Patents by Inventor Rajalakshmi Dani
Rajalakshmi Dani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230401332Abstract: Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of the request based on an authorization credential of the request and an authorization requirement of the resource, and responds to the request based on the compliance status and also based on the authorization status, thereby providing fine-grained access control. Access may also be controlled based on a request's beneficiary. An access request response may allow access, deny access, or ask for additional authorization. A compliance classifier reduces risk by dynamically updating compliance status after compliance criteria changes or attribute changes. An identity service access control architecture uses a compliance attribute to improve efficiency.Type: ApplicationFiled: June 8, 2022Publication date: December 14, 2023Inventors: Arash VAHIDNIA, Vasundhara PUTTAGUNTA, Rajalakshmi DANI, Anand Madhava MENON, Neha ARORA, Himani ARORA, Richa SEHGAL, Rufino Louie MAYOR, JR., Sanjoyan MUSTAFI, Himanshu JINDAL, Sumit Kumar CHAUHAN, Caleb Geoffrey BAKER, Nikhil Reddy BOREDDY, Shuvam Singha ROY
-
Patent number: 11075917Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.Type: GrantFiled: June 29, 2017Date of Patent: July 27, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu
-
Patent number: 10715530Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: GrantFiled: September 6, 2017Date of Patent: July 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Patent number: 10326795Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: GrantFiled: November 3, 2017Date of Patent: June 18, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Patent number: 10063537Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.Type: GrantFiled: December 16, 2015Date of Patent: August 28, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Liqiang Zhu, Rajalakshmi Dani
-
Publication number: 20180063153Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: ApplicationFiled: September 6, 2017Publication date: March 1, 2018Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Publication number: 20180054460Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: ApplicationFiled: November 3, 2017Publication date: February 22, 2018Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Patent number: 9838424Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: GrantFiled: March 20, 2014Date of Patent: December 5, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Publication number: 20170302677Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.Type: ApplicationFiled: June 29, 2017Publication date: October 19, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Rajalakshmi DANI, Anand Madhava MENON, Paul H. RICH, Naveen MADAN, Vikas AHUJA, Siddhartha MATHUR, Liqiang ZHU
-
Patent number: 9787690Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: GrantFiled: May 18, 2015Date of Patent: October 10, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Patent number: 9762585Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.Type: GrantFiled: March 19, 2015Date of Patent: September 12, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu
-
Publication number: 20160277411Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.Type: ApplicationFiled: March 19, 2015Publication date: September 22, 2016Applicant: Microsoft Technology Licensing, LLC.Inventors: Rajalakshmi Dani, Anand Madhava Menon, Paul H. Rich, Naveen Madan, Vikas Ahuja, Siddhartha Mathur, Liqiang Zhu
-
Publication number: 20160182487Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The authentication and permission system verifies signatures on the request and signs it and generates an approved workflow package. The approved workflow package is sent to the target machine.Type: ApplicationFiled: December 16, 2015Publication date: June 23, 2016Inventors: Liqiang Zhu, Rajalakshmi Dani
-
Publication number: 20160182525Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: ApplicationFiled: May 18, 2015Publication date: June 23, 2016Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Publication number: 20150281225Abstract: Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.Type: ApplicationFiled: March 27, 2014Publication date: October 1, 2015Applicant: Microsoft CorporationInventors: Luke Schoen, Santosh Kumar, Rajalakshmi Dani, Siddhartha Mathur, Shane Brady, Ramesh Arimilli, David Hetherington, Vikas Ahuja
-
Publication number: 20150271200Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: ApplicationFiled: March 20, 2014Publication date: September 24, 2015Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Publication number: 20130179798Abstract: Application dissemination and feedback is described. In one or more implementations, a system includes a developer portal module that is accessible as a network service via an Internet to expose a user interface, as part of a developer portal. The developer portal module includes an application coding module configured to code an application through interaction with the user interface and an application deployment module configured to accept one or more inputs via the user interface to specify how the application is to be deployed over the Internet for local execution by one or more users. The developer portal module also includes a feedback manager module to configure the application automatically and without user intervention to collect feedback from the one or more users regarding the local execution of the application.Type: ApplicationFiled: January 6, 2012Publication date: July 11, 2013Applicant: MICROSOFT CORPORATIONInventors: Rao Y. Korupolu, Rajalakshmi Dani, Jenny Snehalatha S., Anirudh Goel, Renjith Varma