Patents by Inventor Giridharan Sridharan

Giridharan Sridharan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12052247
    Abstract: A system receives an access token generated by a user performing authentication via an authentication device, for example, a smart card. The system obtains a personalized virtual machine assigned to the user. The system exchanges the access token for a temporary certificate having an expiry time. The system provides the temporary certificate that includes verifiable user identity to a personalized virtual machine. The system provides the user with access to the personalized virtual machine. The system allows the user to present verifiable user identity and connect to any of a plurality of systems without requiring the user to authenticate again using the authentication device. After the expiry time of the temporary certificate is exceeded, the system denies subsequent requests from the user to connect to any of the plurality of systems.
    Type: Grant
    Filed: May 9, 2022
    Date of Patent: July 30, 2024
    Assignee: Salesforce, Inc.
    Inventors: Adarsh Khare, Shruthi Chikkanna, Peixuan Jiang, Isaac Westlund, Hideyuki Komaki, Hayk Baluyan, Giridharan Sridharan, Mitchell Brent DiNicola, Ajay Thargan
  • Publication number: 20240155003
    Abstract: A cloud infrastructure performs governance and security control for datacenters on a cloud platform. The system specifies one or more session policies for the plurality of datacenters. A session policy associated with a datacenter specifies a set of access conditions for accessing the entities of the datacenter, and may be generated based at least on the network information in the declarative specification for the datacenter, and network artifacts from provisioning the network resources for the datacenter. Responsive to receiving a request to access an entity of a datacenter from a user, the system obtains credentials for the user and attaches the session policies. Responsive to determining that the credentials are used to access the datacenter from a set of access conditions that match the set of access conditions in the attached session policy, the cloud platform grants access.
    Type: Application
    Filed: November 8, 2022
    Publication date: May 9, 2024
    Inventors: Aman Gulati, Yifan Wang, Giridharan Sridharan, Xuan Tao, Dongming Bi
  • Patent number: 11870860
    Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: January 9, 2024
    Assignee: Salesforce, Inc.
    Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
  • Publication number: 20230362162
    Abstract: A system receives an access token generated by a user performing authentication via an authentication device, for example, a smart card. The system obtains a personalized virtual machine assigned to the user. The system exchanges the access token for a temporary certificate having an expiry time. The system provides the temporary certificate that includes verifiable user identity to a personalized virtual machine. The system provides the user with access to the personalized virtual machine. The system allows the user to present verifiable user identity and connect to any of a plurality of systems without requiring the user to authenticate again using the authentication device. After the expiry time of the temporary certificate is exceeded, the system denies subsequent requests from the user to connect to any of the plurality of systems.
    Type: Application
    Filed: May 9, 2022
    Publication date: November 9, 2023
    Inventors: Adarsh Khare, Shruthi Chikkanna, Peixuan Jiang, Isaac Westlund, Hideyuki Komaki, Hayk Baluyan, Giridharan Sridharan, Mitchell Brent DiNicola, Ajay Thargan
  • Publication number: 20230171243
    Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.
    Type: Application
    Filed: November 29, 2021
    Publication date: June 1, 2023
    Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan
  • Publication number: 20230171323
    Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.
    Type: Application
    Filed: August 24, 2022
    Publication date: June 1, 2023
    Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
  • Patent number: 11463544
    Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: October 4, 2022
    Assignee: Salesforce.com, Inc.
    Inventors: Prasad Peddada, Sriram Shankarlal, Giridharan Sridharan, Nirav K. Butala
  • Patent number: 11392419
    Abstract: Examples include a system and computer-implemented method to create a cloud native workload identity (CNWI) and assign the CNWI to an instance of a workload to be instantiated in a cloud computing environment of a cloud service provider (CSP); translate the CNWI into a cloud agnostic workload identity (CAWI) and assign the CAWI to the workload instance; and use the CAWI by the workload instance to communicate with other workloads in the same or a different CSP.
    Type: Grant
    Filed: July 16, 2020
    Date of Patent: July 19, 2022
    Assignee: salesforce.com, Inc.
    Inventors: Giridharan Sridharan, Sridhar Dutta, Aman Gulati, Fiaz Hossain, Vishal Agarwal, Gage David Laufenberg
  • Publication number: 20220019478
    Abstract: Examples include a system and computer-implemented method to create a cloud native workload identity (CNWI) and assign the CNWI to an instance of a workload to be instantiated in a cloud computing environment of a cloud service provider (CSP); translate the CNWI into a cloud agnostic workload identity (CAWI) and assign the CAWI to the workload instance; and use the CAWI by the workload instance to communicate with other workloads in the same or a different CSP.
    Type: Application
    Filed: July 16, 2020
    Publication date: January 20, 2022
    Inventors: Giridharan Sridharan, Sridhar Dutta, Aman Gulati, Fiaz Hossain, Vishal Agarwal, Gage David Laufenberg
  • Patent number: 10268816
    Abstract: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: April 23, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Md. Nazmus Sakib, Yogesh Mehta, Kinshumann Kinshumann, Vishal Agarwal, Giridharan Sridharan, Arnold Paul Pereira, Deskin Miller, Narendra Acharya
  • Patent number: 10205786
    Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: February 12, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
  • Publication number: 20170310759
    Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.
    Type: Application
    Filed: April 22, 2016
    Publication date: October 26, 2017
    Inventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
  • Publication number: 20170286664
    Abstract: A system for changing policy information of a process is provided. When a process is to execute, the system stores policy information for the process in association with the process code. The system also creates a token for the process. The token provides evidence of the policy for the process and includes at least a reference to the stored policy information. The system provides the token to the process for use by the process as evidence of the policy for the process. When the process provides the token to a service provider, the service provider uses the reference to access the policy information for the process. While the process is executing, the system modifies the stored policy information. When the process subsequently provides the token to a service provider, the service provider uses the reference to access the modified policy information for the process.
    Type: Application
    Filed: March 31, 2016
    Publication date: October 5, 2017
    Inventors: Nazmus Sakib, Yogesh Mehta, Kinshumann Kinshumann, Vishal Agarwal, Giridharan Sridharan, Arnold Paul Pereira, Deskin Miller, Narendra Acharya
  • Patent number: 9515832
    Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.
    Type: Grant
    Filed: June 24, 2013
    Date of Patent: December 6, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
  • Publication number: 20140380058
    Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.
    Type: Application
    Filed: June 24, 2013
    Publication date: December 25, 2014
    Inventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan