Configuring initial settings of a network security device via a hand-held computing device
Granted: November 21, 2017
Patent Number:
9826063
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…
Managing transmission and storage of sensitive data
Granted: November 21, 2017
Patent Number:
9826023
Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic…
Cache management based on factors relating to replacement cost of data
Granted: November 14, 2017
Patent Number:
9819763
Systems and methods for a cache replacement policy that takes into consideration factors relating to the replacement cost of currently cached data and/or the replacement cost of requested data. According to one embodiment, a request for data is received by a network device. A cache management system running on the network device estimates, for each of multiple cache entries of a cache managed by the cache management system, a computational cost of reproducing data cached within each of…
Automated configuration of endpoint security management
Granted: November 14, 2017
Patent Number:
9819746
Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security…
Firewall policy management
Granted: November 14, 2017
Patent Number:
9819645
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
Secure cloud storage distribution and aggregation
Granted: November 14, 2017
Patent Number:
9817981
Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is…
Detection of spoof attacks on internet of things (IOT) location broadcasting beacons
Granted: October 24, 2017
Patent Number:
9800611
Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a…
Extension of Wi-Fi services multicast to a subnet across a Wi-Fi network using software-defined network (SDN) to centrally control data plane behavior
Granted: October 17, 2017
Patent Number:
9794757
Wi-Fi services multicast to a subnet in a software-defined network (SDN) are extended. An SDN controller centrally monitors a data plane of a Wi-Fi network. Advertisements for services within a first subnet by an advertising station are forwarded to the SDN controller. Parameters of the service of the advertising station are extracted for storage by performing deep packet inspection on the one or more packets. Queries for services within a second subnet by a querying station are also…
Automatic channel layering in a wi-fi communication system
Granted: October 17, 2017
Patent Number:
9794846
Deploying multiple access points on multiple wireless communication channels to optimize coverage area. Additional channels provide additional communication capability which multiple AP's, and their associated stations, can collectively use. An additional set of AP's can be disposed in the additional communication channel, with multiple communication channels possibly physically intersecting. The system control element collects information from devices in the wireless communication…
Multicast and unicast messages in a virtual cell communication system
Granted: October 17, 2017
Patent Number:
9794801
Reliable multicast delivery in wireless communication, even when a WS doesn't know its AP, is determined at the AP without the sending device. Multicast packets are received at each AP having destinations. Without altering those packets, the AP encapsulates them in an A-MSDU packet. Each A-MSDU packet is sent individually to each destination, and might encapsulate more than one multicast packet. Destinations might receive two streaming messages faster than if sent separately. AP's might…
Intelligent telephone call routing
Granted: September 26, 2017
Patent Number:
9774724
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log, containing information regarding sessions between internal extension numbers and external telephone numbers, is maintained by a call monitor of a telephone system. The internal extension numbers are associated with telephone extensions within the telephone system and the external telephone numbers are…
Updating content detection devices and systems
Granted: September 26, 2017
Patent Number:
9774621
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
Detection of undesired computer files using digital certificates
Granted: September 26, 2017
Patent Number:
9774607
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
Accelerating data communication using tunnels
Granted: September 26, 2017
Patent Number:
9774570
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN…
Detection of undesired computer files using digital certificates
Granted: September 26, 2017
Patent Number:
9774569
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
Operation of a dual instruction pipe virus co-processor
Granted: September 26, 2017
Patent Number:
9773113
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain…
DHCP agent assisted routing and access control
Granted: September 19, 2017
Patent Number:
9769115
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…
Optimization of MU-MIMO beamforming in a wi-fi communication network based on mobility profiles
Granted: September 19, 2017
Patent Number:
9769828
An access point associated on Wi-Fi portion of the communication network selectively groups stations according to a mobility profile. The mobility profile includes factors that characterize at least an amount of movement and current location for a station. Each station is assigned to a beamforming group of similar mobility profiles. A type of beamforming transmission is selected for each beamforming group based on mobility profiles of associated stations. The type of beamforming…
Examining and controlling IPv6 extension headers
Granted: September 19, 2017
Patent Number:
9769119
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
Wireless communication antennae for concurrent communication in an access point
Granted: September 12, 2017
Patent Number:
9761958
One or more access points in a wireless communication system, wherein at least one of those access points includes a set of more than one antennae capable of concurrent communication, and at least one of those more than one antennae is isolated from a remainder of that set of antennae during concurrent communication. Isolation includes one or more of disposed a first antenna in a null region of a second antenna, disposing a first antenna to communicate polarized and substantially…
