Patents by Inventor PAVAN GOPAL BANDLA
PAVAN GOPAL BANDLA has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220345457Abstract: Access to secured items in a computing system is requested instead of being persistent. Access requests may be granted on a just-in-time basis. Anomalous access requests are detected using machine learning models based on historic patterns. Models utilizing conditional probability or collaborative filtering also facilitate the creation of human-understandable explanations of threat assessments. Individual machine learning models are based on historic data of users, peers, cohorts, services, or resources. Models may be weighted, and then aggregated in a subsystem to produce an access request risk score. Scoring principles and conditions utilized in the scoring subsystem may include probabilities, distribution entropies, and data item counts. A feedback loop allows incremental refinement of the subsystem. Anomalous requests that would be automatically approved under a policy may instead face human review, and low threat requests that would have been delayed by human review may instead be approved automatically.Type: ApplicationFiled: April 22, 2021Publication date: October 27, 2022Inventors: Christopher Michael JEFFORDS, Srikanth BOLISETTY, Ayala MILLER, Pavan Gopal BANDLA, Ramin Leonard HALVIATTI, LiLei CUI, James Matthew ATKINS, Jessica Michelle SATNICK, Ravi Kumar LINGAMALLU, Ahmed AWAD-IDRIS, Amritaputra BHATTACHARYA, Sunil PAI, Kaymie Sato-Hayashi-Kagawa SHIOZAWA, Noah BERGMAN
-
Patent number: 11233794Abstract: Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy.Type: GrantFiled: June 30, 2019Date of Patent: January 25, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Chetan S. Shankar, LiLei Cui, Sandeep Kalarickal S, Thomas Charles Knudson, Pavan Gopal Bandla, Pradeep Ayyappan Nair, Aaron Keith Rosenfeld, Tyler S. Wiegers, Sudharshan Reddy Bommu, Margus Janese, Mario Mett, Chi Zhou
-
Patent number: 10924497Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.Type: GrantFiled: October 14, 2019Date of Patent: February 16, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Thomas Keane
-
Patent number: 10848522Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to users who meet the screening criteria. Screening information for a user associated with the request is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.Type: GrantFiled: October 14, 2019Date of Patent: November 24, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Doug Kirschner, Ryan Meyer, Thomas Keane
-
Patent number: 10691790Abstract: Various methods and systems are provided for autonomous secrets management for a temporary shared access signature (“SAS”) service. Input for a temporary access request for an account resource, is received from a client. The temporary access request is validated, based on communicating a validation request to the secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in a distributed computing environment. Validating the temporary access request is based on determining a storage account location path for SAS keys that provide temporary access to account resources. An access policy associated with the temporary access request is accessed. An SAS key request, associated with temporary access request, is communicated to the SMS. The SAS key request includes at least a portion of the access policy. An SAS key is received from the SMS. The SAS key, for access to the account resource, is communicated to the client.Type: GrantFiled: March 14, 2018Date of Patent: June 23, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Brian S. Lounsberry, Kahren Tevosyan, Vyom P. Munshi, Chetan S. Shankar, Pavan Gopal Bandla, Pawel Tomasz Lipiec, Sandeep S. Kalarickal
-
Publication number: 20200045056Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.Type: ApplicationFiled: October 14, 2019Publication date: February 6, 2020Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, THOMAS KEANE
-
Publication number: 20200045083Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to users who meet the screening criteria. Screening information for a user associated with the request is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.Type: ApplicationFiled: October 14, 2019Publication date: February 6, 2020Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, DOUG KIRSCHNER, RYAN MEYER, THOMAS KEANE
-
Patent number: 10484430Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to DevOps personnel who meeting the screening criteria. Screening information for the DevOps personnel is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.Type: GrantFiled: May 8, 2017Date of Patent: November 19, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Doug Kirschner, Ryan Meyer, Thomas Keane
-
Patent number: 10476886Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the DevOps device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.Type: GrantFiled: May 8, 2017Date of Patent: November 12, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ramnath Prasad, Pradeep Ayyappan Nair, Veena Ramachandran, Sandeep Kalarickal, Thomas Knudson, Pavan Gopal Bandla, Chetan Shankar, Ranajoy Sanyal, Qingsu Wu, Chi Zhou, Thomas Keane
-
Publication number: 20190286813Abstract: Various methods and systems are provided for autonomous secrets management for a temporary shared access signature (“SAS”) service. Input for a temporary access request for an account resource, is received from a client. The temporary access request is validated, based on communicating a validation request to the secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in a distributed computing environment. Validating the temporary access request is based on determining a storage account location path for SAS keys that provide temporary access to account resources. An access policy associated with the temporary access request is accessed. An SAS key request, associated with temporary access request, is communicated to the SMS. The SAS key request includes at least a portion of the access policy. An SAS key is received from the SMS. The SAS key, for access to the account resource, is communicated to the client.Type: ApplicationFiled: March 14, 2018Publication date: September 19, 2019Inventors: Brian S. LOUNSBERRY, Kahren TEVOSYAN, Vyom P. MUNSHI, Chetan S. SHANKAR, Pavan Gopal BANDLA, Pawel Tomasz LIPIEC, Sandeep S. KALARICKAL
-
Publication number: 20170244723Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the DevOps device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.Type: ApplicationFiled: May 8, 2017Publication date: August 24, 2017Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, THOMAS KEANE
-
Publication number: 20170244760Abstract: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to DevOps personnel who meeting the screening criteria. Screening information for the DevOps personnel is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.Type: ApplicationFiled: May 8, 2017Publication date: August 24, 2017Inventors: RAMNATH PRASAD, PRADEEP AYYAPPAN NAIR, VEENA RAMACHANDRAN, SANDEEP KALARICKAL, THOMAS KNUDSON, PAVAN GOPAL BANDLA, CHETAN SHANKAR, RANAJOY SANYAL, QINGSU WU, CHI ZHOU, DOUG KIRSCHNER, RYAN MEYER, THOMAS KEANE