Patents by Inventor Eric Levy
Eric Levy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11941146Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.Type: GrantFiled: August 31, 2021Date of Patent: March 26, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Publication number: 20240098063Abstract: In one embodiment, a method includes identifying, using a Static Context Header Compression (SCHC) rules engine, one or more packets matching a rule, selecting a firewall decision based on the identified one or more packets and the rule, and applying the firewall decision to the one or more identified packets.Type: ApplicationFiled: September 16, 2022Publication date: March 21, 2024Inventors: Pascal Thubert, Jonas Zaddach, Patrick Wetterwald, Eric Levy-Abegnoli
-
Patent number: 11894939Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.Type: GrantFiled: May 11, 2021Date of Patent: February 6, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Publication number: 20230413156Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at a first edge device, a direct indication from a second edge device that a mobile device has moved from the first to the second edge device; determining, based on the direct indication, a first time at which the mobile device attached to the second edge device; receiving a network routing update message indicative of a routing update for the mobile device having moved to the second edge device; determining, based on the network routing update message, a second time at which convergence completed at the first edge device; and calculating a convergence time for the mobile device to be detected as having moved to the second edge device based on a difference between the first time and the second time.Type: ApplicationFiled: May 20, 2022Publication date: December 21, 2023Inventors: Pascal Thubert, Eric LEVY-ABEGNOLI, Jonas ZADDACH, Patrick WETTERWALD
-
Publication number: 20230379250Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at an access device for a network, a packet having a set of packet features; making, by the access device, a determination that the set of packet features of the packet match a forwarding ruleset that defines differentiated services for different types of packets based on their packet features; formulating, by the access device and based on the determination, a compressed header for the packet that has one or more differentiated service indicators based on the forwarding ruleset; and forwarding, from the access device, the packet with the compressed header, to cause forwarding decisions to be made within the network for the packet based on the one or more differentiated service indicators in its compressed header.Type: ApplicationFiled: May 20, 2022Publication date: November 23, 2023Inventors: Pascal Thubert, Patrick WETTERWALD, Eric LEVY-ABEGNOLI, Jonas ZADDACH
-
Patent number: 11757827Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.Type: GrantFiled: August 15, 2022Date of Patent: September 12, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
-
Publication number: 20230275868Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: May 9, 2023Publication date: August 31, 2023Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
Patent number: 11743174Abstract: In one embodiment, a particular device in a deterministic network performs classification of one or more packets of a traffic flow between a source and a destination in the deterministic network. The particular device determines, based on the classification of the one or more packets, a requirement of the traffic flow. The particular device performs, based on the requirement, a packet operation on at least one packet of the traffic flow. The particular device sends packets of the traffic flow towards the destination via two or more paths in the deterministic network.Type: GrantFiled: October 2, 2020Date of Patent: August 29, 2023Assignee: Cisco Technology, Inc.Inventors: Patrick Wetterwald, Eric Levy-Abegnoli, Pascal Thubert
-
Patent number: 11736393Abstract: Techniques for leveraging MLD capabilities at edge nodes of network fabrics to receive SNMAs from silent hosts, and creating unicast addresses from the SNMAs for the silent nodes that are used as secondary matches in a network overlay if primary unicast address lookups fail. The edge nodes described herein may act as snoopers of MLD reports in order to identify the SNMAs of the silent hosts. The edge nodes then forge unicast addresses for the silent hosts that match with the least three bytes of the SNMAs. The forged unicast addresses are presented as unicast MAC/IP mappings in the fabric overlay. In situations where a primary IP address lookup fails, the look-up device performs a secondary lookup for a mapped address that has the last three bytes of the IP address. If a mapping is found, the lookup is sent as a unicast message to the matching MAC address.Type: GrantFiled: September 2, 2022Date of Patent: August 22, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Patrick Wetterwald
-
Publication number: 20230216847Abstract: Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.Type: ApplicationFiled: March 13, 2023Publication date: July 6, 2023Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
-
Patent number: 11689442Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.Type: GrantFiled: December 22, 2021Date of Patent: June 27, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jakob Heitz
-
Patent number: 11683286Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: GrantFiled: November 18, 2021Date of Patent: June 20, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
Publication number: 20230179579Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: February 1, 2023Publication date: June 8, 2023Inventors: David A. Maluf, Srinath Gundavelli, Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, Eric Voit, Ali Sajassi
-
Publication number: 20230171575Abstract: In one embodiment, a supervisory device in a network notifies, via an access point of the network, a node as to an ability of the network to support virtual access points. The supervisory device receives, in response to notifying the node, information from the node regarding characteristics of the node. The supervisory device selects, based on the characteristics of the node, a plurality of access points in the network to form a virtual access point with which the node may communicate. The supervisory device configures the plurality of access points to function as the virtual access point, wherein the node communicates with the network via the virtual access point.Type: ApplicationFiled: January 13, 2023Publication date: June 1, 2023Inventors: Pascal Thubert, Srinath Gundavelli, Amine Choukir, Domenico Ficara, Jerome Henry, Jean-Philippe Vasseur, Patrick Wetterwald, Eric Levy-Abegnoli
-
Publication number: 20230155978Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: November 18, 2021Publication date: May 18, 2023Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
Publication number: 20230130592Abstract: The invention provides three novel disarmed strains of Agrobacteriumtumefaciens bacteria useful for the transformation of plants. The invention provides three engineered A. tumefaciens Chry5 strains or bacterial cells thereof which comprise the Chry5 strain chromosomal background and a disarmed pTiChry5 vector, and methods of using said bacterial strains or cells for transformation of fungal or plant cells, in particular dicot or monocot plant cells, including soybean, maize, wheat, and sugarcane cells. The invention further relates to the transgenic plants created by these methods.Type: ApplicationFiled: October 18, 2022Publication date: April 27, 2023Applicant: SYNGENTA PARTICIPATIONS AGInventors: Zhongying Chen, Qiudeng Que, Mark Scott Rose, Heng Zhong, Mary-Dell Chilton, Eric Levy, Yingping Lucy Qin
-
Publication number: 20230115039Abstract: The disclosure provides methods for predicting surface-presenting peptides using binding and surface-presentation characteristics. The method can include accessing a trained machine-learning model that is configured to generate an output that indicates an extent to which the one or more expression levels and the one or more peptide-presentation metrics are related in accordance with a population-level relationship between expression and presentation. For each peptide of the set of peptides for a tissue sample, a score can be determined using the machine-learning model and genomic and transcriptomic data corresponding to the peptide. The score is predictive of whether a corresponding peptide is a surface-presenting peptide that binds to an MHC molecule and is presented on a cell surface.Type: ApplicationFiled: December 13, 2022Publication date: April 13, 2023Applicant: Personalis, Inc.Inventors: Charles Wilbur ABBOTT, III, Sean Michael BOYLE, Rachel Marty PYKE, Eric LEVY, Dattatreya MELLACHERUVU, Rena MCCLORY, Richard CHEN, Robert POWER, Gabor BARTHA, Jason HARRIS, Pamela MILANI, Prateek TANDON, Paul MCNITT, Massimo MORRA, Sejal DESAI, Juan-Sebastian SALVIDAR, Michael CLARK, Christian HAUDENSCHILD, John WEST, Nick PHILLIPS, Simo V. ZHANG
-
Patent number: 11606347Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.Type: GrantFiled: August 27, 2020Date of Patent: March 14, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
-
Publication number: 20230074297Abstract: In one embodiment, a supervisory device in a network forms a virtual access point (VAP) for a node in the network. A set of access points (APs) in the network are mapped to the VAP as part of a VAP mapping and the node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device receives measurements from the APs in the VAP mapping regarding communications associated with the node. The supervisory device identifies a movement of the node based on the received measurements from the APs in the VAP mapping. The supervisory device adjusts the set of APs in the VAP mapping based on the identified movement of the node.Type: ApplicationFiled: August 15, 2022Publication date: March 9, 2023Inventors: Pascal THUBERT, Jean-Philippe VASSEUR, Patrick WETTERWALD, Eric LEVY-ABEGNOLI
-
Publication number: 20230068788Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.Type: ApplicationFiled: August 31, 2021Publication date: March 2, 2023Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach