Patents by Inventor Ioannis BEREDIMAS
Ioannis BEREDIMAS has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11936723Abstract: Systems and methods for geographically distributed node replication include a first node which receives a message from a client based on a proximity of the first node to the client, the message transmitted to the first node via anycast routing from the client. The first node may replicate the message to a first subset of the geographically distributed system of nodes based on a geographic proximity of nodes within the first subset. The first node may publish the message to a data feed of a message bus for the system of nodes, to cause at least one node of the system of nodes to receive the message from the first node, the at least one node outside the first subset and subscribing to the data feed of the first node.Type: GrantFiled: May 16, 2022Date of Patent: March 19, 2024Assignee: Citrix Systems, Inc.Inventors: Panagiotis Gourgaris, Ioannis Beredimas
-
Optimizing selection of zero trust network access cloud edge nodes for internal application delivery
Patent number: 11924081Abstract: The present solution provides systems and methods for a GSLB service to access a first plurality of measurements of network latency between a plurality of access-points and the first client device and a second plurality of measurements of network latency between the plurality of access-points and one or more of data centers. The GSLB service can receive, from the one or more data centers, health of an application deployed across the one or more data centers. The GSLB service can determine, according to the first plurality of measurements, the second plurality of measurements and the health of the application, a first data center of the one or more data centers and a first access-point of the plurality of access-points. The GSLB service can send, to the first client device, a domain name system (DNS) response identifying the first access-point and the first data center.Type: GrantFiled: July 25, 2022Date of Patent: March 5, 2024Inventors: Ioannis Beredimas, Panagiotis Gourgaris, Panteleimon Evangelos Aivaliotis, Aristotelis Mertis -
OPTIMIZING SELECTION OF ZERO TRUST NETWORK ACCESS CLOUD EDGE NODES FOR INTERNAL APPLICATION DELIVERY
Publication number: 20230421471Abstract: The present solution provides systems and methods for a GSLB service to access a first plurality of measurements of network latency between a plurality of access-points and the first client device and a second plurality of measurements of network latency between the plurality of access-points and one or more of data centers. The GSLB service can receive, from the one or more data centers, health of an application deployed across the one or more data centers. The GSLB service can determine, according to the first plurality of measurements, the second plurality of measurements and the health of the application, a first data center of the one or more data centers and a first access-point of the plurality of access-points. The GSLB service can send, to the first client device, a domain name system (DNS) response identifying the first access-point and the first data center.Type: ApplicationFiled: July 25, 2022Publication date: December 28, 2023Applicant: Citrix Systems, Inc.Inventors: Ioannis Beredimas, Panagiotis Gourgaris, Panteleimon Evangelos Aivaliotis, Aristotelis Mertis -
Patent number: 11831758Abstract: A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.Type: GrantFiled: July 20, 2022Date of Patent: November 28, 2023Inventors: Ioannis Beredimas, Snigdhendu Mukhopadhyay, Adam Phillip Schultz
-
Publication number: 20230336623Abstract: Systems and methods for geographically distributed node replication include a first node which receives a message from a client based on a proximity of the first node to the client, the message transmitted to the first node via anycast routing from the client. The first node may replicate the message to a first subset of the geographically distributed system of nodes based on a geographic proximity of nodes within the first subset. The first node may publish the message to a data feed of a message bus for the system of nodes, to cause at least one node of the system of nodes to receive the message from the first node, the at least one node outside the first subset and subscribing to the data feed of the first node.Type: ApplicationFiled: May 16, 2022Publication date: October 19, 2023Inventors: Panagiotis Gourgaris, Ioannis Beredimas
-
Patent number: 11582325Abstract: Described embodiments provide for routing remote application data. A device can receive a request to access an application. The application can be provided by data centers and accessible via service providers. The device can select a data center from the plurality of data centers and a service provider based at least on a metric indicative of a connection between the data center and the service provider. The device can query a database including one or more connection metrics using the application identified in the request and a location of a router transmitting the request. The device can determine the location of the router based on an internet protocol (IP) address of a client communicably coupled to the router. The device can transmit a response to the request identifying the selected data center and the selected service provider.Type: GrantFiled: July 9, 2021Date of Patent: February 14, 2023Inventors: Paraskevas Zafiris, Ioannis Beredimas, Konstantinos Papanikitas
-
Patent number: 11553000Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.Type: GrantFiled: October 25, 2019Date of Patent: January 10, 2023Assignee: Citrix Systems, Inc.Inventors: Ioannis Beredimas, Lampros Dounis, Panagiotis Matzavinos
-
Publication number: 20220400161Abstract: Described embodiments provide for routing remote application data. A device can receive a request to access an application. The application can be provided by data centers and accessible via service providers. The device can select a data center from the plurality of data centers and a service provider based at least on a metric indicative of a connection between the data center and the service provider. The device can query a database including one or more connection metrics using the application identified in the request and a location of a router transmitting the request. The device can determine the location of the router based on an internet protocol (IP) address of a client communicably coupled to the router. The device can transmit a response to the request identifying the selected data center and the selected service provider.Type: ApplicationFiled: July 9, 2021Publication date: December 15, 2022Applicant: Citrix Systems, Inc.Inventors: Paraskevas Zafiris, Ioannis Beredimas, Konstantinos Papanikitas
-
Publication number: 20220353065Abstract: A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.Type: ApplicationFiled: July 20, 2022Publication date: November 3, 2022Inventors: Ioannis Beredimas, Snigdhendu Mukhopadhyay, Adam Phillip Schultz
-
Patent number: 11431482Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.Type: GrantFiled: February 8, 2021Date of Patent: August 30, 2022Assignee: CITRIX SYSTEMS, INC.Inventors: Ioannis Beredimas, Snigdhendu Mukhopadhyay, Adam Phillip Schultz
-
Publication number: 20220239473Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.Type: ApplicationFiled: February 8, 2021Publication date: July 28, 2022Inventors: Ioannis Beredimas, Snigdhendu Mukhopadhyay, Adam Phillip Schultz
-
Publication number: 20220224684Abstract: Described embodiments provide systems and methods for validating session tokens using network properties. A first device having one or more processors coupled with memory may identify a session token from an initiation of a session between the first device and a second device via a network path of a plurality of network paths. The first device may determine that the first network path is to be trusted based at least on a property of the network path. The first device may validate the session token for use over the plurality of network paths, responsive to determining that the network path is to be trusted. The first device may provide, responsive to validating, the session token to the second device for use in communications over the plurality of network paths.Type: ApplicationFiled: February 24, 2021Publication date: July 14, 2022Applicant: Citrix Systems, Inc.Inventors: Adam Schultz, Snigdhendu Mukhopadhyay, Ioannis Beredimas
-
Patent number: 11190484Abstract: A system, method and program product for provisioning a large scale network address translation (LSN) system. A system is disclosed that processes packets between a router and a TCP/IP network. The system includes a plurality of LSN appliances and a flow processor embedded in each of the plurality of LSN appliances. Each flow processor includes: a hash function that determines an owner appliance from the plurality of LSN appliances for a request received from the router based on a private IP address of the request; a look-up table that that determines the owner appliance from the plurality of LSN appliances for a response received from the TCP/IP network based on a public IP address of the response; and a packet routing system that routes a received request or a received response to the owner appliance.Type: GrantFiled: June 25, 2019Date of Patent: November 30, 2021Assignee: CITRIX SYSTEMS, INC.Inventor: Ioannis Beredimas
-
Publication number: 20210006596Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.Type: ApplicationFiled: October 25, 2019Publication date: January 7, 2021Inventors: Ioannis Beredimas, Lampros Dounis, Panagiotis Matzavinos
-
Publication number: 20200403969Abstract: A system, method and program product for provisioning a large scale network address translation (LSN) system. A system is disclosed that processes packets between a router and a TCP/IP network. The system includes a plurality of LSN appliances and a flow processor embedded in each of the plurality of LSN appliances. Each flow processor includes: a hash function that determines an owner appliance from the plurality of LSN appliances for a request received from the router based on a private IP address of the request; a look-up table that that determines the owner appliance from the plurality of LSN appliances for a response received from the TCP/IP network based on a public IP address of the response; and a packet routing system that routes a received request or a received response to the owner appliance.Type: ApplicationFiled: June 25, 2019Publication date: December 24, 2020Inventor: Ioannis Beredimas
-
Patent number: 10264093Abstract: A cache server includes a memory, and a processor to acquire segments of media data associated with a first request, with the first request being generated by a client device. The segments associated with the first request are stored in the memory. Keys for the segments associated with the first request are generated, with each segment having a respective key associated therewith that is a unique identifier for that segment.Type: GrantFiled: March 5, 2018Date of Patent: April 16, 2019Assignee: CITRIX SYSTEMS, INC.Inventors: Kapil Dakhane, Ioannis Beredimas, Robert Kidd, Andrew Michael Penner, Nicholas James Stavrakos
-
Publication number: 20180198885Abstract: A cache server includes a memory, and a processor to acquire segments of media data associated with a first request, with the first request being generated by a client device. The segments associated with the first request are stored in the memory. Keys for the segments associated with the first request are generated, with each segment having a respective key associated therewith that is a unique identifier for that segment.Type: ApplicationFiled: March 5, 2018Publication date: July 12, 2018Inventors: KAPIL DAKHANE, IOANNIS BEREDIMAS, ROBERT KIDD, ANDREW MICHAEL PENNER, NICHOLAS JAMES STAVRAKOS
-
Patent number: 9936040Abstract: A cache server, a method, and a non-transitory computer-readable medium storing a set of instructions are disclosed. The apparatus comprises a memory and one or more processors configured to acquire one or more segments of media data associated with a first request, the first request being generated by one or more client devices, store the one or more segments associated with the first request, generate a key for each segment of the one or more segments associated with the first request, and generate a first set entry and a first set key for the one or more segments associated with the first request.Type: GrantFiled: December 19, 2014Date of Patent: April 3, 2018Assignee: Citrix Systems, Inc.Inventors: Kapil Dakhane, Ioannis Beredimas, Robert Kidd, Nicholas James Stavrakos, Andrew Michael Penner
-
Publication number: 20160182671Abstract: A cache server, a method, and a non-transitory computer-readable medium storing a set of instructions are disclosed. The apparatus comprises a memory and one or more processors configured to acquire one or more segments of media data associated with a first request, the first request being generated by one or more client devices, store the one or more segments associated with the first request, generate a key for each segment of the one or more segments associated with the first request, and generate a first set entry and a first set key for the one or more segments associated with the first request.Type: ApplicationFiled: December 19, 2014Publication date: June 23, 2016Inventors: Kapil DAKHANE, Ioannis BEREDIMAS, Robert KIDD, Nicholas James STAVRAKOS, Andrew Michael PENNER