Patents by Inventor David Tze-Si Wu

David Tze-Si Wu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220345492
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.
    Type: Application
    Filed: November 15, 2021
    Publication date: October 27, 2022
    Applicant: Netskope, Inc.
    Inventors: David Tze-Si WU, Prasenna RAVI
  • Publication number: 20220345494
    Abstract: The technology disclosed relates to using synthetic request injection to improve cloud object security posture management.
    Type: Application
    Filed: November 29, 2021
    Publication date: October 27, 2022
    Applicant: Netskope, Inc.
    Inventors: David Tze-Si WU, Prasenna RAVI
  • Publication number: 20220345490
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.
    Type: Application
    Filed: April 22, 2021
    Publication date: October 27, 2022
    Applicant: Netskope, Inc.
    Inventors: David Tze-Si WU, Prasenna RAVI
  • Publication number: 20220345463
    Abstract: The technology disclosed relates to an inline proxy configured with synthetic request injection logic to intercept incoming requests during an application session, and generate, during the application session, synthetic requests that are separate from the incoming requests.
    Type: Application
    Filed: March 16, 2022
    Publication date: October 27, 2022
    Applicant: NETSKOPE, INC.
    Inventors: David Tze-Si WU, Prasenna RAVI
  • Publication number: 20220345493
    Abstract: The technology disclosed describes a system. The system comprises an edge network of a plurality of points of presence of a network security system. Points of presence in the plurality of points of presence are configured to intermediate traffic between clients and cloud applications and to use metadata to apply policies on the intermediated traffic. There are redundancies in metadata synchronization between the points of presence due to metadata migration to a second point of presence from a first point of presence handing off intermediation to the second point of presence within an application session. Each of the points of presence is configured with inline metadata generation logic. The inline metadata generation logic is configured to issue synthetic requests to provide the metadata to the second point of presence without requiring the metadata migration to the second point of presence.
    Type: Application
    Filed: November 22, 2021
    Publication date: October 27, 2022
    Applicant: Netskope, Inc.
    Inventors: David Tze-Si WU, Prasenna RAVI
  • Publication number: 20220345495
    Abstract: The technology disclosed relates to application-specific data flow for synthetic request injection for cloud security enforcement. In particular, it relates to data flow logic configured to inject an incoming request directed to a cloud application in a processing path of a particular network security system.
    Type: Application
    Filed: March 7, 2022
    Publication date: October 27, 2022
    Applicant: NETSKOPE, INC.
    Inventors: Prasenna RAVI, David Tze-Si WU
  • Publication number: 20220345496
    Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.
    Type: Application
    Filed: March 7, 2022
    Publication date: October 27, 2022
    Applicant: NETSKOPE, INC.
    Inventors: Prasenna RAVI, David Tze-Si WU
  • Publication number: 20220345500
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests towards a cloud application from a client during an application session, inject one or more synthetic requests into the application session to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application. The synthetic requests are constructed using one or more parameters of the incoming requests, and do not transmit the incoming requests.
    Type: Application
    Filed: April 14, 2022
    Publication date: October 27, 2022
    Applicant: Netskope, Inc.
    Inventors: Prasenna RAVI, David Tze-Si WU
  • Patent number: 11336698
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests from a client during an application session, inject one or more synthetic requests into the application session independently of the incoming requests to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: May 17, 2022
    Assignee: Netskope, Inc.
    Inventors: David Tze-Si Wu, Prasenna Ravi
  • Patent number: 11303647
    Abstract: The technology disclosed describes a computer-implemented method. The computer-implemented method includes disambiguating a bypassed login event that caused a client to access a cloud application but bypassed a network security system configured to intermediate traffic between the client and the cloud application. The network security system receives from the client an incoming request to access a resource on the cloud application over an application session. The bypassed login event preceded the incoming request. The network security system analyzes the incoming request and detects absence of instance metadata required to determine whether the bypassed login event emanated from a controlled account or an uncontrolled account. The network security system holds the incoming request, generates a synthetic request, and injects the synthetic request into the application session and transmits the synthetic request to the cloud application.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: April 12, 2022
    Assignee: Netskope, Inc.
    Inventors: David Tze-Si Wu, Prasenna Ravi
  • Patent number: 11271972
    Abstract: The technology disclosed describes a system. The system comprises data flow logic configured to inject an incoming request directed to a cloud application in a processing path of a particular network security system. The particular network security system is configured to use an application-specific parser to inspect certain fields and variables in the incoming request for metadata, determine that the metadata is missing, and use an application-specific template to construct a synthetic request. The data flow logic is further configured to inject the synthetic request and its corresponding response in the processing path of the particular network security system. The particular network security system is further configured to use the application-specific parser to extract the missing metadata from the corresponding response.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: March 8, 2022
    Assignee: Netskope, Inc.
    Inventors: Prasenna Ravi, David Tze-Si Wu
  • Patent number: 11271973
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive, during an application session, an incoming request from a client. The incoming request is directed towards a cloud application and includes an object identifier of an object. The network security system is further configured to analyze the incoming request and detect the object identifier. The network security system is further configured to configure a synthetic request with the object identifier and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive a response to the synthetic request from the cloud application. The response supplies the object metadata.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: March 8, 2022
    Assignee: Netskope, Inc.
    Inventors: Prasenna Ravi, David Tze-Si Wu
  • Patent number: 11190550
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive from a client an incoming request to upload an object to a cloud application over an application session. The object is subject to policy enforcement by the network security system. The network security system is further configured to generate a synthetic request, upload the object to the cloud application, and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to modify a security posture of the uploaded object in dependence upon the policy enforcement.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: November 30, 2021
    Assignee: Netskope, Inc.
    Inventors: David Tze-Si Wu, Prasenna Ravi
  • Patent number: 11184403
    Abstract: The technology disclosed describes a system. The system comprises an edge network of a plurality of points of presence of a network security system. Points of presence in the plurality of points of presence are configured to intermediate traffic between clients and cloud applications and to use metadata to apply policies on the intermediated traffic. There are redundancies in metadata synchronization between the points of presence due to metadata migration to a second point of presence from a first point of presence handing off intermediation to the second point of presence within an application session. Each of the points of presence is configured with inline metadata generation logic. The inline metadata generation logic is configured to issue synthetic requests to provide the metadata to the second point of presence without requiring the metadata migration to the second point of presence.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: November 23, 2021
    Assignee: Netskope, Inc.
    Inventors: David Tze-Si Wu, Prasenna Ravi
  • Patent number: 11178188
    Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive from a client an incoming request to access a cloud application in an application session. The network security system is further configured to analyze the incoming request and detect absence of at least some metadata required to enforce a security policy on the incoming request. The network security system is further configured to hold the incoming request, generate a synthetic request, and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to retrieve otherwise absent metadata from the cloud application. The network security system is further configured to receive a response to the synthetic request from the cloud application. The response supplies the otherwise absent metadata.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: November 16, 2021
    Assignee: Netskope, Inc.
    Inventors: David Tze-Si Wu, Prasenna Ravi
  • Patent number: 10831721
    Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.
    Type: Grant
    Filed: March 23, 2010
    Date of Patent: November 10, 2020
    Assignee: RIVERBED TECHNOLOGY, INC.
    Inventors: David Tze-Si Wu, Steven McCanne, Michael J. Demmer, Nitin Gupta
  • Publication number: 20200242088
    Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.
    Type: Application
    Filed: April 15, 2020
    Publication date: July 30, 2020
    Applicant: Riverbed Technology, Inc.
    Inventors: David Tze-Si Wu, Steven McCanne, Michael J. Demmer, Nitin Gupta
  • Patent number: 9407727
    Abstract: Systems and techniques are described for optimizing communications between a client and a server. Specifically, in some embodiments, an executing script on a client can send a resource request to a server. In response, the server can send an optimized version of the resource back to the client. The client can then reconstruct the resource from the optimized version of the resource.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: August 2, 2016
    Assignee: RIVERBED TECHNOLOGY, INC.
    Inventors: Steven McCanne, Michael J. Demmer, Derek J. Watson, David Tze-Si Wu
  • Patent number: 9348842
    Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. Virtual storage arrays overcome bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client. Virtual storage arrays may use proximity-based, heuristic-based, and access time-based prefetching to predict high-level data structure entities that are likely to be accessed by the storage client. Virtual storage arrays then identify and prefetch storage blocks corresponding with the predicted high-level data structure entities.
    Type: Grant
    Filed: March 23, 2010
    Date of Patent: May 24, 2016
    Assignee: RIVERBED TECHNOLOGY, INC.
    Inventors: David Tze-Si Wu, Huy Nguyen, Adityashankar Kini, Dilip Kumar Uppugandla, Chinmaya Manjunath
  • Patent number: 9317377
    Abstract: A single-ended optimized storage protocol enables storage clients or other devices to direct a remote data storage to copy data. In response to commands via the protocol, a remote data storage can copy portions of a data stream at the remote data storage to destination storage locations within the same or a different data stream. The protocol may be utilized for optimized transfer of data via a network to a remote data storage. An initial data stream is divided into segments. Redundant segments are removed from the data stream to form an optimized data stream, which is transferred to the remote data storage. Commands are issued to the remote data storage using the protocol to direct the remote data storage to reconstruct the initial data stream at the remote data storage using the optimized data stream and optionally segments from other data streams previously transferred to the remote data storage.
    Type: Grant
    Filed: March 23, 2011
    Date of Patent: April 19, 2016
    Assignee: RIVERBED TECHNOLOGY, INC.
    Inventors: David Tze-Si Wu, John S. Cho