Patents by Inventor Kamalendu Biswas
Kamalendu Biswas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10419487Abstract: Techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: GrantFiled: January 12, 2017Date of Patent: September 17, 2019Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Publication number: 20190095320Abstract: Provided are systems, methods, and computer-readable medium for a simulation platform that can generate simulated activity data for testing a security monitoring and control system. In various examples, the simulation platform can parse the activity data from a cloud service to determine the fields associated with each action in the activity data. The simulation platform can then generate a template, where each entry in the template describes an action and the fields associated with the action. The simulation platform can further generate a configuration that describes a test scenario. The simulation platform can use the configuration and the template to generate the particular action, including randomizing some or all of the fields of the action. When input into the security monitoring and control system, the system can operate on the simulated activity data in the same way as when the system ingests live activity data.Type: ApplicationFiled: September 28, 2018Publication date: March 28, 2019Applicant: Oracle International CorporationInventors: Kamalendu Biswas, Gaurav Bhatia, Shachi Prasad, Kiran Shriniwas Doddi
-
Publication number: 20180375886Abstract: In various implementations, a security management and control system for monitoring and management of security for cloud services can include automated techniques for identifying the privileged users of a given cloud service. In various examples, the security management and control system can obtain activity logs from the cloud service, where the activity logs record actions performed by users of an organization in using the cloud service. In various examples, the security management and control system can identify actions in the activity logs that are privileged with respect to the cloud service. In these and other examples, the security management and control system can use the actions in the activity log to identify privileged users. Once the privileged users are identified, the security management and control system can monitor the privileged users with a higher degree of scrutiny.Type: ApplicationFiled: June 18, 2018Publication date: December 27, 2018Applicant: Oracle International CorporationInventors: Ganesh Kirti, Kamalendu Biswas, Merenne Sumedha Nalin Perera
-
Patent number: 10063654Abstract: Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile.Type: GrantFiled: June 24, 2015Date of Patent: August 28, 2018Assignee: Oracle International CorporationInventors: Ganesh Kirti, Kamalendu Biswas, Prakash Gurumurthy, Raja S. Alomari, Sumedha Nalin Perera
-
Publication number: 20170295199Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.Type: ApplicationFiled: June 23, 2017Publication date: October 12, 2017Applicant: Oracle International CorporationInventors: Ganesh Kirti, Rohit Gupta, Kamalendu Biswas, Ramana Rao Satyasai Turlapati
-
Publication number: 20170251013Abstract: Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.Type: ApplicationFiled: February 23, 2017Publication date: August 31, 2017Applicant: Oracle International CorporationInventors: Ganesh Kirti, Kamalendu Biswas, Sumedha Nalin Perera, Adina Florina Simu
-
Patent number: 9692789Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.Type: GrantFiled: October 24, 2014Date of Patent: June 27, 2017Assignee: Oracle International CorporationInventors: Ganesh Kirti, Rohit Gupta, Kamalendu Biswas, Ramana Rao Satyasai Turlapati
-
Publication number: 20170134431Abstract: Techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: ApplicationFiled: January 12, 2017Publication date: May 11, 2017Applicant: Oracle International CorporationInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Patent number: 9547764Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: GrantFiled: April 24, 2012Date of Patent: January 17, 2017Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Publication number: 20150319185Abstract: Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile.Type: ApplicationFiled: June 24, 2015Publication date: November 5, 2015Inventors: Ganesh Kirti, Kamalendu Biswas, Prakash Gurumurthy, Raja S. Alomari, Sumedha Sumedha Nalin Perera
-
Patent number: 9152803Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: GrantFiled: April 24, 2012Date of Patent: October 6, 2015Assignee: ORACLE INTERNATIONAL INCORPORATEDInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Publication number: 20150172321Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.Type: ApplicationFiled: October 24, 2014Publication date: June 18, 2015Inventors: Ganesh Kirti, Rohit Gupta, Kamalendu Biswas, Ramana Rao Satyasai Turlapati
-
Publication number: 20130283340Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: ApplicationFiled: April 24, 2012Publication date: October 24, 2013Applicant: Oracle International CorporationInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Publication number: 20130283339Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.Type: ApplicationFiled: April 24, 2012Publication date: October 24, 2013Applicant: Oracle International CorporationInventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
-
Patent number: 8397273Abstract: A system and method for policy based provisioning in a computing environment. In an example embodiment, the system is adapted to selectively allocate usage rights and access privileges to computing resources of a computing environment. The system includes a provisioning policy; a centralized resource provisioning module; one or more applications in communication with the centralized resource provisioning module; and software running on the resource provisioning module, wherein the software is adapted to initiate selective provisioning of computing resources offered by the one or more applications to a user in accordance with the provisioning policy.Type: GrantFiled: February 11, 2010Date of Patent: March 12, 2013Assignee: Oracle International CorporationInventors: Srikanth Sallaka, Roger Wigenstam, Kamalendu Biswas
-
Patent number: 8032922Abstract: One embodiment of the present invention provides a system that provides access to an application-resource. During operation, the system receives a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application. The system then determines an authentication-level required to access the application-resource. Next, the system sends the required authentication-level to an authentication-server. In response, the system receives an authentication-response from the authentication-server. Next, the system determines if the authentication-response specifies that the user is authenticated to access the application-resource. If so, the system grants the user access to the application-resource. One embodiment of the present invention provides a system that provides an authentication-token associated with a lower authentication-level in response to an authentication-token associated with a higher authentication-level expiring.Type: GrantFiled: December 18, 2006Date of Patent: October 4, 2011Assignee: Oracle International CorporationInventors: Gaurav Bhatia, Kamalendu Biswas, David Wilson
-
Publication number: 20110197254Abstract: A system and method for policy based provisioning in a computing environment. In an example embodiment, the system is adapted to selectively allocate usage rights and access privileges to computing resources of a computing environment. The system includes a provisioning policy; a centralized resource provisioning module; one or more applications in communication with the centralized resource provisioning module; and software running on the resource provisioning module, wherein the software is adapted to initiate selective provisioning of computing resources offered by the one or more applications to a user in accordance with the provisioning policy.Type: ApplicationFiled: February 11, 2010Publication date: August 11, 2011Applicant: Oracle International CorporationInventors: Srikanth Sallaka, Roger Wigenstam, Kamalendu Biswas
-
Patent number: 7540020Abstract: One embodiment of the present invention provides a system that performs single sign-on to web applications using dynamic directives. The system operates by first receiving a request at an application to provide content to a user. In response to the request, the application provides public content to the user. Upon receiving a request from the user to access private content, the application sends a dynamic directive to a web module that can access a single sign-on server on behalf of the application, wherein the dynamic directive specifies that an authentication credential is required from the user. Next, the application allows the web module to request the authentication credential from the single sign-on server on behalf of the application. When the authentication credential is received from the single sign-on server, the application provides the private content to the user.Type: GrantFiled: February 19, 2003Date of Patent: May 26, 2009Assignee: Oracle International CorporationInventors: Kamalendu Biswas, Arun Swaminathan, Gaurav Bhatia
-
Publication number: 20080148351Abstract: One embodiment of the present invention provides a system that provides access to an application-resource. During operation, the system receives a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application. The system then determines an authentication-level required to access the application-resource. Next, the system sends the required authentication-level to an authentication-server. In response, the system receives an authentication-response from the authentication-server. Next, the system determines if the authentication-response specifies that the user is authenticated to access the application-resource. If so, the system grants the user access to the application-resource. One embodiment of the present invention provides a system that provides an authentication-token associated with a lower authentication-level in response to an authentication-token associated with a higher authentication-level expiring.Type: ApplicationFiled: December 18, 2006Publication date: June 19, 2008Inventors: Gaurav Bhatia, Kamalendu Biswas, David Wilson
-
Patent number: 7340525Abstract: One embodiment of the present invention provides a system that facilitates single sign-on services in a wireless environment. The system operates by receiving a request at an application server from a wireless gateway to access a partner application on behalf of a user. The system then determines if the wireless gateway holds a token granting access to the partner application on behalf of the user. If the wireless gateway does not hold the token, the system redirects the request to a single sign-on server. The single sign-on server then requests user authentication credentials from the user through the wireless gateway. After receiving the user authentication credentials, the system determines if the user is authorized to access the partner application. If so, the single sign-on server issues a token to the wireless gateway. This token grants wireless gateway access to the partner application on behalf of the user.Type: GrantFiled: January 24, 2003Date of Patent: March 4, 2008Assignee: Oracle International CorporationInventors: Gaurav Bhatia, Kamalendu Biswas, Arun Swaminathan