing in an original format, a copy of the digital file in a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print the copy of the digital file, send a facsimile of the copy of the digital file, or email the copy of the digital file. The host OS may consult policy data in determining how to carry out the request vis-à-vis the digital file.Type: GrantFiled: June 19, 2012Date of Patent: May 6, 2014Assignee: Bromium, Inc.Inventors: Deepak Khajuria, Gaurav Banga, Vikram Kapoor, Ian Pratt
-
Publication number: 20130305085Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: ApplicationFiled: July 11, 2013Publication date: November 14, 2013Inventors: Matt Ocko, George Tuma, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das, Manish Kalia
-
Patent number: 8504676Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: GrantFiled: June 22, 2012Date of Patent: August 6, 2013Assignee: Ongoing Operations LLCInventors: Matt Ocko, George Tuma, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das, Manish Kalia
-
Publication number: 20120266234Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: ApplicationFiled: June 22, 2012Publication date: October 18, 2012Inventors: Matt Ocko, George Tuma, Manish Kalia, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das
-
Patent number: 8224943Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: GrantFiled: March 28, 2008Date of Patent: July 17, 2012Assignee: Ongoing Operations LLCInventors: Matt Ocko, George Tuma, Manish Kalia, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das
-
Publication number: 20090083399Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.Type: ApplicationFiled: March 28, 2008Publication date: March 26, 2009Applicant: Teneros, Inc.Inventors: Matt Ocko, George Tuma, Manish Kalia, Sandeep Sukhija, John Purrier, Rajesh Gupta, Deepak Khajuria, Saumitra Das