公开(公告)号：US12261964B2

公开(公告)日：2025-03-25

申请号：US18415548

申请日：2024-01-17

Applicant: Rubrik, Inc.

Inventor： Sean Lobo ,  Prasanta Ranjan Dash ,  Hao Wu

IPC: H04L9/32 ,  H04L9/08 ,  H04L67/06

Abstract: A second data source may retrieve metadata for one or more versions of a set of versions of a file stored at the first data source. In some examples, the metadata for the one or more versions of the file may include at least an identifier of the file, a timestamp, and a cryptographic signature. In some examples, generation of the cryptographic signature may be based on the identifier of the file, the timestamp, and a cryptographic key. The second data source may identify a set of versions of the file that were uploaded from a trusted data source to the first data source based on a comparison of the cryptographic signature to a computed cryptographic signature. The second data source may then determine a targeted version of the file and retrieve the targeted version of the file from the first data source.

公开(公告)号：US20250103754A1

公开(公告)日：2025-03-27

申请号：US18977619

申请日：2024-12-11

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: G06F21/62 ,  G06F11/14

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US12197624B2

公开(公告)日：2025-01-14

申请号：US17839057

申请日：2022-06-13

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: H04L29/06 ,  G06F11/14 ,  G06F21/62

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US20240305457A1

公开(公告)日：2024-09-12

申请号：US18139264

申请日：2023-04-25

Applicant: Rubrik, Inc.

Inventor： Pragyan Chakraborty ,  Sai Kiran Katuri ,  Prateek Pandey ,  David Anthony Terei ,  Hao Wu

IPC: H04L9/08 ,  H04L9/14

CPC classification number: H04L9/0891 ,  H04L9/14

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may create a first key family including a first key to encrypt and decrypt first data encryption keys associated with first data management jobs. The DMS may create a second key family after encrypting the first data encryption keys using the first key. A first key of the second key family may be used to encrypt and decrypt second data encryption keys that are associated with second data management jobs. The DMS may create a second key of both the first and second key families. The second key of the first key family may be used to decrypt the first data encryption keys. The second key of the second key family may be used to encrypt third data encryption keys and to decrypt the second data encryption keys and the third data encryption keys.

公开(公告)号：US20230401337A1

公开(公告)日：2023-12-14

申请号：US17839057

申请日：2022-06-13

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: G06F21/62 ,  G06F11/14

CPC classification number: G06F21/629 ,  G06F11/1458 ,  G06F2201/80

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US20220038450A1

公开(公告)日：2022-02-03

申请号：US17387083

申请日：2021-07-28

Applicant: Rubrik, Inc.

Inventor： Seungyeop Han ,  Hao Wu ,  Xiaopeng Xu ,  Tiffany Lin

IPC: H04L29/06

Abstract: In some examples, a centralized management system comprises a central management console including a federated login system embedded in the centralized management system. The federated login system includes at least one processor configured to perform operations in a method of federated login and authorization allowing a user of the centralized management system to manage connected clusters or products without performing an individual cluster or product login.

公开(公告)号：US20240305620A1

公开(公告)日：2024-09-12

申请号：US18307142

申请日：2023-04-26

Applicant: Rubrik, Inc.

Inventor： Praveen Kumar Subramanian Prabaharan ,  Hao Wu ,  Tanmay Bansal ,  Saptarshi Polley

IPC: H04L9/40

CPC classification number: H04L63/0807 ,  H04L63/108

Abstract: Methods, systems, and devices for data management are described. A client may transmit, to a server, a login request for an application. The login request may include authentication parameters associated with a user. The client may receive, from the server, an access token that supports access via a user interface to one or more services associated with the application before expiration of a time-to-live for the access token. The client may transmit, prior to expiration of the time-to-live for the access token and based on a session inactivity timeout timer being active, a refresh request for a new access token. The refresh request may include an indication of the access token. The application may receive the new access token in response to the refresh request, and the new access token supports access to the one or more services before expiration of a time-to-live for the new access token.

公开(公告)号：US20230379317A1

公开(公告)日：2023-11-23

申请号：US18212651

申请日：2023-06-21

Applicant: Rubrik, Inc.

Inventor： Seungyeop Han ,  Hao Wu ,  Xiaopeng Xu ,  Tiffany Lin

IPC: H04L9/40

CPC classification number: H04L63/0815 ,  H04L63/104 ,  H04L63/101 ,  H04L63/083

Abstract: In some examples, a centralized management system comprises a central management console including a federated login system embedded in the centralized management system. The federated login system includes at least one processor configured to perform operations in a method of federated login and authorization allowing a user of the centralized management system to manage connected clusters or products without performing an individual cluster or product login.

公开(公告)号：US20250141873A1

公开(公告)日：2025-05-01

申请号：US18385275

申请日：2023-10-30

Applicant: Rubrik, Inc.

Inventor： Xiaoqing Tao ,  Wesley Pang ,  Michelle Nguyen ,  Nathan Narasimhan ,  Hao Wu ,  Shrihari Kalkar ,  Michael Wronski ,  Haijin He ,  Barsa Tandukar ,  Seungyeop Han ,  Alex Medovar ,  Raghuram Janakiraman

IPC: H04L9/40

Abstract: A data management system (DMS) may receive an indication of a configuration for a quorum-based authorization (QAuth) policy that controls interactions between two or more users and a security cloud service of the DMS. The configuration may include a policy scope for the QAuth policy, protected actions that trigger the QAuth policy, and compute objects to which the QAuth policy is assigned. The DMS may receive an instruction to assign a set of role-based access control (RBAC) permissions associated with the QAuth policy to a first user. The DMS may receive a request to perform a protected action on at least one compute object to which the QAuth policy is assigned. In response to the request, the DMS may trigger a two-person rule (TPR) enforcement mechanism of the QAuth policy by requesting approval from the first user with the set of RBAC permissions.

公开(公告)号：US20240259389A1

公开(公告)日：2024-08-01

申请号：US18187191

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan ,  Alex Medovar

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a federated login request from a user associated with one or more tenants of the DMS. The DMS may direct the federated login request to a centralized management service. The DMS may receive a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant associated with the user. The DMS may identify one or more computing objects in a cluster of storage nodes that correspond to the first tenant based on the identifier from the SAML assertion. The DMS may determine that the user is authorized to perform a set of actions on the one or more computing objects based on the set of object-level permissions indicated by the SAML assertion.