Patents by Inventor Jonas Zaddach
Jonas Zaddach has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11941146Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.Type: GrantFiled: August 31, 2021Date of Patent: March 26, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Publication number: 20240098063Abstract: In one embodiment, a method includes identifying, using a Static Context Header Compression (SCHC) rules engine, one or more packets matching a rule, selecting a firewall decision based on the identified one or more packets and the rule, and applying the firewall decision to the one or more identified packets.Type: ApplicationFiled: September 16, 2022Publication date: March 21, 2024Inventors: Pascal Thubert, Jonas Zaddach, Patrick Wetterwald, Eric Levy-Abegnoli
-
Patent number: 11894939Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.Type: GrantFiled: May 11, 2021Date of Patent: February 6, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Publication number: 20230413156Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at a first edge device, a direct indication from a second edge device that a mobile device has moved from the first to the second edge device; determining, based on the direct indication, a first time at which the mobile device attached to the second edge device; receiving a network routing update message indicative of a routing update for the mobile device having moved to the second edge device; determining, based on the network routing update message, a second time at which convergence completed at the first edge device; and calculating a convergence time for the mobile device to be detected as having moved to the second edge device based on a difference between the first time and the second time.Type: ApplicationFiled: May 20, 2022Publication date: December 21, 2023Inventors: Pascal Thubert, Eric LEVY-ABEGNOLI, Jonas ZADDACH, Patrick WETTERWALD
-
Publication number: 20230379250Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at an access device for a network, a packet having a set of packet features; making, by the access device, a determination that the set of packet features of the packet match a forwarding ruleset that defines differentiated services for different types of packets based on their packet features; formulating, by the access device and based on the determination, a compressed header for the packet that has one or more differentiated service indicators based on the forwarding ruleset; and forwarding, from the access device, the packet with the compressed header, to cause forwarding decisions to be made within the network for the packet based on the one or more differentiated service indicators in its compressed header.Type: ApplicationFiled: May 20, 2022Publication date: November 23, 2023Inventors: Pascal Thubert, Patrick WETTERWALD, Eric LEVY-ABEGNOLI, Jonas ZADDACH
-
Patent number: 11784970Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.Type: GrantFiled: June 29, 2021Date of Patent: October 10, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Pascal Thubert, Eric M. Levy-Abegnoli, Patrick M. P. Wetterwald, Jonas Zaddach
-
Patent number: 11757827Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.Type: GrantFiled: August 15, 2022Date of Patent: September 12, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
-
Publication number: 20230216847Abstract: Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.Type: ApplicationFiled: March 13, 2023Publication date: July 6, 2023Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
-
Patent number: 11606347Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.Type: GrantFiled: August 27, 2020Date of Patent: March 14, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
-
Publication number: 20230068788Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.Type: ApplicationFiled: August 31, 2021Publication date: March 2, 2023Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Publication number: 20220417213Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.Type: ApplicationFiled: June 29, 2021Publication date: December 29, 2022Inventors: Pascal Thubert, Eric M. Levy-Abegnoli, Patrick M. P. Wetterwald, Jonas Zaddach
-
Publication number: 20220394009Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.Type: ApplicationFiled: August 15, 2022Publication date: December 8, 2022Applicant: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
-
Publication number: 20220368547Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.Type: ApplicationFiled: May 11, 2021Publication date: November 17, 2022Inventors: Pascal Thubert, Patrick Wetterwald, Eric Levy- Abegnoli, Jonas Zaddach
-
Patent number: 11418481Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.Type: GrantFiled: October 1, 2021Date of Patent: August 16, 2022Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
-
Publication number: 20220116354Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.Type: ApplicationFiled: October 1, 2021Publication date: April 14, 2022Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald
-
Publication number: 20220070156Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.Type: ApplicationFiled: August 27, 2020Publication date: March 3, 2022Inventors: Pascal Thubert, Patrick Wetterwald, Jonas Zaddach, Eric Levy-Abegnoli
-
Publication number: 20220046014Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.Type: ApplicationFiled: August 6, 2020Publication date: February 10, 2022Inventors: Patrick Wetterwald, Jonas Zaddach, Pascal Thubert, Eric Levy-Abegnoli
-
Patent number: 11165748Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PM) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.Type: GrantFiled: October 13, 2020Date of Patent: November 2, 2021Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Jonas Zaddach, Patrick Wetterwald