Patents by Inventor Roy Rajan
Roy Rajan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949663Abstract: Systems and methods include establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between a local node including one or more processors and a remote node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier. The first encryption technique can be one of TLS and SSL, and the second encryption technique can be one of TLS and DTLS.Type: GrantFiled: July 7, 2020Date of Patent: April 2, 2024Assignee: Zscaler, Inc.Inventors: Srikanth Devarajan, Vijay Bulusu, Roy Rajan, Ajit Singh, Abhinav Bansal, Vikas Mahajan
-
Publication number: 20210367920Abstract: Systems and methods include establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between a local node including one or more processors and a remote node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier. The first encryption technique can be one of TLS and SSL, and the second encryption technique can be one of TLS and DTLS.Type: ApplicationFiled: July 7, 2020Publication date: November 25, 2021Inventors: Srikanth Devarajan, Vijay Bulusu, Roy Rajan, Ajit Singh, Abhinav Bansal, Vikas Mahajan
-
Patent number: 9497262Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.Type: GrantFiled: July 18, 2014Date of Patent: November 15, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Patent number: 9363328Abstract: The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.Type: GrantFiled: August 26, 2014Date of Patent: June 7, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Jagannath Raghu, Saravana Annamalaisami, Roy Rajan
-
Patent number: 9268736Abstract: The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.Type: GrantFiled: February 7, 2013Date of Patent: February 23, 2016Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Patent number: 9172650Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.Type: GrantFiled: June 7, 2013Date of Patent: October 27, 2015Assignee: CITRIX SYSTEMS, INC.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Publication number: 20150019630Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.Type: ApplicationFiled: July 18, 2014Publication date: January 15, 2015Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Patent number: 8935399Abstract: The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service.Type: GrantFiled: February 25, 2013Date of Patent: January 13, 2015Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Saravanakumar Annamalaisami, Ashwin Jagadish
-
Publication number: 20140365563Abstract: The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.Type: ApplicationFiled: August 26, 2014Publication date: December 11, 2014Applicant: Citrix Systems, Inc.Inventors: Jagannath Raghu, Saravana Annamalaisami, Roy Rajan
-
Patent number: 8850070Abstract: The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.Type: GrantFiled: March 6, 2009Date of Patent: September 30, 2014Assignee: Citrix Systems, Inc.Inventors: Jagannath Raghu, Saravana Annamalaisami, Roy Rajan
-
Patent number: 8843645Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.Type: GrantFiled: June 24, 2010Date of Patent: September 23, 2014Assignee: Citrix Systems, Inc.Inventors: Saravanakumar Annamalaisami, Ashok Kumar Jagadeeswaran, Mahesh Mylarappa, Roy Rajan
-
Patent number: 8819115Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.Type: GrantFiled: December 23, 2009Date of Patent: August 26, 2014Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Publication number: 20130275617Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.Type: ApplicationFiled: June 7, 2013Publication date: October 17, 2013Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Publication number: 20130173801Abstract: The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service.Type: ApplicationFiled: February 25, 2013Publication date: July 4, 2013Inventors: Roy Rajan, Saravanakumar Annamalaisami, Ashwin Jagadish
-
Publication number: 20130151650Abstract: The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.Type: ApplicationFiled: February 7, 2013Publication date: June 13, 2013Inventors: ROY RAJAN, Saravanakumar Annamalaisami
-
Patent number: 8463887Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.Type: GrantFiled: December 23, 2009Date of Patent: June 11, 2013Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Patent number: 8392562Abstract: The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service.Type: GrantFiled: December 23, 2009Date of Patent: March 5, 2013Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Ashwin Jagadish, Saravanakumar Annamalaisami
-
Patent number: 8392977Abstract: Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request.Type: GrantFiled: August 3, 2006Date of Patent: March 5, 2013Assignee: Citrix Systems, Inc.Inventors: Junxiao He, Charu Venkatraman, Roy Rajan, Ajay Soni
-
Patent number: 8380994Abstract: The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.Type: GrantFiled: December 23, 2009Date of Patent: February 19, 2013Assignee: Citrix Systems, Inc.Inventors: Roy Rajan, Saravanakumar Annamalaisami
-
Patent number: 8352633Abstract: The present application is directed towards systems and methods of state migration in a multi-core system. An external process on a client or server may initiate a plurality of connections with the multi-core system, such that some cores have a plurality of connections and others have none. The present invention provides systems and methods for redirecting a connection or migrating the state of a connection from being associated with a first core with a plurality of connections to a second core with no connections.Type: GrantFiled: June 22, 2010Date of Patent: January 8, 2013Assignee: Citrix Systems, Inc.Inventors: Ashwin Jagadish, Roy Rajan, Saravanakumar Annamalaisami