Power saving in Wi-Fi devices utilizing bluetooth
Granted: September 12, 2017
Patent Number:
9763186
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…
Policy based content filtering
Granted: September 12, 2017
Patent Number:
9762540
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is received at a networking subsystem of a firewall. The connection is characterized by a source IP address, a destination IP address and a network service protocol. The network service protocol of the network connection is determined. A matching firewall policy is identified for the connection. When the connection is allowed, it is…
Intelligent telephone call routing
Granted: September 5, 2017
Patent Number:
9756176
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log is maintained by a call monitor of a telephone system. The session log contains multiple call session records relating to telephone calls between internal extension numbers and external telephone numbers. An incoming telephone call from a telephone external to the telephone system is received by the call…
Context-aware pattern matching accelerator
Granted: September 5, 2017
Patent Number:
9756081
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…
Data leak protection in upper layer protocols
Granted: September 5, 2017
Patent Number:
9756017
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…
Automatic channel selection in wireless local area network (WLAN) controller based deployments using color graphs
Granted: August 22, 2017
Patent Number:
9743418
Wi-Fi channels are automatically selected in a WLAN controller based deployment. Scan results received from each of the plurality of access points comprise a list of neighboring access points from the plurality of access points relative to each access point. Responsive to a number of the plurality of access points exceeding a number of non-interfering channels, assigning each of the plurality of access points to a non-interfering channel with sharing of at least one of the…
Configuring initial settings of a network security device via a hand-held computing device
Granted: August 22, 2017
Patent Number:
9742872
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…
System and method for software defined behavioral DDoS attack mitigation
Granted: August 22, 2017
Patent Number:
9742800
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received…
Managing transfer of data in a data network
Granted: August 8, 2017
Patent Number:
9729655
A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.
Aggregated beacons for per station control of multiple stations across multiple access points in a wireless communication network
Granted: August 8, 2017
Patent Number:
9730125
A technique for providing per station control of multiple stations in a wireless network across multiple access points. A look-up table that assigns a station connected to the access point and at least one communication parameter to each of a plurality of persistent, uniquely-assigned BSSIDs (Basic Service Set Identifiers) is stored. An access point responds to messages addressed one of the plurality of persistent, uniquely-assigned BSSIDs and ignores messages addressed to other BSSIDs.…
System and method for software defined behavioral DDoS attack mitigation
Granted: August 8, 2017
Patent Number:
9729584
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation…
Filtering hidden data embedded in media files
Granted: August 8, 2017
Patent Number:
9729511
Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a…
System and method for integrated header, state, rate and content anomaly prevention for session initiation protocol
Granted: August 8, 2017
Patent Number:
9729509
Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop…
Policy-based content filtering
Granted: August 8, 2017
Patent Number:
9729508
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with…
System and method for dynamic management of network device data
Granted: August 8, 2017
Patent Number:
9729409
A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed…
Virtualization in a multi-host environment
Granted: August 8, 2017
Patent Number:
9727451
Methods and systems for implementing improved partitioning and virtualization in a multi-host environment are provided. According to one embodiment, multiple devices, including CPUs and peripherals, coupled with a system via an interconnect matrix/bus are associated with a shared memory logically partitioned into multiple domains. A first domain is associated with a first set of the devices and a second domain is associated with a second set of the devices. A single shared virtual map…
Calculating consecutive matches using parallel computing
Granted: August 8, 2017
Patent Number:
9727307
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
Method and system for dedicating processors for desired tasks
Granted: August 1, 2017
Patent Number:
9720739
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a system with N processors is dedicated for a desired task. The M (where M>0) of the N processors are dedicate to a task, thus, leaving N?M (N minus M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an…
Systems and methods for content type classification
Granted: July 25, 2017
Patent Number:
9716644
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
Systems and methods for content type classification
Granted: July 25, 2017
Patent Number:
9716645
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
