Patents by Inventor Shrikrishna Karandikar
Shrikrishna Karandikar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11082436Abstract: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.Type: GrantFiled: October 21, 2019Date of Patent: August 3, 2021Assignee: FireEye, Inc.Inventors: Muhammad Amin, Masood Mehmood, Ramaswamy Ramaswamy, Madhusudan Challa, Shrikrishna Karandikar
-
Patent number: 10454953Abstract: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.Type: GrantFiled: October 9, 2017Date of Patent: October 22, 2019Assignee: FireEye, Inc.Inventors: Muhammad Amin, Masood Mehmood, Ramaswamy Ramaswamy, Madhusudan Challa, Shrikrishna Karandikar
-
Patent number: 9838408Abstract: In an embodiment, a system, device and method for detecting a malicious attack is described. Herein, the system includes a security network device that conducts an analysis on received network traffic to detect a suspicious object associated with the network traffic and determine an identifier associated with a source of the suspicious object. Information associated with the suspicious object and/or ancillary data, including information that identifies a return path for analysis results to a customer, are uploaded to a detection cloud. The detection cloud includes provisioning logic and one or more virtual machines that are provisioned by the provisioning logic in accordance with at least a portion of the ancillary data. The provisioning logic to customize functionality of the detection cloud for a specific customer.Type: GrantFiled: May 19, 2017Date of Patent: December 5, 2017Assignee: FireEye, Inc.Inventors: Shrikrishna Karandikar, Muhammad Amin, Shivani Deshpande, Yasir Khalid
-
Patent number: 9787700Abstract: According to one embodiment, a system features analysis circuitry and detection circuitry. The analysis circuitry features a first processing unit and a first memory that includes a filtering logic configured to produce a second plurality of objects from a received first plurality of objects. The second plurality of objects is a subset of the first plurality of objects. The detection circuitry is communicatively coupled to and remotely located from the analysis circuitry. The detection circuitry includes a second processing unit and a second memory. The second memory includes a virtual execution logic to process content within at least a first object of the second plurality of objects. The virtual execution logic is configured to monitor for behaviors, during the processing of the first object, and determine whether any or all of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack.Type: GrantFiled: March 6, 2017Date of Patent: October 10, 2017Assignee: FireEye, Inc.Inventors: Muhammad Amin, Masood Mehmood, Ramaswamy Ramaswamy, Madhusudan Challa, Shrikrishna Karandikar
-
Patent number: 9667603Abstract: Application programming interface (API) hooks are injected into an application program executing at a client during run-time. Responsive to these hooks, data intended for encryption prior to transmission from the client is diverted, for example for content filtering, compression, etc., prior to being encrypted. In the case of encrypted data received at the client, the data is decrypted but before being passed to the application it is diverted, under control of the API hooks, for content filtering, decompression, etc.Type: GrantFiled: March 17, 2016Date of Patent: May 30, 2017Assignee: Symantec CorporationInventors: Andrew L. Sandoval, Shrikrishna Karandikar
-
Patent number: 9661009Abstract: In an embodiment, a system, device and method for detecting a malicious attack is described. Herein, the system includes a security network device that conducts an analysis on received network traffic to detect a suspicious object associated with the network traffic and determine an identifier associated with a source of the suspicious object. Both information associated with the suspicious object and ancillary data, including information that identifies a return path for analysis results to a customer, are uploaded to a detection cloud. The detection cloud includes provisioning logic and one or more virtual machines that are provisioned by the provisioning logic in accordance with at least a portion of the ancillary data. The provisioning logic to customize functionality of the detection cloud for a specific customer.Type: GrantFiled: July 18, 2016Date of Patent: May 23, 2017Assignee: FireEye, Inc.Inventors: Shrikrishna Karandikar, Muhammad Amin, Shivani Deshpande, Yasir Khalid
-
Patent number: 9608916Abstract: Herein described is a collection of traffic classifiers communicatively coupled to a classification aggregator. Traffic classifiers may use conventional techniques to classify network traffic by application name, and thereafter may construct mappings that are used to more efficiently classify future network traffic. Mappings may associate one or more characteristics of a communication flow with an application name. In a collaborative approach, these mappings are shared among the traffic classifiers by means of the classification aggregator so that one traffic classifier can leverage the intelligence (e.g., mappings) formulated by another traffic classifier.Type: GrantFiled: March 11, 2013Date of Patent: March 28, 2017Assignee: Symantec CorporationInventors: Suresh Muppala, Andrew Mastracci, Shivani Deshpande, Shrikrishna Karandikar
-
Patent number: 9591015Abstract: According to one embodiment, a network security device configured to detect malicious content within received network traffic comprises a traffic analysis controller (TAC) is provided. The traffic analysis controller comprises a network processing unit (NPU) and is configured to perform at least packet processing on the NPU with a set of pre-filters. In addition, the network security device further comprises a central processing unit (CPU) and is configured to perform at least virtual machine (VM)-based processing. The set of pre-filters is configured to distribute objects of received network traffic such that either static analysis or dynamic analysis may be performed on an object to determine whether the object contains malicious content. The static analysis may be performed on either the NPU or the CPU while the dynamic analysis is performed on the CPU.Type: GrantFiled: March 28, 2014Date of Patent: March 7, 2017Assignee: FireEye, Inc.Inventors: Muhammad Amin, Masood Mehmood, Ramaswamy Ramaswamy, Madhusudan Challa, Shrikrishna Karandikar
-
Publication number: 20160248737Abstract: Application programming interface (API) hooks are injected into an application program executing at a client during run-time. Responsive to these hooks, data intended for encryption prior to transmission from the client is diverted, for example for content filtering, compression, etc., prior to being encrypted. In the case of encrypted data received at the client, the data is decrypted but before being passed to the application it is diverted, under control of the API hooks, for content filtering, decompression, etc.Type: ApplicationFiled: March 17, 2016Publication date: August 25, 2016Inventors: Andrew L. Sandoval, Shrikrishna Karandikar
-
Patent number: 9398028Abstract: In an embodiment, a dynamic analysis engine is configured to receive an identifier associated with a source for network traffic including at least one object having at least a prescribed probability of being associated with an exploit. Deployed within a detection cloud, the dynamic analysis engine comprises one or more virtual machines and monitoring logic. The virtual machines are adapted to virtually process the identifier by establishing a communication session with a server hosting a website accessible by the identifier. In communication with the virtual machines, the monitoring logic is adapted to detect anomalous behaviors by the virtual machines during the communication session with the server.Type: GrantFiled: June 26, 2014Date of Patent: July 19, 2016Assignee: FireEye, Inc.Inventors: Shrikrishna Karandikar, Muhammad Amin, Shivani Deshpande, Yasir Khalid
-
Patent number: 9304832Abstract: Application programming interface (API) hooks are injected into an application program executing at a client during run-time. Responsive to these hooks, data intended for encryption prior to transmission from the client is diverted, for example for content filtering, compression, etc., prior to being encrypted. In the case of encrypted data received at the client, the data is decrypted but before being passed to the application it is diverted, under control of the API hooks, for content filtering, decompression, etc.Type: GrantFiled: January 9, 2008Date of Patent: April 5, 2016Assignee: Blue Coat Systems, Inc.Inventors: Andrew L. Sandoval, Shrikrishna Karandikar
-
Publication number: 20140258489Abstract: Herein described is a collection of traffic classifiers communicatively coupled to a classification aggregator. Traffic classifiers may use conventional techniques to classify network traffic by application name, and thereafter may construct mappings that are used to more efficiently classify future network traffic. Mappings may associate one or more characteristics of a communication flow with an application name. In a collaborative approach, these mappings are shared among the traffic classifiers by means of the classification aggregator so that one traffic classifier can leverage the intelligence (e.g., mappings) formulated by another traffic classifier.Type: ApplicationFiled: March 11, 2013Publication date: September 11, 2014Inventors: Suresh Muppala, Andrew Mastracci, Shivani Deshpande, Shrikrishna Karandikar
-
Patent number: 8312264Abstract: A digital certificate associating a unique identifier for a computer-based appliance with an authentication key pair for that appliance is obtained from a certificate authority using a different, manufacturing key pair for the appliance. The manufacturing key pair may be generated by the appliance at or about its time of manufacture. The public key portion of the manufacturing key pair along with the unique identifier for the appliance may be provided via secure means to the certificate authority prior to the request for the digital certificate concerning the authentication key pair. Eventually, the digital certificate associated with the authentication key pair may be used by the appliance when joining a network, as part of a one-way or two-way authentication process.Type: GrantFiled: January 24, 2008Date of Patent: November 13, 2012Assignee: Blue Coat Systems, Inc.Inventors: Thomas J. Kelly, Ronald Frederick, Shrikrishna Karandikar, Wei Jen Yeh, Vineet Kumar
-
Patent number: 8234402Abstract: A method and apparatus for dynamically encoding transactional information into a document over a network. The transactional information may include information about client data, object properties, or network conditions. The document may contain embedded links with embedded objects that can be requested by a client. The embedded links may contain URLs with associated domain names. The transactional information may be inserted into the domain name so that when the object request is subsequently translated by a DNS server, the DNS server can utilize the transactional information to intelligently translate the domain name into an IP address of a network device that can most advantageously serve the request.Type: GrantFiled: January 10, 2008Date of Patent: July 31, 2012Assignee: Blue Coat Systems, Inc.Inventors: Shrikrishna Karandikar, Ravi Duvvuri, Juan Alemany, Neelkanth Shashikant Natu, Anil Gopinath, Bharat Parekh, Tom Herbert
-
Patent number: 8225085Abstract: A secure communication protocol (e.g., SSL) transaction request from a client to a server is intercepted at a client-side proxy communicatively coupled to the client and logically deployed between the client and the server. The client-side proxy initiates a secure connection with the server and passes an attribute (e.g., a cryptographic key) associated with that secure connection to a server-side proxy communicatively coupled to the server and logically deployed between the client and the server. This enables the server-side proxy to engage in secure communications with the server in a transparent fashion.Type: GrantFiled: June 5, 2007Date of Patent: July 17, 2012Assignee: Blue Coat Systems, Inc.Inventor: Shrikrishna Karandikar
-
Publication number: 20090178061Abstract: Application programming interface (API) hooks are injected into an application program executing at a client during run-time. Responsive to these hooks, data intended for encryption prior to transmission from the client is diverted, for example for content filtering, compression, etc., prior to being encrypted. In the case of encrypted data received at the client, the data is decrypted but before being passed to the application it is diverted, under control of the API hooks, for content filtering, decompression, etc.Type: ApplicationFiled: January 9, 2008Publication date: July 9, 2009Inventors: Andrew L Sandoval, Shrikrishna Karandikar
-
Patent number: 7543146Abstract: In response to an indication of a desire to initiate a secure communication session (e.g., a session utilizing a the SSL communication protocol) with a computer resource, a digital certificate indicative of whether or not a user consents to monitoring of the secure communication session is requested. The response to this request will permit or deny such monitoring, allowing the session to proceed or be cancelled, accordingly.Type: GrantFiled: June 18, 2004Date of Patent: June 2, 2009Assignee: Blue Coat Systems, Inc.Inventors: Shrikrishna Karandikar, Thomas J. Kelly
-
Publication number: 20080307219Abstract: A secure communication protocol (e.g., SSL) transaction request from a client to a server is intercepted at a client-side proxy communicatively coupled to the client and logically deployed between the client and the server. The client-side proxy initiates a secure connection with the server and passes an attribute (e.g., a cryptographic key) associated with that secure connection to a server-side proxy communicatively coupled to the server and logically deployed between the client and the server. This enables the server-side proxy to engage in secure communications with the server in a transparent fashion.Type: ApplicationFiled: June 5, 2007Publication date: December 11, 2008Inventor: Shrikrishna Karandikar
-
Publication number: 20080184030Abstract: A digital certificate associating a unique identifier for a computer-based appliance with an authentication key pair for that appliance is obtained from a certificate authority using a different, manufacturing key pair for the appliance. The manufacturing key pair may be generated by the appliance at or about its time of manufacture. The public key portion of the manufacturing key pair along with the unique identifier for the appliance may be provided via secure means to the certificate authority prior to the request for the digital certificate concerning the authentication key pair. Eventually, the digital certificate associated with the authentication key pair may be used by the appliance when joining a network, as part of a one-way or two-way authentication process.Type: ApplicationFiled: January 24, 2008Publication date: July 31, 2008Applicant: BLUE COAT SYSTEMS, INC.Inventors: Thomas J. Kelly, Ronald Frederick, Shrikrishna Karandikar, Wei Jen Yeh, Vineet Kumar
-
Publication number: 20080177897Abstract: A method and apparatus for dynamically encoding transactional information into a document over a network. The transactional information may include information about client data, object properties, or network conditions. The document may contain embedded links with embedded objects that can be requested by a client. The embedded links may contain a URLs with associated domain names. The transactional information may be inserted into the domain name so that when the object request is subsequently translated by a DNS server, the DNS server can utilize the transactional information to intelligently translate the domain name into an IP address of a network device that can most advantageously serve the request.Type: ApplicationFiled: January 10, 2008Publication date: July 24, 2008Inventors: Shrikrishna Karandikar, Ravi Duvvuri, Juan Alemany, Neelkanth Shashikant Natu, Anil Gopinath, Bharat Parekh, Tom Herbert