Secure enterprise access with voice assistant devices
Granted: April 16, 2024
Patent Number:
11961523
Systems and methods are provided for optimizing and securing an enterprise voice service accessed by an external voice assistant device. An enterprise voice assistant installed on a client device acts as an enterprise voice service for an external voice assistant device. The enterprise voice assistant receives a voice query from the external voice assistant device. The voice query is processed using a machine learning model to extract an intent and at least one slot. The extracted intent…
Encryption key removal tool
Granted: April 16, 2024
Patent Number:
11962696
Systems and methods are described for removing unused encryption key files from a computing device. In an example, a key removal tool can identify three sets of keys to preserve. For the first set, the key removal tool can append a device identifier to known key names and add the resulting key file names to a whitelist. For the second set, the key removal tool can identify keys associated with certificates on the computing device and add their corresponding file names to the whitelist.…
Data migration using dynamic synchronization
Granted: April 16, 2024
Patent Number:
11962647
Examples can include (1) identifying, on a network, a source node and a destination node, the source node including at least one source node virtual machine (“VM”) to be replicated as a destination node VM on the destination node, (2) performing a full synchronization by copying disks used by the source node VM in a current operational state to the destination node VM, (3) scheduling start times for multiple update synchronizations of changed data between the source node VM and the…
Dynamically switching between synchronous and asynchronous communication channels
Granted: April 16, 2024
Patent Number:
11962635
Disclosed herein are systems and methods for dynamically switching between synchronous and asynchronous communication channels. A communication request can be received from an application, and a request identifier can be generated for the communication request. The communication request can be transmitted to an edge server application via a first communication channel. The first communication channel can be selected from a plurality of communication channels based at least in part on a…
Anycast address for network address translation at edge
Granted: April 16, 2024
Patent Number:
11962564
Some embodiments provide a method for forwarding data messages at multiple edge nodes of a logical network that process data messages between a logical network and an external network. At a particular one of the edge nodes, the method receives a data message sent from a source machine in the logical network. The method performs network address translation to translate a source network address of the data message corresponding to the source machine into an anycast network address that is…
Hardware acceleration techniques using flow selection
Granted: April 16, 2024
Patent Number:
11962518
In some embodiments, a method receives a packet for a flow associated with a workload. Based on an indicator for the flow, the method determines whether the flow corresponds to one of an elephant flow or a mice flow. Only when the flow is determined to correspond to an elephant flow, the method enables a hardware acceleration operation on the packet. The hardware acceleration operation may include hardware operation offload, receive side scaling, and workload migration.
Resource watermarking and management
Granted: April 16, 2024
Patent Number:
11962510
Resource watermarking and management actions on electronic resources are described. In one example, a process for resource watermarking and management actions includes receiving, from a client device, a request to perform an action on an electronic resource and a device profile for the client device. The device profile can include at least one attribute of the client device. The process also includes identifying a watermark template for the electronic resource, determining descriptive…
Identification of route-map clauses using prefix trees
Granted: April 16, 2024
Patent Number:
11962504
Described herein are systems and methods to apply route-map configurations in a computing network. In one implementation, a routing computing system may identify a route for redistribution in a computing network and identify a longest prefix in a radix tree associated with the route. The routing computing system may further identify a highest priority route-map clause associated with the longest prefix match or any parent prefixes of the longest prefix match in the radix tree. Once…
Multitenancy for service machines
Granted: April 16, 2024
Patent Number:
11962499
In an embodiment, a computer-implemented method for enabling multitenancy for service machines is disclosed. In an embodiment, the method comprises detecting a packet by a service insertion module implemented in a hypervisor. Based on metadata received along with the packet, the service insertion module determines a tenant identifier of a tenant that sent the packet. The service insertion module also determines a plurality of attributes of the packet. Based on the tenant identifier and…
Network address translation in active-active edge cluster
Granted: April 16, 2024
Patent Number:
11962493
Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a…
Virtual accelerators in a virtualized computing system
Granted: April 16, 2024
Patent Number:
11960919
An example method of virtualizing a hardware accelerator in a host cluster of a virtualized computing system includes: commanding, at an initiator host in the host cluster, a programmable expansion bus device to reconfigure as a virtual accelerator based on specifications of a hardware accelerator in a target host of the host cluster; executing, in the programmable expansion bus device, software to emulate the virtual accelerator as connected to an expansion bus of the initiator host;…
Document printing in a virtualized computing environment
Granted: April 16, 2024
Patent Number:
11960779
The capability to print to a portable document format (PDF) file is provided in a virtualized computing environment that supports a virtual desktop infrastructure (VDI). Printing-related properties, of local printers coupled to a client device, are provided to a host, so that virtual printers at the host can be configured with the printing-related properties. A simulator may be provided at the host to receive the printing-related properties from the client device and to receive a query…
Byzantine fault tolerance protocol for backing up blockchains
Granted: April 16, 2024
Patent Number:
11960502
In some embodiments, a method sends first messages that request first information for a set of blocks of the blockchain to the N replicas. Each replica maintains a respective instance of the blockchain. Second messages is received from at least a portion of the N replicas. The second messages include the first information for the set of blocks from each respective instance of the blockchain that is maintained by the N replicas. The method analyzes the first information to determine…
Preserving user profiles across remote desktop sessions
Granted: April 16, 2024
Patent Number:
11960501
User profiles of remote desktops are managed in a crash-consistent manner. When a user logs into a remote desktop, metadata of the user profile is loaded from persistent storage while registry settings and files of the user profile are loaded asynchronously with respect to the login. During the remote desktop session, snapshots of the remote desktop image in persistent storage are generated periodically, and a change log that indicates changes to the user profile is created therefrom.…
Enhancing efficiency of segment cleaning for a log-structured file system
Granted: April 16, 2024
Patent Number:
11960450
The efficiency of segment cleaning for a log-structured file system (LFS) is enhanced at least by storing additional information in a segment usage table (SUT). Live blocks (representing portions of stored objects) in an LFS are determined based at least on the SUT. Chunk identifiers associated with the live blocks are read. The live blocks are coalesced at least by writing at least a portion of the live blocks into at least one new segment. A blind update of at least a portion of the…
Managing the migration of virtual machines in the presence of uncorrectable memory errors
Granted: April 16, 2024
Patent Number:
11960357
Techniques for migrating virtual machines (VMs) in the presence of uncorrectable memory errors are provided. According to one set of embodiments, a source host hypervisor of a source host system can determine, for each guest memory page of a VM to be migrated from the source host system to a destination host system, whether the guest memory page is impacted by an uncorrectable memory error in a byte-addressable memory of the source host system. If the source host hypervisor determines…
String pattern matching for multi-string pattern rules in intrusion detection
Granted: April 9, 2024
Patent Number:
11954005
In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern…
Using firewall policies to map data messages to secure tunnels
Granted: April 9, 2024
Patent Number:
11956213
Some embodiments of the invention provide a method for transmitting data messages via secure tunnels in a network. The method is performed at a gateway device. The method determines that a data message received at the gateway device should be sent via a secure interface of the gateway device. The method matches the data message to a firewall rule that maps to a particular secure tunnel used by the secure interface, with multiple different firewall rules mapping to multiple different…
Conflict resolution for device-driven management
Granted: April 9, 2024
Patent Number:
11954472
Disclosed are various embodiments for resolving conflicts between workflows in a workflow processing system. A plurality of workflows stored in a workflow queue are evaluated to identify a common dependency of the plurality of workflows. Then, a version hierarchy is created for the common dependency of the plurality of workflows, the version hierarchy identifying multiple versions of the common dependency. In response to execution of a first one of the plurality of workflows stored in…
Unifying hardware trusted execution environment technologies using virtual secure enclave device
Granted: April 9, 2024
Patent Number:
11954198
System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those…
