Patents by Inventor Himanshu Raj
Himanshu Raj has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240137319Abstract: A method and a network for routing data packet in a unified wide area network (WAN) is provided. The method includes encapsulating a data packet by an ingress aggregation router and forwarding the encapsulated data packet to an ingress backbone router. The encapsulated data packet includes a first label. The ingress backbone router selects an optimized traffic engineered tunnel and replaces the first label with the optimized traffic engineered tunnel and forwards the encapsulated data packet along the optimized traffic engineered tunnel.Type: ApplicationFiled: January 25, 2023Publication date: April 25, 2024Inventors: Paul David MATTES, Umesh KRISHNASWAMY, John Michael ABELN, Sonal KOTHARI, Paul-Andre C. BISSONNETTE, Pappula Prabhakar REDDY, Himanshu RAJ
-
Publication number: 20240080255Abstract: A computing device is provided, including a processor that receives a network graph. The processor further receives a specification of a network traffic control heuristic for a network traffic routing problem over the network graph. The processor further constructs a gap maximization problem that has, as a maximization target, a difference between an exact solution to the network traffic routing problem and a heuristic solution generated using the network traffic control heuristic. The processor further generates a Lagrange multiplier formulation of the gap maximization problem. At a convex solver, the processor further computes an estimated maximum gap as an estimated solution to the Lagrange multiplier formulation of the gap maximization problem. The processor further performs a network traffic control action based at least in part on the estimated maximum gap.Type: ApplicationFiled: September 2, 2022Publication date: March 7, 2024Applicant: Microsoft Technology Licensing, LLCInventors: Behnaz ARZANI, Pooria NAMYAR, Ryan Andrew BECKETT, Srikanth KANDULA, Santiago Martin SEGARRA, Himanshu RAJ
-
Publication number: 20240015094Abstract: A system manages network traffic in a distributed system comprising a plurality of network devices. The network devices are divided into a plurality of network slices, each of the network slices including a subset of the network devices such that there is no overlap of network devices between the network slices. Individual network slices are associated with individual slice controllers, and an individual slice controller is configured to manage network routing of an individual network slice. Each of the individual slice controllers route the network traffic within each respective individual network slice. The network traffic is independently routed based on expected network conditions for each respective individual network slice, and data defining routing decisions is contained within each network slice to limit fault effects between the network slices.Type: ApplicationFiled: September 26, 2023Publication date: January 11, 2024Inventors: Umesh KRISHNASWAMY, Rachee SINGH, Nikolaj BJORNER, Himanshu RAJ
-
Patent number: 11811646Abstract: A system manages network traffic in a distributed system comprising a plurality of network devices. The network devices are divided into a plurality of network slices, each of the network slices including a subset of the network devices such that there is no overlap of network devices between the network slices. Individual network slices are associated with individual slice controllers, and an individual slice controller is configured to manage network routing of an individual network slice. Each of the individual slice controllers route the network traffic within each respective individual network slice. The network traffic is independently routed based on expected network conditions for each respective individual network slice, and data defining routing decisions is contained within each network slice to limit fault effects between the network slices.Type: GrantFiled: May 28, 2022Date of Patent: November 7, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Umesh Krishnaswamy, Rachee Singh, Nikolaj Bjorner, Himanshu Raj
-
Publication number: 20230275828Abstract: A system manages network traffic in a distributed system comprising a plurality of network devices. The network devices are divided into a plurality of network slices, each of the network slices including a subset of the network devices such that there is no overlap of network devices between the network slices. Individual network slices are associated with individual slice controllers, and an individual slice controller is configured to manage network routing of an individual network slice. Each of the individual slice controllers route the network traffic within each respective individual network slice. The network traffic is independently routed based on expected network conditions for each respective individual network slice, and data defining routing decisions is contained within each network slice to limit fault effects between the network slices.Type: ApplicationFiled: May 28, 2022Publication date: August 31, 2023Inventors: Umesh KRISHNASWAMY, Rachee SINGH, Nikolaj BJORNER, Himanshu RAJ
-
Patent number: 10693887Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.Type: GrantFiled: July 12, 2016Date of Patent: June 23, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Stefan Saroiu, Alastair Wolman, Himanshu Raj, He Liu
-
Patent number: 10505815Abstract: In one embodiment, a system has host machines forming a cluster. Each host machine runs containers, where each container includes a segment of hardware resources associated with the host machine, a segment of an operating system utilized by the host machine, and at least one application. Host agents operate on the host machines. Each host agent collects operational parameters associated with the containers on each host machine. A management platform is operative to divide the cluster into container pools, where each container pool includes a sub-set of computation resources in the cluster and has associated container pool metrics including a priority level and computation resource limits. Operational parameters are collected from the host agents. The operational parameters are evaluated in accordance with the container pool metrics.Type: GrantFiled: November 8, 2016Date of Patent: December 10, 2019Assignee: Cisco Technology, Inc.Inventors: Pradeep Padala, Selvi Kadirvel, Himanshu Raj, Kiran Kamity, Michael Larkin
-
Patent number: 10496824Abstract: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.Type: GrantFiled: June 24, 2011Date of Patent: December 3, 2019Assignee: Microsoft Licensing Technology, LLCInventors: Himanshu Raj, Nuno Santos, Paul England, Stefan Saroiu, Alastair Wolman
-
Patent number: 10404466Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.Type: GrantFiled: March 15, 2017Date of Patent: September 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Chen Chen
-
Patent number: 10389598Abstract: In one embodiment, a system has host machines forming a cluster. Each host machine runs containers, where each container includes a segment of hardware resources associated with the host machine, a segment of an operating system utilized by the host machine, and at least one application. Host agents operate on the host machines. Each host agent collects operational parameters associated with the containers on each host machine. A management platform is operative to divide the cluster into container pools, where each container pool includes a sub-set of computation resources in the cluster and has associated container pool metrics including a priority level and computation resource limits. Operational parameters are collected from the host agents. The operational parameters are evaluated in accordance with the container pool metrics.Type: GrantFiled: October 27, 2016Date of Patent: August 20, 2019Assignee: Cisco Technology, Inc.Inventors: Pradeep Padala, Selvi Kadirvel, Himanshu Raj, Kiran Kamity
-
Patent number: 10075304Abstract: A multi-gateway virtual machine that operates multiple gateways. Each gateway acts as an interface between a virtual network and entities outside of the virtual network. Each virtual network has its own address space, which may be overlapping with the address space of other virtual networks, even if the gateways of those virtual networks are operating on the same virtual machine. Accordingly, the principles described herein relate to a virtual machine that can operate thereon multiple gateways, and thus to a multi-gateway virtual machine that services multiple virtual networks.Type: GrantFiled: October 30, 2015Date of Patent: September 11, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Parveen Kumar Patel, Yiqun Cai, Himanshu Raj
-
Patent number: 10061718Abstract: Described is a technology by which classes of memory attacks are prevented, including cold boot attacks, DMA attacks, and bus monitoring attacks. In general, secret state such as an AES key and an AES round block are maintained in on-SoC secure storage, such as a cache. Corresponding cache locations are locked to prevent eviction to unsecure storage. AES tables are accessed only in the on-SoC secure storage, to prevent access patterns from being observed. Also described is securely preparing for an interrupt-based context switch during AES round computations and securely resuming from a context switch without needing to repeat any already completed round or round of computations.Type: GrantFiled: June 28, 2012Date of Patent: August 28, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Patrick J. Colp, Himanshu Raj, Stefan Saroiu, Alastair Wolman
-
Publication number: 20170187533Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.Type: ApplicationFiled: March 15, 2017Publication date: June 29, 2017Inventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Chen Chen
-
Patent number: 9686077Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.Type: GrantFiled: February 24, 2015Date of Patent: June 20, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Chen Chen
-
Publication number: 20170126430Abstract: A multi-gateway virtual machine that operates multiple gateways. Each gateway acts as an interface between a virtual network and entities outside of the virtual network. Each virtual network has its own address space, which may be overlapping with the address space of other virtual networks, even if the gateways of those virtual networks are operating on the same virtual machine. Accordingly, the principles described herein relate to a virtual machine that can operate thereon multiple gateways, and thus to a multi-gateway virtual machine that services multiple virtual networks.Type: ApplicationFiled: October 30, 2015Publication date: May 4, 2017Inventors: Parveen Kumar Patel, Yiqun Cai, Himanshu Raj
-
Publication number: 20170126432Abstract: In one embodiment, a system has host machines forming a cluster. Each host machine runs containers, where each container includes a segment of hardware resources associated with the host machine, a segment of an operating system utilized by the host machine, and at least one application. Host agents operate on the host machines. Each host agent collects operational parameters associated with the containers on each host machine. A management platform is operative to divide the cluster into container pools, where each container pool includes a sub-set of computation resources in the cluster and has associated container pool metrics including a priority level and computation resource limits. Operational parameters are collected from the host agents. The operational parameters are evaluated in accordance with the container pool metrics.Type: ApplicationFiled: October 27, 2016Publication date: May 4, 2017Applicant: CISCO TECHNOLOGY, INC.Inventors: Pradeep Padala, Selvi Kadirvel, Himanshu Raj, Kiran Kamity
-
Publication number: 20170126506Abstract: In one embodiment, a system has host machines forming a cluster. Each host machine runs containers, where each container includes a segment of hardware resources associated with the host machine, a segment of an operating system utilized by the host machine, and at least one application. Host agents operate on the host machines. Each host agent collects operational parameters associated with the containers on each host machine. A management platform is operative to divide the cluster into container pools, where each container pool includes a sub-set of computation resources in the cluster and has associated container pool metrics including a priority level and computation resource limits. Operational parameters are collected from the host agents. The operational parameters are evaluated in accordance with the container pool metrics.Type: ApplicationFiled: November 8, 2016Publication date: May 4, 2017Applicant: CISCO TECHNOLOGY, INC.Inventors: Pradeep Padala, Selvi Kadirvel, Himanshu Raj, Kiran Kamity, Michael Larkin
-
Patent number: 9489512Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.Type: GrantFiled: October 30, 2015Date of Patent: November 8, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Stefan Thom, Jeremiah Cox, David Linsley, Magnus Nystrom, Himanshu Raj, David Robinson, Stefan Saroiu, Rob Spiger, Alastair Wolman
-
Publication number: 20160323293Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.Type: ApplicationFiled: July 12, 2016Publication date: November 3, 2016Inventors: Stefan Saroiu, Alastair Wolman, Himanshu Raj, He Liu
-
Patent number: 9477486Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.Type: GrantFiled: August 18, 2014Date of Patent: October 25, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Paul England, Anh M. Nguyen, Shravan Rayanchu