Patents by Inventor Enrico Schiattarella
Enrico Schiattarella has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12015722Abstract: Methods and network interface devices for establishing a secure and authenticated network connection are provided. The method comprises: receiving, from a requesting entity, a destination IP address and a first certificate that is used to establish a secure network connection, wherein the first certificate comprises a first security attribute that is associated with a source destination IP address; identifying, with aid of one or more processors, a stored second security attribute associated with the destination IP address; and determining, with aid of the one or more processors, a policy action based at least in part on the first security attribute and the second security attribute.Type: GrantFiled: December 20, 2018Date of Patent: June 18, 2024Assignee: Pensando Systems, Inc.Inventors: Vipin Jain, Ravi Kumar Gadde, Enrico Schiattarella, Sukhesh Halemane
-
Patent number: 11841985Abstract: Methods and systems for implementing security operations in an input/output (I/O) device are disclosed. In an embodiment, an I/O (Input/Output) device involves an I/O port, a host bus configured to be connected to a host, a data processing pipeline within the I/O device coupled to the I/O port and to the host bus to process and forward data between the I/O port and the host bus, and a hardware security module (HSM) within the I/O device coupled to the host bus and to the data processing pipeline, the HSM comprising a crypto engine configured to encrypt and decrypt data of the data processing pipeline, and a secure key storage coupled to the crypto engine containing encryption keys for use in encrypting and decrypting packets, wherein the secure key storage contains keys that are encrypted by the HSM and that are accessible through the HSM.Type: GrantFiled: September 3, 2020Date of Patent: December 12, 2023Assignee: Pensando Systems Inc.Inventors: Enrico Schiattarella, David Antony Clear, Vipin Jain
-
Patent number: 11726957Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: GrantFiled: April 7, 2021Date of Patent: August 15, 2023Assignee: Pensando Systems Inc.Inventors: Shrey Ajmera, Vipin Jain, Enrico Schiattarella, Pirabhu Raman
-
Publication number: 20220335008Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: ApplicationFiled: April 7, 2021Publication date: October 20, 2022Inventors: Shrey Ajmera, Vipin Jain, Enrico Schiattarella, Pirabhu Raman
-
Publication number: 20220327123Abstract: Network appliances can record log entries in log objects. An object store can receive the log objects and can use the log objects to create index objects and flow log objects. Each flow log object and index object can be associated with a time period wherein the flow log object includes flow log entries received during that time period. The index object includes shard tables that can be stored in different nonvolatile memories and can thereby be concurrently searched. Shard entries in the shard tables indicate flow entry indicators. The flow entry indicators indicate log entries in the flow log object. An internally indexed searchable object can include the flow log object and the index object. Numerous indexed fields in the flow log entries and can be indexed with each indexed field searchable via the shard entries.Type: ApplicationFiled: June 2, 2021Publication date: October 13, 2022Inventors: Shrey Ajmera, Enrico Schiattarella, Pirabhu Raman, Vipin Jain
-
Publication number: 20220067221Abstract: Methods and systems for implementing security operations in an input/output (I/O) device are disclosed. In an embodiment, an I/O (Input/Output) device involves an I/O port, a host bus configured to be connected to a host, a data processing pipeline within the I/O device coupled to the I/O port and to the host bus to process and forward data between the I/O port and the host bus, and a hardware security module (HSM) within the I/O device coupled to the host bus and to the data processing pipeline, the HSM comprising a crypto engine configured to encrypt and decrypt data of the data processing pipeline, and a secure key storage coupled to the crypto engine containing encryption keys for use in encrypting and decrypting packets, wherein the secure key storage contains keys that are encrypted by the HSM and that are accessible through the HSM.Type: ApplicationFiled: September 3, 2020Publication date: March 3, 2022Inventors: Enrico SCHIATTARELLA, David Antony CLEAR, Vipin JAIN
-
Patent number: 10944576Abstract: An authorization method using provisioned certificates is disclosed. The method includes writing security attributes to fields within a certificate and issuing the certificate to a software application on a principal node. The software application requests to perform actions on one or more resources on a resource node, sending one or more action requests along with a copy of its certificate. The resource node has an agent which verifies the permissions from the certificate and routes the request to its designated resource. The resource node returns one or more messages to the principal node, verifying whether or not complete the requests.Type: GrantFiled: October 29, 2018Date of Patent: March 9, 2021Assignee: PENSANDO SYSTEMS INC.Inventors: Enrico Schiattarella, Vipin Jain, Ravi Kumar Gadde
-
Publication number: 20200336316Abstract: Methods and network interface devices for establishing a secure and authenticated network connection are provided. The method comprises: receiving, from a requesting entity, a destination IP address and a first certificate that is used to establish a secure network connection, wherein the first certificate comprises a first security attribute that is associated with a source destination IP address; identifying, with aid of one or more processors, a stored second security attribute associated with the destination IP address; and determining, with aid of the one or more processors, a policy action based at least in part on the first security attribute and the second security attribute.Type: ApplicationFiled: December 20, 2018Publication date: October 22, 2020Inventors: Vipin JAIN, Ravi Kumar GADDE, Enrico SCHIATTARELLA, Sukhesh HALEMANE
-
Publication number: 20200136836Abstract: An authorization method using provisioned certificates is disclosed. The method includes writing security attributes to fields within a certificate and issuing the certificate to a software application on a principal node. The software application requests to perform actions on one or more resources on a resource node, sending one or more action requests along with a copy of its certificate. The resource node has an agent which verifies the permissions from the certificate and routes the request to its designated resource. The resource node returns one or more messages to the principal node, verifying whether or not complete the requests.Type: ApplicationFiled: October 29, 2018Publication date: April 30, 2020Inventors: Enrico SCHIATTARELLA, Vipin JAIN, Ravi Kumar GADDE
-
Patent number: 8121122Abstract: A method for scheduling unicast and multicast traffic in an interconnecting fabric performs within each time slot the following steps. First a multicast cell scheduling (61) and independently thereof a unicast cell scheduling (62) is performed. Then, the unicast cell schedule and the multicast cell schedule are merged to a merged schedule (63), wherein in the case a scheduled connection cannot be included in the merged schedule the scheduled connection is included in the merged schedule in a later time slot (66, 63).Type: GrantFiled: March 12, 2008Date of Patent: February 21, 2012Assignee: International Business Machines CorporationInventors: Cyriel Minkenberg, Francois G. Abel, Enrico Schiattarella
-
Publication number: 20080219269Abstract: A method for scheduling unicast and multicast traffic in an interconnecting fabric performs within each time slot the following steps. First a multicast cell scheduling (61) and independently thereof a unicast cell scheduling (62) is performed. Then, the unicast cell schedule and the multicast cell schedule are merged to a merged schedule (63), wherein in the case a scheduled connection cannot be included in the merged schedule the scheduled connection is included in the merged schedule in a later time slot (66, 63).Type: ApplicationFiled: March 12, 2008Publication date: September 11, 2008Applicant: International Business Machines CorporationInventors: Cyriel Minkenberg, Francois G. Abel, Enrico Schiattarella
-
Publication number: 20070133585Abstract: The method for scheduling interconnections in an interconnecting fabric comprises the following steps. In a determined time slot input selectors generate requests using a request pointer set, which is related to the determined time slot. Then, the requests are transmitted to output selectors, and the output selectors issue grants using a grant pointer set, which is also related to the determined time slot. In a further step the grants are transmitted to the input selectors, and the input selectors update the request pointer set. These steps are repeated, wherein for a further time slot a further request and grant pointer set are used, which are related to the further time slot.Type: ApplicationFiled: December 8, 2005Publication date: June 14, 2007Applicant: International Business Machines CorporationInventors: Cyriel Johan Minkenberg, Francois Abel, Enrico Schiattarella, Venkatesh Ramaswamy