Patents by Inventor Reda Haddad
Reda Haddad has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11985228Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.Type: GrantFiled: July 30, 2021Date of Patent: May 14, 2024Assignee: Cisco Technology, Inc.Inventors: Frédéric René Philippe Detienne, Reda Haddad, Ryan Joseph Jaques
-
Patent number: 11978063Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.Type: GrantFiled: April 12, 2022Date of Patent: May 7, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Naren Mudivarthy, Reda Haddad
-
Publication number: 20240086205Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.Type: ApplicationFiled: September 13, 2022Publication date: March 14, 2024Inventors: Reda Haddad, Martin Edward Ramsdale, Srihari Raghavan, Jabir Hamediya Mohammed, Sandesh K. Rao
-
Publication number: 20230394493Abstract: In one embodiment, methods for mediated transfer of ownership are described. The method may include receiving a request for an ownership voucher from a device, validating an identifier of the device, determining whether to issue the ownership voucher, generating a signed ownership voucher, and sending the signed ownership voucher to the device. In another embodiment, methods for unmediated transfer of ownership are described, including receiving, an ownership voucher associated with a first ownership certificate, determining whether the ownership voucher comprises a signature associated with a manufacturer, based at least in part on determining that the signature of the manufacturer is absent, determining that a second ownership certificate is stored in memory, determining that the second ownership certificate comprises a signature associated with a user, validating the ownership voucher; and based at least in part on the validating, enrolling the first ownership certificate on the network device.Type: ApplicationFiled: June 2, 2022Publication date: December 7, 2023Inventors: Sandesh K. Rao, Reda Haddad, Srihari Raghavan, Jabir Hamediya Mohammed
-
Publication number: 20230370454Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.Type: ApplicationFiled: May 16, 2022Publication date: November 16, 2023Inventors: Jabir Hamediya Mohammed, Reda Haddad, Srihari Raghavan, Sandesh K. Rao
-
Publication number: 20230325848Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.Type: ApplicationFiled: April 12, 2022Publication date: October 12, 2023Inventors: Naren Mudivarthy, Reda Haddad
-
Patent number: 11611496Abstract: A remote server monitors the health of a network of computing devices through hierarchical composite indicators by obtaining performance attributes from computing devices in the network. The server generates a composite indicator associated with one or more of the computing device based on a combination of at least two performance attributes of the computing device(s). The server monitors the composite indicator and, responsive to a determination that the composite indicator indicates an alert condition, generates an alert associated with the computing device(s). Additionally, if the alert condition is subject to remediation, the server causes at least one of the computing devices to execute a command to provide remediation of the alert condition.Type: GrantFiled: April 22, 2021Date of Patent: March 21, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Scott Zhenlong Huang, Reda Haddad, Venkatabalakrishnan Krishnamurthy, Selvakumaran N. Subramanian
-
Publication number: 20230034615Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.Type: ApplicationFiled: July 30, 2021Publication date: February 2, 2023Inventors: Frédéric René Philippe Detienne, Reda Haddad, Ryan Joseph Jaques
-
Patent number: 11271835Abstract: A remote server monitors a network of computing devices through hierarchical composite indicators by obtaining telemetry data from a computing device in a network of computing devices. The telemetry data includes performance attributes of the computing device. The server generates a composite indicator associated with the computing device based on a combination of at least two performance attributes of the computing device. The server monitors the composite indicator and, responsive to a determination that the composite indicator meets an alert threshold, generates an alert associated with the computing device. Additionally, the server can monitor the health of the network of computing devices based on composite indicators from multiple computing devices in the network.Type: GrantFiled: October 29, 2019Date of Patent: March 8, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Scott Zhenlong Huang, Reda Haddad, Venkatabalakrishnan Krishnamurthy, Selvakumaran N. Subramanian
-
Publication number: 20210243097Abstract: A remote server monitors the health of a network of computing devices through hierarchical composite indicators by obtaining performance attributes from computing devices in the network. The server generates a composite indicator associated with one or more of the computing device based on a combination of at least two performance attributes of the computing device(s). The server monitors the composite indicator and, responsive to a determination that the composite indicator indicates an alert condition, generates an alert associated with the computing device(s). Additionally, if the alert condition is subject to remediation, the server causes at least one of the computing devices to execute a command to provide remediation of the alert condition.Type: ApplicationFiled: April 22, 2021Publication date: August 5, 2021Inventors: Scott Zhenlong Huang, Reda Haddad, Venkatabalakrishnan Krishnamurthy, Selvakumaran N. Subramanian
-
Publication number: 20200358683Abstract: A remote server monitors a network of computing devices through hierarchical composite indicators by obtaining telemetry data from a computing device in a network of computing devices. The telemetry data includes performance attributes of the computing device. The server generates a composite indicator associated with the computing device based on a combination of at least two performance attributes of the computing device. The server monitors the composite indicator and, responsive to a determination that the composite indicator meets an alert threshold, generates an alert associated with the computing device. Additionally, the server can monitor the health of the network of computing devices based on composite indicators from multiple computing devices in the network.Type: ApplicationFiled: October 29, 2019Publication date: November 12, 2020Inventors: Scott Zhenlong Huang, Reda Haddad, Venkatabalakrishnan Krishnamurthy, Selvakumaran N. Subramanian
-
Patent number: 9577874Abstract: A method is disclosed that is implemented by a router for executing an internet protocol fast reroute process in response to a network event invalidating a current route to a destination node without degrading forwarding plane functionality or performance caused by indirect forwarding information base lookups. The method comprises a set steps including receiving or generating the network event by the router, the network event associated with a network event identifier and looking up the network event identifier in an event table to determine routes that are affected by the network event. The method further includes determining whether a route with a fast reroute forwarding object is affected by the network event in the routing information base and overwriting a current next hop forwarding object using a backup next hop forwarding object in the forwarding information base.Type: GrantFiled: May 24, 2013Date of Patent: February 21, 2017Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Pramodh D'Souza, Lars Ernström, Reda Haddad, Evgeny Tantsura, Jakob Heitz
-
Publication number: 20140269261Abstract: A method is disclosed that is implemented by a router for executing an internet protocol fast reroute process in response to a network event invalidating a current route to a destination node without degrading forwarding plane functionality or performance caused by indirect forwarding information base lookups. The method comprises a set steps including receiving or generating the network event by the router, the network event associated with a network event identifier and looking up the network event identifier in an event table to determine routes that are affected by the network event. The method further includes determining whether a route with a fast reroute forwarding object is affected by the network event in the routing information base and overwriting a current next hop forwarding object using a backup next hop forwarding object in the forwarding information base.Type: ApplicationFiled: May 24, 2013Publication date: September 18, 2014Applicant: Telefonaktiebolaget L M Ericsson (publ)Inventors: Pramodh D'Souza, Lars Ernström, Reda Haddad, Evgeny Tantsura, Jakob Heitz
-
Patent number: 8549146Abstract: A load balancer dynamically load balances packets for network connections between clients and servers. When receiving a packet from a client that requests a new connection, the load balancer checks the current load of all the servers and selects the server most suitable to handle the new connection. The load balancer then forwards that packet to the selected server. If the server accepts the request for the new connection, then the server responds with an acknowledgement packet. The acknowledgement packet also includes the server's blade identification that the client uses for all subsequent packets on the accepted connection. When the load balancer receives a packet containing the blade identification, the load balancer forwards the packet to the server corresponding to the blade identification. Backup load balancers can therefore continue packet forwarding services in a smooth and efficient manner.Type: GrantFiled: January 28, 2010Date of Patent: October 1, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Vladica Stanisic, James Arthur Davis, Tobias Karlsson, Reda Haddad, Mahmood Hossain
-
Publication number: 20110185065Abstract: A load balancer dynamically load balances packets for network connections between clients and servers. When receiving a packet from a client that requests a new connection, the load balancer checks the current load of all the servers and selects the server most suitable to handle the new connection. The load balancer then forwards that packet to the selected server. If the server accepts the request for the new connection, then the server responds with an acknowledgement packet. The acknowledgement packet also includes the server's blade identification that the client uses for all subsequent packets on the accepted connection. When the load balancer receives a packet containing the blade identification, the load balancer forwards the packet to the server corresponding to the blade identification. Backup load balancers can therefore continue packet forwarding services in a smooth and efficient manner.Type: ApplicationFiled: January 28, 2010Publication date: July 28, 2011Inventors: Vladica Stanisic, James Arthur Davis, Tobias Karlsson, Reda Haddad, Mahmood Hossain
-
Patent number: 7724663Abstract: A packet switched node (router), a queuing system and a method for queuing packets are described herein that use tags and manipulate counters in a manner that eliminates the reordering of the packets after a Quality of Service (QoS) class had been altered in one or more of the packets.Type: GrantFiled: February 15, 2008Date of Patent: May 25, 2010Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Hossein Arefi, Venugopalan Ullanatt, Reda Haddad
-
Patent number: 7697540Abstract: The present invention relates to a router (e.g., intermediate router) and a method that queues and services an upgraded/downgraded packet and a plurality of other packets all of which are part of a flow in a manner that eliminates the reordering of the packets. In one embodiment, the router and method queues and services the packets by handing-off a token from an upgraded/downgraded packet to a head-of-line packet which is forwarded to a downstream router. In another embodiment, the router and method queues and services the packets without handing-off a token from an upgraded/downgraded packet to a head-of-line packet which is forwarded to a downstream router.Type: GrantFiled: December 20, 2006Date of Patent: April 13, 2010Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Reda Haddad, Venugopalan Ullanatt, Hossein Arefi
-
Patent number: 7512132Abstract: A network is described herein which includes a node and a downstream node where the node is capable of altering a Quality of Service (QoS) class of one client (packet) which is associated with a plurality of clients (packets) in a manner such that when the downstream node receives and processes the altered client and the associated clients it will not reorder the altered client and the associated clients.Type: GrantFiled: September 8, 2004Date of Patent: March 31, 2009Assignee: Telefonaktiebolaget L M Ericsson (PUBL)Inventor: Reda Haddad
-
Publication number: 20080192764Abstract: A packet switched node (router), a queuing system and a method for queuing packets are described herein that use tags and manipulate counters in a manner that eliminates the reordering of the packets after a Quality of Service (QoS) class had been altered in one or more of the packets.Type: ApplicationFiled: February 15, 2008Publication date: August 14, 2008Inventors: Hossein Arefi, Venugopalan Ullanatt, Reda Haddad
-
Publication number: 20070147237Abstract: The present invention relates to a router (e.g., intermediate router) and a method that queues and services an upgraded/downgraded packet and a plurality of other packets all of which are part of a flow in a manner that eliminates the reordering of the packets. In one embodiment, the router and method queues and services the packets by handing-off a token from an upgraded/downgraded packet to a head-of-line packet which is forwarded to a downstream router. In another embodiment, the router and method queues and services the packets without handing-off a token from an upgraded/downgraded packet to a head-of-line packet which is forwarded to a downstream router.Type: ApplicationFiled: December 20, 2006Publication date: June 28, 2007Inventors: Reda Haddad, Venugopalan Ullanatt, Hossein Arefi