Patents by Inventor Ramakant PANDRANGI
Ramakant PANDRANGI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10560422Abstract: Systems and methods for enhanced monitoring and adaptive management of inter-network Domain Name System (“DNS”) traffic include an information capture device in a monitored network. The information capture device receives a redirected connection request originated by a client machine in the monitored network in response to a modified DNS answer from a recursive name server outside of the monitored network, captures detailed information associated with the redirected connection request that is inaccessible to the recursive name server, and sends the captured information to a data storage accessible to the recursive name server for storage as augmented DNS data associated with the client machine and/or the redirected connection request. The information capture device further provides, in response to the redirected connection request, an adaptive answer generated based on the augmented DNS data to the client machine.Type: GrantFiled: June 27, 2016Date of Patent: February 11, 2020Assignee: VERISIGN, INC.Inventors: Ramakant Pandrangi, Denis Phillips
-
Patent number: 10250618Abstract: Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system.Type: GrantFiled: April 6, 2016Date of Patent: April 2, 2019Assignee: VERISIGN, INC.Inventors: Suresh Bhogavilli, Roberto Guimaraes, Ramakant Pandrangi, Frank Scalzo
-
Patent number: 10050831Abstract: Systems, methods, and computer-readable mediums are provided that access a set of data related to a plurality of domain name system (DNS) requests for a plurality of subnets in a network. A subset of the set of data that is a representative sample of the set of data is selected. Latency of the subset of the data is estimated and latency is estimated for the totality of the data. A portion of the network is modified based on the estimated latency of the totality of the data.Type: GrantFiled: February 26, 2016Date of Patent: August 14, 2018Assignee: VERISIGN, INC.Inventors: Yannis Labrou, Frank Scalzo, Ramakant Pandrangi
-
Patent number: 9961110Abstract: Implementations relate to systems and methods for pre-signing of DNSSEC enabled zones into record sets. A domain name system (DNS) can receive and/or impose a set of DNS policies desired by an administrator, or the DNS operator itself to govern domain name resolution with security extensions (DNSSEC) for a Web domain. The DNS can generate a set of answers to user questions directed to the domain based on the set of policies. Those answers which differ or vary based on policy rules can be stored as variant answers, and can be labeled with a variant ID. The variant answers can be pre-signed and stored in the DNS. Because key data and other information is generated and stored before a DNS request is received, the requested variant answer can be returned with greater responsiveness and security.Type: GrantFiled: November 27, 2013Date of Patent: May 1, 2018Assignee: VERISIGN, INC.Inventors: David Blacka, Ramakant Pandrangi
-
Patent number: 9935771Abstract: The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential.Type: GrantFiled: September 22, 2015Date of Patent: April 3, 2018Assignee: VERISIGN, INC.Inventors: Ramakant Pandrangi, Eric Osterweil, Paul Livesay
-
Publication number: 20170085380Abstract: The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential.Type: ApplicationFiled: September 22, 2015Publication date: March 23, 2017Inventors: Ramakant Pandrangi, Eric Osterweil, Paul Livesay
-
Publication number: 20160380960Abstract: Systems and methods for enhanced monitoring and adaptive management of inter-network Domain Name System (“DNS”) traffic include an information capture device in a monitored network. The information capture device receives a redirected connection request originated by a client machine in the monitored network in response to a modified DNS answer from a recursive name server outside of the monitored network, captures detailed information associated with the redirected connection request that is inaccessible to the recursive name server, and sends the captured information to a data storage accessible to the recursive name server for storage as augmented DNS data associated with the client machine and/or the redirected connection request. The information capture device further provides, in response to the redirected connection request, an adaptive answer generated based on the augmented DNS data to the client machine.Type: ApplicationFiled: June 27, 2016Publication date: December 29, 2016Inventors: Ramakant Pandrangi, Denis Phillips
-
Publication number: 20160254955Abstract: Systems, methods, and computer-readable mediums are provided that access a set of data related to a plurality of domain name system (DNS) requests for a plurality of subnets in a network. A subset of the set of data that is a representative sample of the set of data is selected. Latency of the subset of the data is estimated and latency is estimated for the totality of the data. A portion of the network is modified based on the estimated latency of the totality of the data.Type: ApplicationFiled: February 26, 2016Publication date: September 1, 2016Inventors: Yannis Labrou, Frank Scalzo, Ramakant Pandrangi
-
Publication number: 20160226896Abstract: Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challengeType: ApplicationFiled: April 6, 2016Publication date: August 4, 2016Inventors: Suresh Bhogavilli, Roberto Guimaraes, Ramakant Pandrangi, Frank Scalzo
-
Patent number: 8971539Abstract: Methods and systems for providing a secure SSL certificate escrow service comprise: providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key; receiving the encrypted copy of the private key from the private key holder via the secure upload webpage; storing the encrypted copy of the private key in memory; providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key; receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and decrypting the private key in response to the instruction to decrypt the private key.Type: GrantFiled: December 30, 2010Date of Patent: March 3, 2015Assignee: Verisign, Inc.Inventors: Ramakant Pandrangi, Frank Scalzo
-
Patent number: 8935785Abstract: A method and system to mitigate an attack over the Internet includes collecting information related to a plurality of client IP addresses from a plurality of sources and analyzing the collected information to determine confidence scores for the plurality of client IP addresses. The method and system also include receiving network traffic from the Internet and limiting network traffic from a first subset of the plurality of client IP addresses characterized by a confidence score less than a first threshold. The method, and system further include determining a level of the network traffic and limiting network traffic from a second subset of the plurality of client IP addresses characterized by a confidence score less than a second threshold greater than the first threshold.Type: GrantFiled: September 23, 2011Date of Patent: January 13, 2015Assignee: Verisign, IncInventor: Ramakant Pandrangi
-
Publication number: 20140282847Abstract: Implementations relate to systems and methods for pre-signing of DNSSEC enabled zones into record sets. A domain name system (DNS) can receive and/or impose a set of DNS policies desired by an administrator, or the DNS operator itself to govern domain name resolution with security extensions (DNSSEC) for a Web domain. The DNS can generate a set of answers to user questions directed to the domain based on the set of policies. Those answers which differ or vary based on policy rules can be stored as variant answers, and can be labeled with a variant ID. The variant answers can be pre-signed and stored in the DNS. Because key data and other information is generated and stored before a DNS request is received, the requested variant answer can be returned with greater responsiveness and security.Type: ApplicationFiled: November 27, 2013Publication date: September 18, 2014Applicant: VERISIGN, INC.Inventors: David Blacka, Ramakant Pandrangi
-
Patent number: 8713676Abstract: Systems and methods are disclosed for identifying domains as malicious based on Internet-wide DNS lookup patterns. Disclosed embodiments look for variance in the servers that look up a domain and also look at the popularity growth (quantity of queries from unique addresses) of a domain after registration to identify malicious domains. Other disclosed embodiments measure the similarity of servers that query a domain and cluster domains based on the similarity of those servers. Disclosed embodiments may use such temporal and spatial lookup patterns as input to a blacklist process to more effectively and quickly blacklist domains based on their Internet-wide lookup patterns.Type: GrantFiled: May 13, 2011Date of Patent: April 29, 2014Assignees: Verisign, Inc., Georgia Tech Research CorporationInventors: Ramakant Pandrangi, Nicholas G. Feamster, Shuang Hao
-
Publication number: 20120170753Abstract: Methods and systems for providing a secure SSL certificate escrow service comprise: providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key; receiving the encrypted copy of the private key from the private key holder via the secure upload webpage; storing the encrypted copy of the private key in memory; providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key; receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and decrypting the private key in response to the instruction to decrypt the private key.Type: ApplicationFiled: December 30, 2010Publication date: July 5, 2012Inventors: Ramakant Pandrangi, Frank Scalzo
-
Publication number: 20120174196Abstract: Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challengeType: ApplicationFiled: December 30, 2010Publication date: July 5, 2012Inventors: Suresh Bhogavilli, Roberto Guimaraes, Ramakant Pandrangi, Frank Scalzo
-
Publication number: 20120079592Abstract: A method and system to mitigate an attack over the Internet includes collecting information related to a plurality of client IP addresses from a plurality of sources and analyzing the collected information to determine confidence scores for the plurality of client IP addresses. The method and system also include receiving network traffic from the Internet and limiting network traffic from a first subset of the plurality of client IP addresses characterized by a confidence score less than a first threshold. The method, and system further include determining a level of the network traffic and limiting network traffic from a second subset of the plurality of client IP addresses characterized by a confidence score less than a second threshold greater than the first threshold.Type: ApplicationFiled: September 23, 2011Publication date: March 29, 2012Inventor: Ramakant Pandrangi
-
Publication number: 20110283357Abstract: Systems and methods are disclosed for identifying domains as malicious based on Internet-wide DNS lookup patterns. Disclosed embodiments look for variance in the servers that look up a domain and also look at the popularity growth (quantity of queries from unique addresses) of a domain after registration to identify malicious domains. Other disclosed embodiments measure the similarity of servers that query a domain and cluster domains based on the similarity of those servers. Disclosed embodiments may use such temporal and spatial lookup patterns as input to a blacklist process to more effectively and quickly blacklist domains based on their Internet-wide lookup patterns.Type: ApplicationFiled: May 13, 2011Publication date: November 17, 2011Inventors: Ramakant PANDRANGI, Nicholas G. Feamster, Shuang Hao