Patents Assigned to F5 Networks, Inc.
  • Patent number: 10581902
    Abstract: A method, non-transitory computer readable medium, security management apparatus, and network traffic management system that monitors received HTTP requests associated with a source IP address to obtain data for one or more signals. A value for one or more bins corresponding to one or more of the signals for individual behavioral histograms and a global behavioral histogram is updated based on the signal data. The individual behavioral histograms each correspond to one of the source IP addresses. A determination is made when a DDoS attack condition is detected. When the determining indicates that the DDoS attack condition is detected, an attack pattern is identified in the global behavioral histogram and a mitigation action is initiated for one of the source IP addresses based on a correlation of one of the individual behavioral histograms, which corresponds to the one of the source IP addresses, to the attack pattern.
    Type: Grant
    Filed: October 18, 2016
    Date of Patent: March 3, 2020
    Assignee: F5 Networks, Inc.
    Inventors: Vadim Krishtal, Peter Finkelshtein, Oran Baruch
  • Patent number: 10567492
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems performing load balancing in a federated identity environment. An enhanced identity service provider server receives a redirected user authentication from a client device. Upon successfully authenticating the user of the client device a token is generated. Further another service provider server is selected based on a comparison of one or more network parameters and the client device is redirected with the token to the another selected service provider server. Based on a validation of the token the client device accesses applications protected by the selected another service provider server.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: February 18, 2020
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Saxon Amdahl
  • Patent number: 10530758
    Abstract: Embodiments are directed towards managing name service communications. A name service device may be arranged to employ a hardware domain name service (DNS) processor to receive a name service query. The hardware DNS processor may perform operations on the name service query. If operations performed by the hardware DNS processor do not resolve the name service query, further operations may be performed. The name service device may be arranged to provide a name service reply that includes the answer to the name service query. And, the name service device may be arranged to send the name service reply back to the hardware DNS processor. Accordingly, the hardware DNS processor on the name service device may send the name service reply that includes at least an answer to the name service query to the requesting computers.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: January 7, 2020
    Assignee: F5 Networks, Inc.
    Inventors: Hao Cai, Paul Imre Szabo, Christopher Ryan Baker, Lisa M. Golden, Robert Andrew Kovalchik, Amit Fridman, Alan Brian Mimms, Itai Druckmann
  • Patent number: 10506072
    Abstract: Passing a reference to a first socket from a first process to a second process within a computing environment includes opening, by the first process, a second socket within the computing environment. The second socket is represented by a file in a first file system of the first process. The first process transmits a reference to the first socket to the second socket. A second file system of the second process is mapped to include the file representing the second socket. The second process reads the reference to the first socket from the file representing the second socket mapped to the second file system. The second process references the first socket using the reference to the first socket read from the file.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: December 10, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Igor Sysoev, Valentin Bartenev, Nikolay Shadrin, Maxim Romanov
  • Patent number: 10505990
    Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with deterministic enforcement of compliance policy includes receiving one or more compliance policy changes. An estimated time to enforce the received one or more compliance policy changes on one or more enrolled mobile devices is identified. It is determined whether the identified estimated time to enforce the received one or more compliance policy changes is acceptable based on one or more stored parameters. The received one or more compliance policy changes on the one or more enrolled mobile devices is enforced when the identified estimated time is determined to be acceptable and updating existing one or more compliancy policies with the received one or more compliance policy changes.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: December 10, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Joel Moses
  • Patent number: 10505818
    Abstract: A method, non-transitory computer readable medium, and health analysis apparatus that monitors network traffic exchanged with a plurality of server devices in a server pool to obtain signal data regarding a plurality of signals associated with the network traffic. A determination is made when there is a sever health anomaly for one or more of the server devices based on an application of a server health prediction model to the signal data. The server health prediction model includes a plurality of predictive health targets each based at least in part on historical signal data for one or more of the signals and having an associated threshold value. A mitigation action is initiated when the determining indicates there is a sever health anomaly for one or more of the server devices.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: December 10, 2019
    Assignee: F5 Networks. Inc.
    Inventors: Shlomo Yona, Maydan Wienreb, Michael Kapelevich, Peter Finkelshtein
  • Patent number: 10505792
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that determine when an event has occurred. The event is defined in an obtained rule and is associated in the rule with a key. The key is attached to a connection associated with received network traffic that triggered the event, when the determining indicates that the event has occurred. The connection is associated with a first layer, the key comprises an input string value or corresponds to a portion of data associated with a second layer associated with the network traffic, and the second layer is different from the first layer. The connection is then monitored to obtain statistics for the connection and store or report the statistics as associated with the key.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: December 10, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Martin Duke, Saxon Amdahl
  • Patent number: 10491632
    Abstract: Methods, non-transitory computer readable media, compliance management apparatuses, and network traffic management systems that execute a compliance check to determine when a mobile device is out of compliance. A number of mobile devices that both are out of compliance based on the violation and share a characteristic with the one mobile device is determined, when the determining indicates that the mobile device is out of compliance. A determination is made when the number of the mobile devices exceeds a threshold. Contact data associated with one or more mobile devices that are in compliance and share the characteristic is obtained, when the determining indicates that the number of mobile devices exceeds the threshold. A notification is automatically sent, using the contact data, to each of the mobile devices that share the characteristic. The notification comprises an indication of the violation and one or more precautions.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: November 26, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Bipin Kumar
  • Patent number: 10476947
    Abstract: A method, non-transitory computer readable medium and apparatus that manages web application servers includes receiving one or more changes to a compliance policy. One or more mobile application changes that is required on one or more mobile application executing on one or more mobile computing devices is determined. Next, an impact on a plurality of web application servers is determined based on the determined one or more mobile application changes and stored monitored data associated with the plurality of web application servers. A notification is provided based on the determined impact on the plurality of web application servers to manage the plurality of web application servers.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: November 12, 2019
    Assignee: F5 Networks, Inc
    Inventor: Ravi Natarajan
  • Patent number: 10469394
    Abstract: A method, non-transitory computer readable medium and device that assist with configuring adaptive rate limit based on server health and statistics includes obtaining server health data and a current response transmission rate associated with one of the plurality of servers. An adaptive rate limit is determined based on the obtained server health data and the current response transmission rate. An actual rate and the determined adaptive rate limit is compared to determine when the actual rate of transmission is greater than the determined adaptive rate limit. A plurality of network data packets is transmitted at the determined adaptive rate limit when the actual rate of transmission is determined to be greater than the determined adaptive rate limit.
    Type: Grant
    Filed: August 1, 2017
    Date of Patent: November 5, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Vadim Krishtal, Peter Finkelshtein
  • Patent number: 10454768
    Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.
    Type: Grant
    Filed: November 15, 2013
    Date of Patent: October 22, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Paul I. Szabo, Gennady Dosovitsky, Ron Talmor, Jeroen de Borst, David A. Hansen
  • Publication number: 20190312841
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment.
    Type: Application
    Filed: November 5, 2018
    Publication date: October 10, 2019
    Applicant: F5 Networks, Inc.
    Inventors: Joel Benjamin Moses, Steven Dabell, William Ross Baumann, Timothy Scott Michels
  • Patent number: 10432652
    Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: October 1, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Shlomo Yona, Ron Talmor, Itsik Mantin, Yaniv Shemesh
  • Patent number: 10432406
    Abstract: Embodiments are directed towards managing network communication. A TMC may be arranged to receive network traffic that includes cipher negotiation information from a client computer. The TMC may receive other network traffic from a server computer that may include server cipher negotiation information. The TMC provides negotiation data that may correspond to the client cipher negotiation information and other negotiation data that may correspond to the server cipher negotiation information. The TMC may store the negotiation data and the other negotiation data in a data store. Then TMC may send the server cipher negotiation information at least the client computer. If a query is received from a query client, the TMC may provide result set information based on the stored the negotiation data and the other negotiation data in the data store. The TMC may send the reporting information based on the result set information to the query client.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: October 1, 2019
    Assignee: F5 Networks, Inc.
    Inventor: Saxon Carl Amdahl
  • Patent number: 10412198
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that generate a duration corresponding to a current one of a plurality of states in a TCP connection. The duration is generated based on a difference between a stored time recorded at a previous transition to the current one of the states and a current time. The duration is stored or output as associated with the current one of the states. The stored time recorded at the previous transition to the current one of the states is then replaced with the current time. A determination is made when one or more TCP configurations should be modified based on the duration for the current one of the states. The one or more TCP configurations are automatically modified to improve TCP performance, when the determining indicates that the one or more TCP configurations should be modified.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: September 10, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Martin Duke, Saxon Amdahl
  • Patent number: 10404698
    Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and enterprise network systems that facilitate adaptive organization of web application access points in webtops are disclosed. With this technology, access points for web applications are more effectively presented in webtops to facilitate more efficient access to web applications by clients. In particular, this technology utilizes historical application access pattern data to determine a subset of allowed web applications most likely to be accessed in a current session, and generates and provides a webtop with access points for web applications organized based on the determined subset of the allowed web applications. Thereby, this technology facilitates adaptive webtops that reduce the amount of time required to locate access points for web applications and improve user productivity.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: September 3, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Konstantin Bredelev
  • Patent number: 10397250
    Abstract: Methods, non-transitory computer readable media, and security management apparatus that retrieves a web page in response to a request for the web page received from a client device. Remote access trojan (RAT) malware detection source code is injected into the web page and the web page is sent to the client device in response to the request. The RAT malware detection client-side source code is configured to, when executed by a web browser of the client device, output an alert when a possible attack is detected based on monitored movement of a mouse pointer, key events, or executing animations. A determination is made when the alert has been received from the client device. A security action is initiated according to an established policy, when the determining indicates that the alert has been received from the client device.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: August 27, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Yaniv Shemesh, Itai Tenenbaum, Hadasa Dorfman
  • Patent number: 10389611
    Abstract: Embodiments are directed to managing communication over a network with traffic management computers (TMCs). If network traffic that is statelessly monitored is selected for stateful monitoring, the TMCs may perform operations to transition from stateless monitoring to stateful monitoring with minimal disruption of users/clients. TMCs may receive the network traffic that include network packets. If the network packets are statelessly monitored by the TMCs one or more stateless network management operations may be performed on the network packets. If the network packets may be statefully monitored the TMCs may perform stateful network management operations on the network packets.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: August 20, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Paul Imre Szabo, Peter Michael Thornewell
  • Patent number: 10375155
    Abstract: Performance of connection flow management between a hardware-based network interface and a software module of a network traffic management device is disclosed. A flow connection setup for a flow connection is established between a client device and a server at the network traffic management device. It is then determined if the flow connection is symmetrical or asymmetrical in nature. A flow signature entry and a transformation data entry for the flow connection is generated, by software executed by the network traffic management device, in opposing first and second symmetric or asymmetric flow directions. The flow signature entry and the transformation data entry for the first and second flow directions is sent from the software module to the network interface. The network interface stores and utilizes the flow signature entry and the transformation data entry to perform acceleration on data packets in the first and second flow directions.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: August 6, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Hao Cai, Qi Lu
  • Patent number: 10348776
    Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with deterministic enforcement of compliance policy includes receiving one or more compliance policy changes. An estimated time to enforce the received one or more compliance policy changes on one or more enrolled mobile devices is identified. It is determined whether the identified estimated time to enforce the received one or more compliance policy changes is acceptable based on one or more stored parameters. The received one or more compliance policy changes on the one or more enrolled mobile devices is enforced when the identified estimated time is determined to be acceptable and updating existing one or more compliancy policies with the received one or more compliance policy changes.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: July 9, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Joel Moses