Patents by Inventor Priya Govindarajan
Priya Govindarajan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7684400Abstract: Classification of network data packets includes a determination sets of one or more filter-identifiers where each set is associated with a respective data-packet classifier field. A result-set of filter-identifiers may be derived based on an intersection of the filter-identifier sets.Type: GrantFiled: August 8, 2002Date of Patent: March 23, 2010Assignee: Intel CorporationInventors: Priya Govindarajan, Chun Yang Chiu, David M. Durham
-
Patent number: 7269850Abstract: Systems and methods for detecting and tracing a denial-of-service attack are disclosed. One aspect of the systems and methods includes providing a plurality of attack detection modules and a plurality of broker modules operable to communicably couple to a network. The attack detection modules operate to detect a potential denial-of-service attack on network segment. An attack signature for the potential denial of service attack may be forwarded to one or more broker modules on the network segment. The broker modules collectively analyze the data in order to determine a source or sources for the attack.Type: GrantFiled: December 31, 2002Date of Patent: September 11, 2007Assignee: Intel CorporationInventors: Priya Govindarajan, Chun-Yang Chiu
-
Patent number: 7263552Abstract: A method and apparatus are provided that allow the automatic discovery of the topology of a network. In one embodiment, the invention includes identifying a second network device at a first network device, sending a message from the first network device to the second network device, the message establishing the identity of any network device between the first network device and the second network device, and compiling the established identities to determine the topology of the network. The invention can use PING and Traceroute utilities to find nodes and identify network devices.Type: GrantFiled: March 30, 2001Date of Patent: August 28, 2007Assignee: Intel CorporationInventors: Priya Govindarajan, David M. Durham
-
Patent number: 7254133Abstract: Denial of service type attacks are attacks where the nature of a system used to establish communication sessions is exploited to prevent the establishment of sessions. For example, to establish a Transmission Control Protocol (TCP)/Internet Protocol (IP) communication session, a three-way handshake is performed between communication endpoints. When a connection request is received, resources are allocated towards establishing the communication session. Malicious entities can attack the handshake by repeatedly only partially completing the handshake, causing the receiving endpoint to run out of resources for allocating towards establishing sessions, thus preventing legitimate connections. Illustrated embodiments overcome such attacks by delaying allocating resources until after the three-way handshake is successfully completed.Type: GrantFiled: July 15, 2002Date of Patent: August 7, 2007Assignee: Intel CorporationInventors: Priya Govindarajan, David M. Durham
-
Publication number: 20070011491Abstract: A method for platform independent management of devices using option ROMs. Under one embodiment of the method, manageability data is stored in an option ROM of a peripheral device of a computer platform. The manageability data includes a descriptor that provides an identity, data type, access method and potentially other data to discover, access, and control the device. An embedded instance of the Sensor/Effector Interface (SEI) subsystem is provided by a management engine (ME) implementation via execution of corresponding firmware by the ME. Via the use of an out-of-band communication channel facilitated by the ME or other means (e.g., LAN microcontroller), management data retrieved from option ROMs, and the SEI, a remote management server is enabled to remotely manage various devices and/or the computer platform.Type: ApplicationFiled: June 30, 2005Publication date: January 11, 2007Inventors: Priya Govindarajan, David Durham, Mark Doran, William Maynard
-
Publication number: 20070005553Abstract: According to some embodiments, a first resource data record is discovered, the first resource data record indicating a first memory location of first executable program code, a second resource data record indicating a second memory location of first managed resource data of a first manageable resource, and a third resource data record indicating a third memory location of second managed resource data of a second manageable resource. The first program code is retrieved from the memory location, and is executed to retrieve the first managed resource data from the second memory location, to retrieve the second managed resource data from the third memory location, and to perform an operation on the first managed resource data and the second managed resource data.Type: ApplicationFiled: June 30, 2005Publication date: January 4, 2007Inventors: Ravi Sahita, Priya Govindarajan, Surekha Poola
-
Publication number: 20060294596Abstract: A tamper-proof access monitor monitors accesses by software executing on a host processor to memory-mapped regions of memory that control input/output resources.Type: ApplicationFiled: June 27, 2005Publication date: December 28, 2006Inventors: Priya Govindarajan, Priya Rajagopal
-
Patent number: 7065598Abstract: Provided are a method, system and article of manufacture for adjusting interrupt levels. A current system interrupt rate at a computational device is determined, wherein the current system interrupt rate is a sum of interrupt rates from a plurality of interrupt generating agents. The current system interrupt rate is compared with at least one threshold interrupt rate associated with the computational device. Based on the comparison, an interrupt moderation level is adjusted at an interrupt generating agent of the plurality of interrupt generating agents.Type: GrantFiled: December 20, 2002Date of Patent: June 20, 2006Assignee: Intel CorporationInventors: Patrick L. Connor, Eric K. Mann, Hieu T. Tran, Priya Govindarajan, John P. Jacobs, David M. Durham, Gary D. Gumanow, Chun Yang Chiu
-
Publication number: 20060095961Abstract: Method, apparatus, and system for isolating potentially vulnerable nodes of a network. In one embodiment a network is partitioned into subnets of varying levels of security. A client device may be assigned a network access assignment through one of the subnets based on a level of vulnerability assessed for the client device. The level of vulnerability may be determined based on compliance of the client device with available upgrades and/or patches.Type: ApplicationFiled: October 29, 2004Publication date: May 4, 2006Inventors: Priya Govindarajan, Ravi Sahita, Dylan Larson, David Durham, Raj Yavatkar
-
Publication number: 20050144441Abstract: In order to prevent, or at least reduce, attacks on a computing device, such as denial of service attacks against a computer, or other attempts to compromise computing device security, when desired, presence of a person or properly configured response unit may be determined prior to fully-establishing a network connection between the computer device and a connecting device. While one goal is to allow determining a person is directing the actions of the connecting device before fully establishing the network connection, it will be appreciated that in certain circumstances it may be desirable to allow automated connection obtained by the response unit, such to allow diagnostics, backups, updates, etc. to be performed with the computing device.Type: ApplicationFiled: December 31, 2003Publication date: June 30, 2005Inventor: Priya Govindarajan
-
Publication number: 20040128550Abstract: Systems and methods for detecting and tracing a denial-of-service attack are disclosed. One aspect of the systems and methods includes providing a plurality of attack detection modules and a plurality of broker modules operable to communicably couple to a network. The attack detection modules operate to detect a potential denial-of-service attack on network segment. An attack signature for the potential denial of service attack may be forwarded to one or more broker modules on the network segment. The broker modules collectively analyze the data in order to determine a source or sources for the attack.Type: ApplicationFiled: December 31, 2002Publication date: July 1, 2004Applicant: Intel CorporationInventors: Priya Govindarajan, Chun-Yang Chiu
-
Publication number: 20040123008Abstract: Provided are a method, system and article of manufacture for adjusting interrupt levels. A current system interrupt rate at a computational device is determined, wherein the current system interrupt rate is a sum of interrupt rates from a plurality of interrupt generating agents. The current system interrupt rate is compared with at least one threshold interrupt rate associated with the computational device. Based on the comparison, an interrupt moderation level is adjusted at an interrupt generating agent of the plurality of interrupt generating agents.Type: ApplicationFiled: December 20, 2002Publication date: June 24, 2004Applicant: Intel CorporationInventors: Patrick L. Connor, Eric K. Mann, Hieu T. Tran, Priya Govindarajan, John P. Jacobs, David M. Durham, Gary D. Gumanow, Chun Yang Chiu
-
Publication number: 20040028046Abstract: Classification of network data packets includes a determination sets of one or more filter-identifiers where each set is associated with a respective data-packet classifier field. A result-set of filter-identifiers may be derived based on an intersection of the filter-identifier sets.Type: ApplicationFiled: August 8, 2002Publication date: February 12, 2004Inventors: Priya Govindarajan, Chun Yang Chiu, David M. Durham
-
Publication number: 20040008681Abstract: Denial of service type attacks are attacks where the nature of a system used to establish communication sessions is exploited to prevent the establishment of sessions. For example, to establish a Transmission Control Protocol (TCP)/Internet Protocol (IP) communication session, a three-way handshake is performed between communication endpoints. When a connection request is received, resources are allocated towards establishing the communication session. Malicious entities can attack the handshake by repeatedly only partially completing the handshake, causing the receiving endpoint to run out of resources for allocating towards establishing sessions, thus preventing legitimate connections. Illustrated embodiments overcome such attacks by delaying allocating resources until after the three-way handshake is successfully completed.Type: ApplicationFiled: July 15, 2002Publication date: January 15, 2004Inventors: Priya Govindarajan, David M. Durham
-
Publication number: 20030074434Abstract: A system and method for determining the source, on a network, of unwanted messages generated by a malicious agent, toward a target device such as a web server. The malicious agent directs one or more computers on a sub network to direct a flood of communications toward the server on a second sub network designed to substantially reduce the ability of the server to respond to other communications. Messages passing through points on a path between the malicious agent computers and the server are monitored for indicia of messages uncharacteristic of normal network communication. The first point along the path that the unwanted messages pass through is identified. A network device at that point is instructed to block portion of communications passing through that point.Type: ApplicationFiled: October 11, 2001Publication date: April 17, 2003Inventors: James L. Jason, Chun Yang Chiu, Priya Govindarajan, David M. Durham
-
Publication number: 20020143905Abstract: A method and apparatus are provided that allow the automatic discovery of the topology of a network. In one embodiment, the invention includes identifying a second network device at a first network device, sending a message from the first network device to the second network device, the message establishing the identity of any network device between the first network device and the second network device, and compiling the established identities to determine the topology of the network. The invention can use PING and Traceroute utilities to find nodes and identify network devices.Type: ApplicationFiled: March 30, 2001Publication date: October 3, 2002Inventors: Priya Govindarajan, David M. Durham