IDENTIFYING NETWORK-BASED ATTACKS ON PHYSICAL OPERATIONAL TECHNOLOGY (OT) DEVICES WITH DECOY OT DEVICES
Granted: May 8, 2025
Application Number:
20250150488
An Operational Technology (OT) device database is trained by interrogating physical OT devices over the data communication network, and from responses, generating a profile for each interrogated physical OT device, each profile comprising at least data used to set up decoy OT devices that are virtualized to mirror each interrogated physical OT device. A list of local physical OT devices running on a remote private network is received from a specific deception appliance on the remote…
NETWORK ADDRESS TRANSLATION (NAT) HOLE PUNCHING OVER SOFTWARE-DEFINED WIDE AREA NETWORKING (SD-WAN) FOR LINK QUALITY SELECTION OF VIRTUAL PRIVATE NETWORKING (VPN) TUNNELS
Granted: May 8, 2025
Application Number:
20250150393
An outbound packet is detected from a client device of a first spoke destined to a client device of a second spoke over SD-WAN through a hub connecting the first and second spokes with IPSec tunneling. The first spoke is on a local enterprise network, the second spoke is on a remote enterprise network and the hub is on wide area network, and each of the first spoke, the second spoke and the hub are each ADVPN2.0 compatible. Responsive to the detection, a health check is performed on the…
ADJUSTING BEHAVIOR OF AN ENDPOINT SECURITY AGENT BASED ON NETWORK LOCATION
Granted: May 1, 2025
Application Number:
20250141933
Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the…
SYSTEMS AND METHODS FOR NETWORK FLOW REORDERING
Granted: April 24, 2025
Application Number:
20250133025
Various embodiments provide systems and methods for reordering processed network traffic.
CRYPTOGRAPHIC PROOFS FOR SEAMLESS SINGLE SIGN-ON (SSO) TO CLOUD SERVICES BASED ON ON-PREMISES AUTHENTICATION
Granted: April 3, 2025
Application Number:
20250112905
A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established…
SMART BSS-COLORING TO OVERCOME CO-CHANNEL-INTERFERENCE (CCI) FOR WI-FI6
Granted: April 3, 2025
Application Number:
20250113288
Scan reports are received by a Wi-Fi controller from a plurality of access points. Each scan report identifies neighboring BSSIDs with associated BSS-color within radio range and corresponding RSSI measurements. An OBSS can be detected by cross referencing scan reports. BSS color us modified to avoid a potential BSS collision. A station associated the potential BSS collision reports actual color collisions. An indication of the BSS color change is transmitted to one or more access points…
DYNAMICALLY MAXIMIZING SUB-CHANNEL BANDWIDTH UTILIZATION FOR OFDMA TRANSMISSIONS WITH ARTIFICIAL INTELLIGENCE (AI)
Granted: April 3, 2025
Application Number:
20250113254
Real-time statistics of station RU needs are received. Additionally, real-time statistics of access point RU allocation are received. Real-time statistics for stations and access point history are stored. An artificial intelligence (AI) predictive model is generated for each station based on historical traffic needs. AI model to allocate access point RUs for specific stations in real-time.
PREDICTIVE ARTIFICIAL INTELLIGENCE (AI)-BASED WIRELESS STATION LOAD BALANCING BASED ON ACCESS POINT UPLINK UTILIZATION
Granted: April 3, 2025
Application Number:
20250113251
An uplink utilization is monitored for each station connected to an access point over a wireless network, including jitter, latency, and dropped packets. Uplink utilization is monitored for access points that are neighbors to the access point, as determined from neighbor reports. An AI model is generated from monitoring data. When an uplink threshold of the access point has been exceeded at the access point. A new access point is selected from the AI model for at least one of the…
CROSS-PLATFORM NATIVE BROWSER ISOLATION
Granted: April 3, 2025
Application Number:
20250112954
Native Browser Isolation (NBI) distributes resource requirements over the network of clients that will be hosting a web browser. This works over the assumption that modern machines have the spare resources to run an isolated browser environment themselves, thus, not requiring a central mainframe to run the browser isolation (BI) system. The framework will provide means to run the browser in a separate environment from the host OS, provide graphic rendering for the isolated environment,…
ONLINE CODE SIMILARITY AND MALICIOUSNESS SEARCHING USING A VECTOR DATABASE
Granted: April 3, 2025
Application Number:
20250112936
Techniques relate generally to computer networks, and more specifically, for a web browser having a web browser extension for evaluating web requests using internal coordination to make asynchronous information synchronously available, prior to dispatching the web requests.
SOFTWARE DEFINED NETWORK ACCESS FOR ENDPOINT
Granted: April 3, 2025
Application Number:
20250112856
Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are…
HARDWARE-ASSISTED PASSIVE APPLICATION MONITORING
Granted: April 3, 2025
Application Number:
20250112850
A processor has hardware acceleration enabled during passive link quality measurement. The processor comprises a forwarding engine to passively gather link quality details from existing network sessions concerning a plurality of links. The link quality details comprise latency, jitter and packet loss. An SD-WAN path selection module identifies a link from the plurality of links for data packets of a current session using the link quality details. A transmission module sends data packets…
DYNAMIC ENV SETTING SIGNATURE BY TWO-DIMENSIONAL RANDOM KEY
Granted: April 3, 2025
Application Number:
20250111055
During an initial bootup in a bootloader of an SOC, a random number that is unique to the device is stored in secured storage. During a first bootup, a two-dimensional random key is stored in secure storage for encoding the ENV parameters. During a second (subsequent) bootup, the ENV parameters that are current in unsecured storage are compared against the ENV parameters that previously existed in order to identify a mismatch. A remediation security action can be taken responsive to a…
COORDINATION OF PROBE RESPONSE RESTRICTIONS IN MULTIPLE WI-FI 7 ACCESS POINT ON A WLAN
Granted: March 27, 2025
Application Number:
20250106737
A Wi-Fi controller receives notification of a probe request of a station that was received from each at least two of the at least two of the two or more Wi-Fi 7 access points of a multiple access point coordination group. The probe requests are each sourced from the station while within the at least partially overlapped radio signal coverage area. The Wi-Fi controller selects one of the at least two of the two or more access points to respond to the probe request with a probe response…
VIRTUAL PRIVATE CLOUD USER INTERFACE
Granted: March 27, 2025
Application Number:
20250106307
A method is disclosed. The method comprises receiving data for a virtual private cloud (VPC), receiving, via a graphical user interface (GUI), a request to access the VPC data and displaying, at the GUI, a resource page providing a filter view of VPC resources including in the VPC data.
SYSTEMS AND METHODS FOR TRAINING AN INSIDER ATTACK MODEL USING IMAGES HAVING BOTH REGION SPECIFICITY AND SPATIAL RELATIONSHIPS
Granted: March 27, 2025
Application Number:
20250103703
Systems, devices, and methods are disclosed that may be used for identifying potential insider attacks on a computer network.
SYSTEMS AND METHODS FOR USING VECTOR MODEL NORMAL EXCLUSION IN NATURAL LANGUAGE PROCESSING TO CHARACTERIZE A CATEGORY OF MESSAGES
Granted: March 20, 2025
Application Number:
20250094570
Systems, devices, and methods are disclosed in relation to a vector space model that may be used to characterize a category of messages. In one of many possible implementations, the frequency of words found within a piece of text is determined. These frequencies are compared against the frequencies of words within a given corpus like the Oxford English Corpus by first converting the frequencies to probabilities via the inverse cumulative distribution function assuming a normal…
MITIGATION OF ROGUE WI-FI 6E COMPATIBLE ACCESS POINTS
Granted: March 20, 2025
Application Number:
20250097711
A rogue Wi-Fi 6E access points are identified by on-wire data traffic of authorized Wi-Fi 6E access points. Data traffic is monitored across all access points for the rogue Wi-Fi 6E access points according to an SSID/BSSID scan table. In response, modified CSA values are sent from spoofed action frames that have a source BSSID of the rogue access points rather than the authenticated access point that transmits.
SINGLE SIGN-ON (SSO) IDENTIFICATION ACROSS NETWORKS
Granted: March 20, 2025
Application Number:
20250097210
The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is…
EMBEDDING AN ARTIFICIALLY INTELLIGENT NEURON CAPABLE OF PACKET INSPECTION AND SYSTEM OPTIMIZATION IN IPV6 ENABLED WLAN NETWORKS
Granted: March 20, 2025
Application Number:
20250097155
Responsive to matching a site prefix to IPV6 network traffic from clients, the traffic as intended, and responsive to not matching the site prefix, classifying the corresponding traffic as unintended. An initial rate of packet occurrence and predict load caused by intended traffic and predicting load caused by unintended traffic is calculated, based on an initial rate of packet occurrence. The predicted traffic loads are fed back by configuring behavior of network modules according to…
