公开(公告)号：US10375024B2

公开(公告)日：2019-08-06

申请号：US15158153

申请日：2016-05-18

申请人： Patrick Foxhoven ,  John A. Chanak ,  William Fehring ,  Denzil Wessels ,  Purvi Desai ,  Manoj Apte ,  Sudhindra P. Herle

发明人： Patrick Foxhoven ,  John A. Chanak ,  William Fehring ,  Denzil Wessels ,  Purvi Desai ,  Manoj Apte ,  Sudhindra P. Herle

IPC分类号： H04L29/06 ,  H04L29/08 ,  G06F16/28 ,  H04L29/12

摘要： A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.

公开(公告)号：US09118689B1

公开(公告)日：2015-08-25

申请号：US13446856

申请日：2012-04-13

申请人： Manoj Apte ,  Sridhar Narasimhan ,  Purvi Desai

发明人： Manoj Apte ,  Sridhar Narasimhan ,  Purvi Desai

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  H04L51/12 ,  H04L63/045 ,  H04L63/08 ,  H04L63/104 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/308 ,  H04W12/06

摘要： A cloud based security method and processing node includes monitoring data traffic between a user and an external network, wherein the monitoring is performed by a processing node comprising a first server in a cloud based system, detecting a security incident, if an archiving rule exists based on the security incident, providing a notification to a second server within an organization's domain, wherein the user is part of the organization, and wherein the notification includes private data associated with the security incident based on the archiving rule, and storing non-private data in the cloud based system based on the archiving rule.

摘要翻译： 基于云的安全方法和处理节点包括监视用户和外部网络之间的数据流量，其中所述监视由包括基于云的系统中的第一服务器的处理节点执行，检测安全事件，如果存在归档规则 在所述安全事件上，向组织的域内的第二服务器提供通知，其中所述用户是所述组织的一部分，并且其中所述通知包括基于归档规则与所述安全事件相关联的专用数据，以及存储非私有数据 在基于云的系统中基于归档规则。

公开(公告)号：US09621574B2

公开(公告)日：2017-04-11

申请号：US14461790

申请日：2014-08-18

申请人： Purvi Desai ,  Abhinav Bansal ,  Vikas Mahajan

发明人： Purvi Desai ,  Abhinav Bansal ,  Vikas Mahajan

IPC分类号： H04L29/06 ,  H04W12/06 ,  H04L12/58

CPC分类号： H04L63/1441 ,  H04L51/12 ,  H04L63/045 ,  H04L63/08 ,  H04L63/104 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/308 ,  H04W12/06

摘要： A cloud based security method includes authenticating a mobile device through a cloud based security system; associating the mobile device with a user of the cloud based security system based on the authenticating; monitoring user requests from the mobile device by the cloud based security system; detecting security threats based on the monitoring; and sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat.

公开(公告)号：US09350644B2

公开(公告)日：2016-05-24

申请号：US14560609

申请日：2014-12-04

申请人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal

发明人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal

IPC分类号： H04L12/721 ,  H04W12/12 ,  H04L29/06 ,  H04L12/26 ,  H04W12/08 ,  G06F9/00

CPC分类号： H04L63/20 ,  H04L43/10 ,  H04L45/14 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/029 ,  H04L63/10 ,  H04L63/1433 ,  H04L63/1441 ,  H04L67/02 ,  H04L67/10 ,  H04W12/08 ,  H04W12/12

摘要： A method implemented by an agent operating on a mobile device communicating to a cloud-based system includes opening up local listening sockets on the mobile device; redirecting outgoing traffic from all application on the mobile device except the agent to the local listening sockets; and forwarding the outgoing traffic from the local listening sockets to the cloud-based system with additional information included therein for the cloud-based system.

摘要翻译： 由在与基于云的系统通信的移动设备上操作的代理实现的方法包括在移动设备上打开本地监听套接字; 将除代理以外的移动设备上的所有应用的传出流量重定向到本地监听套接字; 并将出站流量从本地监听套接字转发到基于云的系统，其中包含其中的附加信息，用于基于云的系统。

公开(公告)号：US08510551B1

公开(公告)日：2013-08-13

申请号：US12267938

申请日：2008-11-10

申请人： Purvi Desai ,  Kannan Varadhan

发明人： Purvi Desai ,  Kannan Varadhan

IPC分类号： H04L29/06

CPC分类号： H04L12/18 ,  H04L63/0236

摘要： A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet. The device forwards the unicast packet to the unicast destination based on the multicast data session.

摘要翻译： 一种设备，接收指定单播源和单播目的地的单播分组，并且确定所接收的单播分组是否是数据注册消息。 当单播分组是数据注册消息时，该装置提取与单播分组中封装的多播分组有关的信息，并且基于所提取的多播分组信息执行安全策略查找，以识别与多播分组相关联的安全策略。 该设备确定所识别的安全策略是否授权转发单播报文，并在所识别的安全策略授权转发单播报文时，建立组播数据会话。 该设备基于组播数据会话建立组播控制会话，组播控制会话授权与组播数据包相关的PIM相关控制消息的传输。 该设备基于组播数据会话将单播报文转发到单播目的地。

公开(公告)号：US07941826B2

公开(公告)日：2011-05-10

申请号：US12754981

申请日：2010-04-06

申请人： Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

发明人： Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

IPC分类号： H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC分类号： H04L12/185 ,  H04L45/04 ,  H04L45/16

摘要： Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

摘要翻译： 提供用于组播访问控制的系统，装置，方法和计算机程序产品，用于基于输入数据的源区和目的地区来分析输入数据。 基于分析结果，对输入数据应用适当的访问控制规则。 多播访问控制的附加实现包括使用可操作以用作会合点的代理会合点来代替物理会合点。

公开(公告)号：US09935955B2

公开(公告)日：2018-04-03

申请号：US15153108

申请日：2016-05-12

申请人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal ,  Ajit Singh ,  Sandeep Kumar ,  Vivek Raman

发明人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal ,  Ajit Singh ,  Sandeep Kumar ,  Vivek Raman

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC分类号： H04L63/0884 ,  H04L61/1511 ,  H04L61/6063 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/125 ,  H04L67/16 ,  H04L67/28 ,  H04L67/2814 ,  H04L67/2819 ,  H04L69/162

摘要： Systems and methods implemented by a unified agent application executed on a mobile device, for unified service discovery and secure availability include authenticating a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service, wherein the proxy service is utilized for Internet traffic and the VPN service is for Intranet traffic; creating and operating a link local network at the mobile device with a virtual network interface and multiple listening sockets; and intercepting traffic at the virtual network interface from one or more client applications on the mobile device and splitting the traffic between the proxy service, the VPN service, and the Internet based on a type of the traffic, a destination, and the one or more client applications.

公开(公告)号：US20050114656A1

公开(公告)日：2005-05-26

申请号：US10976311

申请日：2004-10-29

申请人： Changming Liu ,  Gregory Lebovitz ,  Purvi Desai

发明人： Changming Liu ,  Gregory Lebovitz ,  Purvi Desai

IPC分类号： H04L12/18 ,  H04L12/56 ,  H04L9/00

CPC分类号： H04L12/185 ,  H04L45/04 ,  H04L45/16

摘要： Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

摘要翻译： 提供用于组播访问控制的系统，装置，方法和计算机程序产品，用于基于输入数据的源区和目的地区来分析输入数据。 基于分析结果，对输入数据应用适当的访问控制规则。 多播访问控制的附加实现包括使用可操作以用作会合点的代理会合点来代替物理会合点。

公开(公告)号：US10044719B2

公开(公告)日：2018-08-07

申请号：US15009966

申请日：2016-01-29

申请人： Purvi Desai ,  Abhinav Bansal

发明人： Purvi Desai ,  Abhinav Bansal

IPC分类号： H04L29/06 ,  H04L29/08

摘要： Systems and methods, implemented by one or more nodes in a cloud-based security system, for enforcing application-based control of network resources include receiving a request from a user device for the network resources; evaluating the request through the cloud-based security system and determining an application on the user device performing the request; and performing one of (1) denying the request if the application is unauthorized to access the network resources, (2) redirecting the request to an authorized application on the user device if the application is legitimate but unauthorized to access the network resources, and (3) allowing the request if the application is authorized to access the network resources.

公开(公告)号：US20170279803A1

公开(公告)日：2017-09-28

申请号：US15153108

申请日：2016-05-12

申请人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal ,  Ajit SINGH ,  Sandeep KUMAR ,  Vivek RAMAN

发明人： Purvi Desai ,  Vikas Mahajan ,  Abhinav Bansal ,  Ajit SINGH ,  Sandeep KUMAR ,  Vivek RAMAN

IPC分类号： H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC分类号： H04L63/0884 ,  H04L61/1511 ,  H04L61/6063 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/125 ,  H04L67/16 ,  H04L67/28 ,  H04L67/2814 ,  H04L67/2819 ,  H04L69/162

摘要： Systems and methods implemented by a unified agent application executed on a mobile device, for unified service discovery and secure availability include authenticating a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service, wherein the proxy service is utilized for Internet traffic and the VPN service is for Intranet traffic; creating and operating a link local network at the mobile device with a virtual network interface and multiple listening sockets; and intercepting traffic at the virtual network interface from one or more client applications on the mobile device and splitting the traffic between the proxy service, the VPN service, and the Internet based on a type of the traffic, a destination, and the one or more client applications.