Patents Assigned to F5 Networks, Inc.
  • Patent number: 11228609
    Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hypertext transfer protocol (HTTP) requests using extended SYN cookie includes establishing a network connection with a client without allocating a plurality of computing resources to the established network connection, in response to aa request to establish a connection from a client. Presence of a digital signature in a first data packet comprising a request for a webpage is determined. The digital signature is compared to a plurality of stored signatures to determine when the client is a nefarious computing device when the determination indicates that the received request includes the signature. The established network connection is terminated with the client without allocating the plurality of computing resources when the comparison indicates the client is the nefarious computing device.
    Type: Grant
    Filed: April 27, 2020
    Date of Patent: January 18, 2022
    Assignees: F5 NETWORKS, INC., F5 NETWORKS (ISRAEL) LTD.
    Inventors: Peter Finkelshtein, Vadim Krishtal
  • Patent number: 11223689
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that facilitates multipath transmission control protocol (MPTCP) based session migration. The primary network traffic management apparatus migrates the MPTCP session state data associated with a client-server pair flow transactions to a secondary traffic management apparatus. The primary traffic management apparatus then disconnects the first connection for the client-server pair flow transactions and the secondary traffic management apparatus establishes a second connection to continue with the processing of client-server pair flow transactions without introducing application faults.
    Type: Grant
    Filed: January 2, 2019
    Date of Patent: January 11, 2022
    Assignee: F5 NETWORKS, INC.
    Inventor: Saxon Amdahl
  • Patent number: 11178150
    Abstract: Methods, non-transitory computer readable media, and access policy manager apparatus that assists with enforcing an access control list based on one or more managed applications includes receiving a request to access a web application from an enrolled mobile device. An access control for the received request is identified based on data associated with the enrolled mobile device and a user using the enrolled mobile device. The identified access control list is enforced on the enrolled mobile device to determine when to provide access to the requested web application. Access to the requested web application is provided to the enrolled mobile device when enforced access control list comprises data to allow the enrolled mobile device access to the requested web application.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: November 16, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Wui Chung Lie, Ravi Natarajan
  • Patent number: 11171943
    Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with adding an online certificate status protocol (OCSP) in conjunction with generated certificates includes receiving a client request to access a website via a TLS connection. A server certificate is generated for the requested website. Next, a proof of validity is generated for the generated server certificate. The generated server certificate and the generated proof of validity of the generated server certificate are provided to a client during a TLS handshake period.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: November 9, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Jeroen de Borst
  • Patent number: 11159490
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: October 26, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Joel Benjamin Moses, Steven Dabell, William Ross Baumann, Timothy Scott Michels
  • Patent number: 11140178
    Abstract: A method and system for collecting information on responses and their interpretation on a client device that requests access to a server. A request to access the server is received. If there was a response by the server for this request, then the response is being intercepted and is being injected with a client side language script to be executed by the requesting client side device. Information is collected at the server side from the execution of the injected client side language script by the client device.
    Type: Grant
    Filed: September 16, 2010
    Date of Patent: October 5, 2021
    Assignee: F5 Networks, Inc.
    Inventors: Shlomo Yona, Ron Talmor
  • Patent number: 11134137
    Abstract: Filter-based request processing includes generating first data corresponding to a request. A first queue node is generated for processing the first data. The first queue node references a first buffer and a filter subroutine. The first buffer references the first data and a completion handler for performing completion tasks associated with the filter subroutine. The first queue node is executed. The executing includes processing the first data using the filter subroutine to generate a second buffer referencing second data. A second queue node is generated that includes the completion handler. The second queue node is executed. The executing includes processing the completion handler to perform the completion tasks. A response is transmitted corresponding to the request. The response includes the second data referenced by the second buffer.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: September 28, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Igor Sysoev, Valentin Bartenev, Nikolay Shadrin, Maxim Romanov
  • Patent number: 11122083
    Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with managing network connections includes obtaining a destination internet protocol (IP) address and a domain name from a received request sent by a client. A determination is made about when the obtained domain name identifies a trusted service and the obtained destination IP address is included in a current host IP address list. The obtained destination IP address is replaced with a new IP address from the current host IP address list when the obtained domain name is determined to be present and the obtained destination IP address is determined to be absent from the current host IP address list. The received request is managed based on one or more network policies, wherein one of the one or more network policies includes providing the client access to the service identified by the obtained domain name hosted at the replaced new IP address.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: September 14, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Mark Quevedo
  • Patent number: 11122067
    Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: September 14, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Shlomo Yona, Ron Talmor, Itsik Mantin, Yaniv Shemesh
  • Patent number: 11122042
    Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with dynamically managing user access control includes receiving a request to access one or more applications from a client. Client data associated with the client and monitored application access traffic data between the client and a server for the one or more applications is obtained. One or more access control checks and an enforcement order is determined based on the obtained client data and the monitored application access traffic data. The determined one or more access control checks is applied on the client in the determined enforcement order. Access to the requested one or more applications are provided when the applied one or more access control checks authenticate the received request.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: September 14, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Ravi Natarajan
  • Patent number: 11108815
    Abstract: Identifying potential network attacks on servers and protecting the servers from those potential attacks until the associated client requests can be confirmed as either legitimate or an actual attack is disclosed. Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associated server.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: August 31, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Ron Talmor, Nir Shahaf, Orna Zackaria
  • Patent number: 11076019
    Abstract: Technology related to scheduling services on a platform including configurable computing resources is disclosed. In one example, a method includes scheduling a first service to execute on a computing node based on an availability of general-purpose computing resources at the computing node. The computing node can be selected from a plurality of computing nodes. Network traffic transiting the computing node can be analyzed during the execution of the first service to determine a hardware accelerator of the computing node is capable of assisting the execution of the first service. The hardware accelerator can be used to assist with the execution of the first service. A second service can be scheduled on the computing node based on the availability of the general-purpose computing resources and the usage of the hardware accelerator on the computing node.
    Type: Grant
    Filed: November 15, 2019
    Date of Patent: July 27, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Hao Cai, William Ross Baumann, Timothy S. Michels, Lars Pierson Friend
  • Patent number: 11075840
    Abstract: Technology related to disaggregating network traffic is disclosed. In one example, a method can include determining whether individual network flows are members within a first subset of the network flows. A second subset of the first subset of network flows can be learned in response to determining a change in a number of servers available to service the network flows. A first network packet can be forwarded to a first server in response to the first network packet being a member of the first subset of network flows and a member of the learned second subset of the first subset of network flows. A second network packet can be forwarded to a second server in response to the second network packet being a member of the first subset of network flows but not a member of the learned second subset of the first subset of network flows.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: July 27, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Wei Qian, William Ross Baumann, Ning Kai Chen
  • Patent number: 11063758
    Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that obtain one or more custom selection rules and one or more custom priority rules via a graphical user interface (GUI). One or more of the custom selection rules are applied to a cipher suite database to generate a result set of cipher suites. The cipher suite database includes a plurality of cipher suite sets. One or more of the custom priority rules are applied to the result set of cipher suites to generate an ordered result set of cipher suites. A cipher string is generated based on the ordered result set of cipher suites. The cipher string is stored in a secure socket layer (SSL) profile to be used during negotiation of secure network sessions.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: July 13, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Saxon Amdahl
  • Patent number: 11044200
    Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with service stitching using a packet header includes identifying a type of service (TOS) or differentiated services code point (DSCP) value in a header field in each of a plurality of received network packets. One or more value added service chains are identified based on the identified TOS or DSCP value. The plurality of network packets are forwarded to a destination after processing each of the plurality of network packets through the identified one or more value added service chains.
    Type: Grant
    Filed: July 8, 2019
    Date of Patent: June 22, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Sumandra Majee
  • Patent number: 11042424
    Abstract: Pipelined request processing using shared memory includes writing, by a first process, data associated with a request and an identifier referencing the data to a shared memory segment. The first process transmits, to a second process, the identifier referencing the data. The second process compares the transmitted identifier to the identifier in the shared memory segment. Responsive to the transmitted identifier matching the identifier in the shared memory segment, the second process updates the identifier in the shared memory segment to indicate that the data has been retrieved by the second process. The comparison and update is performed using an atomic compare-and-swap operation. Using the identifiers prevents race conditions between the different processes in trying to access the data. The second process processes the data to generate a response and transmits the response to the first process.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: June 22, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Igor Sysoev, Valentin Bartenev, Nikolay Shadrin, Maxim Romanov
  • Patent number: 11044350
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that monitor at least one TCP connection. A determination is made when an established configuration for the TCP connection requires modification based on the monitoring. The established configuration corresponds to utilization of Nagle's algorithm for the TCP connection. The established configuration is automatically modified to enable or disable utilization of Nagle's algorithm for the TCP connection, when the determination indicates that the established configuration requires modification. By automatically toggling utilization of Nagle's algorithm for a TCP connection, the TCP connection can advantageously be dynamically optimized with this technology with respect to performance metrics such as latency and bandwidth efficiency.
    Type: Grant
    Filed: February 5, 2019
    Date of Patent: June 22, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Martin Huynh Duke, Nasif Ekiz, Saxon Amdahl, Nicholas Alexander Pulera
  • Patent number: 11038869
    Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with managing a federated identity environment based on application availability includes identifying a current status of one or more applications. Next, a response to a received request is generated based on the identified current status and a status of user authentication, wherein the generated response comprises an access token and a notification message corresponding to the identified current status. The generated response is provided to the client.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: June 15, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Ravi Natarajan, Saxon Amdahl
  • Patent number: RE48725
    Abstract: A method, computer readable medium, and network traffic management apparatus that accesses data in a compressed file system includes obtaining an original write request from a client computing device including at least object data. The object data is compressed into a plurality of compressed blocks. A mapping of each compressed block to a portion of the object data compressed therein is generated, wherein the portion of the object data compressed therein is represented in the mapping by a unique object identifier, a start offset, and a length. The compressed blocks and the mapping are stored in at least one data storage device. At least one data access request for at least a portion of the object data is serviced based on the mapping.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: September 7, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Sumandra Majee, David Hansen
  • Patent number: RE49089
    Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.
    Type: Grant
    Filed: February 7, 2020
    Date of Patent: May 31, 2022
    Assignee: F5 Networks, Inc.
    Inventor: David Mowshowitz