Patents by Inventor Ruan He

Ruan He has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10375113
    Abstract: A method which makes it possible to manage access control between a first entity and a second entity belonging to two security domains in a cloud network is disclosed. In one aspect the method comprises, if the entities belong to security domains implementing different access control policies, determining whether there exists a first access control rule between the first entity and a virtual entity within the security domain of the first entity, and a second access control second rule between the second entity and the virtual entity within the security domain of the second entity. If so, the method may comprise controlling access between the first and second entities as a function of the first and second rules.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: August 6, 2019
    Assignee: ORANGE
    Inventors: Ruan He, Yu Zhou
  • Patent number: 10356612
    Abstract: One embodiment is an authentication method comprising on receiving a request from the web browser of the terminal, the request including a user identifier, obtaining authentication data that is associated with the user identifier and that is stored in a database of the internal network, configuring a proxy server authorizing access via the access security entity to the internal network for a determined set of connection parameters, generating a first application from the connection parameters of the set, which application is protected using at least one determined portion of the authentication data and being configured to, on being executed by the web browser, set up a connection between the terminal and the proxy server using the parameters, this being done in response to the at least determined portion of the authentication data being supplied and transmitting the first application to the web browser of the terminal.
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: July 16, 2019
    Assignee: ORANGE
    Inventors: Ruan He, Jamil Chawki
  • Patent number: 9736029
    Abstract: Disclosed is a method comprising updating a first model describing a pool of computer and network resources and a second multi-level hierarchical model describing an entity, each level having at least one element containing one or more users of the entity and associated with an algorithm for allocating at least a portion of the pool, the union of the elements at any level containing all of the users, such that the first and second models represent a current state of the pool of resources and a current state of the entity. Upon request from a user to access a resource specified in the request, resources may be identified by applying the algorithms of the second model to the current state of the pool represented by the first model, verifying compatibility between the identified resources and the resource specified in the request, and rejecting the request in the event of incompatibility.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: August 15, 2017
    Assignee: ORANGE
    Inventors: Ruan He, Jacques Lebourgeois, Julien Terrier
  • Patent number: 9729531
    Abstract: In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier. The method is performed by a server situated between the terminal and the platform utilizing distinct instructions for each client entity. The method comprises verifying that the user is authorized to access the computer resource via the terminal by applying to the user and to the resource an access control model and an access control policy corresponding to the model.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: August 8, 2017
    Assignee: Orange
    Inventors: Ruan He, Xiangjun Qian
  • Publication number: 20170054639
    Abstract: Method of processing a data packet relating to a service, said packet being conveyed by an interconnection gateway between a mobile communication network and a packet communication network, destined for said packet communication network, said method comprising a step of obtaining by a virtualized node an identifier of the service to which the packet relates, characterized in that said method furthermore comprises: —a step of obtaining on the basis of the service identifier a sequence of at least one elementary network function for processing said packet; —for processing the packet, the first function of the sequence corresponding at the first iteration to a current function, the packet being transmitted at the input of a virtualized node able to implement a current function: —application of the current function to the input packet so as to obtain an output packet by the virtualized node; —if there exists a function following the current function in the sequence; —selection of a next virtualized node able to i
    Type: Application
    Filed: April 13, 2015
    Publication date: February 23, 2017
    Inventors: Yu Zhou, Ruan He
  • Patent number: 9509698
    Abstract: One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants.
    Type: Grant
    Filed: December 4, 2014
    Date of Patent: November 29, 2016
    Assignee: Orange
    Inventors: Ruan He, Xiangjun Qian
  • Patent number: 9380075
    Abstract: A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.
    Type: Grant
    Filed: March 26, 2013
    Date of Patent: June 28, 2016
    Assignee: ORANGE
    Inventors: Ruan He, Marc Lacoste, Aurélien Wailly
  • Publication number: 20160142914
    Abstract: One embodiment is an authentication method comprising on receiving a request from the web browser of the terminal, the request including a user identifier, obtaining authentication data that is associated with the user identifier and that is stored in a database of the internal network, configuring a proxy server authorizing access via the access security entity to the internal network for a determined set of connection parameters, generating a first application from the connection parameters of the set, which application is protected using at least one determined portion of the authentication data and being configured to, on being executed by the web browser, set up a connection between the terminal and the proxy server using the parameters, this being done in response to the at least determined portion of the authentication data being supplied and transmitting the first application to the web browser of the terminal.
    Type: Application
    Filed: June 13, 2014
    Publication date: May 19, 2016
    Inventors: Ruan He, Jamil Chawki
  • Publication number: 20150381661
    Abstract: A method which makes it possible to manage access control between a first entity and a second entity belonging to two security domains in a cloud network is disclosed. In one aspect the method comprises, if the entities belong to security domains implementing different access control policies, determining whether there exists a first access control rule between the first entity and a virtual entity within the security domain of the first entity, and a second access control second rule between the second entity and the virtual entity within the security domain of the second entity. If so, the method may comprise controlling access between the first and second entities as a function of the first and second rules.
    Type: Application
    Filed: June 26, 2015
    Publication date: December 31, 2015
    Inventors: Ruan He, Yu Zhou
  • Publication number: 20150373148
    Abstract: A method for processing access requests and a web browser are disclosed. In one embodiment, the processing method may be applied by a gateway maintaining a database containing, for each from among a plurality of computer virtualization platforms, at least one service provided by this platform and connection information to this platform. In one embodiment, the method comprises receiving an access request to a computer virtualization service provided by a platform transmitted by a web browser of a terminal and, if the requested service is in the database, generating from associated connection information in the database with this service, a system application adapted to the service. The system application may be configured to connect to the platform to allow the terminal to negotiate the establishment and maintenance of a communication session with the latter. The method may also comprise sending the system application to the web browser.
    Type: Application
    Filed: December 16, 2013
    Publication date: December 24, 2015
    Inventors: Ruan He, Jamil Chawki
  • Publication number: 20150263902
    Abstract: Disclosed is a method comprising updating a first model describing a pool of computer and network resources and a second multi-level hierarchical model describing an entity, each level having at least one element containing one or more users of the entity and associated with an algorithm for allocating at least a portion of the pool, the union of the elements at any level containing all of the users, such that the first and second models represent a current state of the pool of resources and a current state of the entity. Upon request from a user to access a resource specified in the request, resources may be identified by applying the algorithms of the second model to the current state of the pool represented by the first model, verifying compatibility between the identified resources and the resource specified in the request, and rejecting the request in the event of incompatibility.
    Type: Application
    Filed: September 23, 2013
    Publication date: September 17, 2015
    Inventors: Ruan He, Jacques Lebourgeois, Julien Terrier
  • Publication number: 20150163225
    Abstract: One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants.
    Type: Application
    Filed: December 4, 2014
    Publication date: June 11, 2015
    Inventors: Ruan He, Xiangjun Qian
  • Publication number: 20150089572
    Abstract: A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.
    Type: Application
    Filed: March 26, 2013
    Publication date: March 26, 2015
    Inventors: Ruan He, Marc Lacoste, Aurélien Wailly
  • Publication number: 20140380048
    Abstract: In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier.
    Type: Application
    Filed: June 24, 2014
    Publication date: December 25, 2014
    Inventors: Ruan He, Xiangjun Qian