Patents by Inventor John A. Chanak

John A. Chanak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11936623
    Abstract: Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: March 19, 2024
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Kunal Shah
  • Patent number: 11838271
    Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: December 5, 2023
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Manoj Apte, Kunal Shah, Dhawal Sharma
  • Patent number: 11811855
    Abstract: Systems and methods for policy based agentless file transfer in zero trust private networks. Various systems and methods include receiving a request for a file transfer; determining a file transfer protocol; evaluating one or more criteria associated with the request, the criteria being associated with any of an end user and the contents of the file; and allowing or denying the file transfer based on the evaluating. Responsive to an end user's policy including a requirement for file inspection, the steps can further include sending the file to a sandbox for inspection, and receiving a result of the inspection from the sandbox.
    Type: Grant
    Filed: May 1, 2023
    Date of Patent: November 7, 2023
    Assignee: Zscaler, Inc.
    Inventors: Dejan Mihajlovic, Monica Bhaskaran, Mithun A S, Sunita Darbarwar, Rakesh Adepu, Sandip Davara, Abhijeet Malik, Mahesh Krishna Kumar, Kanti Varanasi, William Fehring, John A. Chanak, Sunil Menon
  • Publication number: 20230344917
    Abstract: Techniques for processing web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic. A method implemented by a connector includes intercepting a Hypertext Transfer Protocol Secure (HTTPS) web probe request to a server, identifying a cache hit associated with the request in a cache, generating a synthetic Hypertext Transfer Protocol (HTTP) response based on information from the identified cache hit, wherein the generated synthetic HTTP response includes an extension header containing collected statistics, and sending the synthetic HTTP response. The method can further include simulating a Secure Socket Layer (SSL) handshake to estimate SSL cost.
    Type: Application
    Filed: June 30, 2023
    Publication date: October 26, 2023
    Inventors: John A. Chanak, Chakkaravarthy Periyasamy Balaiah, Sandeep Kamath, Vikas Mahajan, Barrett Hostetter-Lewis, Gregory Rybinski, Rishabh Gupta, Pankaj Chhabra
  • Patent number: 11799860
    Abstract: Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.
    Type: Grant
    Filed: November 24, 2020
    Date of Patent: October 24, 2023
    Assignee: Zscaler, Inc.
    Inventors: Kunal Shah, John A. Chanak, David Creedy
  • Publication number: 20230269137
    Abstract: Systems and methods include receiving one or more disaster recovery configurations via a cloud-based system; storing the one or more received disaster recovery configurations in one or more components of the cloud-based system; identifying activation of a disaster recovery mode; and providing private application access based on one or more disaster recovery configurations.
    Type: Application
    Filed: April 26, 2023
    Publication date: August 24, 2023
    Inventors: William Fehring, John A. Chanak, Ale A. Mansoor, Vikas Mahajan
  • Publication number: 20230247003
    Abstract: Systems and methods include, receiving a request from a user to access an application; determining if the user meets one or more requirements, wherein responsive to the user meeting the one or more requirements, presenting the user with a login page; validating credentials of the user with one or more additional sources; responsive to successful validation of the users' credentials, authenticating the user and evaluating one or more access policies for the user; and initiating a connection between the user and the application based on the one or more access policies.
    Type: Application
    Filed: January 27, 2023
    Publication date: August 3, 2023
    Inventors: John A. Chanak, William Fehring, Richard Miles, Shujaat Jaffrey, Jose Padin, Matthew Moulton
  • Patent number: 11652797
    Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: May 16, 2023
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
  • Publication number: 20230115982
    Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.
    Type: Application
    Filed: October 13, 2021
    Publication date: April 13, 2023
    Inventors: Dianhuan Lin, Raimi Shah, Rex Shang, Loc Bui, Subramanian Srinivasan, William Fehring, Arvind Nadendla, John A. Chanak, Shudong Zhou, Howie Xu
  • Publication number: 20230019448
    Abstract: Systems and methods include, responsive to security research identifying a zero-day Common Vulnerabilities and Exposure (CVE), receiving the associated signatures of the zero-day CVE; responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining an inspection profile for the user with the inspection profile including a plurality of rules; performing inspection of transactions after the access using the plurality of rules including a rule for identifying the zero-day CVE; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.
    Type: Application
    Filed: June 20, 2022
    Publication date: January 19, 2023
    Inventors: Pooja Deshmukh, Amit Banker, Kanti Varanasi, John A. Chanak, William Fehring, Nishant Gupta
  • Patent number: 11425097
    Abstract: Systems and methods include receiving a request, in a cloud system from a user device, to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the cloud system, the application, and the user device to provide access to the application.
    Type: Grant
    Filed: August 1, 2019
    Date of Patent: August 23, 2022
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
  • Patent number: 11363421
    Abstract: Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: June 14, 2022
    Assignee: ARRIS Enterprises LLC
    Inventors: William S. Kish, John Chanak
  • Publication number: 20220029965
    Abstract: Systems and methods implemented via a broker in a cloud-based system include steps of, responsive to a user and associated user device executing a client connector being authenticated, receiving a notification from the client connector; determining private applications accessible by the user based on policy, wherein the private applications are located in one of a public cloud, a private cloud, and an enterprise network; and sending a Top-Level Domain+1 (TLD+1) list of the accessible private applications to the user device, wherein the TLD+1 includes a TLD and a domain name.
    Type: Application
    Filed: September 30, 2021
    Publication date: January 27, 2022
    Inventors: John A. Chanak, Xiang Yu, Ramesh Kumar Somasundaram, Anjali Anjali, Andrey Tverdokhleb, Vikas Mahajan
  • Publication number: 20210377222
    Abstract: Systems and methods for protecting sensitive mobile applications from attack include incorporating private application access software in a mobile application that operates on a user device to provide functionality to an end user, the functionality is separate from the private application access; deploying application connectors in front of a private application that is accessed by the mobile application; responsive to a request to access the private application, authenticating the end user through the mobile application; and, responsive to authentication, providing access to the private application through the mobile application via a plurality of secure tunnels. The application connectors are configured to only provide outbound connections, thereby protecting the private application from the attack. The request to access is received via a cloud-based system which is configured to drop any invalid request, thereby protecting the private application from the attack.
    Type: Application
    Filed: August 11, 2021
    Publication date: December 2, 2021
    Inventors: Dhawal Kumar Sharma, John A. Chanak
  • Publication number: 20210377223
    Abstract: Systems and methods include receiving a request, in a cloud system from a first device, to access a second device; determining if the first device is permitted to access the second device; if the first device is not permitted to access the second device, notifying the first device the second device does not exist; and, if the first device is permitted to access the second device, stitching together connections between the cloud system, the first device, and the second device to provide access to the second device for the first device, wherein the connections are implemented through the cloud-based system.
    Type: Application
    Filed: August 16, 2021
    Publication date: December 2, 2021
    Inventors: John A. Chanak, Sindhura Mandava, Vamshi Palkonda, Charles Huang, Ramesh Badam, Victor Pavlov, Kunal Shah, Vikas Mahajan, Yun Ling
  • Publication number: 20210336959
    Abstract: Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.
    Type: Application
    Filed: November 24, 2020
    Publication date: October 28, 2021
    Inventors: Kunal Shah, John A. Chanak, David Creedy
  • Publication number: 20210336933
    Abstract: Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.
    Type: Application
    Filed: July 6, 2021
    Publication date: October 28, 2021
    Inventors: Kunal Shah, John A. Chanak, Vamshi Palkonda
  • Publication number: 20210336932
    Abstract: Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.
    Type: Application
    Filed: July 6, 2021
    Publication date: October 28, 2021
    Inventors: John A. Chanak, Kunal Shah
  • Publication number: 20210336934
    Abstract: Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.
    Type: Application
    Filed: July 6, 2021
    Publication date: October 28, 2021
    Inventors: Pooja Deshmukh, Leslie Smith, William Fehring, Kanti Varanasi, John A. Chanak
  • Publication number: 20210314301
    Abstract: Systems and methods include, connecting to a first service edge node in a cloud-based system and obtaining one or more addresses each for one or more service edge nodes in the cloud-based system, wherein the one or more service edge nodes include public service edge nodes and private service edge nodes; connecting to a second service edge node of the one or more service edge nodes using the corresponding address; providing a request for an application to the second service edge node; and responsive to policy and accessibility determined via the cloud-based system, receiving access to the application via a connector adjacent to the application.
    Type: Application
    Filed: June 21, 2021
    Publication date: October 7, 2021
    Inventors: John A. Chanak, Ale A. Mansoor, Maxim Perepelitsyn, Deepak Khungar, William Fehring