Patents by Inventor Sanal Pillai
Sanal Pillai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11316837Abstract: Certain embodiments described herein are generally directed to enabling a group of host machines within a network to securely communicate an unknown unicast packet. In some embodiments, a key policy is defined exclusively for the secure communication of unknown unicast packets. The key policy is transmitted by a central controller to the group of host machines for negotiating session keys among each other when communicating unknown unicast packets.Type: GrantFiled: October 23, 2019Date of Patent: April 26, 2022Assignee: Nicira, Inc.Inventors: Sanal Pillai, Calvin Qian, Gang Xu, Bin Zan, Ganesan Chandrashekhar
-
Patent number: 11245674Abstract: Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes encrypted payload data and a second sequence number. The method may also comprise, in response detecting a second transport protocol packet that includes the first sequence number, determining that the second transport protocol packet is a retransmission of the first transport protocol packet. The method may further comprise generating and sending a second secure communication protocol packet that includes the second sequence number associated with the first sequence number.Type: GrantFiled: December 14, 2017Date of Patent: February 8, 2022Assignee: NICIRA, INC.Inventors: Sanal Pillai, Daniel Wing
-
Patent number: 11075949Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.Type: GrantFiled: February 2, 2017Date of Patent: July 27, 2021Assignee: Nicira, Inc.Inventors: Amit Chopra, Chen Li, Ganesan Chandrashekhar, Jinqiang Yang, Sanal Pillai, Bin Qian
-
Patent number: 11018993Abstract: Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.Type: GrantFiled: September 28, 2016Date of Patent: May 25, 2021Assignee: NICIRA, INC.Inventors: Ganesan Chandrashekhar, Mukesh Hira, Sanal Pillai
-
Patent number: 10757138Abstract: Certain embodiments described herein are generally directed to a first host machine exchanging a Security Parameter Index (SPI) value with a second host machine by storing the SPI in an options field of an encapsulation header of an encapsulated packet.Type: GrantFiled: July 13, 2017Date of Patent: August 25, 2020Assignee: Nicira, Inc.Inventors: Calvin Qian, Ganesan Chandrashekhar, Sanal Pillai, Kishore Kankipati, Sujatha Sundararaman
-
Patent number: 10747577Abstract: Computer system and method for characterizing throughput performance of a datacenter utilize bandwidth information of physical network interfaces in the datacenter and results of benchmark testing on throughput on a single processor core to compute a plurality of throughput constraints that define a throughput capacity region for the datacenter to improve throughput performance of the datacenter.Type: GrantFiled: August 25, 2018Date of Patent: August 18, 2020Assignee: NICIRA, INC.Inventors: Dexiang Wang, Bin Qian, Jinqiang Yang, Naga S. S. Kishore Kankipati, Sanal Pillai, Sujatha Sundararaman, Ganesan Chandrashekhar, Rishi Mehta
-
Patent number: 10630659Abstract: An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.Type: GrantFiled: September 30, 2016Date of Patent: April 21, 2020Assignee: Nicira, Inc.Inventors: Jinqiang Yang, Ganesan Chandrashekhar, Bin Qian, Amit Chopra, Sanal Pillai
-
Publication number: 20200067889Abstract: Certain embodiments described herein are generally directed to enabling a group of host machines within a network to securely communicate an unknown unicast packet. In some embodiments, a key policy is defined exclusively for the secure communication of unknown unicast packets. The key policy is transmitted by a central controller to the group of host machines for negotiating session keys among each other when communicating unknown unicast packets.Type: ApplicationFiled: October 23, 2019Publication date: February 27, 2020Inventors: Sanal PILLAI, Calvin QIAN, Gang XU, Bin ZAN, Ganesan CHANDRASHEKHAR
-
Patent number: 10476850Abstract: Certain embodiments described herein are generally directed to enabling a group of host machines within a network to securely communicate an unknown unicast packet. In some embodiments, a key policy is defined exclusively for the secure communication of unknown unicast packets. The key policy is transmitted by a central controller to the group of host machines for negotiating session keys among each other when communicating unknown unicast packets.Type: GrantFiled: August 11, 2017Date of Patent: November 12, 2019Assignee: Nicira, Inc.Inventors: Sanal Pillai, Calvin Qian, Gang Xu, Bin Zan, Ganesan Chandrashekhar
-
Publication number: 20190190891Abstract: Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes encrypted payload data and a second sequence number. The method may also comprise, in response detecting a second transport protocol packet that includes the first sequence number, determining that the second transport protocol packet is a retransmission of the first transport protocol packet. The method may further comprise generating and sending a second secure communication protocol packet that includes the second sequence number associated with the first sequence number.Type: ApplicationFiled: December 14, 2017Publication date: June 20, 2019Applicant: Nicira, Inc.Inventors: Sanal PILLAI, Daniel WING
-
Publication number: 20190065265Abstract: Computer system and method for characterizing throughput performance of a datacenter utilize bandwidth information of physical network interfaces in the datacenter and results of benchmark testing on throughput on a single processor core to compute a plurality of throughput constraints that define a throughput capacity region for the datacenter to improve throughput performance of the datacenter.Type: ApplicationFiled: August 25, 2018Publication date: February 28, 2019Inventors: Dexiang WANG, Bin QIAN, Jinqiang YANG, Naga S. S. Kishore KANKIPATI, Sanal PILLAI, Sujatha SUNDARARAMAN, Ganesan CHANDRASHEKHAR, Rishi MEHTA
-
Publication number: 20190028442Abstract: Certain embodiments described herein are generally directed to enabling a group of host machines within a network to securely communicate an unknown unicast packet. In some embodiments, a key policy is defined exclusively for the secure communication of unknown unicast packets. The key policy is transmitted by a central controller to the group of host machines for negotiating session keys among each other when communicating unknown unicast packets.Type: ApplicationFiled: August 11, 2017Publication date: January 24, 2019Inventors: Sanal PILLAI, Calvin QIAN, Gang XU, Bin ZAN, Ganesan CHANDRASHEKHAR
-
Publication number: 20190020684Abstract: Certain embodiments described herein are generally directed to a first host machine exchanging a Security Parameter Index (SPI) value with a second host machine by storing the SPI in an options field of an encapsulation header of an encapsulated packet.Type: ApplicationFiled: July 13, 2017Publication date: January 17, 2019Inventors: Calvin QIAN, Ganesan CHANDRASHEKHAR, Sanal PILLAI, Kishore KANKIPATI, Sujatha SUNDARARAMAN
-
Publication number: 20180219915Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.Type: ApplicationFiled: February 2, 2017Publication date: August 2, 2018Inventors: Amit CHOPRA, Chen LI, Ganesan CHANDRASHEKHAR, Jinqiang YANG, Sanal PILLAI, Bin QIAN
-
Publication number: 20180097785Abstract: An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.Type: ApplicationFiled: September 30, 2016Publication date: April 5, 2018Inventors: Jinqiang YANG, Ganesan CHANDRASHEKHAR, Bin QIAN, Amit Chopra, Sanal Pillai
-
Publication number: 20180063193Abstract: Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.Type: ApplicationFiled: September 28, 2016Publication date: March 1, 2018Inventors: Ganesan Chandrashekhar, Mukesh Hira, Sanal Pillai