公开(公告)号：US11962589B2

公开(公告)日：2024-04-16

申请号：US17154139

申请日：2021-01-21

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  Amit Sinha ,  Vikas Mahajan ,  Rohit Goyal

IPC: H04L9/40 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/16 ,  H04L101/663

CPC classification number: H04L63/0884 ,  H04L61/4511 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/162 ,  H04L2101/663

Abstract: Systems and methods include intercepting traffic on the user device; forwarding the traffic to a cloud-based system for security processing therein; and, responsive to unavailability of the cloud-based system preventing the forwarding, performing local security processing of the traffic at the user device including determining whether the traffic is allowed based on a cache at the user device, forwarding the traffic separate from the cloud-based system when it is allowed, and blocking the traffic when it is not allowed.

公开(公告)号：US11838271B2

公开(公告)日：2023-12-05

申请号：US17084704

申请日：2020-10-30

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John A. Chanak ,  William Fehring ,  Manoj Apte ,  Kunal Shah ,  Dhawal Sharma

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L67/1021 ,  H04L9/30 ,  H04L67/01 ,  H04L61/59 ,  H04L61/4511

CPC classification number: H04L63/0272 ,  G06F9/547 ,  H04L9/006 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/029 ,  H04L63/0823 ,  H04L63/0876 ,  H04L67/01 ,  H04L67/1021 ,  H04L61/4511 ,  H04L61/59

Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

公开(公告)号：US11023378B2

公开(公告)日：2021-06-01

申请号：US15841656

申请日：2017-12-14

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John Chanak ,  William Fehring

IPC: G06F15/16 ,  G06F12/0815 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F12/0837 ,  G06F12/0842

Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.

公开(公告)号：US10728287B2

公开(公告)日：2020-07-28

申请号：US15645519

申请日：2017-07-10

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John Chanak ,  William Fehring

IPC: G06F15/173 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection.

公开(公告)号：US20220286854A1

公开(公告)日：2022-09-08

申请号：US17699388

申请日：2022-03-21

Applicant: Zscaler, Inc.

Inventor： Nathan Howe ,  Kenneth B. Urquhart ,  Subramanian Srinivasan ,  Sridhar Kartik Kumar Chatnalli Deshpande ,  Patrick Foxhoven

IPC: H04W12/08 ,  H04W76/10

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

公开(公告)号：US20210136041A1

公开(公告)日：2021-05-06

申请号：US17084704

申请日：2020-10-30

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John A. Chanak ,  William Fehring ,  Manoj Apte ,  Kunal Shah ,  Dhawal Sharma

IPC: H04L29/06 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/00 ,  H04L29/08

Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

公开(公告)号：US10972487B2

公开(公告)日：2021-04-06

申请号：US16258807

申请日：2019-01-28

Applicant: Zscaler, Inc.

Inventor： Dhawal Kumar Sharma ,  Manoj Apte ,  Patrick Foxhoven

IPC: H04L9/00 ,  H04L29/06 ,  H04L29/08

Abstract: A Content Delivery Network (CDN) includes one or more cache servers communicatively coupled to end users for providing content thereto; and one or more origin servers communicatively coupled to the one or more cache servers through a plurality of nodes, the one or more cache servers are configured to receive traffic related to the content from the one or more origin servers through the one or more nodes of the plurality of nodes, based on one or more of a push technique and a pull technique, and the plurality of nodes are configured to monitor the traffic between the one or more origin servers and the one or more cache servers in an inline manner, process the traffic for malware and data leakage based on policy, and block the traffic responsive to detection of one or more of the malware and the data leakage, prior to traffic entering the CDN.

公开(公告)号：US20180270201A1

公开(公告)日：2018-09-20

申请号：US15986874

申请日：2018-05-23

Applicant: Zscaler, Inc.

Inventor： John A. Chanak ,  Patrick Foxhoven ,  William Fehring ,  Denzil Wessels ,  Kunal Shah ,  Subramanian Srinivasan

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/14 ,  H04L9/32 ,  G06F9/54

CPC classification number: H04L63/0272 ,  G06F9/547 ,  H04L9/006 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/029 ,  H04L63/0823 ,  H04L63/0876 ,  H04L67/1021 ,  H04L67/42

Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components including a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; and, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.

公开(公告)号：US12177667B2

公开(公告)日：2024-12-24

申请号：US17699388

申请日：2022-03-21

Applicant: Zscaler, Inc.

Inventor： Nathan Howe ,  Kenneth B. Urquhart ,  Subramanian Srinivasan ,  Sridhar Kartik Kumar Chatnalli Deshpande ,  Patrick Foxhoven

IPC: H04W12/37 ,  H04W12/08 ,  H04W76/10

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

公开(公告)号：US12107891B2

公开(公告)日：2024-10-01

申请号：US16940489

申请日：2020-07-28

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John Chanak ,  William Fehring

IPC: H04L9/40 ,  H04L61/4511 ,  H04L61/2514 ,  H04L61/4552 ,  H04L67/10

CPC classification number: H04L63/20 ,  H04L61/4511 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L61/2514 ,  H04L61/4552 ,  H04L67/10

Abstract: The present disclosure includes, responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and forwarding the request to a system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked.