Socket application program interface (API) for efficient data transactions
Granted: June 26, 2018
Patent Number:
10009419
Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected…
Detecting malicious resources in a network based upon active client reputation monitoring
Granted: June 26, 2018
Patent Number:
10009361
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit…
Identifying nodes in a ring network
Granted: June 12, 2018
Patent Number:
9998337
Methods and systems for determining a token master on a ring network are provided. According to one embodiment, a ring controller of a first blade participating in the ring network receives an indication that an arbitration token originated by an originating blade has been received. The ring controller compares the priorities of the originating blade and the first blade. When the priority of the originating blade is higher, the ring controller transmits the arbitration token to the next…
Automatic channel selection in wireless local area network (WLAN) controller based deployments
Granted: June 5, 2018
Patent Number:
9992737
Wi-Fi channels are automatically selected in a WLAN controller based deployment. Scan results received from each of the plurality of access points comprise a list of neighboring access points from the plurality of access points relative to each access point. Responsive to a number of the plurality of access points exceeding a number of non-interfering channels, assigning each of the plurality of access points to a non-interfering channel with sharing of at least one of the…
Detection of undesired computer files using digital certificates
Granted: June 5, 2018
Patent Number:
9992165
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
Dynamically resizing aggregation windows based on network congestion feedback from mixed types of traffic in a wireless network
Granted: June 5, 2018
Patent Number:
9992127
Aggregation windows are dynamically resized based on network congestion feedback from VOIP and other mixed types of traffic. Feedback indicative of a level of network congestion on the data communication network where aggregate packets are transmitted is received. The network congestion level is checked to see if a predetermined threshold has been exceeded. Responsive to exceeding the threshold, the network congestion level is correlated to an optimal data field size for the aggregated…
Direct cache access for network input/output devices
Granted: May 29, 2018
Patent Number:
9985977
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network interface controller (NIC) of a network security device for each of multiple I/O device queues. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the NIC. The packet is parsed to identify boundaries of portions of the packet and…
Steering connection requests for an access point to a best-serving access point
Granted: May 29, 2018
Patent Number:
9986576
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…
Associating position information collected by a mobile device with a managed network appliance
Granted: May 29, 2018
Patent Number:
9986387
Systems and methods for obtaining and managing network appliance position information are provided. According to one embodiment, a network appliance controller establishes a network connection with a mobile device. The network appliance controller receives via the network connection from the mobile device identification information associated with a network appliance and position information. The network appliance controller associates the identification information with the position…
Enforcing compliance with a policy on a client
Granted: May 29, 2018
Patent Number:
9985994
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
Mobile hotspot managed by access controller
Granted: May 29, 2018
Patent Number:
9985931
Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs;…
Network flow analysis
Granted: May 29, 2018
Patent Number:
9985849
Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to…
Blocking communication between rogue devices on wireless local access networks (WLANs)
Granted: May 22, 2018
Patent Number:
9980145
Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those…
Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
Granted: May 15, 2018
Patent Number:
9973528
Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.
Automatic generation of logical maps for access point layouts
Granted: May 8, 2018
Patent Number:
9967709
A logical mapping of a plurality of access points is automatically generated. Each of the plurality of access points is plotted on a logical map. Lengths of connection lines between access points pairs are determined for each of the plurality of access points on the logical map. Connection lines are oriented in combination with adjustments to the plotted access points on the logical map to run connection lines between each of the access point pairs. Some of the access points are part of…
Service processing switch
Granted: May 8, 2018
Patent Number:
9967200
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a flow cache is established having multiple entries each identifying one of multiple VR flows through a VR-based network device and corresponding forwarding state information. A packet is received at an input port of a line interface module of the network device and forwarded to a VRE. Flow-based packet classification is performed by the VRE. An attempt is made to retrieve an…
High-availability cluster architecture and protocol
Granted: May 8, 2018
Patent Number:
9965368
Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of a high availability (HA) cluster. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a…
System and method of discovering paths in a network
Granted: April 24, 2018
Patent Number:
9954736
A method and apparatus that discovers and tests paths in a network is described. In an exemplary embodiment, a device discovers a path by discovering a plurality of equal cost segments between the first and second network elements of the plurality of network elements. The device further generates a plurality of test data packets, wherein each of the test data packets has a different characteristic. In addition, the device injects the plurality of test data packets in the first network…
System and method for securing virtualized networks
Granted: April 17, 2018
Patent Number:
9948607
Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A security policy for the dynamic…
Providing security in a communication network
Granted: April 17, 2018
Patent Number:
9948662
Systems and methods for optimizing system resources by selectively enabling various scanning functions relating to user traffic streams based on the level of trust associated with the destination are provided. According to one embodiment, a network security device within an enterprise network receives an application protocol request directed to an external network that is originated by a client device associated with the enterprise network. It is determined by the network security device…
