Patents by Inventor Greig W. Bannister
Greig W. Bannister has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11805107Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.Type: GrantFiled: April 8, 2020Date of Patent: October 31, 2023Assignee: Nubeva, Inc.Inventors: Greig W. Bannister, Randy Yen-pang Chou
-
Patent number: 11494484Abstract: The disclosed embodiments disclose techniques for leveraging instrumentation capabilities to enable monitoring services. During operation, an operating system kernel is instrumented to associate a sub-program with a target operation. Upon receiving a request from an application to perform the target operation, the operating system kernel executes the sub-program with kernel privileges in the process context of the application. The sub-program analyzes the memory space associated with the application to extract a desired data value. This extracted data value is returned to at least one of a specified target process or target location.Type: GrantFiled: February 19, 2020Date of Patent: November 8, 2022Assignee: Nubeva, Inc.Inventors: Greig W. Bannister, Randy Yen-pang Chou
-
Publication number: 20200236093Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.Type: ApplicationFiled: April 8, 2020Publication date: July 23, 2020Applicant: Nubeva, Inc.Inventors: Greig W. Bannister, Randy Yen-pang Chou
-
Publication number: 20200193017Abstract: The disclosed embodiments disclose techniques for leveraging instrumentation capabilities to enable monitoring services. During operation, an operating system kernel is instrumented to associate a sub-program with a target operation. Upon receiving a request from an application to perform the target operation, the operating system kernel executes the sub-program with kernel privileges in the process context of the application. The sub-program analyzes the memory space associated with the application to extract a desired data value. This extracted data value is returned to at least one of a specified target process or target location.Type: ApplicationFiled: February 19, 2020Publication date: June 18, 2020Applicant: Nubeva, Inc.Inventors: Greig W. Bannister, Randy Yen-pang Chou
-
Patent number: 10608995Abstract: The disclosed embodiments disclose techniques for optimizing data transfer costs for cloud-based security services. During operation, an intermediary computing device receives a network request from a client located in a remote enterprise location that is sending the network request to a distinct, untrusted remote site (e.g., a site separate from the distinct locations of the remote enterprise, the cloud data center, and the intermediary computing device). The intermediary computing device caches a set of data associated with the network request while forwarding the set of data to the cloud-based security service for analysis. Upon receiving a confirmation from the cloud-based security service that the set of data has been analyzed and is permitted to be transmitted to the specified destination, the intermediary computing device forwards the cached set of data to the specified destination.Type: GrantFiled: December 14, 2017Date of Patent: March 31, 2020Assignee: Nubeva, Inc.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Patent number: 10530815Abstract: The disclosed embodiments disclose techniques for seamlessly updating a cloud-based security service. A dispatcher virtual machine (VM) executing in a cloud data center receives network requests sent from clients located in a remote enterprise location to untrusted remote sites, and routes this network traffic through a chain of security service VMs that analyze the network traffic. During operation, the dispatcher VM determines that an existing security service VM in the chain needs to be upgraded to an updated version, and instantiates an updated chain of security service VMs that includes this updated version. The dispatcher VM then seamlessly transfers the flow of network traffic from the initial chain to the updated chain to seamlessly update the cloud-based security service without interruption. Upon determining that the updated version is operating correctly, the dispatcher VM halts and deallocates the previous version and any other unneeded portions of the initial chain.Type: GrantFiled: December 14, 2017Date of Patent: January 7, 2020Assignee: Nubeva, Inc.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Patent number: 10419394Abstract: The disclosed embodiments disclose techniques for providing a cloud-based security service. During operation, a dispatcher virtual machine (VM) executing in a cloud data center receives a network request from a remote enterprise client. The dispatcher VM executes multiple docker containers, including a set of ingress docker containers that decode the request and then forward it to a session router docker container that in turn forwards the request to a set of security service VMs. After these security service VMs have analyzed the contents of the request and determined that the request is valid and permitted, a SNAT docker container then sends the request out to an untrusted network to be serviced.Type: GrantFiled: October 24, 2017Date of Patent: September 17, 2019Assignee: NUBEVA, INC.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Patent number: 9986033Abstract: The disclosed embodiments disclose techniques for facilitating access to a remote cloud service via a cloud controller for a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller detects a request from a co-located client to access a network address that is in the same subnet of their local network. The cloud controller determines that the network address is associated with the remote cloud service (which executes in a cloud storage environment) and forwards the request to the remote cloud service.Type: GrantFiled: March 17, 2015Date of Patent: May 29, 2018Assignee: Panzura, Inc.Inventors: Greig W. Bannister, John Richard Taylor
-
Publication number: 20180115514Abstract: The disclosed embodiments disclose techniques for providing a cloud-based security service. During operation, a dispatcher virtual machine (VM) executing in a cloud data center receives a network request from a remote enterprise client. The dispatcher VM executes multiple docker containers, including a set of ingress docker containers that decode the request and then forward it to a session router docker container that in turn forwards the request to a set of security service VMs. After these security service VMs have analyzed the contents of the request and determined that the request is valid and permitted, a SNAT docker container then sends the request out to an untrusted network to be serviced.Type: ApplicationFiled: October 24, 2017Publication date: April 26, 2018Applicant: Nubeva, Inc.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Publication number: 20180115525Abstract: The disclosed embodiments disclose techniques for optimizing data transfer costs for cloud-based security services. During operation, an intermediary computing device receives a network request from a client located in a remote enterprise location that is sending the network request to a distinct, untrusted remote site (e.g., a site separate from the distinct locations of the remote enterprise, the cloud data center, and the intermediary computing device). The intermediary computing device caches a set of data associated with the network request while forwarding the set of data to the cloud-based security service for analysis. Upon receiving a confirmation from the cloud-based security service that the set of data has been analyzed and is permitted to be transmitted to the specified destination, the intermediary computing device forwards the cached set of data to the specified destination.Type: ApplicationFiled: December 14, 2017Publication date: April 26, 2018Applicant: Nubeva, Inc.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Publication number: 20180115586Abstract: The disclosed embodiments disclose techniques for seamlessly updating a cloud-based security service. A dispatcher virtual machine (VM) executing in a cloud data center receives network requests sent from clients located in a remote enterprise location to untrusted remote sites, and routes this network traffic through a chain of security service VMs that analyze the network traffic. During operation, the dispatcher VM determines that an existing security service VM in the chain needs to be upgraded to an updated version, and instantiates an updated chain of security service VMs that includes this updated version. The dispatcher VM then seamlessly transfers the flow of network traffic from the initial chain to the updated chain to seamlessly update the cloud-based security service without interruption. Upon determining that the updated version is operating correctly, the dispatcher VM halts and deallocates the previous version and any other unneeded portions of the initial chain.Type: ApplicationFiled: December 14, 2017Publication date: April 26, 2018Applicant: Nubeva, Inc.Inventors: Randy Yen-pang Chou, Greig W. Bannister
-
Publication number: 20160277497Abstract: The disclosed embodiments disclose techniques for facilitating access to a remote cloud service via a cloud controller for a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller detects a request from a co-located client to access a network address that is in the same subnet of their local network. The cloud controller determines that the network address is associated with the remote cloud service (which executes in a cloud storage environment) and forwards the request to the remote cloud service.Type: ApplicationFiled: March 17, 2015Publication date: September 22, 2016Applicant: Panzura, Inc.Inventors: Greig W. Bannister, John Richard Taylor