Patents by Inventor Rammohan Varadarajan

Rammohan Varadarajan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10348763
    Abstract: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: July 9, 2019
    Assignee: Acalvio Technologies, Inc.
    Inventors: Rajendra A. Gopalakrishna, Johnson Wu, Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 10325217
    Abstract: An application analysis computer obtains reports from user terminals identifying operational states of instances of an application being processed by the user terminals. Sequences of the operational states that the instances of the application have transitioned through while being processed by the user terminals are identified. Common operational states that occur in a plurality of the sequences are identified. For each of the common operational states, a frequency of occurrence of the common operational state is determined. For each state transition between the common operational states in the sequences, a frequency of occurrence of the state transition is determined. State predictive metrics are generated based on the frequencies of occurrence of the common operational states and the frequencies of occurrence of the state transitions. The state predictive metrics are communicated, such as to an application server to control access to the application by user terminals.
    Type: Grant
    Filed: February 10, 2015
    Date of Patent: June 18, 2019
    Assignee: CA, Inc.
    Inventors: Satnam Singh, Sanjay Vyas, Rajendra Arcot Gopalakrishna, Rammohan Varadarajan
  • Patent number: 10326796
    Abstract: Provided are methods, including computer-implemented methods or methods implemented by a network device, devices including network devices, and computer-program products for providing dynamic security mechanisms for mixed networks. A mixed network can include an IoT type device and a non-IoT device. Using a configuration of the network, a deception device type can be determined. A second network that includes a deception mechanism corresponding to the deception device type can be determined. A network tunnel from the mixed network to the second network can be configured. The network tunnel enables the deception mechanism to be a node on the mixed network, such that the deception mechanism can be accessed from the mixed network. The deception mechanism can be used to monitor the mixed network for network abnormalities. An action can be taken when the deception mechanism detects an abnormality.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: June 18, 2019
    Assignee: Acalvio Technologies, Inc.
    Inventors: Rammohan Varadarajan, Sreenivas Gukal
  • Publication number: 20180351996
    Abstract: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception farm. The deception farm can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
    Type: Application
    Filed: May 18, 2018
    Publication date: December 6, 2018
    Applicant: Acalvio Technologies, Inc.
    Inventors: Johnson Wu, Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 10033762
    Abstract: Provided are methods, network devices, and computer-program products for a network deception system. The network deception system can engage a network threat with a deception mechanism, and dynamically escalating the deception to maintain the engagement. The system can include super-low, low, and high-interaction deceptions. The super-low deceptions can respond to requests for address information, and requires few computing resources. When network traffic directed to the super-low deception requires a more complex response, the system can initiate a low-interaction deception. The low-interaction deception can emulate multiple devices, which can give the low-interaction deception away as a deception. Hence, when the network traffic includes an attempted connection, the system can initiate a high-interaction deception. The high-interaction more closely emulates a network device, and can be more difficult to identify as a deception.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: July 24, 2018
    Assignee: ACALVIO TECHNOLOGIES, INC.
    Inventors: Johnson Wu, Rajendra A. Gopalakrishna, Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 9979750
    Abstract: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: May 22, 2018
    Assignee: ACALVIO TECHNOLOGIES, INC.
    Inventors: Johnson Wu, Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 9836741
    Abstract: Systems, apparatus, methods, and computer program products for using quick response (QR) codes for authenticating users to ATMs and other secure machines for cardless transactions are disclosed. Embodiments of the present disclosure read an image displayed on a display of an external device using a mobile device associated with a user authorized to access a secure resource, decode transaction information encoded in the image, transmit the transaction information and an identifier of the mobile device from the mobile device to an authentication system, and grant access to the secure resource if the transaction information and the identifier satisfy an authentication test performed at the authentication system.
    Type: Grant
    Filed: December 1, 2014
    Date of Patent: December 5, 2017
    Assignee: CA, Inc.
    Inventors: Rammohan Varadarajan, Ambarish Malpani
  • Publication number: 20170310705
    Abstract: Provided are methods, network devices, and computer-program products for dynamically configuring a deception mechanism in response to network traffic from a possible network threat. In various implementations, a network deception system can receive a packet from a network. The network deception system can determine an intent associated with the packet by examining the contents of the packet. The network deception system can further configure a deception mechanism to respond to the intent, for example with the appropriate network communications, software or hardware configuration, and/or data.
    Type: Application
    Filed: April 25, 2017
    Publication date: October 26, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Rajendra A. Gopalakrishna, Johnson Wu, Sreenivas Gukal, Rammohan Varadarajan
  • Publication number: 20170310706
    Abstract: Provided are systems, methods, and computer-program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.
    Type: Application
    Filed: April 26, 2017
    Publication date: October 26, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Johnson Wu, Sreenivas Gukal, Rammohan Varadarajan
  • Publication number: 20170310704
    Abstract: Provided are methods, network devices, and computer-program products for a network deception system. The network deception system can engage a network threat with a deception mechanism, and dynamically escalating the deception to maintain the engagement. The system can include super-low, low, and high-interaction deceptions. The super-low deceptions can respond to requests for address information, and requires few computing resources. When network traffic directed to the super-low deception requires a more complex response, the system can initiate a low-interaction deception. The low-interaction deception can emulate multiple devices, which can give the low-interaction deception away as a deception. Hence, when the network traffic includes an attempted connection, the system can initiate a high-interaction deception. The high-interaction more closely emulates a network device, and can be more difficult to identify as a deception.
    Type: Application
    Filed: April 25, 2017
    Publication date: October 26, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Johnson Wu, Rajendra A. Gopalakrishna, Sreenivas Gukal, Rammohan Varadarajan
  • Publication number: 20170249633
    Abstract: According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction.
    Type: Application
    Filed: May 16, 2017
    Publication date: August 31, 2017
    Applicant: CA, Inc.
    Inventors: Rammohan Varadarajan, Ambarish Malpani
  • Publication number: 20170214708
    Abstract: Provided are systems, methods, and computer-program products for a network device, configured to use data science techniques to manage the deployment of deception mechanisms in a network, where the deception mechanisms can attract and detect threats to the network. In various implementations, the network device can receive network data. The network data can include data produced by an interaction with a deception mechanism. The deception mechanism can be part of the security of the network. An interaction can include a potential threat to the network. The network device can further be configured to analyze the network data using a data science engine, including identifying a pattern of network behavior. The network device can further generate an attack pattern that includes the behavior of the potential threat. The network device can further use the attack pattern to modify deception mechanisms on the network.
    Type: Application
    Filed: January 13, 2017
    Publication date: July 27, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 9665868
    Abstract: According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction.
    Type: Grant
    Filed: May 9, 2011
    Date of Patent: May 30, 2017
    Assignee: CA, Inc.
    Inventors: Rammohan Varadarajan, Ambarish Malpani
  • Publication number: 20170149825
    Abstract: Provided are devices, computer-program products, and methods (e.g., methods implemented by a production system or security agent program or process) for providing services on a production system to mimic a deception mechanism. For example, a method can include determining a deception characteristic of a deception mechanism and determining a production characteristic of the production system. The method can further include determining an additional service or a modification of an existing service of the production system using the deception characteristic and the production characteristic. In some cases, the additional service and/or the modification can be a deterrent to potential attackers of the production system. The method can further include modifying the production system to mimic the deception mechanism, including adding the additional service to the production system or modifying the existing service using the modification.
    Type: Application
    Filed: November 21, 2016
    Publication date: May 25, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Sreenivas Gukal, Rammohan Varadarajan
  • Publication number: 20170093910
    Abstract: Provided are systems, methods, and computer-program products for a network device configured to dynamically deploy deception mechanisms to detect threats to a network. In various implementations, the network device can be configured to collect network data from a network, and determine a selection of deceptions mechanisms. The deception mechanisms can represent resources available on the network, and are separate from normal operation of the network. The network device can further determine locations within the network to deploy the deception mechanisms. The network device can further identifying a potential threat to the network. The potential threat may be identified by a deception mechanism. The network device can further determine additional deception mechanisms, and use the additional deception mechanisms to facilitate an action on the network.
    Type: Application
    Filed: September 23, 2016
    Publication date: March 30, 2017
    Applicant: Acalvio Technologies, Inc.
    Inventors: Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 9559893
    Abstract: An application analysis computer obtains reports from user terminals containing application performance metrics and dimensions having values characterizing the applications and the user terminals. Statistics for each different type of the performance metrics across the reports are generated. One of the statistics, for one type of the performance metrics, that has changed at least a threshold amount between two time intervals is identified, and that performance metric is selected for analysis. For each combination of a different type of the characteristic dimensions and a different value among the values occurring for the type of the characteristic dimension, a statistic is generated for the selected type of the performance metrics from the reports. Information is communicated based on an active warning ID that was selected based on being associated with a combination of the type of the characteristic dimension and one of the statistics that changed at least a threshold amount.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: January 31, 2017
    Assignee: CA, Inc.
    Inventors: Sreenivas Gukal, Sanjay Vyas, Rammohan Varadarajan
  • Publication number: 20160239771
    Abstract: A method performed by an eCommerce risk assessment system includes receiving eCommerce transaction reports, each containing transaction metrics and transaction attributes having values. A statistic is separately generated for each different type of the transaction metrics based on the values of the transaction attributes. One type of the transaction metrics is selected for analysis. For each combination of a different type of the transaction attributes and a different value among the values occurring for the type of the transaction attribute, a transaction metric statistic is generated for the selected type of the transaction metrics having the combination of the type of the transaction attribute and the value. An analytical model of the eCommerce transactions is trained based on the values of the transaction attributes for the transaction metric statistics. Risk scores are output from the analytical model based on content of eCommerce transactions input to the analytical model.
    Type: Application
    Filed: February 12, 2015
    Publication date: August 18, 2016
    Applicant: CA, Inc.
    Inventors: Sreenivas GUKAL, Suresh YANAMADALA, Sanjay VYAS, Rammohan VARADARAJAN
  • Publication number: 20160232446
    Abstract: An application analysis computer obtains reports from user terminals identifying operational states of instances of an application being processed by the user terminals. Sequences of the operational states that the instances of the application have transitioned through while being processed by the user terminals are identified. Common operational states that occur in a plurality of the sequences are identified. For each of the common operational states, a frequency of occurrence of the common operational state is determined. For each state transition between the common operational states in the sequences, a frequency of occurrence of the state transition is determined. State predictive metrics are generated based on the frequencies of occurrence of the common operational states and the frequencies of occurrence of the state transitions. The state predictive metrics are communicated, such as to an application server to control access to the application by user terminals.
    Type: Application
    Filed: February 10, 2015
    Publication date: August 11, 2016
    Applicant: CA, Inc.
    Inventors: Satnam SINGH, Sanjay Vyas, Rajendra Arcot Gopalakrishna, Rammohan Varadarajan
  • Publication number: 20160189135
    Abstract: Data is received that corresponds to an image presented at a location of a transaction involving a user device and a terminal device. It is determined that the user device and the terminal device are engaged in the transaction based at least in part on the data and local interactions of a payment device with the terminal device are virtualized based on authenticating the transaction. Virtualizing the interactions can include exchanging messages with the terminal device over a network according to a protocol corresponding to the payment device and the terminal device.
    Type: Application
    Filed: November 27, 2013
    Publication date: June 30, 2016
    Inventors: Geoffrey R. Hird, Rammohan Varadarajan
  • Publication number: 20160173321
    Abstract: An application analysis computer obtains reports from user terminals containing application performance metrics and dimensions having values characterizing the applications and the user terminals. Statistics for each different type of the performance metrics across the reports are generated. One of the statistics, for one type of the performance metrics, that has changed at least a threshold amount between two time intervals is identified, and that performance metric is selected for analysis. For each combination of a different type of the characteristic dimensions and a different value among the values occurring for the type of the characteristic dimension, a statistic is generated for the selected type of the performance metrics from the reports. Information is communicated based on an active warning ID that was selected based on being associated with a combination of the type of the characteristic dimension and one of the statistics that changed at least a threshold amount.
    Type: Application
    Filed: December 15, 2014
    Publication date: June 16, 2016
    Inventors: Sreenivas Gukal, Sanjay Vyas, Rammohan Varadarajan