Heatsink arrangement for integrated circuit assembly and method for assembling thereof
Granted: September 27, 2022
Patent Number:
11456231
Various heatsink arrangements, and methods for implementing and using such are discussed.
Authenticating client devices in a wireless communication network with client-specific pre-shared keys
Granted: September 20, 2022
Patent Number:
11451959
Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel…
File access control based on analysis of user behavior patterns
Granted: September 20, 2022
Patent Number:
11449623
Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In…
Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
Granted: September 13, 2022
Patent Number:
11444957
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and virus samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local virus detection model. Responsive to detection of a virus by a D-node, the T-node receives a virus sample from the…
Systems and methods for embedding automated remediation into network solution instructions
Granted: September 13, 2022
Patent Number:
11444826
Various approaches for providing network maintenance and health monitoring. In some cases, some approaches include systems, methods, and/or devices for receiving and cataloging network incidents and in providing proposed solutions that may include embedded automated remediations and/or embedded dynamic instructions to mitigate the network incidents.
Detecting malicious web pages by analyzing elements of hypertext markup language (HTML) files
Granted: May 10, 2022
Patent Number:
11330010
Systems and methods are described for detecting compromised web pages and domains by analyzing of elements of hypertext markup language (HTML) files of a domain. In one embodiment, a security service receives a request including a potentially malicious uniform resource locator (URL) and retrieves a first HTML file to which the potentially malicious URL points and a second HTML file to which a host URL corresponding to the potentially malicious URL points. The security service determines…
Increasing access point throughput by exceeding A-MPDU buffer size limitation in a 802.11 compliant station
Granted: May 10, 2022
Patent Number:
11330469
An 802.11-compliant device for high throughput is disclosed. A plurality of TCP packets received in a buffer for transmission are stored. The plurality of TCP packets can be aggregated as A-MSDU sub-frames to form a A-MSDU frame in accordance with an IEEE 802.11 standard. Additionally, a plurality of A-MSDU frames can be aggregated as A-MPDU sub-frames to form a A-MPDU frame. The A-MPDU frame is compliant with a number of allowable sub-frames and a maximum size in accordance with an…
Cooperative access points for quality of service (QoS) requirements in wireless local access networking (WLAN)
Granted: May 10, 2022
Patent Number:
11330461
For QoS (quality of service) requirements of a session at a first access point and a wireless station, a cost function value is calculated for the specific session based on a number of network packets to be processed in the queue and the identified QoS requirement. It is determined whether another of the plurality of access points within range of the specific session can better serve the identified QoS requirement than the first access point by comparing the cost function value for the…
Detecting data exfiltration using machine learning on personal e-mail account display names
Granted: May 10, 2022
Patent Number:
11330437
An e-mail application is identified by parsing a network packet from the network packets. Responsive to the e-mail application identification, a display name associated with the user is extracted and the display name is stored among a plurality of display names in association with the company e-mail address of the user. Responsive to one of the plurality of display names matching a display name of a private e-mail address of the user as a destination of e-mail along with surpassing a…
TCP (transmission control protocol) fast open for classification acceleration of cache misses in a network processor
Granted: May 10, 2022
Patent Number:
11330074
A packet parser generates a key from TCP metadata of a data packet for a specific session. A packet cache stores recent network policy identifiers associated with a plurality of network sessions, wherein the key is used as an index to search the packet cache. The packet cache responsive to a cache miss, checks a TFO cookie field for a rule ID stored by the client during a previous session as generated by the network processor. If there is no rule ID, a classification pipeline is…
Accelerating data communication using tunnels
Granted: May 10, 2022
Patent Number:
11329961
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN…
Virtual routing and forwarding (VRF)-aware socket
Granted: May 10, 2022
Patent Number:
11329959
Systems and methods for a VRF-aware socket are provided. According to one embodiment, a user-space application of a network device, maintaining a virtual routing table for each of multiple VRF domains, creates a VRF-aware listening socket. The socket includes information regarding: (i) which of the virtual routing tables is to be used to look up routing or forwarding information for outgoing traffic; (ii) the VRF domain(s) from which the socket is able to receive incoming traffic; and/or…
Avoiding asymetric routing in an SDWAN by dynamically setting BGP attributes within routing information advertised by an SDWAN appliance
Granted: May 10, 2022
Patent Number:
11329913
Systems and methods are described for automatically controlling network routing between downstream side and upstream side of a communication network to enforce symmetric routing. According to one embodiment, a Software-Defined Wide Area Network (SDWAN) controller of a network device associated with a spoke site of an SDWAN manages links forming the SDWAN. The controller receives information regarding route maps, including a preferred route-map and an un-preferred route-map. Further, the…
Dynamic establishment of application-specific network tunnels between network devices by an SDWAN controller
Granted: May 10, 2022
Patent Number:
11329883
Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the…
Multi-tiered sandbox based network threat detection
Granted: May 10, 2022
Patent Number:
11328060
Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface…
Systems and methods for centrally managed host and network firewall services
Granted: May 10, 2022
Patent Number:
11327898
Systems and methods for a unified, cloud-managed platform for controlling enterprise network security are provided. According to one embodiment, a network of an enterprise is protected by a cloud-managed platform. An underlying architecture of the cloud-managed platform is abstracted by providing a portal through which modifications to security policies are expressed as business requirements of the enterprise. The security policies are automatically enforced regardless of location or…
Two-stage hash based logic for application layer distributed denial of service (DDoS) attack attribution
Granted: April 26, 2022
Patent Number:
11316889
Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.
Providing a secure communication channel between kernel and user mode components
Granted: April 26, 2022
Patent Number:
11314662
Systems and methods for implementing a secure communication channel between kernel and user mode components are provided. According to an embodiment, a shared memory is provided through which a kernel mode process and a user mode process communicate. The kernel mode process is assigned read-write access to the shared memory. The user mode process is assigned read-only access to the shared memory. An offset-based linked list is implemented within the shared memory. Kernel-to-user messages…
Breached website detection and notification
Granted: April 19, 2022
Patent Number:
11310278
System and methods for a cloud-based approach to breached website detection and notification as a security service are provided. According to one embodiment, a network security device protecting a private network of an enterprise, intercepts information associated with an interaction with a website by a browser of a client device associated with the private network. The network security device, based on the information, proactively determines whether the website or a domain with which…
AI-DFS (artificial intelligence enabled dynamic frequency selection) for steering downgraded wireless stations on 160 MHz bandwidth supported wireless data communication networks
Granted: April 5, 2022
Patent Number:
11297511
A station with a 160 MHz channel connection at a first access point is downgraded by an access point in response to being displaced off of a channel status changing to NOP (non occupancy period). This can be caused by ambient radar signals. The downgrade is addressed by redistributing the 160 MHz stations to other access points with available 160 MHz channels. Stations are steered to a network-wide best available bandwidth channel across different access points.
