Fortinet Patent Applications - Company Legal Profiles

SYSTEMS AND METHODS FOR EFFICIENTLY PROCESSING COMMUNICATIONS FOR MALICIOUS HYPERLINKS

Granted: March 6, 2025
Application Number: 20250080576
Systems, devices, and methods are discussed for mitigating security threats due to web-domain characteristic changes.

SYSTEMS AND METHODS FOR MULTIPLE POINT SASE ACCESS CONTROL

Granted: February 27, 2025
Application Number: 20250071552
Various systems, devices, storage media, and methods are discussed for performing secured access service edge (SASE) processing in a network potentially having multiple SASE processing capable devices.

SYSTEMS AND METHODS FOR LOGIN ANOMALY DETECTION WITH INTEGRATED FEEDBACK

Granted: February 27, 2025
Application Number: 20250071141
Systems, devices, and methods are discussed for detecting and/or mitigating the spread of computer malware in a network environment.

SYSTEMS AND METHODS FOR DEPLOYING AGENTLESS COUNTERMEASURES IN A NETWORK ENVIRONMENT

Granted: February 27, 2025
Application Number: 20250071138
Various approaches for providing network maintenance and health monitoring are discussed. In some cases, some approaches include systems, methods, and/or devices that provide for detecting problematic network behavior and deploying countermeasures in relation to the detected behavior without an agent operating on the device where the countermeasures are implemented.

SYSTEMS AND METHODS FOR HARDWARE ASSISTED INITIAL AND SUBSEQUENT EVENT DETECTION

Granted: February 27, 2025
Application Number: 20250071125
Systems, devices, and methods are discussed for network security using hardware accelerated network traffic classification capable of classifying network traffic as a first occurrence of a network traffic event or a subsequent occurrence of a network traffic event.

SYSTEMS AND METHODS FOR HEALTH BASED ROUTING IN AN SDWAN

Granted: February 27, 2025
Application Number: 20250071050
Various systems, devices, storage media, and methods are discussed for selecting communication paths based upon health status in a hub and spoke communication network.

STEERING FRAGMENTATION OF DATA PACKETS ON DATA COMMUNICATION NETWORKS BASED ON DATA PACKET SIZE

Granted: February 6, 2025
Application Number: 20250048182
When a data packet too big frame is received from the access point, activating fragmentation at the station. The data packet too big frame is responsive to a data packet being sent from the station to the access point and then being rejected as too big when sent from the access point to a network device due to the data packet being too large for processing by the network device. The fragmentation activated at the station and configured based on a maximum data packet size allowed by the…

DETECTING DATA TRAFFIC ANOMALIES IN INTERNET OF THINGS (IOT) DEVICES WITH UNSUPERVISED ISOLATION FOREST (IFOREST) MODEL

Granted: January 2, 2025
Application Number: 20250007924
Data traffic statistics are generated for each IoT device over a training sliding window. Feature vectors and frequency can be extracted from the data traffic statistics over the training sliding window. A plurality of iTrees of an iForest. New data traffic is received for the specific IoT device. New features are continuously extracting new feature vectors from the new data traffic of the IoT device over a detection sliding window. An instance anomaly score can then be calculated for…

DYNAMIC SUBCARRIERS ALLOCATION FOR SECURED WIRELESS NETWORKS

Granted: January 2, 2025
Application Number: 20250008499
A current activity score is periodically calculated for each Wi-Fi 6E station from the data traffic based on malicious activity identified for each Wi-Fi 6E station. Responsive to having OFDMA data to send downlink and more than two Wi-Fi 6E stations are addressed, a precedence between the stations involved in determined. A bandwidth quantity of subcarriers is dynamically allocated in a channel between the more than two stations with more bandwidth quantity allocated to a higher…

LOCAL BROWSER ISOLATION WITH VIDEO STREAMING TO PREVENT MALICIOUS ATTACKS

Granted: January 2, 2025
Application Number: 20250007953
A web page is fetched from the data communication network and load to the virtual machine of a web browser app running in a web browser. The web page continuously renders the web page in the virtual machine of the web browser app according to the configured security policies. A virtual screenshot module to continuously take virtual screenshots of the web page rendering, from the web browser app. Interactive objects are identified on the rendered web page, and replica interactive objects…

SINGLE SIGN-ON (SSO) IDENTIFICATION ACROSS NETWORKS

Granted: January 2, 2025
Application Number: 20250007899
The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is…

ADAPTIVE MULTICAST DATA RATE CONFIGURATION IN MANAGED WI-FI NETWORKS TO IMPROVE THROUGHPUT USING UNSUPERVISED MACHINE LEARNING

Granted: December 26, 2024
Application Number: 20240430734
A baseline multicast traffic is derived for an SSID from the network traffic statistics using unsupervised machine learning. Responsive to detecting a deterioration in the real-time network traffic statistics for the SSID in relation to the baseline throughput and the baseline multicast traffic, the multicast data rate can be adjusted to match the lowest unicast data rate for the SSID.

INTEGRATING 5G NETWORK SECURITY SERVICES WITH OTHER TYPES OF WIRELESS LOCAL ACCESS NETWORK (WLAN) SECURITY ON PRIVATE NETWORKS

Granted: December 26, 2024
Application Number: 20240430686
Security policies over a 5G private network are integrated with security policies over other wireless channels, such as a Wi-Fi private network, on a common private network. Security policies are set up for 5G, Wi-Fi, and wireless network combinations. An authenticated private cellular device connected to the private cellular network is detected as collocated with a second device connected to the second type of network. Responsive to the indication, adjusting the second device security…

AUTOMATIC CONFIGURATION OF SD-WAN LINK RULES ON A PER APPLICATION BASIS USING REAL-TIME NETWORK CONDITIONS

Granted: December 26, 2024
Application Number: 20240430159
A new link requests are received and an application making the request is identified. SD-WAN parameters are inferred from a protocol and network use behavior. A first parameter is a JLP loss requirement for the application, and can be either low JLP, medium JLP, or high JLP SLA level. A second parameter a downstream/upstream bandwidth capability requirement. Links are determined from the pool of available links that meet the JLP requirement. One of the links is selected for the new link…

CACHE LOOK UP DURING PACKET PROCESSING BY UNIFORMLY CACHING NON-UNIFORM LENGTHS OF PAYLOAD DATA IN A DUAL-STAGE CACHE OF PACKET PROCESSORS

Granted: December 26, 2024
Application Number: 20240427706
At a first stage, cells of a row of the index table are searched, using a portion of the unified hash value bits as index to identify the row of the index table. Also, a pointer to the content table is identified by comparing an index table tag of an entry of a cell with a calculated tag of the hash to identify a cell in the row. At a second stage, a cell is looked up in the content table, responsive to a match of calculated tag of the hash and index table tag of entry, comparing the…