Mallikarjuna is an engineering manager for the Identity Platform team, responsible for User Management, Device Management, Core Identity and App Security at eBay. He has a strong technical background in building scalable applications and services.

Abstract:

A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

Country: United States
Grant Date: April 6, 2021

Abstract:

Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Country: United States
Grant Date: January 7, 2020
INVENTORS: Arumugam Alwarappan, Mahendar Madhavan, Mallikarjuna Potta, Snezana Sahter

Abstract:

Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Country: United States
Grant Date: August 7, 2018
INVENTORS: Arumugam Alwarappan, Mahendar Madhavan, Mallikarjuna Potta, Snezana Sahter
Mallikarjuna Potta

Mallikarjuna Potta

Join Our Team

At eBay, we seek the very best talent to help us build more economic opportunity for everyone.