Patents Assigned to F5, INC.
-
Patent number: 11539740Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.Type: GrantFiled: February 4, 2019Date of Patent: December 27, 2022Assignee: F5, INC.Inventors: Peter Finkelshtein, Vadim Krishtal
-
Patent number: 11537716Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting changes to a firmware software components, and configuration parameters includes obtaining an executable file comprising a basic input-output system firmware and software component data of a hardware component at run-time. A hash value for the obtained executable file at the run-time is identified. The identified hash value is compared with a stored hash value associated with the obtained executable file to determine when the obtained executable file is unmodified, wherein the stored hash value was determined at a build time of the hardware component. The obtained executable file of the hardware component is executed when the obtained executable file is determined to be unmodified.Type: GrantFiled: November 13, 2019Date of Patent: December 27, 2022Assignee: F5, Inc.Inventors: Sanjay Choudhary, Jason Thomas Shriver, John Morris Hall
-
Patent number: 11537425Abstract: Technology related to application deployment across network devices including smart network interface cards. In one example, a method includes distributing an application across a plurality of locally connected computing subdomains. The subdomains can include a mixture of general and special purpose computing subdomains, such as for example, a main computer and an associated smart network interface devices or systems, such as for example a smart network interface card (NIC). The subdomains can each run hypervisors that are bridged to allow a single virtual machine to operate across the subdomains. The application can include multiple portions. For example, an application can be split by different functionalities. The application portions can be tagged to indicate which subdomain they are to be executed within. If the chosen subdomain has available the requisite resources, the application can be detached and distributed to the chosen subdomain.Type: GrantFiled: December 7, 2021Date of Patent: December 27, 2022Assignee: F5, Inc.Inventors: Timothy Worsley, Timothy S. Michels, Joel Benjamin Moses
-
Patent number: 11496438Abstract: Methods, non-transitory computer readable media, application delivery controller (ADC) apparatuses, and network traffic management systems that receive a request including an Internet Protocol (IP) version 6 (IPv6) source address and an IPv6 destination address. A client IP version 4 (IPv4) address of a client from which the request originated and a server IPv4 address of a server are determined from one or more extracted portions of one or more of the IPv6 source address or the IPv6 destination address. The request is modified to include an IPv4 source address and an IPv4 destination address. The IPv4 source address and the IPv4 destination address include the client IPv4 address and the server IPv4 address, respectively. The modified request is sent to the server based on the server IPv4 address included in the IPv4 destination address of the modified request.Type: GrantFiled: September 29, 2017Date of Patent: November 8, 2022Assignee: F5, Inc.Inventor: Kenneth Bocchino
-
Patent number: 11469976Abstract: A method for cloud-based, control-plane-event monitoring includes receiving control-plane events from a cloud-based element associated with a first and a second cloud environment. The received control-plane events are ingested from the cloud-based elements associated with the first and second cloud environments to generate a multiple-source data set from the control-plane events from the cloud-based elements associated with the first and second cloud environments. The multiple-source data set is then evaluated based on attributes of the first and second cloud environments in order to generate a common event data set. The common event data set is then processed using a rule set to generate an outcome.Type: GrantFiled: February 15, 2021Date of Patent: October 11, 2022Assignee: F5, Inc.Inventors: Joe Baker, Ryan Plessner, Dan Weiss, Nick Goodwin, Laura Haiduck, Daniel Kirsch
-
Patent number: 11457095Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.Type: GrantFiled: June 30, 2020Date of Patent: September 27, 2022Assignee: F5, Inc.Inventors: Peter Michael Thornewell, John Francis Tavares, Robert Andrew Kovalchik
-
Patent number: 11444931Abstract: Technology related to managing name server data is disclosed. In one example, a method includes receiving a first request for data from a name server service. In response to determining that a locally stored version of the requested data is unreliable, a second request can be sent to a second service. The second service can be different from the name server service. A response from the second service can be authenticated. In response to authenticating the response from the second service, the locally stored version of the requested data can be returned to a client.Type: GrantFiled: June 24, 2020Date of Patent: September 13, 2022Assignee: F5, Inc.Inventor: Mark Ernest Quevedo
-
Patent number: 11444882Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that monitor one or more messages generated by an application or one or more characteristics of one or more transmission control protocol (TCP) connections with a destination device or a source device. A determination is made when a first TCP push flag should be set for a first packet associated with data based on the monitoring. The data is provided by the application. The first TCP push flag for the first packet is set prior to the first packet being sent to the destination device via a first one of the TCP connections, based on the determination that the first TCP push flag should be set for the first packet. Accordingly, this technology more effectively manages TCP push functionality to reduce acknowledgement messages (ACKs) and thereby improve network bandwidth and device resource utilization.Type: GrantFiled: March 30, 2020Date of Patent: September 13, 2022Assignee: F5, Inc.Inventors: Nasif Ekiz, Martin Duke, Akihiko Maruse, Aniket Dhobe
-
Patent number: 11394703Abstract: Methods, non-transitory computer readable media, secure proxy apparatuses, and network security systems that authenticate a user in response to a request to access a web application received from a client. The authenticated user is validated as authorized to access the web application. Security attribute data is then obtained for the user subsequent to the validation. The access request is forwarded to an internal application server hosting the web application and an authentication request is received in response to the forwarded access request. An SSO token is subsequently generated based on the obtained security attribute data. The generated SSO token is sent to the internal application server to facilitate access to the web application by the user.Type: GrantFiled: February 7, 2020Date of Patent: July 19, 2022Assignee: F5, Inc.Inventors: Ravi Natarajan, Siarhei Miadzvezhanka
-
Patent number: 11350254Abstract: A method, non-transitory computer readable medium, and mobile application manager computing device that determines a priority level for a mobile device requiring a compliance check based on characteristic data associated with, or an identified user of, the mobile device. An entry comprising identifying data for the mobile device is inserted into a processing queue associated with the priority level. A determination is made when each of the processing queues associated with a higher priority level than the one priority level is empty. The entry is retrieved from the processing queue, the compliance check is performed on the mobile device, and a status of the mobile device is marked as out-of-compliance or in-compliance based on a result of the compliance check, when the determining indicates each of the processing queues associated with a higher one of the priority levels than the one priority level determined for the mobile device is empty.Type: GrantFiled: May 5, 2016Date of Patent: May 31, 2022Assignee: F5, Inc.Inventors: Ravi Natarajan, Bipin Kumar, Sergey Bimatov
-
Patent number: 11349981Abstract: The technology discloses intercepting a request to initiate a call configured to utilize one of plurality of call initiation techniques. Next, it is determined when the one of the call initiation techniques in the intercepted request is in a subset of the plurality of call initiation techniques configured to integrate at least a part of media control negotiation and call establishment. One or more fields of the intercepted request is modified to disable the one of the plurality of call initiation techniques that is configured to integrate at least a part of media control negotiation and call establishment when the determination indicates the one of the plurality of call initiation techniques is in the subset. A permission is provided to the first mobile device to initiate the call with the second mobile device using a sequential call establishment and media control negotiation technique.Type: GrantFiled: October 29, 2020Date of Patent: May 31, 2022Assignee: F5, Inc.Inventors: Nat Thirasuttakorn, Daniel Wright
-
Patent number: 11349816Abstract: Programs written in interpreted languages, such as JavaScript, are distributed in source form, which is helpful to attackers so that they can more easily derive the purposes and effects of a program. As discussed herein, a program's high-level code may be effectively obfuscated by transforming the program's code from its high-level programming language to low-level processor-specific language, such as x86 instructions for x86 processors, JVM bytecode for JVMs, or proprietary opcodes for a corresponding proprietary processor or interpreter. Additional obfuscation techniques can be applied the program's low-level processor-specific code.Type: GrantFiled: December 1, 2017Date of Patent: May 31, 2022Assignee: F5, Inc.Inventors: Kevin Gibbons, Tim Disney, Michael J. Ficarra
-
Patent number: 11343237Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing a federated identity environment includes performing one or more first access control checks on a client upon receiving a request to access one or more web applications. A new signature including data associated with the performed one or more access control checks is generated. Next, the client is redirected to a first server with the generated signature to determine when to authorize the client to access the requested one or more web applications. The client is granted access to the requested one or more web applications when the client is determined to be authorized to access the requested one or more web applications based on one or more second access control checks enforced on the client using the generated signature, and wherein data associated with the enforced one or more second access control checks is included in a response signature.Type: GrantFiled: March 30, 2018Date of Patent: May 24, 2022Assignee: F5, Inc.Inventors: Ravi Natarajan, Wui Chung Lie, Bipin Kumar, Gauravsingh Khatri, Deepali Shah
-
Patent number: 11329992Abstract: Techniques are provided for security measures for extended sessions. Request data for a request is received from a client computing device to a web server system. The request comprises a session identifier (ID) for a session between an authenticated user and the web server system. It is determined, based on the request data, that the client computing device is a single-user device. It is determined, based on the request data, that the client computing device is not compromised. In response to determining that the client computing device is a single-user device and that the client computing device is not compromised, extension of the session between the authenticated user on the client computing device and the web server system is caused.Type: GrantFiled: October 16, 2019Date of Patent: May 10, 2022Assignee: F5, Inc.Inventors: Mengmeng Chen, Sumit Agarwal, Yao Zhou
-
Patent number: 11329999Abstract: Techniques are provided for determining environment parameter values based on rendered emoji analysis, A server computer provides a first set of code that, when executed by a browser application at a client computing device, renders a set of emoji at the client computing device, generates a set of rendered graphic data for the set of emoji at the client computing device, and transmits the set of rendered graphic data for each emoji of the set of emoji from the client computing device to the server computer. The server computer receives the rendered graphic data generated at the client computing device, Based on the set of rendered graphic data for the set of emoji generated at the client computing device, the server computer determines a set values for one or more environment parameters of the client computing device.Type: GrantFiled: November 15, 2018Date of Patent: May 10, 2022Assignee: F5, Inc.Inventors: Kevin Gibbons, Michael Ficarra
-
Patent number: 11308219Abstract: A method for multi-source cloud-infrastructure vulnerability management includes receiving cloud-element information related to a cloud-based element in a cloud environment. The method also includes receiving first vulnerability information from a first vulnerability source and receiving second vulnerability information from a second vulnerability source. Cloud-element context information is also received about the cloud-based element from the cloud environment. A multiple-source vulnerability database is then generated from both the first vulnerability information and from the second vulnerability information. The cloud-element information and the cloud-element context information are then evaluated using the multiple-source vulnerability database to generate a vulnerability assessment.Type: GrantFiled: July 19, 2019Date of Patent: April 19, 2022Assignee: F5, Inc.Inventors: Lucas DuBois, Joseph Baker, Charles Hoang
-
Patent number: 11283822Abstract: A cloud-based operating-system-event and data-access monitoring method includes collecting event information from a monitored cloud-based element. One or more structured event payloads based on the event information is then generated. The structured event payloads that produce one or more validated event collections are then validated. The one or more validated event collections are then serialized and filtered to remove redundant structured event payload data. The filtered validated structured event payloads are then de-serialized to produce a time-sequenced, ordered event stream. The time-sequenced, ordered event stream is de-duplicated to remove duplicate structured event payloads. The time-sequenced ordered event stream is then processed to generate processed information security results.Type: GrantFiled: August 31, 2020Date of Patent: March 22, 2022Assignee: F5, Inc.Inventors: Christopher Gervais, Sean T. Reed, Nicholas S. Goodwin, Joseph D. Baker, Samuel Bisbee-vonKaufmann, Nathan D. Cooprider, David C. Hagman, Lucas M. Dubois, Jennifer A. Andre
-
Patent number: 11249923Abstract: Data is dynamically shared from a first process to a second process by creating a shared memory segment, obtaining a file descriptor referencing the shared memory segment, and mapping the shared memory segment in an address space of a first process. The file descriptor is sent to a second process. Responsive to receiving the file descriptor, the shared memory segment is mapped in an address space of the second process. Via the shared memory segment, data from the first process is shared to the second process.Type: GrantFiled: October 14, 2019Date of Patent: February 15, 2022Assignee: F5, INC.Inventors: Igor Sysoev, Valentin Bartenev, Nikolay Shadrin, Maxim Romanov