Direct cache access for network input/output devices
Granted: August 9, 2016
Patent Number:
9413726
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the…
Hardware-accelerated packet multicasting
Granted: August 2, 2016
Patent Number:
9407449
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first packet to be multicast to a first destination and a second packet to be multicast to a second destination are received. The first and second packets are classified in accordance with different virtual routers (VRs) of multiple VRs instantiated by a virtual routing engine (VRE) of a virtual routing system by determining a first selected VR to multicast the first packet and a…
Virtual memory protocol segmentation offloading
Granted: July 26, 2016
Patent Number:
9401976
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of…
Policy-based selection of remediation
Granted: July 12, 2016
Patent Number:
9392024
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the…
Tunnel interface for securing traffic over a network
Granted: July 12, 2016
Patent Number:
9391964
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
Soft token system
Granted: July 5, 2016
Patent Number:
9386014
Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first…
Hardware based detection devices for detecting network traffic content and methods of using the same
Granted: June 21, 2016
Patent Number:
9374384
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired…
Remotely processing detection of undesirable network traffic content
Granted: June 21, 2016
Patent Number:
9374338
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
Optimizing multimedia streaming in WLANs (wireless local access networks)
Granted: June 14, 2016
Patent Number:
9369744
An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target…
Systems and methods for detecting and preventing flooding attacks in a network environment
Granted: June 7, 2016
Patent Number:
9363277
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
Efficient data transfer in a virus co-processing system
Granted: May 31, 2016
Patent Number:
9355251
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing…
Blocking communication between rogue devices on wireless local access networks (WLANS)
Granted: May 24, 2016
Patent Number:
9351166
Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those…
Vulnerability-based remediation selection
Granted: May 24, 2016
Patent Number:
9349013
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a…
Firewall policy management
Granted: May 10, 2016
Patent Number:
9338134
Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report…
Facilitating content accessibility via different communication formats
Granted: May 3, 2016
Patent Number:
9331979
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate content delivery network. A content request is received from a client. The content request relates to web page content published by a content publisher in an Internet Protocol version 4 (IPv4) format or an Internet Protocol version 6 (IPv6) format that is obtained by the content…
Heterogeneous media packet bridging
Granted: May 3, 2016
Patent Number:
9331961
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network interfaces, including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application.…
Centralized management of access points
Granted: May 3, 2016
Patent Number:
9331900
Systems and methods are provided for centralized access, control, and management of access points (AP) in a network architecture to facilitate easy and efficient maintenance and monitoring of access points, for example. Systems and methods are also provided for assigning unique identifiers to one or more access points, and use the identifiers through an interface, such as a command line interface (CLI) of an access controller (AC), to manage and monitor the one or more access points…
Network advertising system
Granted: April 26, 2016
Patent Number:
9324081
Systems and methods for transmitting content to a client via a communication network are provided. In one embodiment, a method of transmitting unsolicited content, such as an advertisement, to a client via the Internet may include one or more of the following steps: 1) intercepting a data transfer protocol request/response; 2) analyzing information contained within the data transfer protocol request/response; 3) selecting advertising content to send to the client; and 4) sending the…
Restricting broadcast and multicast traffic in a wireless network to a VLAN
Granted: April 26, 2016
Patent Number:
9326144
Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the…
Mechanism for enabling layer two host addresses to be shielded from the switches in a network
Granted: April 26, 2016
Patent Number:
9325526
Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and…
