Patents by Inventor Giridharan Sridharan
Giridharan Sridharan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12052247Abstract: A system receives an access token generated by a user performing authentication via an authentication device, for example, a smart card. The system obtains a personalized virtual machine assigned to the user. The system exchanges the access token for a temporary certificate having an expiry time. The system provides the temporary certificate that includes verifiable user identity to a personalized virtual machine. The system provides the user with access to the personalized virtual machine. The system allows the user to present verifiable user identity and connect to any of a plurality of systems without requiring the user to authenticate again using the authentication device. After the expiry time of the temporary certificate is exceeded, the system denies subsequent requests from the user to connect to any of the plurality of systems.Type: GrantFiled: May 9, 2022Date of Patent: July 30, 2024Assignee: Salesforce, Inc.Inventors: Adarsh Khare, Shruthi Chikkanna, Peixuan Jiang, Isaac Westlund, Hideyuki Komaki, Hayk Baluyan, Giridharan Sridharan, Mitchell Brent DiNicola, Ajay Thargan
-
Publication number: 20240155003Abstract: A cloud infrastructure performs governance and security control for datacenters on a cloud platform. The system specifies one or more session policies for the plurality of datacenters. A session policy associated with a datacenter specifies a set of access conditions for accessing the entities of the datacenter, and may be generated based at least on the network information in the declarative specification for the datacenter, and network artifacts from provisioning the network resources for the datacenter. Responsive to receiving a request to access an entity of a datacenter from a user, the system obtains credentials for the user and attaches the session policies. Responsive to determining that the credentials are used to access the datacenter from a set of access conditions that match the set of access conditions in the attached session policy, the cloud platform grants access.Type: ApplicationFiled: November 8, 2022Publication date: May 9, 2024Inventors: Aman Gulati, Yifan Wang, Giridharan Sridharan, Xuan Tao, Dongming Bi
-
Patent number: 11870860Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.Type: GrantFiled: August 24, 2022Date of Patent: January 9, 2024Assignee: Salesforce, Inc.Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
-
Publication number: 20230362162Abstract: A system receives an access token generated by a user performing authentication via an authentication device, for example, a smart card. The system obtains a personalized virtual machine assigned to the user. The system exchanges the access token for a temporary certificate having an expiry time. The system provides the temporary certificate that includes verifiable user identity to a personalized virtual machine. The system provides the user with access to the personalized virtual machine. The system allows the user to present verifiable user identity and connect to any of a plurality of systems without requiring the user to authenticate again using the authentication device. After the expiry time of the temporary certificate is exceeded, the system denies subsequent requests from the user to connect to any of the plurality of systems.Type: ApplicationFiled: May 9, 2022Publication date: November 9, 2023Inventors: Adarsh Khare, Shruthi Chikkanna, Peixuan Jiang, Isaac Westlund, Hideyuki Komaki, Hayk Baluyan, Giridharan Sridharan, Mitchell Brent DiNicola, Ajay Thargan
-
Publication number: 20230171243Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.Type: ApplicationFiled: November 29, 2021Publication date: June 1, 2023Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan
-
Publication number: 20230171323Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.Type: ApplicationFiled: August 24, 2022Publication date: June 1, 2023Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
-
Patent number: 11463544Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.Type: GrantFiled: November 29, 2021Date of Patent: October 4, 2022Assignee: Salesforce.com, Inc.Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
-
Patent number: 11392419Abstract: Examples include a system and computer-implemented method to create a cloud native workload identity (CNWI) and assign the CNWI to an instance of a workload to be instantiated in a cloud computing environment of a cloud service provider (CSP); translate the CNWI into a cloud agnostic workload identity (CAWI) and assign the CAWI to the workload instance; and use the CAWI by the workload instance to communicate with other workloads in the same or a different CSP.Type: GrantFiled: July 16, 2020Date of Patent: July 19, 2022Assignee: salesforce.com, Inc.Inventors: Giridharan Sridharan, Sridhar Dutta, Aman Gulati, Fiaz Hossain, Vishal Agarwal, Gage David Laufenberg
-
Publication number: 20220019478Abstract: Examples include a system and computer-implemented method to create a cloud native workload identity (CNWI) and assign the CNWI to an instance of a workload to be instantiated in a cloud computing environment of a cloud service provider (CSP); translate the CNWI into a cloud agnostic workload identity (CAWI) and assign the CAWI to the workload instance; and use the CAWI by the workload instance to communicate with other workloads in the same or a different CSP.Type: ApplicationFiled: July 16, 2020Publication date: January 20, 2022Inventors: Giridharan Sridharan, Sridhar Dutta, Aman Gulati, Fiaz Hossain, Vishal Agarwal, Gage David Laufenberg
-
Patent number: 10268816Abstract: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.Type: GrantFiled: March 31, 2016Date of Patent: April 23, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Md. Nazmus Sakib, Yogesh Mehta, Kinshumann Kinshumann, Vishal Agarwal, Giridharan Sridharan, Arnold Paul Pereira, Deskin Miller, Narendra Acharya
-
Patent number: 10205786Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.Type: GrantFiled: April 22, 2016Date of Patent: February 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
-
Publication number: 20170310759Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.Type: ApplicationFiled: April 22, 2016Publication date: October 26, 2017Inventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
-
Publication number: 20170286664Abstract: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventors: Nazmus Sakib, Yogesh Mehta, Kinshumann Kinshumann, Vishal Agarwal, Giridharan Sridharan, Arnold Paul Pereira, Deskin Miller, Narendra Acharya
-
Patent number: 9515832Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: GrantFiled: June 24, 2013Date of Patent: December 6, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
-
Publication number: 20140380058Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: ApplicationFiled: June 24, 2013Publication date: December 25, 2014Inventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan