Patents by Inventor Yannick Dubuc
Yannick Dubuc has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250330457Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.Type: ApplicationFiled: June 24, 2025Publication date: October 23, 2025Applicant: Fortinet, Inc.Inventors: David Allen Redberg, Yannick Dubuc
-
Patent number: 12445428Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.Type: GrantFiled: September 29, 2023Date of Patent: October 14, 2025Assignee: Fortinet, Inc.Inventors: David Allen Redberg, Yannick Dubuc
-
Publication number: 20250112905Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.Type: ApplicationFiled: September 29, 2023Publication date: April 3, 2025Applicant: Fortinet, Inc.Inventors: David Allen Redberg, Yannick Dubuc
-
Patent number: 11451959Abstract: Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel between a client and the access point. In response to receipt of the authentication request, the authentication server validates the first MIC by receiving various attributes from the access point or the wireless LAN controller and determining a second MIC based on the client-specific pre-shared key of the client known to the authentication server and the received attributes so that the client-specific pre-shared key is validated to be authentic when the first MIC matches with the second MIC.Type: GrantFiled: September 30, 2019Date of Patent: September 20, 2022Assignee: Fortinet, Inc.Inventors: Carl M. Windsor, Ruben S. Wilson, Yannick Dubuc
-
Publication number: 20210099873Abstract: Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel between a client and the access point. In response to receipt of the authentication request, the authentication server validates the first MIC by receiving various attributes from the access point or the wireless LAN controller and determining a second MIC based on the client-specific pre-shared key of the client known to the authentication server and the received attributes so that the client-specific pre-shared key is validated to be authentic when the first MIC matches with the second MIC.Type: ApplicationFiled: September 30, 2019Publication date: April 1, 2021Applicant: Fortinet, Inc.Inventors: Carl M. Windsor, Ruben S. Wilson, Yannick Dubuc
-
Patent number: 10075457Abstract: Methods and systems for integrating a sandboxing service and distributed threat intelligence within an endpoint security application are provided. According to one embodiment, The method includes file system or operating system activity relating to a file accessible to an endpoint system is monitored by an endpoint security application running on the endpoint system. The endpoint security application determines whether the file has been previously analyzed for a threat status. When a result of the determining is negative, then the endpoint security application requests the threat status by submitting the file to a remote threat analysis engine with a request to perform a threat analysis on the file. Based on the determined threat status, the endpoint security application selectively allows or disallows performance of the file system or operating system activity.Type: GrantFiled: March 30, 2016Date of Patent: September 11, 2018Assignee: Fortinet, Inc.Inventors: Yannick Dubuc, Hai Liu, Heng Du, Yugang Du, Jonathan K. Seanor, Weining Wu, GangGang Zhang, Ronald Foo
-
Publication number: 20170289179Abstract: Methods and systems for integrating a sandboxing service and distributed threat intelligence within an endpoint security application are provided. According to one embodiment, The method includes file system or operating system activity relating to a file accessible to an endpoint system is monitored by an endpoint security application running on the endpoint system. The endpoint security application determines whether the file has been previously analyzed for a threat status. When a result of the determining is negative, then the endpoint security application requests the threat status by submitting the file to a remote threat analysis engine with a request to perform a threat analysis on the file. Based on the determined threat status, the endpoint security application selectively allows or disallows performance of the file system or operating system activity.Type: ApplicationFiled: March 30, 2016Publication date: October 5, 2017Applicant: Fortinet, Inc.Inventors: Yannick Dubuc, Hai Liu, Heng DU, Yugang Du, Jonathan K. Seanor, Weining Wu, GangGang Zhang, Ronald Foo
-
Publication number: 20100125898Abstract: Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. According to one embodiment, a program storage device readable by a network device associated with a service provider is provided. The program storage device tangibly embodies a program of instructions executable by a processor of the network device to perform method steps for authenticating users and establishing appropriate service sessions. An end user from whom a connection request is received is caused to be prompted for login credentials. The received login credentials are then caused to be authenticated by an authentication server. Responsive to successful authentication, a service session is established for the end user and customer separation is maintained among the multiple customers by creating a routing entry, according to which subsequent packets associated with the service session are routed, based on authentication attributes returned by the authentication server.Type: ApplicationFiled: December 17, 2009Publication date: May 20, 2010Applicant: FORTINET, INC.Inventors: Yannick Dubuc, Michael Rozhavsky, Randy Lee
-
Publication number: 20080028445Abstract: Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. In one embodiment, an augmented authentication database is provided, which includes routing information for multiple users. The routing information is intended to be used to facilitate routing of traffic flows to appropriate virtual networks of a network. A request on behalf of one of the users is received at an authentication interface of the network for access to a service provided by a first virtual network. Responsive to the request, login credentials of the user are authenticated against the augmented authentication database. Responsive to successful authentication, the authentication interface receives from the augmented authentication database routing information associated with the user and causes the user to be granted access to the service by causing traffic flow associated with the user to be routed to the first virtual network based on the routing information returned.Type: ApplicationFiled: July 7, 2007Publication date: January 31, 2008Applicant: FORTINET, INC.Inventors: Yannick Dubuc, Michael Rozhavsky, Randy Lee