Patents by Inventor Rakesh Khanduja
Rakesh Khanduja has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11934548Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.Type: GrantFiled: August 12, 2021Date of Patent: March 19, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yueren Wang, Elnata Degefa, Andreas Wolter, Steven Richard Gott, Nitish Gupta, Raghav Kaushik, Rakesh Khanduja, Shafi Ahmad, Dilli Dorai Minnal Arumugam, Pankaj Prabhakar Naik, Nikolas Christopher Ogg
-
Publication number: 20220382892Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.Type: ApplicationFiled: August 12, 2021Publication date: December 1, 2022Inventors: Yueren WANG, Elnata DEGEFA, Andreas WOLTER, Steven Richard GOTT, Nitish GUPTA, Raghav KAUSHIK, Rakesh KHANDUJA, Shafi AHMAD, Dilli Dorai Minnal ARUMUGAM, Pankaj Prabhakar NAIK, Nikolas Christopher OGG
-
Patent number: 11281667Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to assign virtual identifiers to blocks of a file that contain identical information in different data sources. A distributed storage and distributed processing query statement is received. Real name attributes of the query statement are equated with selected virtual identifiers. Access control policies are applied to the selected virtual identifiers to obtain policy results. The policy results are applied to the real name attributes of the query statement to obtain query results.Type: GrantFiled: December 28, 2015Date of Patent: March 22, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Pratik Verma, Rakesh Khanduja, Prerna Verma
-
Patent number: 11281794Abstract: Methods, systems, apparatuses, and computer program products are provided for controlling access to a database. A data processing application may receive, from a user, a request that includes a procedural language code block to access data elements stored in a distributed database. A procedural language code block analyzer may obtain an access control policy that indicates permissions to access the data elements. A control system may determine, based on the access control policy, that access to a restricted portion of the data elements is denied. A reconstruction system may generate a reconstructed code block that allows the user to access data elements that are not restricted, such as by modifying the request to remove the portion that seeks access to the restricted data elements. The reconstruction system may then provide the modified request to the distributed database to receive the data elements to which the user is permitted to access.Type: GrantFiled: November 8, 2019Date of Patent: March 22, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Rakesh Khanduja, Pankaj Sharma
-
Publication number: 20210097194Abstract: Methods, systems, apparatuses, and computer program products are provided for controlling access to a database. A data processing application may receive, from a user, a request that includes a procedural language code block to access data elements stored in a distributed database. A procedural language code block analyzer may obtain an access control policy that indicates permissions to access the data elements. A control system may determine, based on the access control policy, that access to a restricted portion of the data elements is denied. A reconstruction system may generate a reconstructed code block that allows the user to access data elements that are not restricted, such as by modifying the request to remove the portion that seeks access to the restricted data elements. The reconstruction system may then provide the modified request to the distributed database to receive the data elements to which the user is permitted to access.Type: ApplicationFiled: November 8, 2019Publication date: April 1, 2021Inventors: Rakesh Khanduja, Pankaj Sharma
-
Patent number: 10929358Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: GrantFiled: January 17, 2019Date of Patent: February 23, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 10659467Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.Type: GrantFiled: November 6, 2018Date of Patent: May 19, 2020Assignee: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Patent number: 10594737Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.Type: GrantFiled: July 17, 2018Date of Patent: March 17, 2020Assignee: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Publication number: 20190155794Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: ApplicationFiled: January 17, 2019Publication date: May 23, 2019Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 10250723Abstract: Systems, computer program products and methods implementing protocol-level mapping are described. An identity mapping system intercepts a request from a client device to a distributed computing system. The identity mapping system determines a first protocol of the request. The identity mapping system determines user credentials associated with the request. The identity mapping system authenticates the request based on the user credentials. The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system, including associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.Type: GrantFiled: April 13, 2017Date of Patent: April 2, 2019Assignee: BlueTalon, Inc.Inventors: Rakesh Khanduja, Vineet Mittal
-
Patent number: 10185726Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: GrantFiled: August 26, 2016Date of Patent: January 22, 2019Assignee: BlueTalon, Inc.Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Patent number: 10129256Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.Type: GrantFiled: December 11, 2015Date of Patent: November 13, 2018Assignee: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Publication number: 20180302399Abstract: Systems, computer program products and methods implementing protocol-level mapping are described. An identity mapping system intercepts a request from a client device to a distributed computing system. The identity mapping system determines a first protocol of the request. The identity mapping system determines user credentials associated with the request. The identity mapping system authenticates the request based on the user credentials. The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system, including associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.Type: ApplicationFiled: April 13, 2017Publication date: October 18, 2018Inventors: Rakesh Khanduja, Vineet Mittal
-
Patent number: 10033765Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.Type: GrantFiled: December 11, 2015Date of Patent: July 24, 2018Assignee: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Publication number: 20180060365Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.Type: ApplicationFiled: August 26, 2016Publication date: March 1, 2018Applicant: BlueTalon, Inc.Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
-
Publication number: 20160205101Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.Type: ApplicationFiled: December 11, 2015Publication date: July 14, 2016Applicant: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Publication number: 20160205140Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.Type: ApplicationFiled: December 11, 2015Publication date: July 14, 2016Applicant: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja
-
Publication number: 20160203181Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to assign virtual identifiers to blocks of a file that contain identical information in different data sources. A distributed storage and distributed processing query statement is received. Real name attributes of the query statement are equated with selected virtual identifiers. Access control policies are applied to the selected virtual identifiers to obtain policy results. The policy results are applied to the real name attributes of the query statement to obtain query results.Type: ApplicationFiled: December 28, 2015Publication date: July 14, 2016Applicant: BlueTalon, Inc.Inventors: Pratik Verma, Rakesh Khanduja, Prerna Verma