Patents by Inventor Thierry C. Bessis

Thierry C. Bessis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8955090
    Abstract: A SIP firewall defends an IMS network against SIP registration-based DoS/DDoS attacks by issuing fake authentication challenges when suspiciously high registration traffic is present. The fake authentication challenges include a predictive nonce that is to be used in the challenge response, thus forcing users to be state-aware and to issue the SIP registration requests from valid IP address in order to successfully respond to the fake authentication challenges. Upon confirming an association between the challenge response and the fake authentication challenges, the firewall opens a registration window to a protected node of the core network. In such manner, the firewall opens a registration window to (unauthenticated) legitimate users while stopping DDoS mode of registrations (or at least making them extremely difficult and costly) without impacting or involving the protected node.
    Type: Grant
    Filed: January 10, 2011
    Date of Patent: February 10, 2015
    Assignee: Alcatel Lucent
    Inventors: Thierry C. Bessis, Ashwin V. Rana
  • Publication number: 20120180119
    Abstract: A SIP firewall defends an IMS network against SIP registration-based DoS/DDoS attacks by issuing fake authentication challenges when suspiciously high registration traffic is present. The fake authentication challenges include a predictive nonce that is to be used in the challenge response, thus forcing users to be state-aware and to issue the SIP registration requests from valid IP address in order to successfully respond to the fake authentication challenges. Upon confirming an association between the challenge response and the fake authentication challenges, the firewall opens a registration window to a protected node of the core network. In such manner, the firewall opens a registration window to (unauthenticated) legitimate users while stopping DDoS mode of registrations (or at least making them extremely difficult and costly) without impacting or involving the protected node.
    Type: Application
    Filed: January 10, 2011
    Publication date: July 12, 2012
    Applicant: ALCATEL-LUCENT USA INC.
    Inventors: Thierry C. Bessis, Ashwin V. Rana
  • Publication number: 20100302944
    Abstract: Various method and apparatus are provided directed to load allocation. In one embodiment, a distributor distributes a load to one of a plurality of peer nodes, each peer node having associated thereto a corresponding scalar based on a load factor value, the scalar of the one peer node satisfying a load management condition. The corresponding scalar of the plurality of peer nodes may be tested in a sequentially order until the load management condition is satisfied by the scalar of the one peer nodes. Testing may include threshold testing and begin with the scalar of a last remote peer node to which a most recent prior load was distributed. When the load management condition is satisfied by a scalar, it is decremented based on the load factor value, which may approximate a first number divided by the number of peer nodes in the plurality.
    Type: Application
    Filed: May 29, 2009
    Publication date: December 2, 2010
    Inventors: Thierry C. Bessis, Kenneth W. Brent, Alan Tang