Increasing downstream network throughput from access points in data communication systems using transmit opportunities from RTS (request to send)frame errors
Granted: July 6, 2021
Patent Number:
11057932
A sender of the RTS frame is decoded based on the symbol error sequence and a station database within the access point, even if there is a CRC (cyclical redundancy checking) failure. The access point seizes the transmit opportunity during RTS reception failure, as collision results in higher back off window before stations can transmit. To minimize the impact of collision on voice clients, some embodiments prioritize transmission of voice packets within the new transmit opportunity.
Increasing throughput density of TCP traffic on a hybrid data network having both wired and wireless connections by modifying TCP layer behavior over the wireless connection while maintaining TCP protocol
Granted: July 6, 2021
Patent Number:
11057501
A WLAN driver of the TCP proxy device transmits network packets transmitted from a sender device over the data communication network to a wireless station. TCP network packets are diverted to a TCP proxy pipeline. First, the wireless receiver device is emulated to a wireless sender device by providing an ACK packet to the sender device in order to close the TCP session on the sender side by responding to a TCP handshake with the sender device. Second, the sender device is emulated to a…
Hybrid cluster architecture for reverse proxies
Granted: July 6, 2021
Patent Number:
11057478
Systems and methods for an improved HA cluster architecture that provides for seamless failover while also maintaining full processing capacity are provided. According to one embodiment, each member of a hybrid HA cluster of reverse proxy network security devices is configured to operate in an active mode or in a backup mode. A primary member of a set of active members of the cluster receives and processes network traffic. The cluster detects existence of a failure scenario of multiple…
Detecting poisoning attacks of internet of things (IOT) location beacons in wireless local area networks (WLANS) with silence periods
Granted: July 6, 2021
Patent Number:
11057398
Poisoning attacks by spoofing location beacons in a WLAN are detected using silence periods. A location beacon identifier is received from a mobile device allegedly within range of a location device transmitting location beacons, along with a timestamp of transmission for each of the location beacons. Also silence periods associated with the location device, during which transmissions of location beacons are temporarily discontinued, and which are unknown to the public, are determined or…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057346
The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network…
Security fabric for internet of things (IoT)
Granted: July 6, 2021
Patent Number:
11057345
The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057344
The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
DNS (domain name server)-based application-aware routing on SD-WAN (software-defined wide access network)
Granted: July 6, 2021
Patent Number:
11057304
Applications associated with the network data packet are identified by parsing the network data packet of the received network data packets to identify a second-level domain from a destination IP address and searching the second-level domain database to identify the application associated with the second-level domain. It is determined whether the network data packet comprises a DNS packet or a non-DNS packet. Responsive to the network data packet comprising a DNS packet, a second-level…
DHCP agent assisted routing and access control
Granted: June 22, 2021
Patent Number:
11044138
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…
Natively mounting storage for inspection and sandboxing in the cloud
Granted: June 15, 2021
Patent Number:
11036856
Systems and methods for continuously scanning and/or sandboxing files to protect users from accessing infected files by natively mounting public cloud file stores are provided. According to one embodiment, a determination is made by a network security device that is protecting the enterprise network regarding whether an untrusted file stored within a first repository of a public cloud file store, which is natively mounted on the network security device, is a clean file that is free of…
Forensic analysis
Granted: June 8, 2021
Patent Number:
11032301
A forensic analysis method performed in respect of an endpoint device connected to a computer network. The forensic analysis method comprises collecting file system call data from the endpoint device. The file system call data corresponds to a plurality of system calls relating to file system operations arising from activity performed on the endpoint device. The forensic analysis method also comprises collecting network communication metadata from the endpoint device. The network…
Controlling bandwidth usage by media streams by limiting streaming options provided to client systems
Granted: June 1, 2021
Patent Number:
11025970
Systems and methods for controlling network bandwidth utilization by media streaming services are provided. According to one embodiment, a data stream associated with streaming media content being requested from an external service provider by a client device associated with a private network is intercepted by a network manager associated with the private network. Streaming options made available for streaming the streaming media content are limited by the network manager by: (i)…
Security sanitization of USB devices
Granted: June 1, 2021
Patent Number:
11023575
Methods and systems for performing security sanitization of Universal Serial Bus (USB) devices are provided. According to one embodiment, existence of a Universal Serial Bus (USB) device connected to a USB port of a network security device is detected by the network security device. Responsive thereto, read and write access to a memory of the USB device is facilitated, by mounting, by the network security device, the USB device within a file system of the network security device.…
Building a cooperative security fabric of hierarchically interconnected network security devices
Granted: May 25, 2021
Patent Number:
11019029
Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a…
Optimization of MU-MIMO beamforming in a Wi-Fi communication network based on mobility profiles
Granted: May 11, 2021
Patent Number:
11006422
An access point associated on Wi-Fi portion of the communication network selectively groups stations according to a mobility profile. The mobility profile includes factors that characterize at least an amount of movement and current location for a station. Each station is assigned to a beamforming group of similar mobility profiles. A type of beamforming transmission is selected for each beamforming group based on mobility profiles of associated stations. The type of beamforming…
DNS-enabled communication between heterogeneous devices
Granted: April 27, 2021
Patent Number:
10992641
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
Application-specific airtime fairness in WLANS (wireless local access networks) based on time sensitivity of applications
Granted: April 20, 2021
Patent Number:
10986642
Network packets are pre-processed and stored in network queues based on time sensitivity and other factors. More specifically, a specific application associated with a specific session of the network packets locally at the access point is determined. An ATR is adjusted based on a priority of the application with respect to time sensitivity. Other factors include throughput capability of a wireless device.
Generating design verification test cases using a restricted randomization process based on variable dependencies
Granted: April 20, 2021
Patent Number:
10984158
Systems and methods for generating design verification test cases using a restricted randomization process are provided. According to one embodiment, a processor of a hardware design verification system receives a set of restrictions and defines a scenario involving the values that is to be excluded from the test case. The processor also receives pre-assigned values for one or more variables. For each variable other than the one or more variables, the processor assigns a first random…
Automatic virtual private network (VPN) establishment
Granted: April 13, 2021
Patent Number:
10979395
Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection…
Reliable call hand-off from cellular networks to Wi-Fi networks
Granted: March 30, 2021
Patent Number:
10966131
Reliable call hand-offs from a cellular network to a Wi-Fi network. A hand-off controller detects a hand-off condition (e.g., hand-off request, potential/predicted hand-off request) and, in response, initiates a test call. For example, a telephone call made through a smart phone, using a cellular network (e.g., Verizon, AT&T or Sprint) can be handed over to a hot spot at a Starbucks. In response to detecting an available data network, transmission quality for VOIP conditions is…
