Patents Assigned to Fortinet, Inc.
  • Patent number: 12273708
    Abstract: A station initiates fast BSS transition by a station from the source access point to the target access point. The target access point detects a failure by the Wi-Fi controller to retrieve a PMK-RO key for a requested PMKROName is detected. The PMKROName is parsed from an authentication request of the station. The failure can result in requiring a fresh BSS connection by the station. Responsive to the failure detection, a PMK-RO key is generated in cooperation with the Wi-Fi controller, to prevent requiring the fresh BSS connection. The PMK-R0 key further helps to support fast transition between access points.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: April 8, 2025
    Assignee: Fortinet, Inc.
    Inventor: Ankur Jain
  • Publication number: 20250113254
    Abstract: Real-time statistics of station RU needs are received. Additionally, real-time statistics of access point RU allocation are received. Real-time statistics for stations and access point history are stored. An artificial intelligence (AI) predictive model is generated for each station based on historical traffic needs. AI model to allocate access point RUs for specific stations in real-time.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Shrikant Gambheer Patil, Ruchir Mishra
  • Publication number: 20250113288
    Abstract: Scan reports are received by a Wi-Fi controller from a plurality of access points. Each scan report identifies neighboring BSSIDs with associated BSS-color within radio range and corresponding RSSI measurements. An OBSS can be detected by cross referencing scan reports. BSS color us modified to avoid a potential BSS collision. A station associated the potential BSS collision reports actual color collisions. An indication of the BSS color change is transmitted to one or more access points for local implementation.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Shrikant Gambheer Patil, Ruchir Mishra
  • Publication number: 20250111055
    Abstract: During an initial bootup in a bootloader of an SOC, a random number that is unique to the device is stored in secured storage. During a first bootup, a two-dimensional random key is stored in secure storage for encoding the ENV parameters. During a second (subsequent) bootup, the ENV parameters that are current in unsecured storage are compared against the ENV parameters that previously existed in order to identify a mismatch. A remediation security action can be taken responsive to a mismatch between the baseline digest and a dynamic digest.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Dengxue Yan, Jun Li
  • Publication number: 20250112856
    Abstract: Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are transmitted over a first link and data packets related to the second application over the second link.
    Type: Application
    Filed: March 7, 2024
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Emilio Borbolla Galindo, Juan Ernesto Lopez Silva
  • Publication number: 20250113251
    Abstract: An uplink utilization is monitored for each station connected to an access point over a wireless network, including jitter, latency, and dropped packets. Uplink utilization is monitored for access points that are neighbors to the access point, as determined from neighbor reports. An AI model is generated from monitoring data. When an uplink threshold of the access point has been exceeded at the access point. A new access point is selected from the AI model for at least one of the stations based at least on a least used uplink in addition to RF parameters.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Karthikeyan Balasubramanian, Venkatesh Kannan
  • Publication number: 20250112936
    Abstract: Techniques relate generally to computer networks, and more specifically, for a web browser having a web browser extension for evaluating web requests using internal coordination to make asynchronous information synchronously available, prior to dispatching the web requests.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Jeremy Allen Wildsmith, Mounir Elgharabawy
  • Publication number: 20250112905
    Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: David Allen Redberg, Yannick Dubuc
  • Publication number: 20250112954
    Abstract: Native Browser Isolation (NBI) distributes resource requirements over the network of clients that will be hosting a web browser. This works over the assumption that modern machines have the spare resources to run an isolated browser environment themselves, thus, not requiring a central mainframe to run the browser isolation (BI) system. The framework will provide means to run the browser in a separate environment from the host OS, provide graphic rendering for the isolated environment, as well as a mean to display the isolated graphics to the user as if it was a native application of the host OS.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventor: Karel Chanivecky Garcia
  • Publication number: 20250112850
    Abstract: A processor has hardware acceleration enabled during passive link quality measurement. The processor comprises a forwarding engine to passively gather link quality details from existing network sessions concerning a plurality of links. The link quality details comprise latency, jitter and packet loss. An SD-WAN path selection module identifies a link from the plurality of links for data packets of a current session using the link quality details.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Juan Ruiz Sanchez, Jorge Garcia Alvarez
  • Patent number: 12267365
    Abstract: A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: April 1, 2025
    Assignee: Fortinet, Inc.
    Inventor: Sérgio Henrique Marcelino Castro da Rosa
  • Patent number: 12267345
    Abstract: Using user feedback for attack path analysis in an anomaly detection framework, including: performing an attack path analysis for a cloud deployment; receiving, from a user, user feedback for an attack vector of the attack path analysis; and initiating, based on the user feedback, a workflow for modifying one or more parameters for generating the attack path analysis.
    Type: Grant
    Filed: May 24, 2023
    Date of Patent: April 1, 2025
    Assignee: Fortinet, Inc.
    Inventors: Úlfar Erlingsson, Jay Parikh, Yijou Chen
  • Publication number: 20250106737
    Abstract: A Wi-Fi controller receives notification of a probe request of a station that was received from each at least two of the at least two of the two or more Wi-Fi 7 access points of a multiple access point coordination group. The probe requests are each sourced from the station while within the at least partially overlapped radio signal coverage area. The Wi-Fi controller selects one of the at least two of the two or more access points to respond to the probe request with a probe response with a single probe response to the station, in response to the multiple probe requests, by notifying the selected access point to send the single probe response including an RNR (reduced neighbor report) data providing connection information for the at least two access points. The other of the at least two Wi-Fi 7 access points refrain from sending additional probe responses to the station.
    Type: Application
    Filed: September 27, 2023
    Publication date: March 27, 2025
    Applicant: Fortinet, Inc.
    Inventor: Vijayakumar Vellaichamy
  • Publication number: 20250103703
    Abstract: Systems, devices, and methods are disclosed that may be used for identifying potential insider attacks on a computer network.
    Type: Application
    Filed: December 5, 2024
    Publication date: March 27, 2025
    Applicant: Fortinet, Inc.
    Inventor: Sameer Khanna
  • Publication number: 20250106307
    Abstract: A method is disclosed. The method comprises receiving data for a virtual private cloud (VPC), receiving, via a graphical user interface (GUI), a request to access the VPC data and displaying, at the GUI, a resource page providing a filter view of VPC resources including in the VPC data.
    Type: Application
    Filed: September 24, 2024
    Publication date: March 27, 2025
    Applicant: Fortinet, Inc.
    Inventors: Yifeng Wang, Urmila V. Kashyap, Jayati Ambekar, Alexandra Christensen, Joshua L. Vertes, Lindsey A. Poli, Liwei Dai, Matthew M. Park, Yizhou Guo, Sowmya A. Karmali, Yijou Chen
  • Patent number: 12261875
    Abstract: Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.
    Type: Grant
    Filed: March 29, 2024
    Date of Patent: March 25, 2025
    Assignee: Fortinet, Inc.
    Inventors: Rajiv Sreedhar, Manuel Nedbal, Manoj Ahluwalia, Latha Krishnamurthi, Rajeshwari Rao, Damodar K. Hegde, Jitendra B. Gaitonde, Dave Karp, Mark Lubeck
  • Patent number: 12261866
    Abstract: Time series anomaly detection, including: gathering data associated with a particular event type and a particular user; generating, based on the data, a time series analysis; detecting an anomaly based on the time series analysis; and generating information describing the anomaly.
    Type: Grant
    Filed: August 10, 2022
    Date of Patent: March 25, 2025
    Assignee: Fortinet, Inc.
    Inventors: Ting-Fang Yen, Isha Singhal, Andrew D. Twigg, Yijou Chen
  • Publication number: 20250097711
    Abstract: A rogue Wi-Fi 6E access points are identified by on-wire data traffic of authorized Wi-Fi 6E access points. Data traffic is monitored across all access points for the rogue Wi-Fi 6E access points according to an SSID/BSSID scan table. In response, modified CSA values are sent from spoofed action frames that have a source BSSID of the rogue access points rather than the authenticated access point that transmits.
    Type: Application
    Filed: September 30, 2024
    Publication date: March 20, 2025
    Applicant: Fortinet, Inc.
    Inventors: Ruchir Mishra, Shrikant Gambheer Patil
  • Publication number: 20250097155
    Abstract: Responsive to matching a site prefix to IPV6 network traffic from clients, the traffic as intended, and responsive to not matching the site prefix, classifying the corresponding traffic as unintended. An initial rate of packet occurrence and predict load caused by intended traffic and predicting load caused by unintended traffic is calculated, based on an initial rate of packet occurrence. The predicted traffic loads are fed back by configuring behavior of network modules according to the predictions of intended traffic load and unintended traffic load. Packet processing traffic at the network modules is based on traffic classification from the outcome of the AI-neuron.
    Type: Application
    Filed: September 26, 2024
    Publication date: March 20, 2025
    Applicant: Fortinet, Inc.
    Inventor: Srinivasa Subbarao Neeli
  • Publication number: 20250097210
    Abstract: The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is subsequently detected at a second IP address on the wireless network. The new IP address can be responsive to a transition by the specific endpoint from the wired network to the wireless network, or visa versa. The detection is based on matching a DHCP fingerprint of the specific endpoint to a record of the SSO unification database, and checked to see if the IP addresses are consistent. An SSO authentication transaction is performed to reauthenticate the specific endpoint.
    Type: Application
    Filed: December 3, 2024
    Publication date: March 20, 2025
    Applicant: Fortinet, Inc.
    Inventors: Jaume Cervello, Jordi Garcia Alvarez