Patents by Inventor David D. Schmitt
David D. Schmitt has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10958625Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.Type: GrantFiled: March 6, 2019Date of Patent: March 23, 2021Assignee: F5 Networks, Inc.Inventors: Peter M. Thornewell, David D. Schmitt, Alan Mimms, Saxon Amdahl, Bill Baumann
-
Patent number: 9742806Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third -party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.Type: GrantFiled: June 30, 2014Date of Patent: August 22, 2017Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
-
Patent number: 9209990Abstract: A method and system is directed to routing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and forwards the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When forwarding packets, a traffic management device is selected from the group of traffic management devices by employing a hash of an IP address and port number. The IP address and port number are selected from source or destination information in the packet that has a greater port number. When the traffic management device performs a network address translation, further actions may be performed so that packets that are part of a flow between two network devices are delivered to the same traffic management device.Type: GrantFiled: March 12, 2010Date of Patent: December 8, 2015Assignee: F5 Networks, Inc.Inventors: Paul Szabo, David D. Schmitt, Ning X. Li
-
Patent number: 9154424Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.Type: GrantFiled: September 5, 2013Date of Patent: October 6, 2015Assignee: F5 Networks, Inc.Inventors: Paul I. Szabo, Greg W. Davis, David D. Schmitt, Alan B. Mimms, Richard Roderick Masters
-
Patent number: 8850223Abstract: An inventive apparatus that integrates the operation of a hard disk emulator and a cryptographic accelerator on a single blade server card. An application with cryptographic operations can off load computationally intensive calculations to the cryptographic accelerator so that the speed at which the application performs actions can be increased significantly. Typically, the hard disk emulator is a flash memory component and the accelerator can perform at least modular exponentiation calculations. One bus is employed for communication between the hard disk emulator and the accelerator. Another bus is employed to communicate with other resources off the card. Often, the card is configured to operate as one of a several blade servers in a chassis.Type: GrantFiled: December 20, 2002Date of Patent: September 30, 2014Assignee: F5 Networks, Inc.Inventors: Brett Helsel, Ryan C. Kearny, Greg Davis, David D. Schmitt
-
Patent number: 8782393Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third-party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key for the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.Type: GrantFiled: May 26, 2006Date of Patent: July 15, 2014Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, Arindum Mukerji, David D. Schmitt, John R. Hughes
-
Patent number: 8553542Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.Type: GrantFiled: July 12, 2011Date of Patent: October 8, 2013Assignee: FS Networks, Inc.Inventors: Paul I. Szabo, Greg W. Davis, David D. Schmitt, Alan B. Mimms, Richard Roderick Masters
-
Patent number: 8516156Abstract: A method, system, and apparatus are directed towards compression of content over a network. The content may include content length information, such as within a header. In one embodiment, a portion of the content may be compressed to approximately fill a buffer of a predefined size. If there remains additional uncompressed content, a new content length may be determined based in part on the length of the compressed content and the remaining uncompressed content. The buffered content and the new content length may then be forwarded in response to the request. The remaining uncompressed content may be split into predefined blocks using identity compression. Identity compression may then be applied to the remaining uncompressed content which is then forwarded to a destination in response to the request.Type: GrantFiled: July 16, 2010Date of Patent: August 20, 2013Assignee: F5 Networks, Inc.Inventors: Jesse A. Rothstein, David D. Schmitt, Arindum Mukerji
-
Patent number: 8477609Abstract: Distributing network traffic to multiple traffic management devices. A distributor receives packets from a network and may act as a layer 2 switch or router, to distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information may be used to determine which traffic management device each packet should be sent to. The distributor causes packets in a flow to be delivered to the same traffic management device. Many configurations are possible for connecting the distributor to the traffic management devices, including connecting each traffic management device to a physical or virtual port on the distributor, connecting the traffic management devices to the distributor using a virtual local area network, and connecting the traffic management devices to a layer 2 switch.Type: GrantFiled: March 12, 2010Date of Patent: July 2, 2013Assignee: F5 Networks, Inc.Inventors: Carlton G. Amdahl, Robert G. Gilde, Paul I. Szabo, Richard R. Masters, David D. Schmitt
-
Patent number: 8429738Abstract: A system and method for performing asynchronous cryptographic operations. A cryptographic toolkit receives requests for cryptographic operations, and initiates the cryptographic operations within a thread of execution. The toolkit detects when the cryptographic operations are complete, retrieves the results, and returns the results to a calling program. The cryptographic operations are performed in an asynchronous manner, without blocking a calling program. The calling program can specify whether the requested operations are to be performed without blocking.Type: GrantFiled: November 21, 2011Date of Patent: April 23, 2013Assignee: F5 Networks, Inc.Inventors: John R. Hughes, Richard Roderick Masters, David D. Schmitt
-
Patent number: 8091125Abstract: A system and method for performing asynchronous cryptographic operations. A cryptographic toolkit receives requests for cryptographic operations, and initiates the cryptographic operations within a thread of execution. The toolkit detects when the cryptographic operations are complete, retrieves the results, and returns the results to a calling program. The cryptographic operations are performed in an asynchronous manner, without blocking a calling program. The calling program can specify whether the requested operations are to be performed without blocking.Type: GrantFiled: March 27, 2008Date of Patent: January 3, 2012Assignee: FS Networks, Inc.Inventors: John R. Hughes, Richard R. Masters, David D. Schmitt
-
Patent number: 8004971Abstract: A method and system is directed to distributing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and may act as a layer 2 switch, or router, to distribute the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When distributing packets, a target traffic management device is selected from the group of traffic management devices. A connection key associated with the received packet and an identifier associated with the selected traffic management device are saved such that subsequent received packets in the flow of packets are delivered to the same traffic management device.Type: GrantFiled: September 10, 2003Date of Patent: August 23, 2011Assignee: F5 Networks, Inc.Inventors: Paul I. Szabo, Greg Davis, David D. Schmitt, Allen B. Mimms, Richard R. Masters
-
Patent number: 7783781Abstract: A method, system, and apparatus are directed towards compression of content over a network. The content may include content length information, such as within a header. In one embodiment, a portion of the content may be compressed to approximately fill a buffer of a predefined size. If there remains additional uncompressed content, a new content length may be determined based in part on the length of the compressed content and the remaining uncompressed content. The buffered content and the new content length may then be forwarded in response to the request. The remaining uncompressed content may be split into predefined blocks using identity compression. Identity compression may then be applied to the remaining uncompressed content which is then forwarded to a destination in response to the request.Type: GrantFiled: October 5, 2005Date of Patent: August 24, 2010Assignee: F5 Networks, Inc.Inventors: Jesse Abraham Rothstein, David D. Schmitt, Arindum Mukerji
-
Patent number: 7702809Abstract: A method and system is directed to routing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and forwards the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When forwarding packets, a traffic management device is selected from the group of traffic management devices by employing a hash of an IP address and port number. The IP address and port number are selected from source or destination information in the packet that has a greater port number. When the traffic management device performs a network address translation, further actions may be performed so that packets that are part of a flow between two network devices are delivered to the same traffic management device.Type: GrantFiled: October 30, 2007Date of Patent: April 20, 2010Assignee: F5 Networks, Inc.Inventors: Paul Szabo, David D. Schmitt, Ning X. Li
-
Patent number: 7697427Abstract: A system for distributing network traffic to multiple traffic management devices. A distributor receives each packet from a network and may act as a layer 2 switch, a router, or distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information such as source and destination addresses may be used to determine which traffic management device each packet should be sent to. The distributor causes packets that are part of a flow to be delivered to the same traffic management device.Type: GrantFiled: September 1, 2006Date of Patent: April 13, 2010Assignee: F5 Networks, Inc.Inventors: Carlton G. Amdahl, Robert George Gilde, David D. Schmitt, Paul Szabo, Richard R. Masters
-
Patent number: 7395349Abstract: A method and system is directed to routing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and forwards the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When forwarding packets, a traffic management device is selected from the group of traffic management devices by employing a hash of an IP address and port number. The IP address and port number are selected from source or destination information in the packet that has a greater port number. When the traffic management device performs a network address translation, further actions may be performed so that packets that are part of a flow between two network devices are delivered to the same traffic management device.Type: GrantFiled: August 20, 2003Date of Patent: July 1, 2008Assignee: F5 Networks, Inc.Inventors: Paul Szabo, David D. Schmitt, Ning X. Li
-
Patent number: 7376967Abstract: A system and method for performing asynchronous cryptographic operations. A cryptographic toolkit receives requests for cryptographic operations, and initiates the cryptographic operations within a thread of execution. The toolkit detects when the cryptographic operations are complete, retrieves the results, and returns the results to a calling program. The cryptographic operations are performed in an asynchronous manner, without blocking a calling program. The calling program can specify whether the requested operations are to be performed without blocking.Type: GrantFiled: December 2, 2002Date of Patent: May 20, 2008Assignee: F5 Networks, Inc.Inventors: John R. Hughes, Richard Roderick Masters, David D. Schmitt
-
Patent number: 7102996Abstract: A method and system for distributing network traffic to multiple traffic management devices. A distributor receives each packet from a network and may act as a layer 2 switch, a router, or distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information such as source and destination addresses may be used to determine which traffic management device each packet should be sent to. The distributor causes packets that are part of a flow to be delivered to the same traffic management device.Type: GrantFiled: April 9, 2002Date of Patent: September 5, 2006Assignee: F5 Networks, Inc.Inventors: Carlton G. Amdahl, Robert George Gilde, David D. Schmitt, Paul I. Szabo, Richard Roderick Masters