Patents by Inventor Rajiv Mirani
Rajiv Mirani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8667146Abstract: The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.Type: GrantFiled: January 26, 2009Date of Patent: March 4, 2014Assignee: Citrix Systems, Inc.Inventors: Puneet Agarwal, Srinivasan Thirunarayanan, Vamsi Korrapati, Prakash Khemani, Rajiv Mirani, Anoop Reddy
-
Publication number: 20130298190Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.Type: ApplicationFiled: July 3, 2013Publication date: November 7, 2013Inventors: Namit Sikka, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Publication number: 20130286839Abstract: The present solution is related to a method for distributing flows of network traffic across a plurality of packet processing engines executing on a corresponding core of a multi-core device. The method includes receiving, by a multi-core device intermediary to clients and servers, a packet of a first flow of network traffic between a client and server. The method also includes assigning, by a flow distributor of the multi-core device, the first flow of network traffic to a first core executing a packet processing engine and distributing the packet to this core. The flow distributor may distribute packets of another or second flow of traffic between another client and server to a second core executing a second packet processing engine. When a packet for the flow of traffic assigned to the first core is received, such as a third packet, the flow distributor distributes this packet to the first core.Type: ApplicationFiled: June 28, 2013Publication date: October 31, 2013Inventors: Rajiv Mirani, Rajiv Sinha, Abhishek Chauhan, Anil Shetty
-
Patent number: 8503459Abstract: The present solution is related to a method for distributing flows of network traffic across a plurality of packet processing engines executing on a corresponding core of a multi-core device. The method includes receiving, by a multi-core device intermediary to clients and servers, a packet of a first flow of network traffic between a client and server. The method also includes assigning, by a flow distributor of the multi-core device, the first flow of network traffic to a first core executing a packet processing engine and distributing the packet to this core. The flow distributor may distribute packets of another or second flow of traffic between another client and server to a second core executing a second packet processing engine. When a packet for the flow of traffic assigned to the first core is received, such as a third packet, the flow distributor distributes this packet to the first core.Type: GrantFiled: April 23, 2010Date of Patent: August 6, 2013Assignee: Citrix Systems, IncInventors: Rajiv Mirani, Rajiv Sinha, Abhishek Chauhan, Anil Shetty
-
Patent number: 8490148Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.Type: GrantFiled: March 12, 2007Date of Patent: July 16, 2013Assignee: Citrix Systems, IncInventors: Namit Sikka, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Patent number: 8458783Abstract: A security gateway receives messages transmitted between a server and a client device on a network and parses the messages into a plurality of data objects, such as strings and name-value pairs. The data objects may represent user personal identification information, such as user name, social security number, credit card number, patient code, driver's license number, and other personal identification information. The security gateway uses rules to recognize data objects and validate the data objects to determine whether the recognized data objects are appropriately included within the context. The security gateway may also perform an action on the data objects. Data objects that are not appropriately included in the context may be transformed, suppressed or disallowed.Type: GrantFiled: January 9, 2009Date of Patent: June 4, 2013Assignee: Citrix Systems, Inc.Inventors: Robert V. Walters, Abhishek Chauhan, Rajiv Mirani, Prince Kohli
-
Patent number: 8438626Abstract: The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.Type: GrantFiled: December 23, 2009Date of Patent: May 7, 2013Assignee: Citrix Systems, Inc.Inventors: Craig Anderson, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Patent number: 8413225Abstract: The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string.Type: GrantFiled: December 22, 2010Date of Patent: April 2, 2013Assignee: Citrix Systems, Inc.Inventors: Craig Anderson, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Publication number: 20120284712Abstract: This disclosure describes a system for Single Root I/O Virtualization (SR-IOV) pass-thru for network packet processing via a virtualized environment of a device. The system includes a device comprising a virtualized environment and a plurality of virtual machines having a virtual network interface for receiving and transmitting network packets. A driver for the physical network interface of the device creates a plurality of virtual devices corresponding to the physical network interface, which appear as a Peripheral Component Interconnect (PCI) device to the virtualized environment. A virtual device of the plurality of virtual devices is assigned via the virtualized environment to each virtual machine of the plurality of virtual machines. The virtual machine uses the virtual device assigned to the virtual machine, to receive and transmit network packets via the physical network interface of the device.Type: ApplicationFiled: May 3, 2012Publication date: November 8, 2012Inventors: Chitti Nimmagadda, Rajiv Mirani, Raghu Goyal, Saurabh Dave
-
Patent number: 8261340Abstract: A security gateway receives messages rejected by a message filter based on a set of rules. The security gateway also receives attributes of the rejected messages that triggered the rules. The security gateway maintains frequencies with which the messages with a particular attribute were rejected by the rules. The security gateway finds rejected messages or attributes having a high frequency of occurrence. Since messages or attributes having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow messages that have similar attributes to pass through the gateway.Type: GrantFiled: January 27, 2010Date of Patent: September 4, 2012Assignee: Citrix Systems, Inc.Inventors: Abhishek Chauhan, Rajiv Mirani, Prince Kohli
-
Publication number: 20120216274Abstract: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.Type: ApplicationFiled: August 17, 2011Publication date: August 23, 2012Inventors: Abhishek Chauhan, Rajiv Mirani, Prince Kohli, Namit Sikka
-
Patent number: 8011009Abstract: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.Type: GrantFiled: September 29, 2009Date of Patent: August 30, 2011Assignee: Citrix Systems, Inc.Inventors: Abhishek Chauhan, Rajiv Mirani, Prince Kohli, Namit Sikka
-
Publication number: 20110154461Abstract: The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string.Type: ApplicationFiled: December 22, 2010Publication date: June 23, 2011Inventors: CRAIG ANDERSON, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Publication number: 20110154471Abstract: The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.Type: ApplicationFiled: December 23, 2009Publication date: June 23, 2011Inventors: Craig Anderson, Anoop Reddy, Rajiv Mirani, Abhishek Chauhan
-
Publication number: 20110041053Abstract: An efficient method for parsing HTML pages identifies pages containing a mix of static and dynamic content. The pages are parsed to form abstract syntax trees (ASTs), which are then cached along with the pages. When a later version of a page is retrieved, it is compared against the cached version, and only those portions of the AST that contain different content are reparsed.Type: ApplicationFiled: July 29, 2010Publication date: February 17, 2011Inventors: Sheng Liang, Hong Zhang, Abhishek Chauhan, Rajiv Mirani, Oliver Chang
-
Patent number: 7890996Abstract: A security gateway receives messages rejected by a message filter based on a set of rules. The security gateway also receives attributes of the rejected messages that triggered the rules. The security gateway maintains frequencies with which the messages with a particular attribute were rejected by the rules. The security gateway finds rejected messages or attributes having a high frequency of occurrence. Since messages or attributes having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow messages that have similar attributes to pass through the gateway.Type: GrantFiled: February 18, 2004Date of Patent: February 15, 2011Assignee: Teros, Inc.Inventors: Abhishek Chauhan, Rajiv Mirani, Prince Kohli
-
Systems and methods for using object oriented expressions to configure application security policies
Patent number: 7870277Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.Type: GrantFiled: March 12, 2007Date of Patent: January 11, 2011Assignee: Citrix Systems, Inc.Inventors: Vamsi Korrapati, Prakash Khemani, Rajiv Mirani, Abhishek Chauhan -
Publication number: 20100332617Abstract: The present disclosure is directed to systems and method for providing a virtual appliance. One or more application delivery controller appliances intermediary to a plurality of clients and a plurality of servers perform a plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers. A virtual application delivery controller is deployed on a device intermediary to the plurality of clients and the plurality of servers. The virtual application delivery controller executing on the device performs one or more of the plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers.Type: ApplicationFiled: April 30, 2010Publication date: December 30, 2010Inventors: Thomas Goodwin, Rajiv Mirani, Abhishek Chauhan, Frank Suchomel, Deepak Goel
-
Publication number: 20100322071Abstract: The present disclosure presents systems and methods for controlling network traffic traversing an intermediary device based on a license or a permit granted for the intermediary device. The systems and methods control a rate of a traffic of a device in accordance with a rate limit identified by a rate limiting license. A rate limiting manager of an intermediary device that processes network traffic between a plurality of clients and a plurality of servers, may identify presence of a rate limiting license that further identifies a performance level. The rate limiting manager may establish a rate limit based on the performance level of the rate limiting license. A throttler of the intermediary may control a rate of receiving network packets in accordance with the rate limit.Type: ApplicationFiled: June 18, 2010Publication date: December 23, 2010Inventors: Roman Avdanin, Henk Bots, Ramanjaneyulu Y. Talla, Abhishek Chauhan, Rajiv Mirani
-
Publication number: 20100284411Abstract: The present solution is related to a method for distributing flows of network traffic across a plurality of packet processing engines executing on a corresponding core of a multi-core device. The method includes receiving, by a multi-core device intermediary to clients and servers, a packet of a first flow of network traffic between a client and server. The method also includes assigning, by a flow distributor of the multi-core device, the first flow of network traffic to a first core executing a packet processing engine and distributing the packet to this core. The flow distributor may distribute packets of another or second flow of traffic between another client and server to a second core executing a second packet processing engine. When a packet for the flow of traffic assigned to the first core is received, such as a third packet, the flow distributor distributes this packet to the first core.Type: ApplicationFiled: April 23, 2010Publication date: November 11, 2010Inventors: Rajiv Mirani, Rajiv Sinha, Abhishek Chauhan, Anil Shetty