Patents by Inventor Muhammad Sakhi Sarwar
Muhammad Sakhi Sarwar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10887289Abstract: Systems and methods for encryption in optical transport networks may include generating, at a first transponder, multiple encryption keys, each usable to encrypt a data payload in an OTN frame transmitted from the first transponder to a second transponder and storing the keys locally on the first and second transponders. The first transponder may randomly select one of the keys for encrypting a data payload of a given frame and set overhead encryption bits in a preceding frame indicating that the given frame is encrypted and identifying the randomly selected key. The first transponder may encrypt the data payload of the given frame using the randomly selected key prior to transmission. Based on the overhead bits in the preceding frame, the second transponder may decrypt the data payload of the given frame using the randomly selected key. A new key may be randomly selected for each encrypted frame.Type: GrantFiled: August 21, 2018Date of Patent: January 5, 2021Assignee: Fujitsu LimitedInventor: Muhammad Sakhi Sarwar
-
Publication number: 20200067887Abstract: Systems and methods for encryption in optical transport networks may include generating, at a first transponder, multiple encryption keys, each usable to encrypt a data payload in an OTN frame transmitted from the first transponder to a second transponder and storing the keys locally on the first and second transponders. The first transponder may randomly select one of the keys for encrypting a data payload of a given frame and set overhead encryption bits in a preceding frame indicating that the given frame is encrypted and identifying the randomly selected key. The first transponder may encrypt the data payload of the given frame using the randomly selected key prior to transmission. Based on the overhead bits in the preceding frame, the second transponder may decrypt the data payload of the given frame using the randomly selected key. A new key may be randomly selected for each encrypted frame.Type: ApplicationFiled: August 21, 2018Publication date: February 27, 2020Inventor: Muhammad Sakhi Sarwar
-
Patent number: 10511629Abstract: Methods and systems for encryption control in optical networks without data loss enable various transitions related to encryption of an ODU data payload. A transition from unencrypted data payload to encrypted data payload is performed without data loss or dropping of OTN frames. A transition from encrypted data payload to unencrypted data payload is performed without data loss or dropping of OTN frames. A rotation of the encryption key to another encryption key is also performed without data loss or dropping of OTN frames.Type: GrantFiled: April 7, 2017Date of Patent: December 17, 2019Assignee: FUJITSU LIMITEDInventors: Muhammad Sakhi Sarwar, Erik Charles Stewart, Junichi Sugiyama, Abirami Sathyamoorthy, Swati Mittal
-
Patent number: 10511582Abstract: Methods and systems for simplified encryption key generation in optical networks use a Transport Layer Security (TLS) protocol to securely generate an encryption key at both endpoints of an optical path provisioned in an optical transport network. Instead of generating yet another key for payload data transmission, the encryption key from TLS is used for encrypting payload data transmission without using the TLS protocol.Type: GrantFiled: April 7, 2017Date of Patent: December 17, 2019Assignee: FUJITSU LIMITEDInventors: Muhammad Sakhi Sarwar, Abirami Sathyamoorthy, Swati Mittal
-
Patent number: 10469459Abstract: Methods and systems may use optical transport network overhead data for encryption. In particular, specific overhead encryption bits and other encryption data may be stored in an OTN header and used for signaling between a transmitter and a receiver for encrypted transmission without lost data frames.Type: GrantFiled: April 7, 2017Date of Patent: November 5, 2019Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Erik Charles Stewart, Junichi Sugiyama
-
Publication number: 20180295116Abstract: Methods and systems for simplified encryption key generation in optical networks use a Transport Layer Security (TLS) protocol to securely generate an encryption key at both endpoints of an optical path provisioned in an optical transport network. Instead of generating yet another key for payload data transmission, the encryption key from TLS is used for encrypting payload data transmission without using the TLS protocol.Type: ApplicationFiled: April 7, 2017Publication date: October 11, 2018Applicant: FUJITSU LIMITEDInventors: Muhammad Sakhi Sarwar, Abirami Sathyamoorthy, Swati Mittal
-
Publication number: 20180294958Abstract: Methods and systems for encryption control in optical networks without data loss enable various transitions related to encryption of an ODU data payload. A transition from unencrypted data payload to encrypted data payload is performed without data loss or dropping of OTN frames. A transition from encrypted data payload to unencrypted data payload is performed without data loss or dropping of OTN frames. A rotation of the encryption key to another encryption key is also performed without data loss or dropping of OTN frames.Type: ApplicationFiled: April 7, 2017Publication date: October 11, 2018Applicant: FUJITSU LIMITEDInventors: Muhammad Sakhi Sarwar, Erik Charles Stewart, Junichi Sugiyama, Abirami Sathyamoorthy, Swati Mittal
-
Publication number: 20180295103Abstract: Methods and systems may use optical transport network overhead data for encryption. In particular, specific overhead encryption bits and other encryption data may be stored in an OTN header and used for signaling between a transmitter and a receiver for encrypted transmission without lost data frames.Type: ApplicationFiled: April 7, 2017Publication date: October 11, 2018Inventors: Muhammad Sakhi Sarwar, Erik Charles Stewart, Junichi Sugiyama
-
Patent number: 9054985Abstract: A method may include monitoring available aggregate bandwidth of a network element and determining if the available aggregate bandwidth is sufficient to communicate traffic at a rate equal to an aggregate sum of committed information rates for a plurality of classes of traffic. If the available aggregate bandwidth is sufficient to communicate traffic at the rate equal to the aggregate sum of committed information rates for a plurality of classes of traffic, traffic may be communicated for each of the plurality of classes in accordance with the respective committed information rate for each class. Otherwise, traffic may be communicated for each of the plurality of classes in an amount proportional to the respective committed information rate for a particular class and the available aggregate bandwidth.Type: GrantFiled: June 27, 2011Date of Patent: June 9, 2015Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu, Nitin Gogate
-
Patent number: 8917591Abstract: A method may include: (i) provisioning a first network-side interface of a first plug-in unit and a second network-side interface of a second plug-in unit as members of a network-side protection group, the first plug-in unit and the second plug-in unit integral to an adaptation layer network element; (ii) provisioning a first client-side interface of the first plug-in unit and a second client-side interface of the second plug-in unit as members of a client-side protection group; (iii) designating one of the first and second network-side interface as an active network-side interface of the network-side protection group; and (iv) designating one of the first second client-side interface as an active client-side interface of the client-side protection group, such that traffic ingressing on the active network-side interface may egress on the active client-side interface and traffic ingressing on the active client-side interface may egress on the active network-side interface.Type: GrantFiled: July 19, 2011Date of Patent: December 23, 2014Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu, Nitin Gogate, Michael Charles Green
-
Patent number: 8885475Abstract: According to one embodiment, a method may include receiving a frame via an ingress port of a network element. The method may also include assigning a virtual destination address to the frame of the traffic. The method may further include internally switching the frame within the network element based on the virtual destination address. The method may additionally include modifying the virtual destination address one or more times such that the virtual destination address is translated to an actual destination address identifying an actual egress port of the network element. Moreover, the method may include routing the frame to an egress port of the network element based on the actual destination address.Type: GrantFiled: September 10, 2010Date of Patent: November 11, 2014Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Ali Zaringhalam, Stephen Joseph Brolin
-
Patent number: 8774201Abstract: According to one embodiment, a method may include assigning a virtual local area network (VLAN) ingress connection identifier (iXid) to a frame upon ingress. The method may also include classifying a traffic flow for which the frame is a part through ingress engines of the network element based on the iXid. The method may further include swapping the iXid for an egress connection identifier (eXid) in the frame. The method may additionally include policing or shaping the traffic flow based on at least one of the iXid and the eXid. Moreover, the method may include classifying the traffic flow through egress engines of the network element based on the eXid.Type: GrantFiled: September 10, 2010Date of Patent: July 8, 2014Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Ali Zaringhalam, Stephen Joseph Brolin, William Hom, Yasir Malik
-
Patent number: 8559302Abstract: A method may include provisioning: a first flow from a client-side port to a network-side port of the plug-in unit; a second flow from the network-side port to the client-side port; a third flow from the network-side port to a mate link configured to interface with a fourth flow from the mate link to a second client-side port of the second plug-in unit; a fifth flow from the mate link to the network-side port configured to interface with a sixth flow from the second client-side port to the mate link; a seventh flow from the client-side port to the mate link configured to interface with an eighth flow from the mate link to a second network-side port of the second plug-in unit; and a ninth flow from the mate link to the client-side port configured to interface with a tenth flow from the second network-side port to the mate link.Type: GrantFiled: June 29, 2011Date of Patent: October 15, 2013Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu
-
Patent number: 8520514Abstract: A method for configuring admission control of service instances in a network element may include: (i) reading a pre-determined maximum service-idle utilization of a processor approximately equal to maximum utilization of the processor in the absence of services executing on the processor; (ii) reading, for each particular service instance of a desired configuration of service instances, a pre-determined maximum utilization of the processor associated with the particular service instance; (iii) calculating an aggregate maximum utilization for the desired configuration, based on the pre-determined maximum service-idle utilization and the pre-determined maximum utilizations for each of the particular service instances; (iv) determining whether the aggregate maximum utilization is greater than a threshold maximum utilization for the processor; (v) allowing or denying the desired configuration based on the determination.Type: GrantFiled: July 1, 2011Date of Patent: August 27, 2013Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu
-
Patent number: 8477619Abstract: According to one embodiment, methods and systems may be configured to support client-to-network, network-to-client, and network-to-network flows in a network element including multiple plug-in units. Such support may include policing and shaping flows as aggregates across plug-in units, combining outputs of two upstream traffic managers to network ports on two plug-in units, combining network flows that ingress two plug-in units, and shaping traffic to client ports.Type: GrantFiled: September 10, 2010Date of Patent: July 2, 2013Assignee: Fujitsu LimitedInventors: Muhammad Sakhi Sarwar, Ali Zaringhalam, Stephen Joseph Brolin, Simmonds John Mathews, Richard Charles Boelens, Frank Schumeg
-
Publication number: 20130022349Abstract: A method may include: (i) provisioning a first network-side interface of a first plug-in unit and a second network-side interface of a second plug-in unit as members of a network-side protection group, the first plug-in unit and the second plug-in unit integral to an adaptation layer network element; (ii) provisioning a first client-side interface of the first plug-in unit and a second client-side interface of the second plug-in unit as members of a client-side protection group; (iii) designating one of the first and second network-side interface as an active network-side interface of the network-side protection group; and (iv) designating one of the first second client-side interface as an active client-side interface of the client-side protection group, such that traffic ingressing on the active network-side interface may egress on the active client-side interface and traffic ingressing on the active client-side interface may egress on the active network-side interface.Type: ApplicationFiled: July 19, 2011Publication date: January 24, 2013Applicant: FUJITSU NETWORK COMMUNICATIONS, INC.Inventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu, Nitin Gogate, Michael Charles Green
-
Publication number: 20130003539Abstract: A method for configuring admission control of service instances in a network element may include: (i) reading a pre-determined maximum service-idle utilization of a processor approximately equal to maximum utilization of the processor in the absence of services executing on the processor; (ii) reading, for each particular service instance of a desired configuration of service instances, a pre-determined maximum utilization of the processor associated with the particular service instance; (iii) calculating an aggregate maximum utilization for the desired configuration, based on the pre-determined maximum service-idle utilization and the pre-determined maximum utilizations for each of the particular service instances; (iv) determining whether the aggregate maximum utilization is greater than a threshold maximum utilization for the processor; (v) allowing or denying the desired configuration based on the determination.Type: ApplicationFiled: July 1, 2011Publication date: January 3, 2013Applicant: FUJITSU NETWORK COMMUNICATIONS, INC.Inventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu
-
Publication number: 20130003535Abstract: A method may include provisioning: a first flow from a client-side port to a network-side port of the plug-in unit; a second flow from the network-side port to the client-side port; a third flow from the network-side port to a mate link configured to interface with a fourth flow from the mate link to a second client-side port of the second plug-in unit; a fifth flow from the mate link to the network-side port configured to interface with a sixth flow from the second client-side port to the mate link; a seventh flow from the client-side port to the mate link configured to interface with an eighth flow from the mate link to a second network-side port of the second plug-in unit; and a ninth flow from the mate link to the client-side port configured to interface with a tenth flow from the second network-side port to the mate link.Type: ApplicationFiled: June 29, 2011Publication date: January 3, 2013Applicant: FUJITSU NETWORK COMMUNICATIONS, INC.Inventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu
-
Publication number: 20120327768Abstract: A method may include monitoring available aggregate bandwidth of a network element and determining if the available aggregate bandwidth is sufficient to communicate traffic at a rate equal to an aggregate sum of committed information rates for a plurality of classes of traffic. If the available aggregate bandwidth is sufficient to communicate traffic at the rate equal to the aggregate sum of committed information rates for a plurality of classes of traffic, traffic may be communicated for each of the plurality of classes in accordance with the respective committed information rate for each class. Otherwise, traffic may be communicated for each of the plurality of classes in an amount proportional to the respective committed information rate for a particular class and the available aggregate bandwidth.Type: ApplicationFiled: June 27, 2011Publication date: December 27, 2012Applicant: FUJITSU NETWORK COMMUNICATIONS, INC.Inventors: Muhammad Sakhi Sarwar, Zigmunds Andis Putnins, Jaya Sarup, Zanjun Lu, Nitin Gogate
-
Publication number: 20120063310Abstract: According to one embodiment, a method may include receiving a frame via an ingress port of a network element. The method may also include assigning a virtual destination address to the frame of the traffic. The method may further include internally switching the frame within the network element based on the virtual destination address. The method may additionally include modifying the virtual destination address one or more times such that the virtual destination address is translated to an actual destination address identifying an actual egress port of the network element. Moreover, the method may include routing the frame to an egress port of the network element based on the actual destination address.Type: ApplicationFiled: September 10, 2010Publication date: March 15, 2012Inventors: Muhammad Sakhi Sarwar, Ali Zaringhalam, Stephen Joseph Brolin