公开(公告)号：US11838271B2

公开(公告)日：2023-12-05

申请号：US17084704

申请日：2020-10-30

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John A. Chanak ,  William Fehring ,  Manoj Apte ,  Kunal Shah ,  Dhawal Sharma

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L67/1021 ,  H04L9/30 ,  H04L67/01 ,  H04L61/59 ,  H04L61/4511

CPC classification number: H04L63/0272 ,  G06F9/547 ,  H04L9/006 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/029 ,  H04L63/0823 ,  H04L63/0876 ,  H04L67/01 ,  H04L67/1021 ,  H04L61/4511 ,  H04L61/59

Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

公开(公告)号：US20230269137A1

公开(公告)日：2023-08-24

申请号：US18307313

申请日：2023-04-26

Applicant: Zscaler, Inc.

Inventor： William Fehring ,  John A. Chanak ,  Ale A. Mansoor ,  Vikas Mahajan

IPC: H04L41/0823 ,  H04L41/0859 ,  H04L41/08

CPC classification number: H04L41/0836 ,  H04L41/0859 ,  H04L41/0883

Abstract: Systems and methods include receiving one or more disaster recovery configurations via a cloud-based system; storing the one or more received disaster recovery configurations in one or more components of the cloud-based system; identifying activation of a disaster recovery mode; and providing private application access based on one or more disaster recovery configurations.

公开(公告)号：US20220353244A1

公开(公告)日：2022-11-03

申请号：US17863509

申请日：2022-07-13

Applicant: Zscaler, Inc.

Inventor： Clifford Kahn ,  William Fehring ,  Maneesh Sahu ,  Deepak Patel ,  Sunil Menon ,  Dejan Mihajlovic

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/00 ,  H04L67/01 ,  H04L67/1021

Abstract: Systems and methods for privileged remote access to Operational Technology (OT)/Internet of Things (IOT)/Industrial IOT (IIOT)/Industrial Control System (ICS) infrastructure, implemented in a cloud-based system. The method includes steps of, responsive to determining a user can access an application associated with the OT/IOT/IIOT/ICS infrastructure, determining the user's security and access policies and creating a session for the user; establishing a secure connection to the application via a lightweight connector connected to the application; and brokering a connection between the user's device and the application through the lightweight connector, enabling the user to interact with the application for the OT/IOT/IIOT/ICS infrastructure, based on the user's security and access policies.

公开(公告)号：US11023378B2

公开(公告)日：2021-06-01

申请号：US15841656

申请日：2017-12-14

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John Chanak ,  William Fehring

IPC: G06F15/16 ,  G06F12/0815 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F12/0837 ,  G06F12/0842

Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.

公开(公告)号：US20250138938A1

公开(公告)日：2025-05-01

申请号：US19008999

申请日：2025-01-03

Applicant: Zscaler, Inc.

Inventor： Abhinav Bansal ,  Paul Ling ,  Vikas Mahajan ,  Jian Liu ,  Joby Menon ,  Lidor Pergament ,  John Chanak ,  William Fehring ,  Ale Mansoor ,  Ramesh Andavar

IPC: G06F11/07 ,  G06F21/31

Abstract: Systems and methods for private application access continuity include providing access to one or more private applications for users associated with a tenant of a cloud-based system; detecting one or more criteria suggesting an outage of the cloud-based system; and responsive to activation of a disaster recovery mode based on the one or more criteria, providing access to the one or more private applications via an on-site disaster recovery system including a site controller, wherein providing the access via the site controller does not require communication with the cloud-based system.

公开(公告)号：US20240388606A1

公开(公告)日：2024-11-21

申请号：US18318617

申请日：2023-05-16

Applicant: Zscaler, Inc.

Inventor： Dejan Mihajlovic ,  Clifford Kahn ,  Abhijeet Malik ,  Sandip Davara ,  Sunita Darbarwar ,  Srinivas Sannapareddy ,  Gana Ramachandra ,  William Fehring ,  Jian Liu ,  John A. Chanak ,  Sunil Menon

IPC: H04L9/40 ,  H04L47/125

Abstract: Systems and methods for policy based privileged remote access in zero trust private networks. Various embodiments include receiving a request to an end system; determining available end systems based on one or more criteria associated with the request, wherein the one or more criteria are analyzed based on policy; and providing access to the end system based on the one or more criteria, wherein the access includes remote pixel rendering protocols integrated with a zero trust architecture.

公开(公告)号：US11652797B2

公开(公告)日：2023-05-16

申请号：US16800307

申请日：2020-02-25

Applicant: Zscaler, Inc.

Inventor： John A. Chanak ,  Patrick Foxhoven ,  William Fehring ,  Denzil Wessels ,  Kunal Shah ,  Subramanian Srinivasan

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/00 ,  H04L67/01 ,  H04L67/1021 ,  H04L61/59 ,  H04L61/4511

CPC classification number: H04L63/0272 ,  G06F9/547 ,  H04L9/006 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/029 ,  H04L63/0823 ,  H04L63/0876 ,  H04L67/01 ,  H04L67/1021 ,  H04L61/4511 ,  H04L61/59

Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.

公开(公告)号：US20170310709A1

公开(公告)日：2017-10-26

申请号：US15645519

申请日：2017-07-10

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  John Chanak ,  William Fehring

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/20 ,  H04L61/1511 ,  H04L61/1552 ,  H04L61/2514 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L67/10

Abstract: A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection.

公开(公告)号：US20230247003A1

公开(公告)日：2023-08-03

申请号：US18160444

申请日：2023-01-27

Applicant: Zscaler, Inc.

Inventor： John A. Chanak ,  William Fehring ,  Richard Miles ,  Shujaat Jaffrey ,  Jose Padin ,  Matthew Moulton

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/00 ,  H04L67/01 ,  H04L67/1021

CPC classification number: H04L63/0272 ,  H04L63/029 ,  H04L63/0876 ,  G06F9/547 ,  H04L9/14 ,  H04L9/3263 ,  H04L9/30 ,  H04L9/0894 ,  H04L9/006 ,  H04L63/0823 ,  H04L67/01 ,  H04L67/1021 ,  H04L61/59

Abstract: Systems and methods include, receiving a request from a user to access an application; determining if the user meets one or more requirements, wherein responsive to the user meeting the one or more requirements, presenting the user with a login page; validating credentials of the user with one or more additional sources; responsive to successful validation of the users' credentials, authenticating the user and evaluating one or more access policies for the user; and initiating a connection between the user and the application based on the one or more access policies.

公开(公告)号：US20230115982A1

公开(公告)日：2023-04-13

申请号：US17499942

申请日：2021-10-13

Applicant: Zscaler, Inc.

Inventor： Dianhuan Lin ,  Raimi Shah ,  Rex Shang ,  Loc Bui ,  Subramanian Srinivasan ,  William Fehring ,  Arvind Nadendla ,  John A. Chanak ,  Shudong Zhou ,  Howie Xu

IPC: H04L29/06 ,  G06N5/02

Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.