公开(公告)号：US12107825B2

公开(公告)日：2024-10-01

申请号：US17560036

申请日：2021-12-22

Applicant: AUNIGMA NETWORK SECURITY CORP.

Inventor： Karl E. Elliott ,  Kenneth W. Garrard ,  Andy Huang ,  Peter Gratzer

IPC: H04L9/00 ,  H04L9/40 ,  H04L12/28 ,  H04L41/0813 ,  H04L41/0823 ,  H04L67/141 ,  H04L69/16 ,  H04L41/046 ,  H04L41/22 ,  H04L101/663

CPC classification number: H04L63/02 ,  H04L12/2809 ,  H04L41/0813 ,  H04L41/0823 ,  H04L63/105 ,  H04L67/141 ,  H04L69/16 ,  H04L41/046 ,  H04L41/22 ,  H04L2101/663

Abstract: A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

公开(公告)号：US20240291820A1

公开(公告)日：2024-08-29

申请号：US18652031

申请日：2024-05-01

Applicant: Zscaler, Inc.

Inventor： Amandeep Maan ,  David Creedy ,  Bhaskar Mahajan ,  Gourav Kumar Singh ,  Ramesh Kamath

IPC: H04L9/40 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/16 ,  H04L101/663

CPC classification number: H04L63/0884 ,  H04L61/4511 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/162 ,  H04L2101/663

Abstract: Systems and methods include intercepting traffic at a mobile device via a connector application executing on the mobile device, the traffic originating from one or more applications on the mobile device and destined for one or more resources located in one of a public cloud, a private cloud, and an enterprise network; detecting one or more Virtual Private Network (VPN) profiles associated with the traffic, wherein the one or more VPN profiles are assigned to the traffic by the operating system of the mobile device; and forwarding the traffic to a cloud-based system via one or more tunnels based on the one or more VPN profiles detected in the traffic.

公开(公告)号：US20240031365A1

公开(公告)日：2024-01-25

申请号：US18477063

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： David Steven Gross ,  Jennifer Lee Bammel ,  David William Matteson ,  Christopher Carl Cassell ,  Kyle David Mills

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L2101/663

Abstract: This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.

公开(公告)号：US11849001B2

公开(公告)日：2023-12-19

申请号：US17902640

申请日：2022-09-02

Applicant: The Nielsen Company (US), LLC

Inventor： Achilleas Papakostas ,  Michael Andrew Yonker

IPC: H04L67/50 ,  H04L61/10 ,  H04L9/40 ,  H04W12/06 ,  H04L67/52 ,  H04M3/22 ,  G06Q30/02 ,  H04L101/663 ,  H04L101/00

CPC classification number: H04L67/535 ,  H04L61/10 ,  H04L63/0815 ,  H04L67/52 ,  H04M3/2254 ,  H04W12/06 ,  G06Q30/02 ,  H04L2101/00 ,  H04L2101/663

Abstract: Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example apparatus includes at least one memory, machine-readable instructions, programmable circuitry to execute the machine-readable instructions to at least assign a first port of a proxy server to a mobile device associated with a panelist, cause transmission of configuration data to the mobile device to instruct the mobile device to transmit future requests the first port of the proxy server, obtain a first request for media on the first port originating from the mobile device, and after a determination that the first request originated from an Internet Protocol (IP) address associated with an IP address range representative of devices on a cellular network, service the first request, generate a data association, request the media from an Internet media provider identified in the first request, and cause transmission of the media to the mobile device.

公开(公告)号：US11784904B2

公开(公告)日：2023-10-10

申请号：US17680895

申请日：2022-02-25

Applicant: Zscaler, Inc.

Inventor： Sandeep Kamath

IPC: H04L43/10 ,  H04L43/18 ,  H04L45/74 ,  H04L12/46 ,  H04L43/0823 ,  H04L45/24 ,  H04L41/0816 ,  H04L67/148 ,  H04L67/5682 ,  H04L101/663

CPC classification number: H04L43/10 ,  H04L12/4633 ,  H04L41/0816 ,  H04L43/0847 ,  H04L43/18 ,  H04L45/24 ,  H04L45/742 ,  H04L67/148 ,  H04L67/5682 ,  H04L2101/663

Abstract: Techniques for using trace with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include determining a number of hops from a source that is the user device and a destination, including determining metrics from the source to the destination; performing a trace to all intermediate nodes between the source and the destination, including determining metrics from the source to each of the intermediate nodes; and combining and presenting the metrics from the source to the destination and from the source to each of the intermediate nodes.

公开(公告)号：US11962589B2

公开(公告)日：2024-04-16

申请号：US17154139

申请日：2021-01-21

Applicant: Zscaler, Inc.

Inventor： Patrick Foxhoven ,  Amit Sinha ,  Vikas Mahajan ,  Rohit Goyal

IPC: H04L9/40 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/16 ,  H04L101/663

CPC classification number: H04L63/0884 ,  H04L61/4511 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/125 ,  H04L67/51 ,  H04L67/56 ,  H04L67/563 ,  H04L67/564 ,  H04L69/162 ,  H04L2101/663

Abstract: Systems and methods include intercepting traffic on the user device; forwarding the traffic to a cloud-based system for security processing therein; and, responsive to unavailability of the cloud-based system preventing the forwarding, performing local security processing of the traffic at the user device including determining whether the traffic is allowed based on a cache at the user device, forwarding the traffic separate from the cloud-based system when it is allowed, and blocking the traffic when it is not allowed.

公开(公告)号：US11949589B2

公开(公告)日：2024-04-02

申请号：US17364750

申请日：2021-06-30

Applicant: Pensando Systems Inc.

Inventor： Krishna Doddapaneni ,  Sarat Kamisetty ,  Balakrishnan Raman ,  Chandrasekaran Swaminathan ,  Maruthi Ram Namburu ,  Vijay Sampath ,  Akshay Nadahalli ,  Pirabhu Raman ,  John Cruz

IPC: H04L45/00 ,  H04L45/02 ,  H04L45/24 ,  H04L45/745 ,  H04L101/663

CPC classification number: H04L45/38 ,  H04L45/02 ,  H04L45/245 ,  H04L45/745 ,  H04L2101/663

Abstract: Network traffic flows can be processed by routers, switches, or service nodes. Service nodes may be ASICs that can provide the functionality of a switch or a router. Service nodes can be configured in a circular replication chain, thereby providing benefits such as high reliability. The service nodes can implement methods that include receiving a first packet that includes a source address in a source address field and that includes a destination address in a destination address field, routing the first packet to a selected service node that is in a circular replication chain that includes a plurality of service nodes that have local flow tables and are configured for chain replication of the local flow tables, producing a second packet by using a matching flow table entry of the first packet to process the first packet, and sending the second packet toward a destination indicated by the destination address.

公开(公告)号：US11902264B2

公开(公告)日：2024-02-13

申请号：US17016596

申请日：2020-09-10

Applicant: VMware LLC

Inventor： Yong Wang ,  Todd Sabin ,  Weiqing Wu ,  Awan Kumar Sharma ,  Jia Yu

IPC: H04L9/40 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2592 ,  H04L61/2578 ,  H04L61/2517 ,  H04L61/2514 ,  H04L101/663

CPC classification number: H04L63/0485 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2578 ,  H04L61/2592 ,  H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/18 ,  H04L63/061 ,  H04L2101/663

Abstract: A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

公开(公告)号：US11895027B2

公开(公告)日：2024-02-06

申请号：US17326279

申请日：2021-05-20

Applicant: Pensando Systems Inc.

Inventor： Krishna Doddapaneni ,  Luca Cafiero ,  Sarat Kamisetty

IPC: H04L45/745 ,  H04L12/46 ,  H04L45/02 ,  H04L45/00 ,  H04L61/2503 ,  H04L101/663

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/566 ,  H04L45/66 ,  H04L61/2503 ,  H04L2101/663

Abstract: Network traffic flows can be processed by routers, switches, or service nodes. Service nodes may be ASICs that can provide the functionality of a switch or a router. Service nodes can be configured in a circular replication chain, thereby providing benefits such as high reliability. The service nodes can implement methods that include receiving a first packet that includes a source address in a source address field and that includes a destination address in a destination address field. The first packet can be routed to a selected service node that is in the replication chain that includes a plurality of service nodes that are configured for chain replication of a service state information. A service node configured for NAT or some other service can use the first packet to produce a translated packet that can be transmitted toward a destination indicated by the destination address.

公开(公告)号：US11883737B2

公开(公告)日：2024-01-30

申请号：US17032263

申请日：2020-09-25

Applicant: QUALCOMM Incorporated

Inventor： Hanyang Wang ,  Ajit Chourasia ,  Zheng Fang

IPC: A63F13/00 ,  A63F13/332 ,  A63F13/45 ,  G06F16/901 ,  A63F13/69 ,  H04L101/663

CPC classification number: A63F13/332 ,  A63F13/45 ,  A63F13/69 ,  G06F16/9017 ,  H04L2101/663

Abstract: Certain aspects of the present disclosure provide techniques for game-state sensitive network interface selection. An example method that may be performed by a user equipment (UE) includes determining a game state based on game state information; determining a suitable network interface based on the determined game state; and switching to the determined suitable network interface if the determined suitable network interface is different from a current network interface.