Patents by Inventor Jingmin Zhou
Jingmin Zhou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11954005Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.Type: GrantFiled: May 11, 2023Date of Patent: April 9, 2024Assignee: VMware LLCInventors: Jingmin Zhou, Subrahmanyam Manuguri, Jayant Jain, Anirban Sengupta
-
Patent number: 11848946Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.Type: GrantFiled: December 26, 2022Date of Patent: December 19, 2023Assignee: VMWARE, INC.Inventors: Jayant Jain, Jingmin Zhou, Sushruth Gopal, Anirban Sengupta, Sirisha Myneni
-
Publication number: 20230281096Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.Type: ApplicationFiled: May 11, 2023Publication date: September 7, 2023Applicant: VMware, Inc.Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Jayant Jain, Anirban Sengupta
-
Patent number: 11750481Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: GrantFiled: February 21, 2022Date of Patent: September 5, 2023Assignee: NICIRA, INC.Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Publication number: 20230185630Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.Type: ApplicationFiled: February 6, 2023Publication date: June 15, 2023Applicants: Nicira, Inc., Nicira, Inc.Inventors: Xin Qi, Fenil Kavathia, Chidambareswaran Raman, Shadab Shah, Raju Koganty, Jingmin Zhou
-
Patent number: 11671319Abstract: The technology disclosed herein enables a data plane of a packet handler in a host to be changed while minimizing disruption to the operation of guests that are associated therewith. In a particular embodiment, the method provides, in a control plane of the packet handler, extracting state information about states of the data plane and pausing network traffic to the data plane. After pausing the network traffic to the data plane, the method provides applying changes to components of the data plane. After applying changes to the components of the data plane, the method provides restoring the states to the data plane using the state information and resuming the network traffic to the data plane.Type: GrantFiled: August 19, 2020Date of Patent: June 6, 2023Assignee: Nicira, Inc.Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Anirban Sengupta
-
Patent number: 11663105Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.Type: GrantFiled: September 12, 2019Date of Patent: May 30, 2023Assignee: VMWARE, INC.Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Jayant Jain, Anirban Sengupta
-
Publication number: 20230131464Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.Type: ApplicationFiled: December 26, 2022Publication date: April 27, 2023Inventors: Jayant Jain, Jingmin Zhou, Sushruth Gopal, Anirban Sengupta, Sirisha Myneni
-
Patent number: 11573840Abstract: Some embodiments provide a method for clustering a set of data compute nodes (DCNs), which communicate with each other more frequently, on one or more host machines. The method groups together guest DCNs (GDCNs) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. The more frequently-communicating GDCNs can be a set of GDCNs that implement a distributed application, GDCNs of a particular tier in a multi-tier network architecture (e.g., a web tier in a three-tier architecture), GDCNs that are dedicated to a particular tenant in a hosting system, or any other set of GDCNs that exchange data among each other regularly for a particular purpose.Type: GrantFiled: July 21, 2020Date of Patent: February 7, 2023Assignee: NICIRA, INC.Inventors: Xin Qi, Fenil Kavathia, Chidambareswaran Raman, Shadab Shah, Raju Koganty, Jingmin Zhou
-
Patent number: 11539718Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.Type: GrantFiled: January 10, 2020Date of Patent: December 27, 2022Assignee: VMWARE, INC.Inventors: Jayant Jain, Jingmin Zhou, Sushruth Gopal, Anirban Sengupta, Sirisha Myneni
-
Publication number: 20220239635Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.Type: ApplicationFiled: April 18, 2022Publication date: July 28, 2022Inventors: Jingmin Zhou, David Lorenzo, Subrahmanyam Manuguri, Anirban Sengupta
-
Publication number: 20220173985Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: ApplicationFiled: February 21, 2022Publication date: June 2, 2022Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Publication number: 20220119843Abstract: Disclosed herein are compositions comprising recombinant adeno-associated virus (rAAV), as well as recombinant baculovirus systems and methods of using the same for producing and purifying such compositions. Also disclosed herein are assays for testing the titer and potency of such compositions.Type: ApplicationFiled: October 15, 2021Publication date: April 21, 2022Inventors: YONG DAI, Jingmin ZHOU, Garrett DANIELS, Jonathan CHAN, Jorge HALLER, Stuart NELSON
-
Patent number: 11310202Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.Type: GrantFiled: March 13, 2019Date of Patent: April 19, 2022Assignee: VMWARE, INC.Inventors: Jingmin Zhou, David Lorenzo, Subrahmanyam Manuguri, Anirban Sengupta
-
Patent number: 11258681Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: GrantFiled: September 25, 2017Date of Patent: February 22, 2022Assignee: NICIRA, INC.Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Publication number: 20220025396Abstract: Disclosed herein are packaging cell lines, in which adenovirus (Ad) E1A is constitutively expressed, that also contain integrated AAV rep and cap genes. The packaging cell lines exhibit little to no expressed Rep protein until helper virus function, such as adenovirus (Ad) E4, E2A and/or VA RNA are provided by, for example, transduction of the cells with a virus, vector or plasmid, such as an Ad-AAV hybrid virus. The promoter driving expression of AAV rep gene can be positioned far enough upstream (5?) of the rep coding sequence that E1A is unable to activate the promoter, activate substantial transcription of the rep gene and in turn produce Rep protein. Introduction of helper virus function, such as E2A, E4 and/or VA RNA into these packaging cells is able to drive AAV rep gene transcription, subsequent Rep protein expression and production of rAAV vector particles.Type: ApplicationFiled: May 7, 2019Publication date: January 27, 2022Applicant: Spark Therapeutics, Inc.Inventors: Guang QU, Denis PHICHITH, Jingmin ZHOU
-
Patent number: 11171920Abstract: A novel method for distributing firewall configuration of a software defined data center is provided. The network manager of the data center receives update requests from tenants of the data center and correspondingly generates update fragments and delivers the generated update fragment to local control planes controlling the enforcing devices. Each local control plane in turn integrates the update fragments it receives into its firewall rules table. For each rule and/or section thusly integrated, the local control plane uses the rule or the section's assigned priority number to establish ordering in the firewall rules table of the local control plane.Type: GrantFiled: January 31, 2017Date of Patent: November 9, 2021Assignee: NICIRA, INC.Inventors: Kaushal Bansal, Uday Masurekar, Subrahmanyam Manuguri, Jingmin Zhou, Shadab Shah, Igor Ganichev
-
Publication number: 20210218758Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.Type: ApplicationFiled: January 10, 2020Publication date: July 15, 2021Inventors: Jayant Jain, Jingmin Zhou, Sushruth Gopal, Anirban Sengupta, Sirisha Myneni
-
Patent number: 11036405Abstract: Example methods and systems are provided for a computer system to transfer runtime information between a first kernel module and a second kernel module. In one example, the method may comprise assigning ownership of a memory pool to the first kernel module; and the first kernel module accessing the memory pool to store runtime information associated with one or more operations performed by the first kernel module. The method may also comprise releasing ownership of the memory pool from the first kernel module while maintaining the runtime information in the memory pool; and assigning ownership of the memory pool to the second kernel module. The second kernel module may then access the memory pool to obtain the runtime information stored by the first kernel module.Type: GrantFiled: September 7, 2018Date of Patent: June 15, 2021Assignee: VMWARE, INC.Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Anirban Sengupta
-
Publication number: 20210081461Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.Type: ApplicationFiled: September 12, 2019Publication date: March 18, 2021Inventors: Jingmin Zhou, Subrahmanyam Manuguri, Jayant Jain, Anirban Sengupta