Patents Assigned to F5 Networks, Inc.
  • Patent number: 10348776
    Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with deterministic enforcement of compliance policy includes receiving one or more compliance policy changes. An estimated time to enforce the received one or more compliance policy changes on one or more enrolled mobile devices is identified. It is determined whether the identified estimated time to enforce the received one or more compliance policy changes is acceptable based on one or more stored parameters. The received one or more compliance policy changes on the one or more enrolled mobile devices is enforced when the identified estimated time is determined to be acceptable and updating existing one or more compliancy policies with the received one or more compliance policy changes.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: July 9, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Joel Moses
  • Patent number: 10326700
    Abstract: Embodiments are directed towards managing name service communications using traffic management computers (TMCs). TMCs may extract values from a name service reply received from one or more name service computers. TMCs may provide a name service key based on the values extracted from the name service reply. Accordingly, if a new flow may be detected further actions may be performed, including: TMCs may extract values from a network packet associated with the new flow; TMCs may provide a flow key based on one or more values from one or more fields of a network packet associated with the new flow; TMCs may compare the flow key to one or more name service keys; and if the comparison may be affirmative, TMCs may apply one or more traffic management policies associated with the affirmative comparison.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: June 18, 2019
    Assignee: F5 Networks, Inc.
    Inventor: Christian Josef Koenning
  • Patent number: 10320784
    Abstract: Methods, non-transitory computer readable media, and security management computing devices are disclosed herein. With this technology, an executable code is sent to a client. The executable code is configured to obtain information associated with the client, assemble the information into a fingerprint, and return the fingerprint. A determination is made when the fingerprint is returned from the client. When the determining indicates that the fingerprint has been returned, a determination is made when a record of a reputation database matches the fingerprint. Historical data in the record is updated to include information associated with the request and an action is initiated based on the historical data or other data included in the record. The action includes blocking an access request or providing access to a requested resource to the client, when the determining indicates that the record of the reputation database matches the fingerprint.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: June 11, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ron Talmor, Yaniv Shemesh
  • Patent number: 10296653
    Abstract: A system for accelerating web page loading in a user client is provided. The system includes computing platform being in communication with the user client and being configured for changing object delivery/loading order or object rendering at the web browser, or bundling the objects into one or more bundles according to object use and change frequency.
    Type: Grant
    Filed: September 6, 2011
    Date of Patent: May 21, 2019
    Assignee: F5 Networks, Inc.
    Inventor: Yaniv Shemesh
  • Patent number: 10298653
    Abstract: A method, non-transitory computer readable medium, and application management computing device that obtains a segment of streaming video content from a server device in response to a request for the segment received from a client device. One or more static or dynamic parameter values associated with the streaming video content are determined. A segment quality of experience (QOE) score is generated for the segment based on one or more of the static or dynamic parameter values. A session identifier is extracted from the request or from a response from the server device that includes the segment. A video QOE score is generated for the streaming video content based on the segment QOE score and another segment QOE score for another segment of the streaming video content retrieved from a record of a session database associated with the session identifier. The video QOE score is output.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: May 21, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Liang Cheng, Sumandra Majee, Saxon Amdahl
  • Publication number: 20190141061
    Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste
    Type: Application
    Filed: November 5, 2018
    Publication date: May 9, 2019
    Applicant: F5 Networks, Inc.
    Inventors: Vadim Krishtal, Maor Moshe Goan, Peter Finkelshtein
  • Patent number: 10270792
    Abstract: Methods, non-transitory computer readable media, security management apparatuses, and network traffic management systems that send a web page to a client device in response to a received request for a web resource. The web page comprises injected capability analysis client-side code that is configured to obtain and return capability data for a web browser identified in a user agent header of the request. A response comprising the returned capability data is received and the returned capability data is compared with expected capability data for the web browser identified in the user agent header of the request. A score is generated based at least in part on the comparison and a determination is made when the score exceeds an established threshold. The web resource is retrieved and provided to the client device, when the determining indicates that the score exceeds the established threshold.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: April 23, 2019
    Assignee: F5 Networks, Inc.
    Inventor: Yaniv Shemesh
  • Patent number: 10257156
    Abstract: Embodiments are directed towards overprovisioning IP addresses among a plurality of traffic management devices (TMDs). A plurality of IP addresses may be distributed among a plurality of available TMDs. A corresponding mirror TMD may be determined for each IP address. The corresponding mirror TMD for an IP address may be different than the available TMD currently associated with the IP address. In various embodiments, connections associated with each IP address may be mirrored at their corresponding mirror TMDs. The available TMDs may be employed to perform traffic management tasks on received packets based on at least a destination IP address of the received packets and the IP addresses associated with the available TMDs. If a TMD becomes unavailable, the IP addresses associated with the unavailable TMD may be redistributed to at least one remaining available TMD.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: April 9, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Antonio Torzillo, James Arthur Thomson, Paul I. Szabo, William Ross Baumann
  • Patent number: 10230566
    Abstract: A system, medium and method for dynamically constructing a service principal name is disclosed. A client request from a user to access a service is received at a network traffic management device which identifies an internet protocol (IP) address of a selected backend server to provide the requested service to the client. The network traffic management device identifies a hostname of the selected backend server based at least on the identified IP address and dynamically generates a service principal name (SPN) of the selected backend server based on the determined host name. The network traffic management device obtains a service ticket from a domain controller server using at least the generated SPN of the selected backend server. The network traffic management device uses the obtained service ticket along with the client request to provide the user access to the selected backend server for the client request.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: March 12, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Amit Jain, Konstantin Martynenko, Jeff Costlow, David Holmes
  • Patent number: 10187317
    Abstract: A method, non-transitory computer readable medium, and traffic management computing device that allocates a subset of tokens to active subscribers based on an estimated number of subscribers that will be active in a next sampling period. A request to transmit a first packet is received from one of the active subscribers. A determination is made when a current time is prior to an expiration of the allocated subset of the tokens. Another determination is made when a length of the first packet is less than a size corresponding to an available portion of the allocated subset of the tokens when the current time is determined to be prior to the expiration of the allocated subset of the tokens. The first packet is transmitted when the length of the first packet is determined to be less than a size corresponding to an available portion of the allocated subset of the tokens.
    Type: Grant
    Filed: November 17, 2014
    Date of Patent: January 22, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Saxon Amdahl, Sumandra Majee, Rajendra Shukla
  • Patent number: 10182013
    Abstract: A method, non-transitory computer readable medium and an application management computing device that assists with progressive image delivery includes obtaining one or more webpages requested by a client computing device. One or more images are identified in the obtained one or more webpages. The identified one or more images are prioritized based on a position of each of the identified one or more images in the obtained one or more webpages. The prioritized one or more images are progressively delivered to the requesting client computing device. By progressively delivering images over multiple passes, the technology is able to quickly convert the low quality images initially provided to high quality images. Additionally, by converting the low quality images to high quality images over multiple passes, the technology utilizes very less bandwidth thereby providing the requested content to the requesting one of the plurality of client computing devices quickly.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: January 15, 2019
    Assignee: F5 Networks, Inc.
    Inventor: Saxon Amdahl
  • Patent number: 10171503
    Abstract: A method, non-transitory computer readable medium and device that assists with scaling infrastructure in a mobile application environment obtaining a number of mobile application installations of a mobile application on a plurality of mobile devices. A number of mobile application installations corresponds with a number of backend enterprise web applications online on one or more web applications servers is determined where the backend enterprise web applications are associated with the mobile application. The number of backend enterprise web applications online on the one or more web application servers is modified when the determining indicates the number of mobile application installations does not correspond with the number of backend enterprise web applications.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: January 1, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Saxon Amdahl
  • Patent number: 10157280
    Abstract: The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.
    Type: Grant
    Filed: September 23, 2009
    Date of Patent: December 18, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Idan Amir, Eyal Gruner, Boaz Zilber
  • Publication number: 20180359312
    Abstract: Network traffic management systems, apparatuses, and methods involving a load balancer, responsive to a processor operable by the set of executable instructions storable in relation to a memory device, configured to: monitor computing-traffic for each Cloud provider of a plurality of Cloud providers to determine a traffic profile for each Cloud provider of the plurality of Cloud providers; access a first network application programming interface exposed by a first Cloud provider of the plurality of Cloud providers to identify a first pricing profile, the first pricing profile associated with the first Cloud provider; access a second network application programming interface exposed by a second Cloud provider of the plurality of Cloud providers to identify a second pricing profile, the second pricing profile associated with the second Cloud provider; and compare the first pricing profile with the second pricing profile to influence a load balancing decision, whereby a pricing profile comparison is providable.
    Type: Application
    Filed: June 8, 2018
    Publication date: December 13, 2018
    Applicant: F5 Networks, Inc.
    Inventors: Steve Dabell, Tim Michels, Tom Troksa
  • Patent number: 10142306
    Abstract: A method, non-transitory computer readable medium and device that assists providing a secure channel includes selecting a client-server key from a plurality of client-server keys based on an IP address of a client computing device and a time of receiving a request from the client computing device wherein the selecting further includes identifying an index value associated with the selected client-server key. Next, a context signature is generated based on the IP address of the client computing device, the time of receiving the request from the client computing device and the index value associated with the selected client-server key. Next, the generated context signature is encrypted using a stored private key. A secure channel is provided by preparing and sending a response including the selected client-server key and the encrypted context signature back to the client computing device.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: November 27, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Yaniv Shemesh, David Stav
  • Patent number: 10142241
    Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that receives a response to a ping message from a server device in a server pool and determines a current latency value based on a time difference between when the ping message was sent to the server device and when the response to the ping message was received. A determination is made when the current latency value exceeds an adaptive threshold latency value. The adaptive threshold latency value is based on an average historical latency value and an established threshold factor value. A deficient response value is incremented and a determination is made when the deficient response value exceeds a deficiency threshold value, when the determining indicates that the current latency value exceeds the adaptive threshold latency value. A mitigation action is initiated when the determining indicates that the deficient response value exceeds the deficiency threshold value.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: November 27, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Michael Lee VanLoon, Rachel Gilam Cheng
  • Patent number: 10135736
    Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.
    Type: Grant
    Filed: March 10, 2014
    Date of Patent: November 20, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Arindum Mukerji
  • Patent number: 10135831
    Abstract: A system and method for handling a request from a client device to access a service from a server. The method comprises receiving a request from a user using a client device to access a service from a server. The request is received by a network traffic management device having a local external access management (EAM) agent. The EAM agent directly communicates with an EAM server that provides authentication policy information of a plurality of users able to at least partially access the server. User credential information is sent from the EAM agent to the EAM server, whereby the EAM agent receives access policy information of the user from the EAM server. The system and method selectively controls access of the user's request to the server in accordance with the received access policy information at the network traffic management device.
    Type: Grant
    Filed: June 21, 2011
    Date of Patent: November 20, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Dennis Zhou, Amit Jain
  • Patent number: 10129277
    Abstract: A method, non-transitory computer readable medium, and anomaly detection apparatus that monitors network traffic exchanged with a plurality of client devices and a plurality of server devices to obtain client-side signal data for a plurality of client-side signals and server-side signal data for a plurality of server-side signals. A determination is made when a server health anomaly or a network traffic anomaly is a false positive based at least in part on a comparison of at least a portion of the client-side signal data or at least a portion of the server-side signal data to a historical scoreboard database comprising historical data regarding one or more historical network traffic or server health anomalies. A mitigation action is initiated when the determining indicates that one or more of the server health anomaly or network traffic anomaly is not a false positive.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: November 13, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Sergei Edelstein, Shlomo Yona
  • Patent number: 10122630
    Abstract: Methods, non-transitory computer readable media, and traffic manager computing devices that forward a request to resolve a domain name from a client device to a Domain Name System (DNS) server device and a response from the DNS server device including an original Internet Protocol (IP) address corresponding to the domain name to the client device. Content is retrieved from a location associated with the domain name in response to a request for the content received from the client device. Classification information comprising at least a type of the retrieved content is determined. The retrieved content is sent to the client device in response to the request for the content. A determination is made when a confidence threshold has been exceeded based on the classification information. A steering endpoint IP address is sent to the DNS server device, when the determining indicates that the confidence threshold has been exceeded.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: November 6, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Christian Koenning, Ian Smith, David Hansen