Evaluating trustworthiness of data transmitted via unencrypted wireless mobile communications
Granted: February 23, 2021
Patent Number:
10932127
Systems and methods for making local decisions regarding the trustworthiness of V2V communications are provided. According to one embodiment, a vehicle information packet is received by a vehicle connectivity subsystem of a connected car and is indicative of an attribute of a source from which the packet was received. The source purportedly represents a neighboring vehicle in proximity to the connected car. A trustworthiness value for the packet is determined based on the source and…
Deriving test profiles based on security and network telemetry information extracted from the target network environment
Granted: February 9, 2021
Patent Number:
10917325
Systems and methods for deriving test profiles for validating network devices based on security and network telemetry information extracted from the target network environment is provided. According to one embodiment, security and network telemetry information are extracted by a test generator during a monitoring period from one or more network devices running within a target network environment. Performance related parameters and data associated with the performance related parameters…
Embedding artificial intelligence for balancing access point processing load in IPV6 enabled networks
Granted: February 2, 2021
Patent Number:
10912015
Responsive to a CPU load of a specific access point surpassing a high CPU threshold value, each of the wireless stations is disassociated from the specific access point. A second access point within range of the disassociated wireless stations is identified. A current CPU load is determined for the second access point and determining RSSI values for the wireless station with respect to the second access points relative to other available access points. Responsive to a current CPU load…
Spectral efficient selection of station clusters for concurrent data transmissions in high efficiency WLANs (wireless local access networks) using unsupervised machine learning models
Granted: February 2, 2021
Patent Number:
10912003
For data packets are received from a plurality of sessions and associated with a plurality of transmitting Wi-Fi stations on the Wi-Fi network. The received data packets contend for access for transmission on the data communication network. Transmitting stations are grouped together when resource units are no longer available. Grouping can implement artificial intelligence such as K-means clustering.
Automatically syncing GTP roaming firewall device policies over a data communication network for network security over mobile devices roaming data services on a carrier network
Granted: February 2, 2021
Patent Number:
10911935
A GTP firewall device registers with a cloud-based GTP GSN objects server to receive IR.21 records for each of a plurality of carriers for which roaming data services are authorized for roaming mobile devices of the plurality of carriers. The cloud-based GTP GSN objects server distributes IR.21 records and updates to the plurality of carriers. The GTP firewall device receives substantially real-time updates to the IP addresses for IR.21 records of carriers from the cloud-based GTP GSN…
Check valve for preventing air backflow in a modular cooling system
Granted: January 5, 2021
Patent Number:
10888018
A cooling system for electrical and electronic devices for hot swapping of a fan module without affecting cooling efficiency due to air backflow, preventing stalling of newly installed exhaust device due to reverse rotation. A check valve assembly having an inlet side frame member, an outlet side frame member, and one or more non-symmetrical valve flaps, each flap having a movable part and a fixed part. The outlet side frame allows the flaps to open under suction pressure on side of the…
Over-the-air (OTA) Wi-Fi offloading
Granted: January 5, 2021
Patent Number:
10887795
Systems and methods for OTA Wi-Fi offloading are provided. According to one embodiment, a first AP of a private network provides connectivity between one or more wireless client devices and a wired network portion of the private network. The first AP is coupled to a switch via a first wired link. The first AP determines whether the traffic being transmitted on the first wired link exceeds a configurable or predefined threshold. When the determination is affirmative, the first AP offloads…
Blocking communication between rogue devices on wireless local access networks (WLANS)
Granted: December 29, 2020
Patent Number:
10880749
Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those…
Logical network abstraction for network access control
Granted: December 22, 2020
Patent Number:
10873607
Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. According to one embodiment, access policies are decoupled from underlying implementation details of access points by: (i) maintaining by a NAC device an access point model that maps logical networks to corresponding enforcement action implementations for the access points; and (ii) representing the access policies in a form of a current state of a particular endpoint…
SDN (software-defined networking) controller for self-provisioning of a wireless communication network using coordination of data plane behavior to steer stations to preferred access points
Granted: December 15, 2020
Patent Number:
10869217
A wireless communication network is self-provisioned using coordination of data plane behavior to steer stations to preferred access points. To do so, a policy concerning traffic flow for the wireless communication network is received. Data plane traffic flow is monitored at each of the plurality of access points distributed around the wireless communication network. At some point, it may be determined the data plane traffic flow at a first access point from needs to be reduced based on…
Mitigation of NTP amplification and reflection based DDoS attacks
Granted: December 15, 2020
Patent Number:
10868828
Systems and methods for mitigating DDoS attacks utilizing NTP are provided. According to one embodiment, a tracking table is maintained by a network security device protecting a private network. The tracking table contains information regarding NTP requests originated by clients of the private network and observed by the network security device. An NTP request sent from a client to an NTP server external to the private network is intercepted by the network security device. An NTP request…
Configuration of sub-interfaces to enable communication with external network devices
Granted: December 15, 2020
Patent Number:
10868792
Systems and methods for facilitating communication between applications associated with virtual domains (VDOMs) of a virtualized network device and an external network are provided. According to one embodiment, a sub-interface is created for a physical Ethernet interface of the network device. A unique MAC address is assigned to the sub-interface. An application associated with a first VDOM is bound to the sub-interface. When the first VDOM is operating in transparent mode and an egress…
Logical network abstraction for network access control
Granted: December 8, 2020
Patent Number:
10862895
Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. A NAC device maintains (i) an access point model that maps logical networks to a corresponding enforcement action implementation for each access point associated with a private network and (ii) access policies each specifying a current state of a particular endpoint device and an enforcement action, specified with reference to a logical network. Responsive to an event…
Policy-based configuration of internet protocol security for a virtual private network
Granted: November 17, 2020
Patent Number:
10841341
A method for performing policy-based configuration of IPSec for a VPN is provided. According to one embodiment, a request for a VPN connection to be established between a network device and a peer network device is received by the network device from the peer network device. Responsive to receipt of the request, the VPN connection is established by the network device in accordance with a policy associated with the request without requiring manual entry of VPN settings by a network…
Learning network topology and monitoring compliance with security goals
Granted: November 17, 2020
Patent Number:
10841279
Systems and methods for monitoring compliance with security goals by a network or part thereof are provided. According to one embodiment, a topology of a network segment of a private network is discovered by a network security device associated with the private network. Security policies implemented by one or more network security devices that form part of the network segment are learned by the network security device. Compliance with a security goal associated with the network segment…
Proactive network security assessment based on benign variants of known threats
Granted: November 17, 2020
Patent Number:
10839703
Systems and methods for performing a proactive assessment of the network security of a private network are provided. According to one embodiment, computer systems and users of the private network are caused to react to a benign variant of a network security threat (“benign threat”) by deploying the benign threat within the private network. The benign threat is created by leaving in tact symptoms and propagation mechanisms associated with the network security threat and replacing…
Systems and methods for centrally managed host and network firewall services
Granted: November 3, 2020
Patent Number:
10826941
A method for protecting an enterprise network includes, at a system that is remote from the enterprise network: controlling communications to and from the enterprise network according to a set of security policies; controlling endpoint to endpoint connections within the enterprise network according to the set of security policies; receiving a request for modifications to the set of policies; automatically generating a policy digest formatted according to a predefined format, the policy…
Synchronizing a forwarding database within a high-availability cluster
Granted: October 6, 2020
Patent Number:
10795912
Systems and methods for synchronizing an EMACVLAN FDB among cluster units of an HA cluster are provided. According to one embodiment, real-time synchronization of a first FDB maintained within a kernel space of a first network security operating system running on a primary unit and a second FDB maintained within a kernel space of a second network security operating system running on a secondary unit is performed by: transferring information regarding an entry from the kernel space of the…
Automated learning of externally defined network assets by a network security device
Granted: October 6, 2020
Patent Number:
10798061
Systems and methods for automated learning of externally defined network assets by a network security device are provided. According to one embodiment, updated information for a network asset associated with a private network is received by a network security device from an external asset management device associated with the private network. The updated information includes a change in a definition or an attribute of the network asset. The existence of a current definition and attribute…
Secure just-in-time (JIT) code generation
Granted: October 6, 2020
Patent Number:
10795989
A method of securely executing a Just-In-Time (JIT) compiled code in a runtime environment, comprising using one or more processors for receiving from a JIT executing process a request to compile in runtime a code segment, initiating a JIT compiling process to compile the code segment in order to generate an executable code segment, storing the executable code segment in a shared memory and providing to the JIT executing process a pointer to the executable code segment in the shared…
