Patents by Inventor George Mathew Koikara
George Mathew Koikara has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240022555Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.Type: ApplicationFiled: July 18, 2022Publication date: January 18, 2024Inventors: George Mathew Koikara, Pruthvi Panyam Nataraj, Naveen Gujje, Sujith RS, Pranav Balakumar
-
Patent number: 11646995Abstract: This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.Type: GrantFiled: December 11, 2019Date of Patent: May 9, 2023Assignee: Cisco Technology, Inc.Inventors: Cynthia Leonard, George Mathew Koikara, Kaushal Bhandankar, Prajwal Srinivas Sreenath
-
Publication number: 20230093942Abstract: Techniques are described for providing data such as, for example, keys, connection identifiers, and hashes to network devices using a secure database in order to facilitate client devices remaining connected or reconnecting with network sites when the client device moves among networks and to prevent replay attacks. For example, a method may include receiving, by a network device of a first network, encrypted traffic destined for a network site via the first network from a client device. The method may also include retrieving, by the network device from a database, data related to a previously established connection via a second network of the client device to the network site. In configurations, the data is received by the database from a proxy on the client device. The method may further include based at least in part on the data, passing, by the network device, the encrypted traffic to the network site.Type: ApplicationFiled: September 24, 2021Publication date: March 30, 2023Inventors: George Mathew Koikara, Apoorv Raj, Shibin Kandacheri Veedu
-
Patent number: 11362987Abstract: A system includes a virtual private network (VPN) gateway and a client device. The VPN gateway receives a domain name system response through a physical coding sublayer. The VPN gateway fetches a fully qualified domain name corresponding to the domain name system response, and fetches one or more access control list rules from an access control list table for a specific user account. The VPN gateway installs an Internet protocol (IP) address in the access control list table for each access control list rule and handles requested data traffic to the IP address. The client device creates a virtual tunnel interface route with a port of a transmission control protocol (TCP) listener device and parses the domain name system response. The client device updates a domain name system cache with the fully qualified domain name and the IP address and sends unencrypted network traffic over the virtual tunnel interface route.Type: GrantFiled: August 7, 2020Date of Patent: June 14, 2022Assignee: Pulse Secure, LLCInventors: Shanavas Kottikal Saidumuhamed, Prabhath Thankappan, John Alappattu Varudunny, George Mathew Koikara
-
Publication number: 20210185006Abstract: This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.Type: ApplicationFiled: December 11, 2019Publication date: June 17, 2021Inventors: Cynthia Leonard, George Mathew Koikara, Kaushal Bhandankar, Prajwal Srinivas Sreenath
-
Publication number: 20200366639Abstract: A system includes a virtual private network (VPN) gateway and a client device. The VPN gateway receives a domain name system response through a physical coding sublayer. The VPN gateway fetches a fully qualified domain name corresponding to the domain name system response, and fetches one or more access control list rules from an access control list table for a specific user account. The VPN gateway installs an Internet protocol (IP) address in the access control list table for each access control list rule and handles requested data traffic to the IP address. The client device creates a virtual tunnel interface route with a port of a transmission control protocol (TCP) listener device and parses the domain name system response. The client device updates a domain name system cache with the fully qualified domain name and the IP address and sends unencrypted network traffic over the virtual tunnel interface route.Type: ApplicationFiled: August 7, 2020Publication date: November 19, 2020Inventors: Shanavas Kottikal Saidumuhamed, Prabhath Thankappan, John Alappattu Varudunny, George Mathew Koikara
-
Patent number: 8832389Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.Type: GrantFiled: January 14, 2011Date of Patent: September 9, 2014Assignee: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Patent number: 8631123Abstract: When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.Type: GrantFiled: January 14, 2011Date of Patent: January 14, 2014Assignee: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Patent number: 8595821Abstract: Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.Type: GrantFiled: January 14, 2011Date of Patent: November 26, 2013Assignee: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Patent number: 8429191Abstract: Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.Type: GrantFiled: January 14, 2011Date of Patent: April 23, 2013Assignee: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Publication number: 20120185510Abstract: Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.Type: ApplicationFiled: January 14, 2011Publication date: July 19, 2012Applicant: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Publication number: 20120185661Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.Type: ApplicationFiled: January 14, 2011Publication date: July 19, 2012Applicant: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Publication number: 20120185930Abstract: Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.Type: ApplicationFiled: January 14, 2011Publication date: July 19, 2012Applicant: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyan Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Publication number: 20120185581Abstract: When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.Type: ApplicationFiled: January 14, 2011Publication date: July 19, 2012Applicant: International Business Machines CorporationInventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
-
Patent number: 8136147Abstract: A computer implemented method, apparatus, and computer program product for managing privileges on a data processing system. The process initiates a privilege monitor. All other entities in the data processing system are prevented from assigning privileges. The privilege monitor is the only entity authorized to assign privileges. The process monitors for requests for privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor.Type: GrantFiled: April 16, 2007Date of Patent: March 13, 2012Assignee: International Business Machines CorporationInventors: George Mathew Koikara, Vidya Ranganathan
-
Patent number: 7908476Abstract: A computer implemented method, apparatus, and computer program product for using a virtual file system to encrypt files. The process registers a plurality of file systems on a data processing system with the virtual file system. The virtual file system is enabled to encrypt files without intervention from any file system in the plurality of file systems. The virtual file system identifies whether a file on a given file system is an encrypted file using a map file associated with the given file system. In response to identifying the file as an encrypted file, the virtual file system encrypts all data written to the file in accordance with encryption specifications in the map file.Type: GrantFiled: January 10, 2007Date of Patent: March 15, 2011Assignee: International Business Machines CorporationInventors: Madhusudanan Kandasamy, George Mathew Koikara, Pruthvi Panyam Nataraj, Vidya Ranganathan
-
Publication number: 20080256606Abstract: A computer implemented method, apparatus, and computer program product for managing privileges on a data processing system. The process initiates a privilege monitor. All other entities in the data processing system are prevented from assigning privileges. The privilege monitor is the only entity authorized to assign privileges. The process monitors for requests for privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor.Type: ApplicationFiled: April 16, 2007Publication date: October 16, 2008Inventors: George Mathew Koikara, Vidya Ranganathan
-
Publication number: 20080165957Abstract: A computer implemented method, apparatus, and computer program product for using a virtual file system to encrypt files. The process registers a plurality of file systems on a data processing system with the virtual file system. The virtual file system is enabled to encrypt files without intervention from any file system in the plurality of file systems. The virtual file system identifies whether a file on a given file system is an encrypted file using a map file associated with the given file system. In response to identifying the file as an encrypted file, the virtual file system encrypts all data written to the file in accordance with encryption specifications in the map file.Type: ApplicationFiled: January 10, 2007Publication date: July 10, 2008Inventors: Madhusudanan Kandasamy, George Mathew Koikara, Pruthvi Panyam Nataraj, Vidya Ranganathan