Patents by Inventor Yoshio Turner

Yoshio Turner has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11075955
    Abstract: A control system authorizes access to a networked resource. The control system includes a client agent associated with a client resource running at a user device, and a destination agent associated the networked resource. The client agent transparently injects one or more identity tokens associated with the client resource and one or more access tokens associated with the networked resource into a network request issued by the client resource and directed to the networked resource. The destination agent intercepts the network request and uses the access tokens to selectively route the network request in accordance with one or more security policies associated with the access tokens.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: July 27, 2021
    Assignee: BanyanOps, Inc.
    Inventors: Jayanth Gummaraju, Tarun Desikan, Yoshio Turner
  • Patent number: 10992520
    Abstract: Example implementations disclosed herein can be used to generate composite network policy graphs based on multiple network policy graphs input by network users that may have different goals for the network. The resulting composite network policy graph can be used to program a network so that it meets the requirements necessary to achieve the goals of at least some of the network users. In one example implementation, a method can include receiving multiple network policy graphs, generating composite endpoint groups based on relationships between endpoint groups and policy graph sources, generating composite paths based on the relationships between the endpoints and the network policy graphs, generating a composite network policy graph based on the composite endpoint groups and the composite paths, and analyzing the composite network policy graph to determine conflicts or errors.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: April 27, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Junggun Lee, Chaithan M. Prakash, Charles F. Clark, Dave Lenrow, Yoshio Turner, Sujata Banerjee, Yadi Ma, Joon-Myung Kang, Puneet Sharma
  • Patent number: 10868757
    Abstract: Example embodiments relate to providing efficient routing in software defined networks. In example embodiments, an indirect group table includes a first group entry that is associated with a first route tree in a software defined network, wherein the indirect group table affects a plurality of forwarding table entries associated with the first group entry. A failure is detected in the first route tree during a data transmission, and a notification of the failure is sent to a remote controller device, where the remote controller device identifies a second route tree that does not include the failure. After the remote controller device updates the first group entry to be associated with the second route tree, the data transmission is performed using the second route tree.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: December 15, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Jose Renato G. Santos, Yoshio Turner, Mike Schlansker, Jean Tourrilhes
  • Patent number: 10728171
    Abstract: Disclosed herein are a system, non-transitory computer readable medium, and method for governing communications of a bare metal guest in a cloud network. A network interface handles packets of data in accordance with commands by a control agent.
    Type: Grant
    Filed: April 30, 2013
    Date of Patent: July 28, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Jeffrey Clifford Mogul, Jose Renato G. Santos, Yoshio Turner, Kevin T. Lim
  • Patent number: 10644951
    Abstract: In some examples, input network policies are combined to form a composite network policy, each input network policy of the input network policies specifying at least one characteristic of communications allowed between endpoint groups in a network. Metadata associated with the composite network policy is added, the metadata including information regarding a reason for disallowance of a communication between endpoint groups.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: May 5, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Yoshio Turner, Jeongkeun Lee, Charles F. Clark
  • Publication number: 20190387025
    Abstract: A control system authorizes access to a networked resource. The control system includes a client agent associated with a client resource running at a user device, and a destination agent associated the networked resource. The client agent transparently injects one or more identity tokens associated with the client resource and one or more access tokens associated with the networked resource into a network request issued by the client resource and directed to the networked resource. The destination agent intercepts the network request and uses the access tokens to selectively route the network request in accordance with one or more security policies associated with the access tokens.
    Type: Application
    Filed: August 26, 2019
    Publication date: December 19, 2019
    Inventors: Jayanth Gummaraju, Tarun Desikan, Yoshio Turner
  • Patent number: 10425293
    Abstract: Example implementations disclosed herein can be used to allocate network resources in a software defined network (SDN). In one example implementation, a method can include receiving a plurality of resource allocation proposals from a plurality of controller modules, instructing the controller modules to generate votes for the plurality of resource allocation proposals, and selecting one of the plurality of resource allocation proposals based on the votes to instantiate the selected resource allocation proposal in the SDN.
    Type: Grant
    Filed: July 30, 2014
    Date of Patent: September 24, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Alvin AuYoung, Yadi Ma, Sujata Banerjee, Junggun Lee, Puneet Sharma, Yoshio Turner
  • Patent number: 10397278
    Abstract: A control system facilitates communication between a plurality of networked services. The control system includes a client agent associated with a first service of the networked services, and a destination agent associated with a second service of the networked services. The client agent includes an injection mechanism that intercepts a network request issued by the first service, transparently injects a token into the network request while the network request is in transit, and automatically transmits the network request to the second service in accordance with one or more security policies associated with the second service. The destination agent includes an interception mechanism that intercepts the network request, extracts the tokens from the network request, and determines whether to forward the network request to the second service.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: August 27, 2019
    Assignee: BanyanOps, Inc.
    Inventors: Jayanth Gummaraju, Tarun Desikan, Yoshio Turner
  • Publication number: 20190097919
    Abstract: Example embodiments relate to providing efficient routing in software defined networks. In example embodiments, an indirect group table includes a first group entry that is associated with a first route tree in a software defined network, wherein the indirect group table affects a plurality of forwarding table entries associated with the first group entry. A failure is detected in the first route tree during a data transmission, and a notification of the failure is sent to a remote controller device, where the remote controller device identifies a second route tree that does not include the failure. After the remote controller device updates the first group entry to be associated with the second route tree, the data transmission is performed using the second route tree.
    Type: Application
    Filed: November 26, 2018
    Publication date: March 28, 2019
    Inventors: JOSE RENATO G. SANTOS, Yoshio Turner, Mike Schlansker, Jean Tourrilhes
  • Patent number: 10142220
    Abstract: Example embodiments relate to providing efficient routing in software defined networks. In example embodiments, an indirect group table includes a first group entry that is associated with a first route tree in a software defined network. A failure is detected in the first route tree during a data transmission, and a notification of the failure is sent to a remote controller device, where the remote controller device identifies a second route tree that does not include the failure. After the remote controller device updates the first group entry to be associated with the second route tree, the data transmission is performed using the second route tree.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: November 27, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Jose Renato G. Santos, Yoshio Turner, Mike Schlansker, Jean Tourrilhes
  • Patent number: 10079744
    Abstract: Identifying a component within an application executed in a network includes obtaining a traffic matrix, the traffic matrix defining a rate for which packets of data are exchanged between VMs corresponding to an application, analyzing the traffic matrix to identify VMs within a component, modifying the traffic matrix to create a modified traffic matrix, and defining, for the application, a tenant application graph (TAG) model based on the modified traffic matrix.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: September 18, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Jung Gun Lee, Yoshio Turner, Sujata Banerjee
  • Publication number: 20180227185
    Abstract: In some examples, input network policies are combined to form a composite network policy, each input network policy of the input network policies specifying at least one characteristic of communications allowed between endpoint groups in a network. Metadata associated with the composite network policy is added, the metadata including information regarding a reason for disallowance of a communication between endpoint groups.
    Type: Application
    Filed: July 22, 2015
    Publication date: August 9, 2018
    Inventors: Yoshio Turner, Jeongkeun Lee, Charles F. Clark
  • Publication number: 20180139096
    Abstract: Each network policy of network policies specifies at least one characteristic of communications allowed between endpoint groups, each endpoint group of the endpoint groups including at least one endpoint. The network policies are merged according to composition constraints included in the network policies.
    Type: Application
    Filed: May 15, 2015
    Publication date: May 17, 2018
    Inventors: Jeongkeun Lee, Yoshio Turner, Sujata Banerjee
  • Publication number: 20180034858
    Abstract: A control system facilitates communication between a plurality of networked services. The control system includes a client agent associated with a first service of the networked services, and a destination agent associated with a second service of the networked services. The client agent includes an injection mechanism that intercepts a network request issued by the first service, transparently injects a token into the network request while the network request is in transit, and automatically transmits the network request to the second service in accordance with one or more security policies associated with the second service. The destination agent includes an interception mechanism that intercepts the network request, extracts the tokens from the network request, and determines whether to forward the network request to the second service.
    Type: Application
    Filed: July 27, 2017
    Publication date: February 1, 2018
    Inventors: Jayanth Gummaraju, Tarun Desikan, Yoshio Turner
  • Patent number: 9794185
    Abstract: According to an example, a method for bandwidth guarantee and work conservation includes determining virtual machine (VM) bandwidth guarantees assigned to VMs in a network including a source VM that communicates with destination VMs. The method further includes assigning minimum bandwidth guarantees to communications between the source VM with the destination VMs by dividing a VM bandwidth guarantee assigned to the source VM between the destination VMs based on active VM-to-VM communications between the source VM and the destination VMs. The method also includes allocating, by a processor, spare bandwidth capacity in the network to a communication between the source VM and a destination VM based on the assigned minimum bandwidth guarantees.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: October 17, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Lucian Popa, Praveen Yalagandula, Sujata Banerjee, Jeffrey C. Mogul, Yoshio Turner, Jose Renato G. Santos
  • Publication number: 20170237654
    Abstract: Examples relate to fast failover recovery in software defined networks. In some examples, a failure in a first primary tree is detected during data transmission of a data packet, where the primary tree is associated with a first group entry that is configured to direct each of the data packets to one of a first set of destination devices. A notification of the failure is sent to a remote controller device, where the remote controller device identifies backup trees of the route trees that does not include the failure. After the remote controller device updates the first group entry to be associated with a first backup tree that minimizes congestion, each of the data packets are sent to one of a second set of destination devices that are associated with the first backup tree.
    Type: Application
    Filed: March 25, 2015
    Publication date: August 17, 2017
    Inventors: Yoshio Turner, Hyojoon Kim
  • Publication number: 20170222873
    Abstract: Example implementations disclosed herein can be used to generate composite network policy graphs based on multiple network policy graphs input by network users that may have different goals for the network. The resulting composite network policy graph can be used to program a network so that it meets the requirements necessary to achieve the goals of at least some of the network users. In one example implementation, a method can include receiving multiple network policy graphs, generating composite endpoint groups based on relationships between endpoint groups and policy graph sources, generating composite paths based on the relationships between the endpoints and the network policy graphs, generating a composite network policy graph based on the composite endpoint groups and the composite paths, and analyzing the composite network policy graph to determine conflicts or errors.
    Type: Application
    Filed: November 6, 2014
    Publication date: August 3, 2017
    Inventors: Jung Gun Lee, Chaithan M. Prakash, Charles F. Clark, Dave Lenrow, Yoshio Turner, Sujata Banerjee, Yadi Ma, Joon-Myung Kang, Puneet Sharma
  • Publication number: 20170222931
    Abstract: Examples relate to dynamic allocation of flow table capacity. In some examples, packet-in events of a networking device are monitored and processed to create active flow entries in a flow table. After detecting that the packet-in events at the networking device exceed an overload threshold, the active allocation of the flow table is increased. At this stage, a backup flow is removed from the flow table based on the active allocation.
    Type: Application
    Filed: September 29, 2014
    Publication date: August 3, 2017
    Inventors: Yoshio Turner, Jose Renato G. Santos, Hyojoon Kim
  • Publication number: 20170163493
    Abstract: Example implementations disclosed herein can be used to allocate network resources in a software defined network (SDN). In one example implementation, a method can include receiving a plurality of resource allocation proposals from a plurality of controller modules, instructing the controller modules to generate votes for the plurality of resource allocation proposals, and selecting one of the plurality of resource allocation proposals based on the votes to instantiate the selected resource allocation proposal in the SDN.
    Type: Application
    Filed: July 30, 2014
    Publication date: June 8, 2017
    Applicant: Hewlett Packard Enterprise Development LP
    Inventors: Alvin AuYoung, Yadi Ma, Sujata Banerjee, Juggun Lee, Puneet Sharma, Yoshio Turner
  • Publication number: 20170046188
    Abstract: Placing virtual machines (VMs) on physical hardware to guarantee bandwidth includes obtaining a Tenant Application Graph (TAG) model, the TAG model representing a network abstraction model based on an application communication structure between VMs of components, determining bandwidths for the components based on the TAG model, and placing the VMs of the components on physical hardware based on the bandwidths for the components.
    Type: Application
    Filed: April 24, 2014
    Publication date: February 16, 2017
    Inventors: Jung Gun LEE, Yoshio TURNER, Sujata BANERJEE