Patents Assigned to F5, INC.
-
Patent number: 12671708Abstract: A method, non-transitory computer readable medium, device and system intercepts a request for a webpage including a protected resource. The request is sent from a client device to a server device. One or more link tags or other mechanisms corresponding to one or more sub-resources included in the webpage are generated. The webpage is encrypted. An interstitial page is served to the client device that includes an encrypted portion that includes the encrypted webpage, an unencrypted portion that includes the link tags, and instrumentation code that collects telemetry data when executed at the client device. The telemetry data is received from the client device and a threat analysis is performed on the telemetry data. A decryption key is transmitted to the client device in response to determining that the request is allowed, based on the performed threat analysis. The decryption key allows the client device to decrypt the encrypted webpage.Type: GrantFiled: April 29, 2024Date of Patent: June 30, 2026Assignee: F5, Inc.Inventors: Kevin Gibbons, Madhukar Nagaraja Kedlaya, Claire Madison Schlenker, Timothy Disney, Nitish Kishore Khadke
-
Patent number: 12672021Abstract: Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide for efficient overload protection in 5G core networks are illustrated. With this technology, a load at a producer network function (NF) is monitored and in response to determining that the producer NF is overloaded, a plurality of types of network traffic flowing to the overloaded producer NF are monitored. An overloaded network traffic type is identified, which is a type of network traffic flowing to the producer NF that is of an amount that exceeds a first threshold amount above a first baseline amount of network traffic. An overloaded session is identified, which is a session having an amount of the overloaded network traffic type that exceeds a second threshold amount above a second baseline amount of network traffic. A mitigating action to reduce network traffic from the overloaded session is performed.Type: GrantFiled: August 9, 2024Date of Patent: June 30, 2026Assignee: F5, Inc.Inventors: Ravi Sankar Mantha, Sandeep Dasgupta
-
Patent number: 12664175Abstract: Methods, network traffic management apparatuses, non-transitory computer readable media, and systems that optimize transport of unknown and changing unstructured log data in a network environment.Type: GrantFiled: March 18, 2025Date of Patent: June 23, 2026Assignee: F5, Inc.Inventors: Laurent Querel, Kevin W. Baughman, Dmitry M. Kit, Joseph Daniel Baker
-
Patent number: 12665769Abstract: Technology related to authentication using an intermediary is disclosed. In one example, a method for authentication can include intercepting a first authentication response destined for a server. The first authentication response identifies a server authentication service and is digitally signed by an identity service provider. The first authentication response can be authenticated using a cryptographic key of the identity service provider to validate an identity service provider signature included in the first authentication response. In response to validating the identity service provider signature, a second authentication response can be sent to the server that identifies the server authentication service.Type: GrantFiled: August 9, 2019Date of Patent: June 23, 2026Assignee: F5, Inc.Inventors: Michael James Coleman, II, Graham Rein Alderson, Charlie Wilson Lesley, III
-
Patent number: 12652313Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with generating insights with TLS parameters includes receiving a request from a client for establishing a TLS connection to a server. In some examples, the request comprises parameters for the TLS connection. Next, the network traffic manager apparatus determines an identity of the client based on the TLS parameters in the request unique to the client and executes an action based on the TLS parameters which alters a handling of the request.Type: GrantFiled: September 27, 2023Date of Patent: June 9, 2026Assignee: F5, Inc.Inventors: John Ray Clark, Jason R. Adams, Mudit Tyagi, Judge K. Arora
-
Patent number: 12641122Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with generating client-executable actions with TLS parameters includes receiving a request from a client for establishing a TLS connection to a server, wherein the request comprises TLS parameters for the TLS connection. An identity of the client is determined based on the TLS parameters in the request unique to the client. A recommended client-executable action is generated based on the TLS parameters. The recommended client-executable action is an adjustment of a characteristic of a system of the client. The recommended client-executable action is transmitted to the client.Type: GrantFiled: September 27, 2023Date of Patent: May 26, 2026Assignee: F5, Inc.Inventors: John Ray Clark, Jason R. Adams, Mudit Tyagi, Judge K. Arora
-
Patent number: 12627706Abstract: Technologies related to mitigation of volumetric distributed denial of service attacks are disclosed. Malicious network connection request detection can be performed using a first network traffic management module (NTMM) that executes before network connection resources are allocated and a second NTMM that executes after connection resource allocation. The second NTMM can be used to determine whether a connection request is from a potential bad actor. If the request is from a potential bad actor, the second NTMM can add an identifier for the potential bad actor to a list of potential bad actors. When a subsequent connection request is received, the first NTMM can generate the identifier based on the subsequent request and determine whether it is stored in the list of potential bad actors. If it is, the first NTMM can drop the subsequent request before connection resources for establishing the second request are allocated.Type: GrantFiled: November 28, 2023Date of Patent: May 12, 2026Assignee: F5, Inc.Inventors: Vadim Krishtal, Tomer Pasman, Eyal Pery
-
Patent number: 12615162Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with establishing a connection to a server with a certificate includes receiving a request for establishing an encrypted connection and obtaining a certificate responsive to the received request. Next, the network traffic manager apparatus generates a content cache key for the obtained certificate. Next, the network traffic manager apparatus retrieves a data structure in the cache using the generated content cache key for the obtained certificate. The retrieved data structure is generated and stored in the cache during a previous established encrypted connection. The data structure comprises of extracted data from a previous certificate. Then, the network traffic manager apparatus initiates encryptographic operations using the retrieved data structure from the cache.Type: GrantFiled: December 23, 2022Date of Patent: April 28, 2026Assignee: F5, Inc.Inventors: Neha Kochar, Liang Cheng, Saxon C. Amdahl
-
Patent number: 12579301Abstract: Systems and methods for data plane management are disclosed herein. An example method includes deploying a WASM that is embedded in a service routing layer of the service mesh, assigning a security policy to the WASM from a bootstrapping layer of the service mesh, the security policy enabling the WASM to detect patterns in the service mesh data that are indicative of sensitive information, evaluating service mesh data by the WASM with the security policy, and transmitting telemetry to a cloud-based command module when the WASM has detected patterns in the service mesh data.Type: GrantFiled: May 18, 2023Date of Patent: March 17, 2026Assignee: F5, Inc.Inventors: Maxwell Bruce, Issac Roth, Wesley Hales
-
Patent number: 12580869Abstract: Technology related to sending data items via network links in a link aggregate group is disclosed. Data items (such as network packets received via a computer network) can be analyzed to determine whether the data items qualify for a relaxed transmission ordering. If a data item does not qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on contents of the data item (such as by generating a signature or key based on headers of the data item and selecting a network link based on the signature or key). However, if the data item does qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on available capacities of the network links (such as by selecting a network link with a largest available capacity).Type: GrantFiled: November 21, 2022Date of Patent: March 17, 2026Assignee: F5, Inc.Inventors: Zachary York, Jeffrey J. Walker, Timothy S. Michels, C Stuart Johnson
-
Patent number: 12574737Abstract: Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide protection of 5G core networks are illustrated. With this technology, the user plane status can be received from a network repository function indicating whether a user plane restarted. Then the system can determine whether an amount of error messages flowing from the user plane to a gNodeB for a source exceeds a predetermined threshold. In response to determining the amount of error messages exceeds a predetermined threshold and determining that the user plane was not restarted, all messages flowing to the gNodeB for the source can be blocked. Lastly, in response to determining the amount of echo messages from the user plane to the gNodeB is below a second predetermined threshold and that the user plane did not restart, the source can be stored as a bad actor.Type: GrantFiled: September 27, 2023Date of Patent: March 10, 2026Assignee: F5, Inc.Inventors: Ravi Sankar Mantha, Sandeep Dasgupta
-
Patent number: 12568150Abstract: Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide protection of core networks are illustrated. With this technology, the method includes configuring a service communication proxy among a plurality of service communication proxies to receive a request from a network function. In some examples, the network function is one of the plurality of network functions. Next, the service communication proxy can be configured to determine whether a profile of the network function is stored in a common cache and, in response to determining the profile is in the common cache, retrieve the profile to respond to the request. Then, service communication proxy can be configured to select a destination NF based on based on the stored profile of the network function retrieved from the common cache.Type: GrantFiled: December 29, 2023Date of Patent: March 3, 2026Assignee: F5, Inc.Inventors: Gautam Kumar Shukla, Mohammad Asif, Sandeep Dasgupta
-
Patent number: 12563012Abstract: Technology related to resolution of hostname for webtop resource access is disclosed. In one example, a method includes receiving request for accessing one or more resources from the webtop associated with the user. A usage pattern data of the user for the webtop is determined. For the requested resource, hostname pre-resolution data is determined based on the usage pattern data and an access policy before a given resource is requested for access. A response for the resource access request is generated based on the determined hostname pre-resolution data and the access policy. The response for the resource access request comprises an address of at least one corresponding backend server for redirecting the user to access the requested resource.Type: GrantFiled: January 31, 2023Date of Patent: February 24, 2026Assignee: F5, Inc.Inventors: Vijay Kumar Burugu, Rakesh Adhi
-
Patent number: 12524268Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, central management devices, and network traffic management systems that control access to configuration data in a distributed system are illustrated. With this technology, a set of configuration data is stored in a first data structure and a corresponding set of configuration data is stored in a second data structure along with an encrypted digest value that was encrypted using a private key associated with a particular administrator role. The stored configuration data and/or newly received modifications to stored configuration data can be authenticated via a comparison of a digest value calculated using the configuration data compared to the stored encrypted digest value, which is decrypted with a stored public key corresponding to the administrator role.Type: GrantFiled: December 29, 2022Date of Patent: January 13, 2026Assignee: F5, Inc.Inventors: Sanjay Jain, Swapnil Mhatre
-
Patent number: 12526311Abstract: Methods, non-transitory computer readable media, security server devices, and security systems that perform bot detection using machine learning models are illustrated. With this technology, a request for a webpage from a client device to a server device is received. The request has one or more associated logs. A set of features is generated based on the one or more associated logs. The set of features are submitted as an input to a machine learning model. In response to an output of the machine learning model indicating the request for a webpage from the client device was initiated by a bot, the request is denied.Type: GrantFiled: May 17, 2023Date of Patent: January 13, 2026Assignee: F5, Inc.Inventors: Manjunath Suggandahalli Chikkananjappa, Sandeep Pombra
-
Patent number: 12526255Abstract: A computer implemented method of monitoring data output by a server over a network is provided, in which the server is arranged to store data. The method includes analysing, by a computing device, outgoing data from the server sent over the network; filtering, by the computing device, a portion of the outgoing data to determine a remaining portion of the outgoing data; analysing, by the computing device, the remaining portion of the outgoing data to determine the amount of information in the remaining portion of the outgoing data; and performing, by the computing device, a predetermined action if the amount of information in the remaining portion of the outgoing data is over a threshold.Type: GrantFiled: November 13, 2019Date of Patent: January 13, 2026Assignee: F5, Inc.Inventors: Mirit Kagarlitsky, Tal Steinherz
-
Patent number: 12519827Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting a flood attack of a server includes receiving an echo request with a request id for checking connectivity to a server from a source. Next, the method determines whether the request id of the echo request matches a request id of one of a plurality of malicious received requests within a plurality of prior received requests. The comparison of the request ids is conducted to determine whether the request is a legitimate request. Then, the echo request is transmitted to the server when the comparing fails to identify the match. Lastly, an echo response can be sent to the source after sending the echo request to the server.Type: GrantFiled: December 11, 2023Date of Patent: January 6, 2026Assignee: F5, Inc.Inventors: Pradyumana Tirumala, Satyanarayana Esakonu, Sailaja Mandalapati
-
Patent number: 12513180Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.Type: GrantFiled: December 21, 2023Date of Patent: December 30, 2025Assignee: F5, Inc.Inventors: Ron Talmor, Ido Breger, Barak Amar, Guy Nir
-
Patent number: 12512969Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hardware security servers includes receiving a request from a client. The request can comprise of a unique numerical handle and a command for a hardware security server. The unique numerical handle can be generated as a response to a previous request from the client. It can further include searching for a key handle mapped to the unique numerical handle and hardware security server in memory. The method can also include sending the request to the hardware security server with the key handle when the key handle is retrieved from memory during the search and sending a response received from the hardware security server to the client. The response can be received as a result of sending the request to the hardware security server.Type: GrantFiled: December 23, 2022Date of Patent: December 30, 2025Assignee: F5, Inc.Inventors: Liang Cheng, Saxon C. Amdahl
-
Patent number: 12489731Abstract: Methods, non-transitory computer readable media, and network security manager apparatus that assists with enforcing firewall and security policies based on subscriber identification and subscriber class includes receiving network traffic from a plurality of client devices. A unique subscriber identification number and a subscriber class for each of the plurality of client devices is identified. One or more network security policies associated with each of the identified unique subscriber identification number and the subscriber class is obtained. Each of the obtained one or more network security policies is enforced on the corresponding plurality of client devices or a network security manager apparatus.Type: GrantFiled: February 21, 2019Date of Patent: December 2, 2025Assignee: F5, Inc.Inventors: John Howell, Geoffrey Peterson, Ron Talmor, Judge Kennedy Singh Arora