公开(公告)号：US10701035B2

公开(公告)日：2020-06-30

申请号：US15960419

申请日：2018-04-23

Applicant: NETFLIX, INC.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  G06F16/22 ,  H04L29/08

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US20160088020A1

公开(公告)日：2016-03-24

申请号：US14495631

申请日：2014-09-24

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0245 ,  G06F17/30312 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/10

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

Abstract translation: 公开了实现分布式防火墙的方法，技术和机制。 在一个实施例中，许多不同的计算机资产基于本地策略数据来警告传入消息。 此本地策略数据与全局策略数据同步。 全局策略数据由一个或多个单独的分析器生成。 每个分析器都可以访问消息日志或从其导出的信息，用于计算机资产的组，因此能够基于来自整个组而不是隔离资产的智能生成策略。 除了其他效果之外，一些方法，技术和机制可能是有效的，即使在对攻击面的监督有限的计算环境中，和/或资产可能需要就输入消息应如何进行独立决定的计算环境 由于与其他系统组件的连接的延迟和/或不可靠性而处理。

公开(公告)号：US09614818B2

公开(公告)日：2017-04-04

申请号：US14810340

申请日：2015-07-27

Applicant: Netflix, Inc.

Inventor： Poornaprajna Udupi ,  Jason Chan ,  Jay Zarfoss

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

公开(公告)号：US09954822B2

公开(公告)日：2018-04-24

申请号：US15471254

申请日：2017-03-28

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0245 ,  G06F17/30312 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/10

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US20170201489A1

公开(公告)日：2017-07-13

申请号：US15471254

申请日：2017-03-28

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06

CPC classification number: H04L63/0245 ,  G06F17/30312 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/10

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US09485305B2

公开(公告)日：2016-11-01

申请号：US13890782

申请日：2013-05-09

Applicant: NETFLIX, Inc.

Inventor： Daniel Jacobson ,  Benjamin James Christensen ,  Ben Schmaus ,  Mikey Cohen ,  Poornaprajna Udupi ,  Jason Cacciatore ,  Ganapriya Poolavari

IPC: G06F15/16 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L67/10 ,  G06F17/30905 ,  H04L29/08792 ,  H04L67/2823

Abstract: A technique for providing an API from a server to one of more endpoint devices including receiving a request for data from a endpoint device, retrieving one or more data resources from the data resources available within the server, based upon the request, manipulating the data within the retrieved data resources into a response optimized for the endpoint device, and transmitting the response to the endpoint device.

Abstract translation: 一种用于从服务器向多个端点设备之一提供API的技术，包括接收来自端点设备的数据请求，基于所述请求从所述服务器内可用的数据资源中检索一个或多个数据资源，操纵所述数据 将检索的数据资源转换成针对端点设备优化的响应，以及将响应发送到端点设备。

公开(公告)号：US10178074B2

公开(公告)日：2019-01-08

申请号：US15476931

申请日：2017-03-31

Applicant: NETFLIX, INC.

Inventor： Poornaprajna Udupi ,  Jason Chan ,  Jay Zarfoss

IPC: H04L9/08 ,  H04L29/06

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

公开(公告)号：US20180316647A1

公开(公告)日：2018-11-01

申请号：US15960419

申请日：2018-04-23

Applicant: NETFLIX, INC.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  H04L29/08

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US09621588B2

公开(公告)日：2017-04-11

申请号：US14495631

申请日：2014-09-24

Applicant: Netflix, Inc.

Inventor： Jason Chan ,  Poornaprajna Udupi ,  Shashi Madappa

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

CPC classification number: H04L63/0245 ,  G06F17/30312 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/10

Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

公开(公告)号：US09094377B2

公开(公告)日：2015-07-28

申请号：US13969365

申请日：2013-08-16

Applicant: Netflix, Inc.

Inventor： Poornaprajna Udupi ,  Jason Chan ,  Jay Zarfoss

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

Abstract translation: 实施例提供了在计算基础设施内生成和管理加密密钥的技术。 实施例提供了以可配置的间隔在列表中生成和维护密钥对的密钥发布者。 此外，密钥发布者将列表发布到计算基础架构内的其他组件。 实施例还提供了下载加密密钥对列表并维护主动密钥窗口的关键消费者，可以从将敏感数据传送到计算基础设施的客户端设备接受。 如果密钥客户端从活动窗口之外的客户端设备接收到与列表中未来的密钥对相对应的密钥，则密钥客户端将向未来密钥对移动活动窗口。