Patents by Inventor Saurabh MOHAN
Saurabh MOHAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146653Abstract: A system for efficiently determining a set of next-hop switches from a switch is provided. During operation, the system can determine the plurality of next-hop switches for an Internet Protocol (IP) address prefix. The system can then store, in an entry of a forwarding data structure of the switch, a list of identifying information indicating the plurality of next-hop switches corresponding to the IP address prefix. The identifying information for the plurality of next-hop switches can be stored in the list in an order of preference for forwarding traffic matching the IP address prefix. Upon receiving a packet with a destination IP address matching the IP address prefix, the system can select the entry from the forwarding data structure for determining a next-hop switch for forwarding the packet. The system can then determine the next-hop switch for the packet from the entry based on the order of preference.Type: ApplicationFiled: October 28, 2022Publication date: May 2, 2024Inventors: Saurabh Mohan, Nisarg Rajesh Shah
-
Patent number: 11921911Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.Type: GrantFiled: July 13, 2021Date of Patent: March 5, 2024Assignee: Microsoft Technology Licensing, LLC.Inventors: Stavros Volos, David Thomas Chisnall, Saurabh Mohan Kulkarni, Kapil Vaswani, Manuel Costa, Samuel Alexander Webster, Cédric Alain Marie Fournet, Richard Osborne, Daniel John Pelham Wilkinson, Graham Bernard Cunningham
-
Patent number: 11805078Abstract: A first ingress interface on a switch receives a first control packet for establishing a Transmission Control Protocol (TCP) session and selects a first engine running on a first line card in the switch. A second ingress interface receives a second control packet and selects the same first engine. Data associated with the TCP session received by the first or second ingress interface subsequent to establishing the TCP session is to be forwarded to the first engine. The first ingress interface receives a third control packet and sends, to the selected first engine, a notification indicating the TCP session which is to be tracked. The first or second ingress interface receives a fourth packet with a payload associated with the TCP session and forwards, to the selected first engine, a copy of the fourth packet, thereby facilitating a plurality of engine instances to support application identification.Type: GrantFiled: December 7, 2021Date of Patent: October 31, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Saurabh Mohan, Vijeesh Erankotte Panayamthatta, Venkatavaradhan Devarajan
-
Publication number: 20230216779Abstract: A system for layer-2 path tracing is provided. During operation, the system can send, from an originating device, a layer-2 trace packet with a packet type in a layer-2 header of the layer-2 trace packet. The packet type can indicate the trace packet to be a tracing packet. The system can then receive a layer-2 response packet from a respective participating device, which supports layer-2 path tracing, on a path to a target device of the trace packet. Subsequently, the system can obtain, from a payload of the response packet, trace information of a forward path to the participating device traversed by the trace packet and a reverse path from the participating device traversed by the response packet. The trace information can identify one or more layer-2 devices along the forward and reverse paths, and include one or more layer-2 identifiers corresponding to the identified one or more layer-2 devices.Type: ApplicationFiled: January 4, 2022Publication date: July 6, 2023Inventors: Alexander K. Nelson, Goldy Tomy, Luis A. Mora, Saurabh Mohan
-
Publication number: 20230179544Abstract: A first ingress interface on a switch receives a first control packet for establishing a Transmission Control Protocol (TCP) session and selects a first engine running on a first line card in the switch. A second ingress interface receives a second control packet and selects the same first engine. Data associated with the TCP session received by the first or second ingress interface subsequent to establishing the TCP session is to be forwarded to the first engine. The first ingress interface receives a third control packet and sends, to the selected first engine, a notification indicating the TCP session which is to be tracked. The first or second ingress interface receives a fourth packet with a payload associated with the TCP session and forwards, to the selected first engine, a copy of the fourth packet, thereby facilitating a plurality of engine instances to support application identification.Type: ApplicationFiled: December 7, 2021Publication date: June 8, 2023Inventors: Saurabh Mohan, Vijeesh Erankotte Panayamthatta, Venkatavaradhan Devarajan
-
Patent number: 11544537Abstract: Embodiments of the present disclosure include a method for token-position handling comprising: processing a first sequence of tokens to produce a second sequence of tokens, wherein the second sequence of tokens has a smaller number of tokens than the first sequence of tokens; masking at least some tokens in the second sequence to produce masked tokens; moving the masked tokens to the beginning of the second sequence to produce a third sequence; encoding tokens in the third sequence into a set of numeric vectors in a first array; and processing the first array in a transformer neural network to determine correlations among the third sequence, the processing the first array producing a second array.Type: GrantFiled: April 14, 2020Date of Patent: January 3, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Andrew Wagner, Tiyasa Mitra, Sujeeth Subramanya Bharadwaj, Marc Tremblay, Saurabh Mohan Kulkarni
-
Patent number: 11475303Abstract: Techniques for training neural networks are provided. According to one set of embodiments, a first array is processed in a spreading component to produce a second array, where a first dimension of the first array corresponds to at least one sequence of approximately orthogonal numeric vectors representing tokens, and where the spreading component combines values along the first dimension. The second array is processed in a transformer neural network to determine correlations between the sequence, which produces a third array. One or more batches of the third array are processed in a de-spreading component to produce a fourth array.Type: GrantFiled: April 14, 2020Date of Patent: October 18, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Andrew Wagner, Tiyasa Mitra, Sujeeth Subramanya Bharadwaj, Saurabh Mohan Kulkarni, Marc Tremblay
-
Publication number: 20210342492Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.Type: ApplicationFiled: July 13, 2021Publication date: November 4, 2021Inventors: Stavros VOLOS, David Thomas CHISNALL, Saurabh Mohan KULKARNI, Kapil VASWANI, Manuel COSTA, Samuel Alexander WEBSTER, Cédric Alain Marie FOURNET, Richard OSBORNE, Daniel John Pelham WILKINSON, Graham Bernard CUNNINGHAM
-
Publication number: 20210319309Abstract: Techniques for training neural networks are provided. According to one set of embodiments, a first array is processed in a spreading component to produce a second array, where a first dimension of the first array corresponds to at least one sequence of approximately orthogonal numeric vectors representing tokens, and where the spreading component combines values along the first dimension. The second array is processed in a transformer neural network to determine correlations between the sequence, which produces a third array. One or more batches of the third array are processed in a de-spreading component to produce a fourth array.Type: ApplicationFiled: April 14, 2020Publication date: October 14, 2021Inventors: Andrew WAGNER, Tiyasa MITRA, Sujeeth Subramanya BHARADWAJ, Saurabh Mohan KULKARNI, Marc TREMBLAY
-
Publication number: 20210319288Abstract: Embodiments of the present disclosure include a method for token-position handling comprising: processing a first sequence of tokens to produce a second sequence of tokens, wherein the second sequence of tokens has a smaller number of tokens than the first sequence of tokens; masking at least some tokens in the second sequence to produce masked tokens; moving the masked tokens to the beginning of the second sequence to produce a third sequence; encoding tokens in the third sequence into a set of numeric vectors in a first array; and processing the first array in a transformer neural network to determine correlations among the third sequence, the processing the first array producing a second array.Type: ApplicationFiled: April 14, 2020Publication date: October 14, 2021Inventors: Andrew WAGNER, Tiyasa MITRA, Sujeeth Subramanya BHARADWAJ, Marc TREMBLAY, Saurabh Mohan KULKARNI
-
Patent number: 11126757Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.Type: GrantFiled: October 19, 2018Date of Patent: September 21, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Stavros Volos, David Thomas Chisnall, Saurabh Mohan Kulkarni, Kapil Vaswani, Manuel Costa, Samuel Alexander Webster, Cédric Alain Marie Fournet
-
Publication number: 20200125772Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.Type: ApplicationFiled: October 19, 2018Publication date: April 23, 2020Inventors: Stavros VOLOS, David Thomas CHISNALL, Saurabh Mohan KULKARNI, Kapil VASWANI, Manuel COSTA, Samuel Alexander WEBSTER, Cédric Alain Marie FOURNET
-
Patent number: 10564930Abstract: Reduced precision computer number formats inherently limit the quantity of discrete numeric values that can be represented. Therefore, the solution values of an arithmetic function, for each numeric value that is individually and uniquely expressible utilizing such a reduced precision computer number format, can be precomputed since the quantity of unique solution values can be limited to a quantity that can be conveniently stored, such as in an array. Subsequently, rather than computing the solution value of such an arithmetic function, for a given input value, the precomputed array can be referenced and a solution value corresponding to the given input value can be read from the array. Reading numeric values from an array can be substantially faster than computing solution values of a computationally-expensive arithmetic function.Type: GrantFiled: April 9, 2018Date of Patent: February 18, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Saurabh Mohan Kulkarni, Marc Tremblay
-
Publication number: 20190310826Abstract: Reduced precision computer number formats inherently limit the quantity of discrete numeric values that can be represented. Therefore, the solution values of an arithmetic function, for each numeric value that is individually and uniquely expressible utilizing such a reduced precision computer number format, can be precomputed since the quantity of unique solution values can be limited to a quantity that can be conveniently stored, such as in an array. Subsequently, rather than computing the solution value of such an arithmetic function, for a given input value, the precomputed array can be referenced and a solution value corresponding to the given input value can be read from the array. Reading numeric values from an array can be substantially faster than computing solution values of a computationally-expensive arithmetic function.Type: ApplicationFiled: April 9, 2018Publication date: October 10, 2019Inventors: Saurabh Mohan KULKARNI, Marc TREMBLAY
-
Publication number: 20150023359Abstract: An apparatus, in one embodiment, includes an edge adaptor module, a storage device, and an encapsulation module. The edge adaptor module maintains a membership in a fabric switch. A fabric switch includes a plurality of switches and operates as a single switch. The storage device stores a first table comprising a first mapping between a first edge identifier and a switch identifier. The first edge identifier is associated with the edge adaptor module and the switch identifier is associated with a local switch. This local switch is a member of the fabric switch. The storage device also stores a second table comprising a second mapping between the first edge identifier and a media access control (MAC) address of a local device. During operation, the encapsulation module encapsulates a packet in a fabric encapsulation with the first edge identifier as the ingress switch identifier of the encapsulation header.Type: ApplicationFiled: July 11, 2014Publication date: January 22, 2015Inventors: Tejas Bhandare, Saurabh Mohan, Muhammad Durrani
-
Patent number: 8719567Abstract: Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry.Type: GrantFiled: October 14, 2009Date of Patent: May 6, 2014Assignee: Cisco Technology, Inc.Inventors: Brian Weis, Saurabh Mohan, Chandramouli Radhakrishnan
-
Patent number: 8595479Abstract: Systems, methods, and other embodiments associated with aggregation of cryptography engines are described. One example method includes receiving an outbound data packet on an outbound side of a data connection. The example method may also include analyzing the outbound data packet to determine a distribution value. The example method may also include selectively distributing the outbound data packet to one of a plurality of outbound processors based, at least in part, on the distribution value. The example method may also include receiving an inbound data packet on an inbound side of the data connection. The example method may also include examining the inbound data packet for an identifier. The example method may also include selectively distributing the inbound data packet to one of a plurality of inbound processors based, at least in part, on the identifier.Type: GrantFiled: February 25, 2009Date of Patent: November 26, 2013Assignee: Cisco Technology, Inc.Inventors: Chandramouli Radhakrishnan, Timothy Andre, Immanuel Rahardja, Saurabh Mohan, Xiaoyi Liu
-
Publication number: 20110087878Abstract: Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry.Type: ApplicationFiled: October 14, 2009Publication date: April 14, 2011Inventors: Brian Weis, Saurabh Mohan, Chandramouli Radhakrishnan
-
Publication number: 20100217971Abstract: Systems, methods, and other embodiments associated with aggregation of cryptography engines are described. One example method includes receiving an outbound data packet on an outbound side of a data connection. The example method may also include analyzing the outbound data packet to determine a distribution value. The example method may also include selectively distributing the outbound data packet to one of a plurality of outbound processors based, at least in part, on the distribution value. The example method may also include receiving an inbound data packet on an inbound side of the data connection. The example method may also include examining the inbound data packet for an identifier. The example method may also include selectively distributing the inbound data packet to one of a plurality of inbound processors based, at least in part, on the identifier.Type: ApplicationFiled: February 25, 2009Publication date: August 26, 2010Applicant: CISCO TECHNOLOGY, INC.Inventors: Chandramouli RADHAKRISHNAN, Timothy ANDRE, Immanuel RAHARDJA, Saurabh MOHAN, Xiaoyi LIU