Secure cloud storage distribution and aggregation
Granted: September 25, 2018
Patent Number:
10083309
Methods and systems for secure cloud storage are provided. According to one embodiment, file storage policies are maintained for users of an enterprise network by a trusted gateway device interposed between the network and multiple third-party cloud storage services. Responsive to receiving a request to store a local file from a user: (i) searchable encrypted data is created by the gateway corresponding to one or more of (a) content of the local file and (b) metadata associated with the…
Intelligent telephone call routing
Granted: September 11, 2018
Patent Number:
10075584
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log, containing information regarding sessions between internal extension numbers and external telephone numbers, is maintained by a call monitor of a telephone system. The internal extension numbers are associated with telephone extensions within the telephone system and the external telephone numbers are…
Denial-of-service (DoS) mitigation approach based on connection characteristics
Granted: September 11, 2018
Patent Number:
10075468
Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of…
Sandboxing protection for endpoints
Granted: September 11, 2018
Patent Number:
10075457
Methods and systems for integrating a sandboxing service and distributed threat intelligence within an endpoint security application are provided. According to one embodiment, The method includes file system or operating system activity relating to a file accessible to an endpoint system is monitored by an endpoint security application running on the endpoint system. The endpoint security application determines whether the file has been previously analyzed for a threat status. When a…
Packet routing using a software-defined networking (SDN) switch
Granted: September 11, 2018
Patent Number:
10075393
Systems and methods for an SDN switch that facilitates forwarding/differential routing decision determination are provided. A packet is received at an input port of the SDN switch. The switch includes a first and second set of flow processing units (FPUs). The packet is forwarded to a first FPU of the first set. Based on a flow table associated with the first FPU, it is determined whether the packet is to be forwarded to a network device or an output port. The packet is received from the…
Intelligent bridging of Wi-Fi flows in a software defined network (SDN)
Granted: September 4, 2018
Patent Number:
10069647
Wi-Fi flows are intelligently bridged in a software-defined network (SDN) controller of a wireless communication network that centrally coordinates data plane behavior. A default mode tunnels packets received at an access point to the SDN controller for layer 2 routing decisions. A bridging policy concerning bridging of specific types of traffic flows for the wireless communication network is received at the SDN. Data plane traffic flow for each of a plurality of access points…
Steering inherently autonomous wireless devices to access points based on MIMO (multiple input/ multiple output) capabilities of network components
Granted: September 4, 2018
Patent Number:
10070378
Network devices are steered based on VHT (very high throughput) capabilities, a first radio of the plurality of radios is assigned to MU-MIMO (multiple user-multiple input/multiple output) communication. The first radio is capable of communication using MU-MIMO and is backward-compatible for communication using SU-MIMO (single user-multiple input/multiple output). A second radio of the plurality of radios is assigned to SU-MIMO communication. A connection request is received from a…
Dynamic generation of per-station realm lists for hot spot connections
Granted: September 4, 2018
Patent Number:
10070359
Per-station realm lists are dynamically generating per-station for hot spot connections to access points by roaming stations. A query for a list of realms is received from a roaming station when connecting to a hot spot. Using an MAC address or other station identity, a list of available realms narrowed to a subset of per-station realms sent to the station. Narrowing is performed on-the-fly with respect to at least one aspects. A last N realms are retrieved from a database record…
Using location to detect location of network poisoning attacks in Wi-Fi based locationing
Granted: September 4, 2018
Patent Number:
10070263
Poisoning attacks are detected and resulting location data is excluded from location-based services. Rogue devices can use a MAC address in a source field of network data packet in order to appear as a trusted station to the access point in order to inject poisonous location data. Responsive to detecting that a change in location is suspicious, the change in location is excluded from the location-based service. Otherwise, the location change can be relied upon for providing the…
Systems and methods for passing network traffic content
Granted: September 4, 2018
Patent Number:
10069794
A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a size of the received content data. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a prescribed rate. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data before performing policy enforcement on the…
Systems and methods for detecting undesirable network traffic content
Granted: September 4, 2018
Patent Number:
10068090
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
Determining validity of location signal combinations for securing unmanned aerial vehicle (UAV) navigation
Granted: September 4, 2018
Patent Number:
10065746
A navigation security module of an unmanned aerial vehicle (UAV) receives a combination of signals from a location technology, each signal comprising at least a signal identification and location data. The combination of signal identifications is processed against known identifications. If the identification is not found, or if the combination of signal identification is not possible, the signal may be a rogue signal, resulting in a quarantine protocol.
Containing internet of things (IOT) analytics poisoning on wireless local access networks (WLANs)
Granted: August 21, 2018
Patent Number:
10057776
An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.
Soft token system
Granted: August 21, 2018
Patent Number:
10057763
Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the…
Cloud-based security policy configuration
Granted: August 21, 2018
Patent Number:
10057294
Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network security device of an enterprise are shared by the first network security device with other network security devices associated with the enterprise by logging into an shared enterprise cloud account. The shared security parameters are retrieved by a second…
Security threat detection
Granted: August 21, 2018
Patent Number:
10057284
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous…
Examining and controlling IPv6 extension headers
Granted: August 21, 2018
Patent Number:
10057213
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
Cardinality based packet processing in software-defined networking (SDN) switches
Granted: August 21, 2018
Patent Number:
10057193
Systems and methods for scalable SDN devices having ports/network interfaces mapped to cardinal flow processing (CFP) units are provided. According to one embodiment, an incoming packet is received, at a software-defined networking (SDN) switch. An ingress port on which the incoming packet was received is determined. A cardinal direction to which the ingress port is mapped is determined. Based on the determined cardinal direction, the SDN switch identifies a cardinal flow processing…
Securing internet of things (IOT) RF (radio frequency) location tags using source addresses to locate stations on a Wi-Fi network
Granted: August 21, 2018
Patent Number:
10055616
RF tags using source addresses to locate stations on a Wi-Fi network are secured. An RF location server receives a pseudo source address of an RF (radio frequency) tag from a station. The station obtains the pseudo source address while being within radio range of the RF tag and the station receiving a beacon frame from the RF tag. A source address for the RF tag is looked-up utilizing the pseudo source address, and a specific location for the RF tag is looked-up utilizing the source…
Hardware accelerator for packet classification
Granted: August 14, 2018
Patent Number:
10051093
Systems and methods for packet classification hardware acceleration are provided. According to one embodiment, a packet classification hardware accelerator system includes multiple packet classification hardware units, a memory and a cache subsystem. The packet classification hardware units are each capable of operation in parallel on a corresponding decision tree of multiple decision trees that have been derived from respective subsets of a common ruleset defining packet classification…
