Patents by Inventor Stephan Benny
Stephan Benny has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11936757Abstract: A method is provided method to control deployment of an application over a network in response to a client request sent over the network to access the application comprising: capturing at one or more first computing machines coupled to the network, an identifier of the requested application from the client request; sending information over the network from the one or more first computing machines coupled to the network to one or more second machines coupled to the network, wherein the information identifies the requested application and identifies a network address of an edge node at which to deploy the requested application; receiving the information at the one or more second machines coupled to the network; and causing by the one or more second machines coupled to the network, deployment of the application over the network to the edge node at the identified network address, based at least in part upon the received information.Type: GrantFiled: May 9, 2022Date of Patent: March 19, 2024Assignee: Rafay Systems, Inc.Inventors: Stephan Benny, Bheema Sarat Chandra Kaki, Haseeb Siddique Budhani, Chaitanya Srikrishna Angadala, Shashank Krishna Pachava
-
Publication number: 20230133809Abstract: A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).Type: ApplicationFiled: January 3, 2023Publication date: May 4, 2023Applicant: Akamai Technologies, Inc.Inventors: Seetharama Sarma Ayyadevara, Charles E. Gero, Stephan Benny, Pravin Tatti, Manoj Kumar, Seemant Choudhary, Robert Lauro Quiros, Priyatham Phani Srinath Adigopula, Poornima Venkatesha, Sr., Sumeet Gupta
-
Patent number: 11546444Abstract: A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).Type: GrantFiled: March 22, 2019Date of Patent: January 3, 2023Assignee: Akamai Technologies, Inc.Inventors: Seetharama Sarma Ayyadevara, Charles E. Gero, Stephan Benny, Pravin Tatti, Manoj Kumar, Seemant Choudhary, Robert Lauro Quiros, Priyatham Phani Srinath Adigopula, Poornima Venkatesha, Sr., Sumeet Gupta
-
Patent number: 11088872Abstract: In one embodiment, an apparatus includes a processor and logic configured to designate one of a plurality of endpoint virtual network identifiers (EPVNIDs) for each endpoint device in a network, wherein each EPVNID is configured to be shared by one or more endpoint devices, designate a common waypoint virtual network identifier (WPVNID) for all transparent waypoint devices in the network which perform a same function, designate a unique WPVNID for each routed waypoint device in the network, designate a common virtual network identifier (VNID) for all virtual switches in a single virtual network, wherein a different VNID is designated for each virtual network, and create a service chain table comprising each VNID, WPVNID, and EPVNID designated in the network individually correlated with at least a pair of VNIDs: a source VNID and a destination VNID, based on one or more policies affecting application of services to packets in the network.Type: GrantFiled: October 8, 2019Date of Patent: August 10, 2021Assignee: International Business Machines CorporationInventors: Stephan Benny, Amitabha Biswas, Rachappa B. Goni, Uday S. Nagaraj, Prashanth K. Nageshappa
-
Publication number: 20210176061Abstract: A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method.Type: ApplicationFiled: February 21, 2021Publication date: June 10, 2021Applicant: Akamai Technologies, Inc.Inventors: Seetharama Ayyadevara, Seemant Choudhary, Stephan Benny, Pundit Kandoi, Pravin Tatti
-
Patent number: 10931452Abstract: A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then forwarded for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted to recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method.Type: GrantFiled: August 22, 2017Date of Patent: February 23, 2021Assignee: Akamai Technologies, Inc.Inventors: Seetharama Ayyadevara, Seemant Choudhary, Stephan Benny, Punit Kandoi, Pravin Tatti
-
Patent number: 10834047Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.Type: GrantFiled: September 24, 2018Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Stephan Benny, Amitabha Biswas, Jayakrishna Kidambi
-
Publication number: 20200084066Abstract: In one embodiment, an apparatus includes a processor and logic configured to designate one of a plurality of endpoint virtual network identifiers (EPVNIDs) for each endpoint device in a network, wherein each EPVNID is configured to be shared by one or more endpoint devices, designate a common waypoint virtual network identifier (WPVNID) for all transparent waypoint devices in the network which perform a same function, designate a unique WPVNID for each routed waypoint device in the network, designate a common virtual network identifier (VNID) for all virtual switches in a single virtual network, wherein a different VNID is designated for each virtual network, and create a service chain table comprising each VNID, WPVNID, and EPVNID designated in the network individually correlated with at least a pair of VNIDs: a source VNID and a destination VNID, based on one or more policies affecting application of services to packets in the network.Type: ApplicationFiled: October 8, 2019Publication date: March 12, 2020Inventors: Stephan Benny, Amitabha Biswas, Rachappa B. Goni, Uday S. Nagaraj, Prashanth K. Nageshappa
-
Patent number: 10541836Abstract: A method includes receiving a packet from a first virtual machine (VM) in a distributed overlay virtual Ethernet (DOVE) network. A first virtual switch appends the packet with a tunnel header that is addressed for a second virtual switch. The first virtual switch acts as a virtual default gateway based on replacement of a first destination address for the virtual default gateway with a second destination address for a second VM. Multiple virtual gateways in the DOVE network share a same media access control (MAC) address.Type: GrantFiled: December 12, 2017Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Stephan Benny, Uday S. Nagaraj
-
Patent number: 10491424Abstract: In one embodiment, an apparatus includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to receive one or more packets to be switched to a next hop, the one or more packets indicating a destination address and a first virtual network identifier (VNID). The logic is also configured to cause the processor to send a query to a controller in order to determine a service chain for the one or more packets, the query including the first VNID and the destination address. Moreover, the logic is configured to cause the processor to receive a response that includes the next hop and a next routed hop for the one or more packets. Other systems, methods, and computer program products are described in accordance with more embodiments.Type: GrantFiled: January 6, 2017Date of Patent: November 26, 2019Assignee: International Business Machines CorporationInventors: Stephan Benny, Amitabha Biswas, Rachappa B. Goni, Uday S. Nagaraj, Prashanth K. Nageshappa
-
Publication number: 20190297161Abstract: A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).Type: ApplicationFiled: March 22, 2019Publication date: September 26, 2019Applicant: Akamai Technologies, Inc.Inventors: Seetharama Sarma Ayyadevara, Charles E. Gero, Stephan Benny, Pravin Tatti, Manoj Kumar, Seemant Choudhary, Robert Lauro Quiros, Priyatham Phani Srinath Adigopula, Poornima Venkatesha, SR., Sumeet Gupta
-
Patent number: 10412067Abstract: A system to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes, a frontend network interface that includes at least one first traffic director (FTD) instance; a network security interface that includes a plurality of traffic processing server (TPS) instances; a backend network interface that includes at least one backend traffic director (BTD) instance; and at least one agent that is associated with the application and that is disposed within the private application provider system; wherein a federated TLS ticket is used to filter TLS connection requests received by an FTD instance; and wherein a TLS extension is used to filter TLS connection requests received by a BTD instance.Type: GrantFiled: April 18, 2017Date of Patent: September 10, 2019Assignee: Akamai Technologies, Inc.Inventors: Seetharama Sarma Ayyadevara, Seemant Choudhary, Stephan Benny, Pravin Tatti, Punit Kandoi, Rohit Verma, Venukrishna Prasad
-
Patent number: 10320674Abstract: One embodiment includes using a bridge device in support of a kernel bridge infrastructure. The kernel bridge infrastructure is modified using netfilter hooks to prevent forwarding of broadcast packets between bridge ports and to set a source media access control (MAC) address of an egress packet to a corresponding MAC address of a virtual network interface card (vNIC).Type: GrantFiled: January 24, 2017Date of Patent: June 11, 2019Assignee: International Business Machines CorporationInventor: Stephan Benny
-
Publication number: 20190028427Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.Type: ApplicationFiled: September 24, 2018Publication date: January 24, 2019Inventors: Stephan Benny, Amitabha Biswas, Jayakrishna Kidambi
-
Patent number: 10129205Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.Type: GrantFiled: August 29, 2017Date of Patent: November 13, 2018Assignee: International Business Machines CorporationInventors: Stephan Benny, Amitabha Biswas, Jayakrishna Kidambi
-
Publication number: 20180102920Abstract: A method includes receiving a packet from a first virtual machine (VM) in a distributed overlay virtual Ethernet (DOVE) network. A first virtual switch appends the packet with a tunnel header that is addressed for a second virtual switch. The first virtual switch acts as a virtual default gateway based on replacement of a first destination address for the virtual default gateway with a second destination address for a second VM. Multiple virtual gateways in the DOVE network share a same media access control (MAC) address.Type: ApplicationFiled: December 12, 2017Publication date: April 12, 2018Inventors: Stephan Benny, Uday S. Nagaraj
-
Patent number: 9923732Abstract: A method includes encapsulating, by a first virtual switch, a packet from a first virtual machine (VM) into a tunneled packet by appending the packet with a tunnel header that is addressed for a second virtual switch, wherein the packet includes a first destination address for a virtual default gateway. The first virtual switch forwards an inner packet of the encapsulated packet to a second VM. The first virtual switch acts as a virtual default gateway based on replacement of a first destination address for the virtual default gateway with a second destination address for the second VM.Type: GrantFiled: July 13, 2016Date of Patent: March 20, 2018Assignee: International Business Machines CorporationInventors: Stephan Benny, Uday S. Nagaraj
-
Publication number: 20180069702Abstract: A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method.Type: ApplicationFiled: August 22, 2017Publication date: March 8, 2018Applicant: Akamai Technologies, Inc.Inventors: Seetharama Ayyadevara, Seemant Choudhary, Stephan Benny, Pundit Kandoi, Pravin Tatti
-
Publication number: 20170359304Abstract: Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status.Type: ApplicationFiled: August 29, 2017Publication date: December 14, 2017Inventors: Stephan Benny, Amitabha Biswas, Jayakrishna Kidambi
-
Publication number: 20170353437Abstract: A system to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes, a frontend network interface that includes at least one first traffic director (FTD) instance; a network security interface that includes a plurality of traffic processing server (TPS) instances; a backend network interface that includes at least one backend traffic director (BTD) instance; and at least one agent that is associated with the application and that is disposed within the private application provider system; wherein a federated TLS ticket is used to filter TLS connection requests received by an FTD instance; and wherein a TLS extension is used to filter TLS connection requests received by a BTD instanceType: ApplicationFiled: April 18, 2017Publication date: December 7, 2017Applicant: Akamai Technologies, Inc.Inventors: Seetharama Sarma Ayyadevara, Seemant Choudhary, Stephan Benny, Pravin Tatti, Punit Kandoi, Rohit Verma, Venukrishna Prasad