Providing differentiated QoS by dynamically segregating voice and video clients into different BSSIDs
Granted: July 21, 2020
Patent Number:
10721138
An access category assigned to stations making probe requests, based on a station type determined. Responsive to a voice access category type determination, deep packet inspection on one or more network packets from a specific flow of the specific station to identify a specific voice application running on the specific station can be performed. A GSSID is assigned to the specific station based on the specific voice application identified, each GSSID from a plurality of GSSIDs having…
Extending airtime fairness in WLANS (wireless local access networks) with selective dynamic allocation of quantum
Granted: July 14, 2020
Patent Number:
10716027
A set of priority parameters for network traffic on the data communication network is stored. Based on a specific application determination, based at least in part on a source IP address, a source port address, a destination IP address, a destination port address and a protocol, an airtime fairness ratio (ATR) for the session with a specific station from the set of priority parameters concerning application priority is assigned. A higher ATR results in more packets being stored in the…
Selective key caching for fast roaming of wireless stations in communication networks
Granted: July 14, 2020
Patent Number:
10715999
Authentication keys are selectively cached locally for faster roaming of wireless stations in a communication network. An attempt by a station to reassociate with an access point is detected. Responsive to identifying a key corresponding to the station as evidence of a previous association, the key is retrieved from the key cache without contracting a controller or an authentication server, for faster responses. At least one modified response frame is generated to include the identified…
Transfering soft tokens from one mobile device to another
Granted: July 7, 2020
Patent Number:
10708771
Systems and methods for securely transferring tokens from one device to another are provided. According to one embodiment, a token transfer request (TTR), requesting transfer of a soft token stored on a first mobile device to a second mobile device, is received by a provisioning server from the first device. A transfer activation code (TAC) is generated by the provisioning server responsive to receipt of token data associated with the soft token from the first device. The token data…
Mitigating effects of flooding attacks on a forwarding database
Granted: July 7, 2020
Patent Number:
10708299
Systems and methods for mitigating effects of source-Media Access Control (MAC) flooding attacks on a forwarding database (FDB) that maps MAC addresses to enhanced MAC Virtual Local Area Network (EMACVLAN) sub-interfaces of a physical Ethernet interface are provided. A Virtual Domain (VDOM) operating in transparent mode receives an ingress packet by an internal switch running on the virtualized network device via a sub-interface. When an entry, corresponding to a source MAC address of…
Detection and mitigation of time-delay based network attacks
Granted: July 7, 2020
Patent Number:
10708283
Systems and methods for mitigation of time-delay based network attacks are provided. According to one embodiment, an email directed to a user of an enterprise and containing a potentially malicious link is received by a mail server of the enterprise. At a first time, a file to which the potentially malicious link points is evaluated within a sandbox environment and a first hash value is generated based on contents of the file. At a second time, evaluating, by the sandbox environment, a…
User authentication via a combination of a fingerprint and a tactile pattern
Granted: July 7, 2020
Patent Number:
10706304
Systems and methods for authenticating a user by a combination of the user's fingerprint and a tactile pattern are provided. According to one embodiment, a computing device captures a tactile pattern that is drawn by a user's finger on a touch panel that is operationally connected to the computing device. The computing device captures one or more fingerprints of the user using a fingerprint reader component of the computing device at one or more locations on the touch panel while the…
Extension of Wi-Fi services multicast to a subnet across a wi-fl network using software-defined network (SDN) to centrally control data plane behavior
Granted: June 23, 2020
Patent Number:
10694341
Wi-Fi services multicast to a subnet in a software-defined network (SDN) are extended. An SDN controller centrally monitors a data plane of a Wi-Fi network. Advertisements for services within a first subnet by an advertising station are forwarded to the SDN controller. Parameters of the service of the advertising station are extracted for storage by performing deep packet inspection on the one or more packets. Queries for services within a second subnet by a querying station are also…
Building a cooperative security fabric of hierarchically interconnected network security devices
Granted: June 16, 2020
Patent Number:
10686839
Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, a CSF of multiple network security devices (NSDs) deployed within a protected network is constructed in a form of a tree, having a root node, one or more intermediate nodes and one or more leaf nodes, based on hierarchical interconnections among the NSDs by determining a relative upstream or downstream relationship among each NSD. Backend daemons of the NSDs…
DNS-enabled communication between heterogeneous devices
Granted: June 2, 2020
Patent Number:
10673815
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
Steering connection requests for an access point to a best-serving access point
Granted: May 12, 2020
Patent Number:
10652905
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…
Forensic analysis
Granted: May 12, 2020
Patent Number:
10652255
The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the…
Containing internet of things (IOT) analytics poisoning on wireless local access networks (WLANs)
Granted: May 5, 2020
Patent Number:
10645585
An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.
Hardware-based detection devices for detecting unsafe network traffic content and methods of using the same
Granted: May 5, 2020
Patent Number:
10645097
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired…
Generic and static detection of malware installation packages
Granted: April 14, 2020
Patent Number:
10621343
Systems and methods for generic and static detection of malware using machine learning are provided. According to one embodiment, a computing device receives an executable application or a part thereof. A package name associated with the received application is extracted. The received executable application is classified as being malicious or non-malicious based on evaluation of the package name using a language model. When the received executable application is classified as being…
Security information and event management
Granted: April 7, 2020
Patent Number:
10616258
Systems and methods for conducting correlation analysis for security events with assets attributes of a network by a SIEM device to enable more efficient reporting are provided. According to one embodiment, when a SIEM device obtains a security event, a risk level of the security event is calculated based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device. When the risk level meets a predetermined or…
Reducing redundant operations performed by members of a cooperative security fabric
Granted: March 17, 2020
Patent Number:
10595215
Systems and methods for coordinating security operations among members of a cooperative security fabric (CSF) are provided. According to one embodiment, a first network security appliance of a CSF receives incoming network traffic and determines if the incoming network traffic is transmitted from a second network security appliance based on the source address of the network traffic. If the incoming network traffic is from the second network security appliance, the first network security…
Configuring initial settings of a network security device via a hand-held computing device
Granted: March 17, 2020
Patent Number:
10594841
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…
Providing security in a communication network
Granted: March 17, 2020
Patent Number:
10594708
Systems and methods for optimizing system resources by selectively enabling various scanning functions of a network security device are provided. According to one embodiment, information specifying a set of reputable websites deemed to be trustworthy by one or more web filtering services is received by a network security device protecting a private network. One or more directives are received by the network security device from a network administrator via a GUI of the network security…
Securing internet of things (IOT) RF (radio frequency) location tags using source addresses to locate stations on a Wi-Fi network
Granted: March 3, 2020
Patent Number:
10579840
RF tags using source addresses to locate stations on a Wi-Fi network are secured. An RF location server receives a pseudo source address of an RF (radio frequency) tag from a station. The station obtains the pseudo source address while being within radio range of the RF tag and the station receiving a beacon frame from the RF tag. A source address for the RF tag is looked-up utilizing the pseudo source address, and a specific location for the RF tag is looked-up utilizing the source…
