Patents by Inventor Prasad Mujumdar
Prasad Mujumdar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11790099Abstract: Techniques for improving data security and access control at the distributed execution level of distributed computing systems are provided. The techniques can include receiving a data access request from a data processing application to access data, directing the data access request to a security data application, modifying the data access request, executing the modified data access request to obtain data that is responsive to the modified data access request, and providing the obtained data to the data processing application.Type: GrantFiled: February 9, 2018Date of Patent: October 17, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Prasad Mujumdar, Pratik Verma, Shyam Desirazu
-
Patent number: 11157641Abstract: A policy system enforces data security policies for requests from accessing data stored on a distributed data storage system received from a client device. The policy enforcement system can determine user credentials from the requests. The enforcement system then determines whether the user credentials allow the request to retrieve the data and if yes, whether the user credentials allow the request to retrieve the data without obligations. Upon determining that user credentials allow the request to retrieve the data without obligations, the policy enforcement system directs the client device to communicate directly with a name node of the data storage system, short-circuiting additional data retrieval and filtering of the policy system.Type: GrantFiled: July 1, 2016Date of Patent: October 26, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Patent number: 11146563Abstract: Systems, computer program products and methods implementing policy enforcement for search engines are described. A policy engine receives a user identifier associated with a search query including one or more query terms. The policy engine receives, from a preprocessor of a search engine, an intermediate representation of the search query. The intermediate representation includes one or more index terms corresponding to the one or more query terms. The policy engine determines, based on a particular policy, if the user is prohibited from accessing data associated with a particular index term. In response, the policy engine modifies the intermediate representation, including negating the particular index term. The policy engine then submits the modified intermediate representation to a query processing module of the search engine, causing the query processing module to exclude content corresponding to the particular index term from search results.Type: GrantFiled: January 31, 2018Date of Patent: October 12, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Benjamin L. Weintraub, Pratik Verma, Prasad Mujumdar
-
Patent number: 10972506Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for maintaining, by a policy enforcement system in a first compute node, a plurality of policies and data associating a plurality of user credentials with the plurality of policies. A request is received from a compute process for data from a file system in the first compute node. The request includes user credentials. The request for data is sent to the file system, and the data is received from the file system. Based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials is selected from the plurality of policies. The policy enforcement system filters the data from the file system based on the one or more policies, and sends the filtered data to the compute process.Type: GrantFiled: January 4, 2018Date of Patent: April 6, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Patent number: 10965714Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: GrantFiled: April 29, 2019Date of Patent: March 30, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Patent number: 10929358Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: GrantFiled: January 17, 2019Date of Patent: February 23, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 10803190Abstract: Systems, computer program products and methods implementing access control on a distributed file system are described. A file system enforcement point protects an HDFS from unauthorized access by authenticating a declared identity of a task submitting a request from a client. Upon receiving the request, the file system enforcement point submits a challenge to the client, requesting the task to provide credentials of the declared identity. The task submits credentials. On the client, each task has access to credentials of a true identity of the task. Accordingly, in case a task submits a claimed identity that is different from the true identity of the task, the task cannot submit correct credentials in response to the challenge. The file system enforcement point authenticates the declared identity using the submitted credentials. The file system enforcement point allows the client to access the HDFS only upon successful authentication.Type: GrantFiled: July 21, 2017Date of Patent: October 13, 2020Assignee: BlueTalon, Inc.Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar, Pratik Verma
-
Publication number: 20190253460Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: ApplicationFiled: April 29, 2019Publication date: August 15, 2019Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20190155794Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: ApplicationFiled: January 17, 2019Publication date: May 23, 2019Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 10277633Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: GrantFiled: January 8, 2018Date of Patent: April 30, 2019Assignee: BlueTalon, Inc.Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Patent number: 10185726Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: GrantFiled: August 26, 2016Date of Patent: January 22, 2019Assignee: BlueTalon, Inc.Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Publication number: 20180232531Abstract: Systems, computer program products and methods implementing access control on a distributed file system are described. A file system enforcement point protects an HDFS from unauthorized access by authenticating a declared identity of a task submitting a request from a client. Upon receiving the request, the file system enforcement point submits a challenge to the client, requesting the task to provide credentials of the declared identity. The task submits credentials. On the client, each task has access to credentials of a true identity of the task. Accordingly, in case a task submits a claimed identity that is different from the true identity of the task, the task cannot submit correct credentials in response to the challenge. The file system enforcement point authenticates the declared identity using the submitted credentials. The file system enforcement point allows the client to access the HDFS only upon successful authentication.Type: ApplicationFiled: July 21, 2017Publication date: August 16, 2018Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar, Pratik Verma
-
Publication number: 20180131727Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: ApplicationFiled: January 8, 2018Publication date: May 10, 2018Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20180131726Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for maintaining, by a policy enforcement system in a first compute node, a plurality of policies and data associating a plurality of user credentials with the plurality of policies. A request is received from a compute process for data from a file system in the first compute node. The request includes user credentials. The request for data is sent to the file system, and the data is received from the file system. Based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials is selected from the plurality of policies. The policy enforcement system filters the data from the file system based on the one or more policies, and sends the filtered data to the compute process.Type: ApplicationFiled: January 4, 2018Publication date: May 10, 2018Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20180060365Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: ApplicationFiled: August 26, 2016Publication date: March 1, 2018Applicant: BlueTalon, Inc.Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 9871825Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for maintaining, by a policy enforcement system in a first compute node, a plurality of policies and data associating a plurality of user credentials with the plurality of policies. A request is received from a compute process for data from a file system in the first compute node. The request includes user credentials. The request for data is sent to the file system, and the data is received from the file system. Based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials is selected from the plurality of policies. The policy enforcement system filters the data from the file system based on the one or more policies, and sends the filtered data to the compute process.Type: GrantFiled: December 10, 2015Date of Patent: January 16, 2018Assignee: BlueTalon, Inc.Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Patent number: 9866592Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: GrantFiled: September 28, 2015Date of Patent: January 9, 2018Assignee: BlueTalon, Inc.Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20180004970Abstract: A policy system enforces data security policies for requests from accessing data stored on a distributed data storage system received from a client device. The policy enforcement system can determine user credentials from the requests. The enforcement system then determines whether the user credentials allow the request to retrieve the data and if yes, whether the user credentials allow the request to retrieve the data without obligations. Upon determining that user credentials allow the request to retrieve the data without obligations, the policy enforcement system directs the client device to communicate directly with a name node of the data storage system, short-circuiting additional data retrieval and filtering of the policy system.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Applicant: BlueTalon, Inc.Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20170171246Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for maintaining, by a policy enforcement system in a first compute node, a plurality of policies and data associating a plurality of user credentials with the plurality of policies. A request is received from a compute process for data from a file system in the first compute node. The request includes user credentials. The request for data is sent to the file system, and the data is received from the file system. Based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials is selected from the plurality of policies. The policy enforcement system filters the data from the file system based on the one or more policies, and sends the filtered data to the compute process.Type: ApplicationFiled: December 10, 2015Publication date: June 15, 2017Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
-
Publication number: 20170093916Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.Type: ApplicationFiled: September 28, 2015Publication date: March 30, 2017Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar