Patents by Inventor Francis Dinha
Francis Dinha has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818035Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.Type: GrantFiled: December 28, 2022Date of Patent: November 14, 2023Assignee: OpenVPN, Inc.Inventors: Francis Dinha, James Yonan
-
Patent number: 11588726Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.Type: GrantFiled: June 28, 2021Date of Patent: February 21, 2023Assignee: OpenVPN, IncInventors: Francis Dinha, James Yonan
-
Publication number: 20220337547Abstract: Methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic. Further disclosed are methods for intelligently routing domain-level traffic to VPNs including augmenting a DNS with VPN information associated with human-memorable domain names.Type: ApplicationFiled: April 6, 2022Publication date: October 20, 2022Inventors: Francis Dinha, James Yonan
-
Publication number: 20220014463Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.Type: ApplicationFiled: June 28, 2021Publication date: January 13, 2022Inventors: Francis Dinha, James Yonan
-
Patent number: 10530587Abstract: A system and method for efficient certificate authentication management and distribution of large, web scale authentication information. The method includes receiving at a server, security certificate information, said security certificate including a unique certificate identifier. A structured data source, such as an XML file or database is encoded with a unique record for each possible security certificate using the record ID as the security certificate ID. Each unique record includes a record of four bits or less. Owing to the small size of the data source, large amounts of security certificates may be managed and distributed efficiently over a network to one of more private gateways allowing for large scale certificate authentication.Type: GrantFiled: June 30, 2016Date of Patent: January 7, 2020Assignee: OpenVPN Technologies, Inc.Inventors: Francis Dinha, James Yonan
-
Patent number: 10225105Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.Type: GrantFiled: July 7, 2016Date of Patent: March 5, 2019Assignee: OpenVPN Technologies, Inc.Inventors: Francis Dinha, James Yonan
-
Patent number: 10185599Abstract: A system and method for disposing, in kernel space, a data plane having instructions operable to encrypt and transfer data over a network. The data plane is coupled to a control plane which resides in user space. The control plane has instructions operable to control the transfer of the encrypted data in kernel space. Certain embodiments include an application programming interface (API), which operates to expose a programming interface for encrypted communications which results in a more efficient data transfer because most of the data processing is done in kernel space.Type: GrantFiled: June 9, 2016Date of Patent: January 22, 2019Assignee: OpenVPN Technologies, Inc.Inventors: Francis Dinha, James Yonan
-
Patent number: 9794215Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.Type: GrantFiled: April 4, 2015Date of Patent: October 17, 2017Assignee: OpenVPN Technologies, IncInventor: Francis Dinha
-
Patent number: 9699135Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.Type: GrantFiled: June 20, 2012Date of Patent: July 4, 2017Assignee: OpenVPN Technologies, Inc.Inventor: Francis Dinha
-
Publication number: 20170012937Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.Type: ApplicationFiled: July 7, 2016Publication date: January 12, 2017Inventors: Francis DINHA, James Yonan
-
Publication number: 20170013015Abstract: A system and method for disposing, in kernel space, a data plane having instructions operable to encrypt and transfer data over a network. The data plane is coupled to a control plane which resides in user space. The control plane has instructions operable to control the transfer of the encrypted data in kernel space. Certain embodiments include an application programming interface (API), which operates to expose a programming interface for encrypted communications which results in a more efficient data transfer because most of the data processing is done in kernel space.Type: ApplicationFiled: June 9, 2016Publication date: January 12, 2017Inventors: Francis DINHA, James Yonan
-
Publication number: 20170012782Abstract: A system and method for efficient certificate authentication management and distribution of large, web scale authentication information. The method includes receiving at a server, security certificate information, said security certificate including a unique certificate identifier. A structured data source, such as an XML file or database is encoded with a unique record for each possible security certificate using the record ID as the security certificate ID. Each unique record includes a record of four bits or less. Owing to the small size of the data source, large amounts of security certificates may be managed and distributed efficiently over a network to one of more private gateways allowing for large scale certificate authentication.Type: ApplicationFiled: June 30, 2016Publication date: January 12, 2017Inventors: Francis DINHA, James YONAN
-
Patent number: 9143333Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.Type: GrantFiled: July 22, 2014Date of Patent: September 22, 2015Assignee: Upload Technologies S.A.Inventors: Robert E. Nimon, David E. Espenlaub, Francis Dinha, James Yonan
-
Publication number: 20150215268Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.Type: ApplicationFiled: April 4, 2015Publication date: July 30, 2015Inventor: Francis Dinha
-
Publication number: 20140334339Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.Type: ApplicationFiled: July 22, 2014Publication date: November 13, 2014Inventors: Robert E. Nimon, David E. Espenlaub, Francis Dinha, James Yonan
-
Patent number: 8787205Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.Type: GrantFiled: October 26, 2012Date of Patent: July 22, 2014Assignee: Upload Technologies S.A.Inventors: Robert E. Nimon, David E. Espenlaub, Francis Dinha, James Yonan
-
Publication number: 20140150083Abstract: A system and method for a virtual private network (VPN) wherein some embodiments includes creating complementary stack layers on both a client and a server device. An application operating through the VPN establishes a socket level protocol for operation of the VPN such that an application communicates with a client socket VPN layer which, in turn, is coupled to a server VPN layer. Data is encapsulated in a private tunnel. Certain embodiments may provide for VPN sockets for each application allowing concurrent VPNs to operate on a single device.Type: ApplicationFiled: November 23, 2013Publication date: May 29, 2014Inventors: Francis DINHA, Elfredy Cadapan
-
Publication number: 20130346839Abstract: A system and method for a portal for management and operation of a private tunnel network computing system. The portals provide for establishing, modifying, and operating multiple private clouds through a single interface. In some embodiments the method includes receiving resource information such as private and public resources and presenting the resource information to a manager through a graphical interface. The network manager then selects a resource and a private cloud, also through a graphical user interface. Once selected, a manager can operate to add the resource to the private cloud, or alternatively drop the resource from the cloud. Multiple private clouds may be effectuated and membership in those clouds established through the user interface. The private tunnel network portal may include controls for management tools, developer tools, and a cloud applications store. Once established, non-manager users can access those resources in a secure environment.Type: ApplicationFiled: July 30, 2012Publication date: December 26, 2013Inventor: Francis Dinha
-
Publication number: 20130347072Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.Type: ApplicationFiled: June 20, 2012Publication date: December 26, 2013Inventor: Francis Dinha
-
Publication number: 20130263233Abstract: A data access and control system and method for sourcing data to one or more software as a service (SaaS) providers. Certain embodiments include an interface engine coupled to one or more SaaS providers through a network, and further operable to service requests for data operations from the SaaS providers. The service requests may include a request for data from the user-controlled structured data store or a request to store data in the user-controlled structured data store. The user-controlled data store may be local to the user or in a remote location. User-control of data provides additional security because the SaaS provider does not keep control of the data. Certain embodiments include encryption through the use of a cipher or a key, which may be provided from a third party. The ciphers may be dynamically changed for different files. Other embodiments include operations on a mobile computing device.Type: ApplicationFiled: March 27, 2012Publication date: October 3, 2013Inventor: Francis Dinha