Patents by Inventor Mahesh Mylarappa

Mahesh Mylarappa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20140303934
    Abstract: The present disclosure is directed towards systems and methods for application performance measurement. A device may receive a first document for transmission to a client, comprising instructions for the client to transmit a request for an embedded object. A flow monitor executed the device may generate a unique identification associated with the first document, the unique identification identifying a first access of the first document, and transmit the first document and unique identification to the client. The device may receive, from the client, a request for the embedded object comprising the unique identification, and transmit, to a server, the request for the embedded object at a transmit time. The device may receive, from the server, the embedded object at a receipt time, and may transmit a performance record comprising an identification of the object, the server, the transmit time, the receipt time, and the unique identification to a data collector.
    Type: Application
    Filed: April 6, 2013
    Publication date: October 9, 2014
    Applicant: Citrix Systems, Inc.
    Inventors: Mahesh Mylarappa, Meghashree Iyengar, Saravana Annamalaisami, Rajesh Joshi
  • Publication number: 20140301388
    Abstract: The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device.
    Type: Application
    Filed: April 4, 2014
    Publication date: October 9, 2014
    Applicant: Citrix Systems, Inc.
    Inventors: Ashwin Jagadish, Mahesh Mylarappa, Sandhya Gopinath, Saravana Annamalaisami, Shashidhara Nanjundaswamy
  • Patent number: 8843645
    Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.
    Type: Grant
    Filed: June 24, 2010
    Date of Patent: September 23, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Saravanakumar Annamalaisami, Ashok Kumar Jagadeeswaran, Mahesh Mylarappa, Roy Rajan
  • Publication number: 20130159540
    Abstract: The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender.
    Type: Application
    Filed: February 18, 2013
    Publication date: June 20, 2013
    Inventors: Varun Taneja, Mahesh Mylarappa, Saravanakumar Annamalaisami
  • Patent number: 8387143
    Abstract: The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender.
    Type: Grant
    Filed: November 30, 2009
    Date of Patent: February 26, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: Varun Taneja, Mahesh Mylarappa, Saravanakumar Annamalaisami
  • Publication number: 20130041934
    Abstract: The present disclosure is directed towards tracking application layer flow via a multi-connection intermediary. Transaction level or application layer information may be tracked via the intermediary, including one or more of: (i) the request method; (ii) response codes; (iii) URLs; (iv) HTTP cookies; (v) RTT of both ends of the transaction in a quad flow arrangement; (vi) server time to provide first byte of a communication; (vii) server time to provide the last byte of a communication; (viii) flow flags; or any other type and form of transaction level data may be captured, exported, and analyzed. The application layer flow or transaction level information may be provided in an IPFIX-compliant data record. This may be done to provide template-based data record definition, as well as providing data on an application or transaction level of granularity.
    Type: Application
    Filed: March 27, 2012
    Publication date: February 14, 2013
    Inventors: Saravana Annamalaisami, Mahesh Mylarappa, Sudheer Thokala, Vamsi Korrapatti, Sridhar Guthula, Rajesh Joshi, Ashwin Jagdish
  • Patent number: 8286244
    Abstract: A method of controlling protection of a computing device or computer network. The method comprises directing incoming data packets to the computing device or computer network via a rate limiting system that is adapted to parse the data packets, providing the computing device or computer network with at least one threshold parameter for identifying a data flood condition, the threshold parameter being a function of one or more available computing resources of the computing device or computer network; the computing device or computer network responding to incoming data packets received via the rate limiting system that cause the at least one threshold parameter to be breached by generating event data; generating feedback data based on the event data; transmitting the feedback data to the rate limiting system; and the rate limiting system modifying its behavour according to the feedback data.
    Type: Grant
    Filed: January 14, 2008
    Date of Patent: October 9, 2012
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Maruthi Ram Namburu, Mahesh Mylarappa, Venkataraman Kamalaksha
  • Patent number: 8200752
    Abstract: The present disclosure presents systems and methods for maintaining an original source IP address of a request by an intermediary network device despite the source IP address being modified by a cache server during an unfulfilled cache request. An intermediary receives a request from a client to access a destination server via a first transport layer connection. The client request identifies the client's IP address as a source IP address. The intermediary transmits to a cache server, via a second transport layer connection, the client request as a second request modified to include the client IP address of the first request in a header. The intermediary device receives, via a third connection, the second request as a third request from the cache server. The intermediary device obtains the client IP address from the header of the third request and transmits to the server identified in the first request the third request as a fourth request identifying the client IP address as the source IP address.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: June 12, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: Akshat Choudhary, Mahesh Mylarappa
  • Publication number: 20110320617
    Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.
    Type: Application
    Filed: June 24, 2010
    Publication date: December 29, 2011
    Inventors: Saravanakumar Annamalaisami, Ashok Kumar Jagadeeswaran, Mahesh Mylarappa, Roy Rajan
  • Publication number: 20110153722
    Abstract: The present disclosure presents systems and methods for maintaining an original source IP address of a request by an intermediary network device despite the source IP address being modified by a cache server during an unfulfilled cache request. An intermediary receives a request from a client to access a destination server via a first transport layer connection. The client request identifies the client's IP address as a source IP address. The intermediary transmits to a cache server, via a second transport layer connection, the client request as a second request modified to include the client IP address of the first request in a header. The intermediary device receives, via a third connection, the second request as a third request from the cache server. The intermediary device obtains the client IP address from the header of the third request and transmits to the server identified in the first request the third request as a fourth request identifying the client IP address as the source IP address.
    Type: Application
    Filed: December 23, 2009
    Publication date: June 23, 2011
    Inventors: Akshat Choudhary, Mahesh Mylarappa
  • Publication number: 20110131654
    Abstract: The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender.
    Type: Application
    Filed: November 30, 2009
    Publication date: June 2, 2011
    Inventors: Varun Taneja, Mahesh Mylarappa, Saravanakumar Annamalaisami
  • Publication number: 20080178279
    Abstract: A method of controlling protection of a computing device or computer network. The method comprises directing incoming data packets to the computing device or computer network via a rate limiting system that is adapted to parse the data packets, providing the computing device or computer network with at least one threshold parameter for identifying a data flood condition, the threshold parameter being a function of one or more available computing resources of the computing device or computer network; the computing device or computer network responding to incoming data packets received via the rate limiting system that cause the at least one threshold parameter to be breached by generating event data; generating feedback data based on the event data; transmitting the feedback data to the rate limiting system; and the rate limiting system modifying its behaviour according to the feedback data.
    Type: Application
    Filed: January 14, 2008
    Publication date: July 24, 2008
    Inventors: Maruthi Ram Namburu, Mahesh Mylarappa, Venkataraman Kamalaksha