Patents by Inventor Michael Tahar
Michael Tahar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12639455Abstract: A system, circuit, and method are described, among other things. An illustrative system is disclosed to include a processor and a memory storing data for processing by the processor. The data, when processed, causes the processor to receive an initiator message comprising a request to access one or more registers of a plurality of registers, determine that the initiator message corresponds to an entry of a privilege access table, determine a configured level of access control for the initiator message to access the one or more requested registers based at least in part on a group mapping table, and provide a level of access to the one or more requested registers corresponding to the received initiator message based on the initiator message corresponding to the entry of the privilege access table and based, at least in part, on the determined configured level of access control.Type: GrantFiled: May 3, 2023Date of Patent: May 26, 2026Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Dotan Finkelshtein, Michael Tahar, Irit Granovsky, Yaniv Strassberg, Guy-Avraham Harel
-
Publication number: 20260095449Abstract: Approaches presented herein provide for the attestation of devices in managed networks, in order to verify state and establish trust in those devices as well as in the managed network and/or subnets. The devices in a network, including devices such as network switches, can perform self-attestation by transmitting attestation evidence using one or more network messages. One or more verifiers can verify the attestation evidence and determine which devices or subnets are trusted. Data and messages can then be routed along trusted paths through a trusted network or subnet, such that all devices along those paths are trusted devices. In order to reduce the volume of attestation traffic for large networks, a network device can provide attestation evidence to a verifier that is connected to that device, rather than propagating all evidence for all devices to a single verifier. Once verified, a list of trusted devices can be propagated rather than the instances of evidence that were used for the verification.Type: ApplicationFiled: September 30, 2024Publication date: April 2, 2026Inventors: Meni Orenbach, Michael Tahar, Fritz Daniel Alder, Ahmad Atamli, Dmitri Shiffrin
-
Publication number: 20250373545Abstract: A system and method for restricting traffic in a computer network, the method may include extracting a routing path of a packet, and determining whether to allow or block the packet based on the routing path.Type: ApplicationFiled: May 29, 2024Publication date: December 4, 2025Applicant: Mellanox Technologies Ltd.Inventors: Michael TAHAR, Dmitri SHIFRIN, Alex NETES, Ortal BASHAN, Ziv BATTAT, Raghu KRISHNAMURTHY
-
Patent number: 12452219Abstract: In one embodiment, a system includes a networking device including a network interface to receive network packets having headers including datagram transport layer security (DTLS) headers from a remote device over a packet data network, packet processing circuitry to identify first packets of the received packets for DTLS processing in the packet processing circuitry, identify second packets of the received packets to bypass DTLS processing in the packet processing circuitry and to be provided to software to perform DTLS processing on the second packets, and perform DTLS processing on the first packets, and a host interface to provide the DTLS processed first packets to the software, and provide the second packets to the software to perform DTLS processing on the second packets.Type: GrantFiled: April 4, 2024Date of Patent: October 21, 2025Assignee: Mellanox Technologies, LtdInventors: Uria Basher, Michael Tahar, Amir Modan, Ben Witulski, Miriam Menes, Miri Shtaif
-
Patent number: 12231585Abstract: In one embodiment, a secure challenge-response method includes requesting respective token challenges from devices, receiving the respective token challenges from the devices, providing the respective token challenges to a signing server, receiving from the signing server a signature of the respective token challenges signed with a private key of the signing server, and providing to a given device of the devices a request to perform an operation, the request including the signature and the respective token challenges.Type: GrantFiled: May 17, 2022Date of Patent: February 18, 2025Assignee: Mellanox Technologies, LtdInventors: Yuval Itkin, Michael Tahar, Haim Kupershmidt, Ameer Mahagneh
-
Publication number: 20240406148Abstract: In one embodiment, a system includes a networking device including a network interface to receive network packets having headers including datagram transport layer security (DTLS) headers from a remote device over a packet data network, packet processing circuitry to identify first packets of the received packets for DTLS processing in the packet processing circuitry, identify second packets of the received packets to bypass DTLS processing in the packet processing circuitry and to be provided to software to perform DTLS processing on the second packets, and perform DTLS processing on the first packets, and a host interface to provide the DTLS processed first packets to the software, and provide the second packets to the software to perform DTLS processing on the second packets.Type: ApplicationFiled: April 4, 2024Publication date: December 5, 2024Inventors: Uria Basher, Michael Tahar, Amir Modan, Ben Witulski, Miriam Menes, Miri Shtaif
-
Publication number: 20240370579Abstract: A system, circuit, and method are described, among other things. An illustrative system is disclosed to include a processor and a memory storing data for processing by the processor. The data, when processed, causes the processor to receive an initiator message comprising a request to access one or more registers of a plurality of registers, determine that the initiator message corresponds to an entry of a privilege access table, determine a configured level of access control for the initiator message to access the one or more requested registers based at least in part on a group mapping table, and provide a level of access to the one or more requested registers corresponding to the received initiator message based on the initiator message corresponding to the entry of the privilege access table and based, at least in part, on the determined configured level of access control.Type: ApplicationFiled: May 3, 2023Publication date: November 7, 2024Inventors: Dotan Finkelshtein, Michael Tahar, Irit Granovsky, Yaniv Strassberg, Guy-Avraham Harel
-
Patent number: 11909710Abstract: A method for communication includes provisioning each node in a network with a respective set of two or more network addresses. Each node in succession is assigned a respective network address from the respective provisioned set that has not been assigned for use by any preceding node. Upon finding for a given node that all the network addresses in the respective provisioned set were assigned to preceding nodes, the preceding nodes are searched to identify a candidate node having an additional network address in the respective provisioned set, other than the assigned respective network address, that was not yet assigned to any of the nodes. The additional network address is assigned to the candidate node instead of the respective network address that was previously assigned to the candidate node, and the assigning of the network addresses to the nodes in the succession resumes following the candidate node.Type: GrantFiled: July 7, 2022Date of Patent: February 20, 2024Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Eitan Zahavi, Guy Rozenberg, Matty Kadosh, Lion Levi, Boris Pismenny, Alex Netes, Miriam Menes, Lior Hodaya Bezen, Michael Tahar
-
Publication number: 20240015130Abstract: A method for communication includes provisioning each node in a network with a respective set of two or more network addresses. Each node in succession is assigned a respective network address from the respective provisioned set that has not been assigned for use by any preceding node. Upon finding for a given node that all the network addresses in the respective provisioned set were assigned to preceding nodes, the preceding nodes are searched to identify a candidate node having an additional network address in the respective provisioned set, other than the assigned respective network address, that was not yet assigned to any of the nodes. The additional network address is assigned to the candidate node instead of the respective network address that was previously assigned to the candidate node, and the assigning of the network addresses to the nodes in the succession resumes following the candidate node.Type: ApplicationFiled: July 7, 2022Publication date: January 11, 2024Inventors: Eitan Zahavi, Guy Rozenberg, Matty Kadosh, Lion Levi, Boris Pismenny, Alex Netes, Miriam Menes, Lior Hodaya Bezen, Michael Tahar
-
Publication number: 20230379172Abstract: In one embodiment, a secure challenge-response method includes requesting respective token challenges from devices, receiving the respective token challenges from the devices, providing the respective token challenges to a signing server, receiving from the signing server a signature of the respective token challenges signed with a private key of the signing server, and providing to a given device of the devices a request to perform an operation, the request including the signature and the respective token challenges.Type: ApplicationFiled: May 17, 2022Publication date: November 23, 2023Inventors: Yuval Itkin, Michael Tahar, Haim Kupershmidt, Ameer Mahagneh