Patents by Inventor Santashil Palchaudhuri
Santashil Palchaudhuri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11159488Abstract: The invention relates to a computer-implemented system and method for efficiently configuring the security rules for application firewalls in a cloud-based infrastructure, the cloud-based infrastructure containing at least one of a virtual machine comprising an application, a Domain Name System (DNS) Agent, and a firewall. The method may comprise requesting, by the application, network address information via a DNS server for a fully qualified domain name (FQDN); intercepting, by the DNS Agent, data packets containing the DNS Server query response; decoding, by the DNS Agent, the DNS query response, and identifying the network address information; and updating a security rule of the firewall, by the DNS Agent, based on the decoded network address information. The method may be implemented to update the security rules of application firewalls across an organization's cloud-based infrastructure.Type: GrantFiled: March 29, 2019Date of Patent: October 26, 2021Assignee: JPMorgan Chase Bank, N.A.Inventors: Sudeepto Kumar Roy, Santashil Palchaudhuri, Venkatesh Kinthali
-
Patent number: 10805984Abstract: Embodiments of the present disclosure provide for configuring and managing mesh nodes during occasional failure of mesh nodes or addition of new mesh nodes. The disclosed system first determines whether a mesh node is a mesh portal or a mesh point. If it is a mesh portal, the mesh node will advertise its capacity as a mesh portal to other mesh nodes in the network. If it is a mesh point, the mesh node attempts to automatically recover connection to the wireless mesh network if it identifies a unique wireless network based on its associated network identifier. If more than one network identifiers are discovered, the mesh node delays establishing connection to the wireless mesh network until a selection is received.Type: GrantFiled: November 20, 2017Date of Patent: October 13, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Pradeep Iyer, Santashil Palchaudhuri, Shravan Kumar Mettu
-
Publication number: 20200314065Abstract: The invention relates to a computer-implemented system and method for efficiently configuring the security rules for application firewalls in a cloud-based infrastructure, the cloud-based infrastructure containing at least one of a virtual machine comprising an application, a Domain Name System (DNS) Agent, and a firewall. The method may comprise requesting, by the application, network address information via a DNS server for a fully qualified domain name (FQDN); intercepting, by the DNS Agent, data packets containing the DNS Server query response; decoding, by the DNS Agent, the DNS query response, and identifying the network address information; and updating a security rule of the firewall, by the DNS Agent, based on the decoded network address information. The method may be implemented to update the security rules of application firewalls across an organization's cloud-based infrastructure.Type: ApplicationFiled: March 29, 2019Publication date: October 1, 2020Inventors: Sudeepto Kumar ROY, Santashil PALCHAUDHURI, Venkatesh KINTHALI
-
Patent number: 10673807Abstract: A network device may detect packets being transmitted on a network to obtain detected packets, identify Internet Protocol (IP) addresses corresponding to the detected packets, and identify candidate IP subnets that do not include any IP address in the IP addresses corresponding to the detected packets. A particular IP subnet may be selected from the set of candidate IP subnets for allocation to a set of target devices. A network device may identify a set of candidate Internet Protocol (IP) subnets, select a particular IP subnet from the set of candidate IP subnets, and transmit, to other network devices, an advertisement including an intent to use the particular IP subnet. Responsive to determining that none of the other network devices are using the particular IP subnet, the network device may select the particular IP subnet for allocating to a set of target devices.Type: GrantFiled: April 29, 2019Date of Patent: June 2, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Amit Madan, Naveen Manjunath, Prateek Kapoor, Santashil Palchaudhuri
-
Patent number: 10491583Abstract: Provisioning remote access points for use in a telecommunication network. A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate. The identity information is stored in the remote access point, and may be stored in a Trusted Platform Module if present. When the remote access node is powered up in unprovisioned state, outside the manufacturing environment, it attempts to establish an internet connection via a first wired interface, and queries a user for information representing the TCP/IP address of its controller via a second wired interface. Once an internet connection is present, and a TCP/IP address has been provided, the remote access point attempts to connect to the controller at that address. Once a connection is established, controller and access point exchange and verify each other's identities.Type: GrantFiled: November 22, 2016Date of Patent: November 26, 2019Assignee: Hewlett Packard Enterprise Development LPInventors: Manish Mehta, Shekhar Kshirsagar, Santashil PalChaudhuri
-
Publication number: 20190253383Abstract: A network device may detect packets being transmitted on a network to obtain detected packets, identify Internet Protocol (IP) addresses corresponding to the detected packets, and identify candidate IP subnets that do not include any IP address in the IP addresses corresponding to the detected packets. A particular IP subnet may be selected from the set of candidate IP subnets for allocation to a set of target devices. A network device may identify a set of candidate Internet Protocol (IP) subnets, select a particular IP subnet from the set of candidate IP subnets, and transmit, to other network devices, an advertisement including an intent to use the particular IP subnet. Responsive to determining that none of the other network devices are using the particular IP subnet, the network device may select the particular IP subnet for allocating to a set of target devices.Type: ApplicationFiled: April 29, 2019Publication date: August 15, 2019Inventors: Amit MADAN, Naveen MANJUNATH, Prateek KAPOOR, Santashil PALCHAUDHURI
-
Patent number: 10291578Abstract: A network device may detect packets being transmitted on a network to obtain detected packets, identify Internet Protocol (IP) addresses corresponding to the detected packets, and identify candidate IP subnets that do not include any IP address in the IP addresses corresponding to the detected packets. A particular IP subnet may be selected from the set of candidate IP subnets for allocation to a set of target devices. A network device may identify a set of candidate Internet Protocol (IP) subnets, select a particular IP subnet from the set of candidate IP subnets, and transmit, to other network devices, an advertisement including an intent to use the particular IP subnet. Responsive to determining that none of the other network devices are using the particular IP subnet, the network device may select the particular IP subnet for allocating to a set of target devices.Type: GrantFiled: October 27, 2014Date of Patent: May 14, 2019Assignee: Hewlett Packard Enierprise Development LPInventors: Amit Madan, Naveen Manjunath, Prateek Kapoor, Santashil PalChaudhuri
-
Patent number: 10243974Abstract: The present disclosure relates to a network device that detects a deauthentication and/or disassociation attack in a wireless local area network (WLAN). In example implementations, the network device selects a random Media Access Control (MAC) address that is unused in the WLAN. The network device then transmits a request using the selected MAC address over a shared wireless communication channel. Next, the network device transmits a response using a MAC address corresponding to the network device over the shared wireless communication channel. Subsequently, the network device receives a disconnection request using the selected MAC address over the shared wireless communication channel. In response to receiving the disconnection request, the network device can detect an attacker device in the WLAN.Type: GrantFiled: August 12, 2016Date of Patent: March 26, 2019Assignee: Hewlett Packard Enterprise Development LPInventors: Naveen Manjunath, Santashil PalChaudhuri, Deepakparasar Avalur
-
Patent number: 10021102Abstract: The present disclosure discloses a system and method for classifying an application session for forwarding or refrain from forwarding to a client. Generally, classifying an application session includes: receiving a first request from a client device at a first network device; transmitting, by the first network device, a second request to obtain classification information corresponding to the first request; forwarding, by the first network device, the first request from the client device prior to receiving the classification information corresponding to the first request; receiving, by the first network device, the classification information corresponding to the first request; receiving, by the first network device, a first response corresponding to the forwarded first request; and based on the classification information, forwarding or refraining from forwarding the first response to the client device.Type: GrantFiled: October 31, 2014Date of Patent: July 10, 2018Assignee: ARUBA NETWORKS, INC.Inventors: Santashil PalChaudhuri, Prateek Kapoor, Jagachittes Vadivelu, Sudeepto Roy, Naveen Manjunath
-
Publication number: 20180097658Abstract: The present disclosure discloses a method and network device for providing VLAN mismatch detection in networks. Specifically, a network device monitors a plurality of packets received by a first device from a second device to identify a first set of VLAN identifiers indicated by at least one of the plurality of packets. The network device receives from a third device at least one packet tagged with a particular VLAN identifier, whereas the at least one packet to be forwarded by the first device to the second device. The network device then determines whether the particular VLAN identifier is included in the first set of VLAN identifiers indicated by at least one of the plurality of packets received by the first device from the second device. If the particular VLAN identifier is not included in the first set of VLAN identifiers, the network device presents a notification.Type: ApplicationFiled: December 5, 2017Publication date: April 5, 2018Inventors: Santashil Palchaudhuri, Sandeep Yelburgi, Herman Robers, Sandip Devnath, Sandeep Unnimadhavan
-
Publication number: 20180077751Abstract: Embodiments of the present disclosure provide for configuring and managing mesh nodes during occasional failure of mesh nodes or addition of new mesh nodes. The disclosed system first determines whether a mesh node is a mesh portal or a mesh point. If it is a mesh portal, the mesh node will advertise its capacity as a mesh portal to other mesh nodes in the network. If it is a mesh point, the mesh node attempts to automatically recover connection to the wireless mesh network if it identifies a unique wireless network based on its associated network identifier. If more than one network identifiers are discovered, the mesh node delays establishing connection to the wireless mesh network until a selection is received.Type: ApplicationFiled: November 20, 2017Publication date: March 15, 2018Inventors: Pradeep Iyer, Santashil Palchaudhuri, Shravan Kumar Mettu
-
Patent number: 9854391Abstract: Zero touch configuration support for a universal serial bus (USB) modem is described herein. For example, as described herein, an identifier of a modem connected to an access point may be determined. Location information corresponding to the access point may also be determined. Based on the identifier of the modem and the location information, the access point may select a particular configuration, for the modem, where the particular configuration is suitable for a geographical location associated with the location information.Type: GrantFiled: July 30, 2014Date of Patent: December 26, 2017Assignee: ARUBA NETWORKS, INC.Inventors: Santashil PalChaudhuri, Jagachittes Vadivelu, Sandeep Yelburgi, Guojun Zhang
-
Patent number: 9838219Abstract: The present disclosure discloses a method and network device for providing VLAN mismatch detection in networks. Specifically, a network device monitors a plurality of packets received by a first device from a second device to identify a first set of VLAN identifiers indicated by at least one of the plurality of packets. The network device receives from a third device at least one packet tagged with a particular VLAN identifier, whereas the at least one packet to be forwarded by the first device to the second device. The network device then determines whether the particular VLAN identifier is included in the first set of VLAN identifiers indicated by at least one of the plurality of packets received by the first device from the second device. If the particular VLAN identifier is not included in the first set of VLAN identifiers, the network device presents a notification.Type: GrantFiled: April 30, 2014Date of Patent: December 5, 2017Assignee: ARUBA NETWORKS, INC.Inventors: Santashil PalChaudhuri, Sandeep Yelburgi, Herman Robers, Sandip Devnath, Sandeep Unnimadhavan
-
Patent number: 9826571Abstract: Embodiments of the present disclosure provide for configuring and managing mesh nodes during occasional failure of mesh nodes or addition of new mesh nodes. The disclosed system first determines whether a mesh node is a mesh portal or a mesh point. If it is a mesh portal, the mesh node will advertise its capacity as a mesh portal to other mesh nodes in the network. If it is a mesh point, the mesh node attempts to automatically recover connection to the wireless mesh network if it identifies a unique wireless network based on its associated network identifier. If more than one network identifiers are discovered, the mesh node delays establishing connection to the wireless mesh network until a selection is received.Type: GrantFiled: June 30, 2011Date of Patent: November 21, 2017Assignee: ARUBA NETWORKS, INC.Inventors: Pradeep Iyer, Santashil Palchaudhuri, Shravan Kumar Mettu
-
Patent number: 9787632Abstract: The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template.Type: GrantFiled: April 30, 2015Date of Patent: October 10, 2017Assignee: ARUBA NETWORKS, INC.Inventors: Joseph Garcia Baniqued, Deepika Dwivedi, Santashil PalChaudhuri, Sandeep Unnimadhavan, Brijesh Kumar Yadav, Tilak Kumar Adhya, Rajalakshmi Manoharan
-
Patent number: 9756682Abstract: The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN.Type: GrantFiled: March 7, 2012Date of Patent: September 5, 2017Assignee: Aruba Networks, Inc.Inventors: Pradeep Iyer, Santashil PalChaudhuri
-
Publication number: 20170244732Abstract: The present disclosure relates to a network device that detects a deauthentication and/or disassociation attack in a wireless local area network (WLAN). In example implementations, the network device selects a random Media Access Control (MAC) address that is unused in the WLAN. The network device then transmits a request using the selected MAC address over a shared wireless communication channel. Next, the network device transmits a response using a MAC address corresponding to the network device over the shared wireless communication channel. Subsequently, the network device receives a disconnection request using the selected MAC address over the shared wireless communication channel. In response to receiving the disconnection request, the network device can detect an attacker device in the WLAN.Type: ApplicationFiled: August 12, 2016Publication date: August 24, 2017Inventors: Naveen Manjunath, Santashil PalChaudhuri, Deepakparasar Avalur
-
Patent number: 9730269Abstract: The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN.Type: GrantFiled: March 7, 2012Date of Patent: August 8, 2017Assignee: Aruba Networks, Inc.Inventors: Pradeep Iyer, Santashil PalChaudhuri
-
Patent number: 9667512Abstract: According to one embodiment of the disclosure, a non-transitory computer readable medium (CRM) comprising instructions, which when executed by one or more hardware processors, causes performance of operations comprising: listening, by a first digital device in a group of digital devices, for any advertisement for a particular service; responsive to the first digital device not receiving any advertisement for the particular service for a predetermined period of time: transmitting, by the first digital device, a first advertisement for the particular service; and providing, by the first digital device, the particular service.Type: GrantFiled: June 3, 2013Date of Patent: May 30, 2017Assignee: Aruba Networks, Inc.Inventors: Pradeep Iyer, Santashil Palchaudhuri
-
Patent number: 9655038Abstract: The present disclosure discloses a method and a network device for efficient mobile client device roaming in a wireless local area network with multiple access points. Specifically, a network device determines a first received signal strength value for a first set of signals transmitted between a client device and a first access point during a first time period; and, determines a second received signal strength value for a second set of signals transmitted between a client device and the access point during a second time period. Based on the first and the second signal strength values, the network device computes a change in signal strength value corresponding to wireless communication between the client device and the first access point. Based on the change in signal strength value, the network device selects the access point from a plurality of access points for providing network access to the client device.Type: GrantFiled: October 28, 2014Date of Patent: May 16, 2017Assignee: Aruba Networks, Inc.Inventors: Prateek Kapoor, Amit Madan, Santashil PalChaudhuri