Robust input verification for secure multi-party computation (MPC) with clients
Granted: May 28, 2024
Patent Number:
11997196
In one set of embodiments, each server executing a secure multi-party computation (MPC) protocol can receive shares of inputs to the MPC protocol from a plurality of clients, where each input is private to each client and where each share is generated from its corresponding input using a threshold secret sharing scheme. Each server can then verify whether the shares of the plurality of inputs are valid/invalid and, for each invalid share, determine whether a client that submitted the…
Automated migration of monolithic applications to container platforms
Granted: May 28, 2024
Patent Number:
11997170
A method of migrating an application to a container platform includes the steps of: installing a first agent that collects information about the application; detecting information about a first process of the application, wherein the detected information about the first process is received from the first agent; and based on the detected information about the first process, generating a container file including instructions for building a first container that executes the first process…
Detecting threats to datacenter based on analysis of anomalous events
Granted: May 28, 2024
Patent Number:
11997120
Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and…
Managing internet protocol (IP) address allocation to tenants in a computing environment
Granted: May 28, 2024
Patent Number:
11997067
Described herein are systems, methods, and software to manage internet protocol (IP) address allocation for tenants in a computing environment. In one implementation, a logical router associated with a tenant in the computing environment requests a public IP address for a new segment instance from a controller. In response to the request, the controller may select a public IP address from a pool of available IP addresses and update networking address translation (NAT) on the logical…
Custom metadata collection for application components in a virtualized computing system
Granted: May 28, 2024
Patent Number:
11995461
An example method includes: executing, by application analysis software executing in the virtualized computing system, process discovery agents on the VMs; receiving, at the application analysis software from the process discovery agents, process metadata describing processes executing on the VMs; generating signatures for the processes based on the process metadata; determining components of an application based on the signatures; determining components of an application based on the…
Memory copy during virtual machine migration in a virtualized computing system
Granted: May 28, 2024
Patent Number:
11995459
A virtual machine (VM) is migrated from a source host to a destination host in a virtualized computing system, the VM having a plurality of virtual central processing units (CPUs). The method includes copying, by VM migration software executing in the source host and the destination host, memory of the VM from the source host to the destination host by installing, at the source host, write traces spanning all of the memory and then copying the memory from the source host to the…
Data criticality-based network policy creation and consumption
Granted: May 28, 2024
Patent Number:
11995038
Some embodiments of the invention provide a method of performing services on a host computer on which a machine executes. The method sends, to a file inspector, a first set of data associated with an event detected on the machine that is associated with a file stored on the machine. The method receives, from the file inspector, indication that the file stores confidential information. The method sends, to a context engine executing on the host computer separately from the machine, a…
State sharing between smart NICs
Granted: May 28, 2024
Patent Number:
11995024
Some embodiments provide a method for synchronizing state between multiple smart NICs of a host computer that perform operations using dynamic state information. At a first smart NIC of the plurality of smart NICs, the method stores a set of dynamic state information. The method synchronizes the set of dynamic state information across a communication channel that connects the smart NICs so that each of the smart NICs also stores the set of dynamic state information.
Storage device write performance in remote computing environments
Granted: May 21, 2024
Patent Number:
11989419
The disclosure provides an approach for storage device write performance improvement in a remote computing environment. Embodiments include creating, on a remote device that is remote from a client device, a virtual storage device corresponding to a physical storage device physically connected to the client device. Embodiments include receiving, by a driver on the remote device, a request from an application on the remote device to perform a write operation with respect to the virtual…
Security threat detection based on network flow analysis
Granted: May 21, 2024
Patent Number:
11991187
Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method…
Methods and apparatus to validate and restore machine configurations
Granted: May 21, 2024
Patent Number:
11989298
Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration…
Decentralized network topology adaptation in peer-to-peer (P2P) networks
Granted: May 14, 2024
Patent Number:
11985188
Example methods and systems for decentralized network topology adaptation in a in a peer-to-peer (P2P) network are described. In one example, a first computer system may obtain first attribute information associated with the first computer system; and second attribute information associated with a second computer system. Based on the first and second attribute information, the first computer system may generate a connection confidence prediction associated with a connection between the…
Dynamic SD-WAN hub cluster scaling with machine learning
Granted: May 7, 2024
Patent Number:
11979325
Some embodiments of the invention provide a method of dynamically scaling a hub cluster in a software-defined wide area network (SD-WAN) based on particular traffic statistics, the hub cluster being located in a datacenter of the SD-WAN and allowing branch sites of the SD-WAN to access resource of the datacenter by connecting to the hub cluster. A controller of the SD-WAN receives, from the hub cluster, traffic statistics centrally captured at the hub cluster. The controller then…
Attestation of application identity for inter-app communications
Granted: May 7, 2024
Patent Number:
11977620
Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.
SDL cache for O-RAN
Granted: April 30, 2024
Patent Number:
11973655
Some embodiments provide a method of performing control plane operations in a radio access network (RAN). The method deploys several machines on a host computer. On each machine, the method deploys a control plane application to perform a control plane operation. The method also configures on each machine a RAN intelligent controller (RIC) SDK to serve as an interface between the control plane application on the same machine and a set of one or more elements of the RAN. In some…
Managing configuration and sensitive data for workloads in a virtualized computing system
Granted: April 30, 2024
Patent Number:
11972283
An example virtualized computing system includes: a host cluster having a virtualization layer directly executing on hardware platforms of hosts, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs and native VMs, the pod VMs including container engines supporting execution of containers in the pod VMs, the native VMs including applications executing on guest operating systems; an orchestration control plane integrated with the…
Exposing PCIE configuration spaces as ECAM compatible
Granted: April 30, 2024
Patent Number:
11971839
Disclosed are various approaches for exposing peripheral component interconnect express (PCIe) configuration space implementations as Enhanced Configuration Access Mechanism (ECAM)-compatible. In some examples, a bridge device is identified on a segment corresponding to a root complex of a computing device. An endpoint device is connected to a bus downstream from the bridge device. A synthetic segment identifier is assigned to the bus once the endpoint device is identified as connected…
Inter-cluster automated failover and migration of containerized workloads across edges devices
Granted: April 23, 2024
Patent Number:
11968096
Computer-implemented methods, media, and systems for inter-cluster automated failover and migration of containerized workloads across edges devices are disclosed. One example method includes monitoring telemetry data received from a first software defined wide area network (SD-WAN) edge device that has a workload scheduled, where the telemetry data includes at least one of a health status of the workload or multiple runtime context elements at the first SD-WAN edge device. It is…
Intelligent provisioning management
Granted: April 23, 2024
Patent Number:
11966728
Disclosed are various examples of intelligent provisioning management. In some examples, device configuration signatures are received for a group of client devices. A user interface shows at least one of a recommended configuration with a recommended set of hardware components, a recommended hardware specification, a recommended set of applications, and a recommended set of firmware based on a superset of firmware identified from the device configuration signatures. A request to…
Secure enterprise access with voice assistant devices
Granted: April 16, 2024
Patent Number:
11961523
Systems and methods are provided for optimizing and securing an enterprise voice service accessed by an external voice assistant device. An enterprise voice assistant installed on a client device acts as an enterprise voice service for an external voice assistant device. The enterprise voice assistant receives a voice query from the external voice assistant device. The voice query is processed using a machine learning model to extract an intent and at least one slot. The extracted intent…
