Patents by Inventor Eric Levy-Abegnoli

Eric Levy-Abegnoli has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12034707
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Grant
    Filed: February 1, 2023
    Date of Patent: July 9, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: David A. Maluf, Srinath Gundavelli, Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, Eric Voit, Ali Sajassi
  • Publication number: 20240163005
    Abstract: Broadcast energy and spectrum consumption optimization may be provided. It may be determined, by a computing device for each of a plurality of client devices, a corresponding plurality of respective minimum Modulation and Coding Schemes (MCSs) needed to reach each of the respective plurality of client devices from the computing device at a predetermined power level. Next, an optimal MCS from the plurality of respective minimum MCSs may be used to reach a first group of the plurality of client devices via broadcast. Then unicast may be used to reach a second group of the plurality of client devices wherein the optimal MCS is selected to minimize the total amount of airtime used for the broadcast and the unicast.
    Type: Application
    Filed: June 13, 2023
    Publication date: May 16, 2024
    Applicant: Cisco Technology, Inc.
    Inventors: Pascal Thubert, J. P. Vasseur, Patrick Wetterwald, Eric Levy-Abegnoli, Jerome Henry
  • Publication number: 20240163211
    Abstract: Disclosed herein are systems, methods, and computer-readable media for forwarding packets between parallel IPv4 networks that includes encapsulating an IP packet to include an outer header and an inner header. The IP packet is routed to a shaft spanning a subset of addresses within the source realm. Upon reaching the shaft in the source realm, a first swap of the inner header and the outer header of the IP packet is performed. The IP packet is forwarded inside the shaft from the source realm to the destination realm. Upon reaching the destination realm, a second swap of the inner header and the outer header of the IP packet is performed. The IP packet is forwarded in the destination realm to the destination node.
    Type: Application
    Filed: November 15, 2022
    Publication date: May 16, 2024
    Inventors: Eric Levy- Abegnoli, Pascal Thubert
  • Publication number: 20240163770
    Abstract: Leveraging wireless direct transmissions may be provided. It may be determined that data traffic flowing on a first pathway between a first client device and a second client device is not meeting a predetermined service level. The first pathway may be partially wired and partially wireless. A second pathway that will meet the predetermined service level may be determined. The second pathway may be wireless. The data traffic may be caused to flow on the second pathway.
    Type: Application
    Filed: June 2, 2023
    Publication date: May 16, 2024
    Applicant: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Patrick Wetterwald, J. P. Vasseur, Jerome Henry, Eric Levy-Abegnoli
  • Publication number: 20240163786
    Abstract: Multimodal wireless and deterministic mode operation may be provided. An indication may be provided to a client device by an Access Point (AP) that the AP supports multimode operation and which current sub-mode is enabled. Then a determination may be received from the client device to perform an operation based on the indication that the AP supports multimode operation and which sub-mode is currently enabled wherein the operation comprises one of prefer the AP and avoid the AP.
    Type: Application
    Filed: August 25, 2023
    Publication date: May 16, 2024
    Applicant: Cisco Technology, Inc.
    Inventors: Pascal Thubert, J. P. Vasseur, Patrick Wetterwald, Eric Levy-Abegnoli, Jerome Henry
  • Patent number: 11979366
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Grant
    Filed: May 9, 2023
    Date of Patent: May 7, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
  • Patent number: 11941146
    Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: March 26, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
  • Publication number: 20240098063
    Abstract: In one embodiment, a method includes identifying, using a Static Context Header Compression (SCHC) rules engine, one or more packets matching a rule, selecting a firewall decision based on the identified one or more packets and the rule, and applying the firewall decision to the one or more identified packets.
    Type: Application
    Filed: September 16, 2022
    Publication date: March 21, 2024
    Inventors: Pascal Thubert, Jonas Zaddach, Patrick Wetterwald, Eric Levy-Abegnoli
  • Patent number: 11894939
    Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.
    Type: Grant
    Filed: May 11, 2021
    Date of Patent: February 6, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
  • Publication number: 20230413156
    Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at a first edge device, a direct indication from a second edge device that a mobile device has moved from the first to the second edge device; determining, based on the direct indication, a first time at which the mobile device attached to the second edge device; receiving a network routing update message indicative of a routing update for the mobile device having moved to the second edge device; determining, based on the network routing update message, a second time at which convergence completed at the first edge device; and calculating a convergence time for the mobile device to be detected as having moved to the second edge device based on a difference between the first time and the second time.
    Type: Application
    Filed: May 20, 2022
    Publication date: December 21, 2023
    Inventors: Pascal Thubert, Eric LEVY-ABEGNOLI, Jonas ZADDACH, Patrick WETTERWALD
  • Publication number: 20230379250
    Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at an access device for a network, a packet having a set of packet features; making, by the access device, a determination that the set of packet features of the packet match a forwarding ruleset that defines differentiated services for different types of packets based on their packet features; formulating, by the access device and based on the determination, a compressed header for the packet that has one or more differentiated service indicators based on the forwarding ruleset; and forwarding, from the access device, the packet with the compressed header, to cause forwarding decisions to be made within the network for the packet based on the one or more differentiated service indicators in its compressed header.
    Type: Application
    Filed: May 20, 2022
    Publication date: November 23, 2023
    Inventors: Pascal Thubert, Patrick WETTERWALD, Eric LEVY-ABEGNOLI, Jonas ZADDACH
  • Patent number: 11757827
    Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.
    Type: Grant
    Filed: August 15, 2022
    Date of Patent: September 12, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
  • Publication number: 20230275868
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Application
    Filed: May 9, 2023
    Publication date: August 31, 2023
    Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
  • Patent number: 11743174
    Abstract: In one embodiment, a particular device in a deterministic network performs classification of one or more packets of a traffic flow between a source and a destination in the deterministic network. The particular device determines, based on the classification of the one or more packets, a requirement of the traffic flow. The particular device performs, based on the requirement, a packet operation on at least one packet of the traffic flow. The particular device sends packets of the traffic flow towards the destination via two or more paths in the deterministic network.
    Type: Grant
    Filed: October 2, 2020
    Date of Patent: August 29, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Patrick Wetterwald, Eric Levy-Abegnoli, Pascal Thubert
  • Patent number: 11736393
    Abstract: Techniques for leveraging MLD capabilities at edge nodes of network fabrics to receive SNMAs from silent hosts, and creating unicast addresses from the SNMAs for the silent nodes that are used as secondary matches in a network overlay if primary unicast address lookups fail. The edge nodes described herein may act as snoopers of MLD reports in order to identify the SNMAs of the silent hosts. The edge nodes then forge unicast addresses for the silent hosts that match with the least three bytes of the SNMAs. The forged unicast addresses are presented as unicast MAC/IP mappings in the fabric overlay. In situations where a primary IP address lookup fails, the look-up device performs a secondary lookup for a mapped address that has the last three bytes of the IP address. If a mapping is found, the lookup is sent as a unicast message to the matching MAC address.
    Type: Grant
    Filed: September 2, 2022
    Date of Patent: August 22, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Eric Levy-Abegnoli, Patrick Wetterwald
  • Publication number: 20230216847
    Abstract: Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.
    Type: Application
    Filed: March 13, 2023
    Publication date: July 6, 2023
    Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
  • Patent number: 11689442
    Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.
    Type: Grant
    Filed: December 22, 2021
    Date of Patent: June 27, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jakob Heitz
  • Patent number: 11683286
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Grant
    Filed: November 18, 2021
    Date of Patent: June 20, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
  • Publication number: 20230179579
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Application
    Filed: February 1, 2023
    Publication date: June 8, 2023
    Inventors: David A. Maluf, Srinath Gundavelli, Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, Eric Voit, Ali Sajassi
  • Publication number: 20230171575
    Abstract: In one embodiment, a supervisory device in a network notifies, via an access point of the network, a node as to an ability of the network to support virtual access points. The supervisory device receives, in response to notifying the node, information from the node regarding characteristics of the node. The supervisory device selects, based on the characteristics of the node, a plurality of access points in the network to form a virtual access point with which the node may communicate. The supervisory device configures the plurality of access points to function as the virtual access point, wherein the node communicates with the network via the virtual access point.
    Type: Application
    Filed: January 13, 2023
    Publication date: June 1, 2023
    Inventors: Pascal Thubert, Srinath Gundavelli, Amine Choukir, Domenico Ficara, Jerome Henry, Jean-Philippe Vasseur, Patrick Wetterwald, Eric Levy-Abegnoli