Patents by Inventor John Chiong
John Chiong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9060003Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: GrantFiled: October 17, 2013Date of Patent: June 16, 2015Assignee: A10 Networks, Inc.Inventors: Xin Wang, Lee Chen, John Chiong
-
Patent number: 8868765Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: GrantFiled: March 15, 2013Date of Patent: October 21, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Xin Wang
-
Publication number: 20140258536Abstract: Application Delivery Controller (ADC), Global Server Load Balancer (GSLB), and methods for their operation in data networks are disclosed. The methods for load balancing may include receiving a query concerning a host name from a client, determining that there are two or more host servers associated with the host name, measuring various metrics associated with each of the two or more host servers and a local Domain Name Server (DNS), and based at least in part on the measurement, selecting a host server among the two or more host servers. The load balancing may also be based on a measured round trip time.Type: ApplicationFiled: March 8, 2013Publication date: September 11, 2014Applicant: A10 Networks, Inc.Inventor: John Chiong
-
Patent number: 8826372Abstract: A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy.Type: GrantFiled: October 23, 2013Date of Patent: September 2, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Dennis I. Oshiba
-
Patent number: 8813180Abstract: Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.Type: GrantFiled: October 23, 2013Date of Patent: August 19, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Dennis I. Oshiba
-
Patent number: 8806531Abstract: In a method and system for selecting an advertisement for video on demand, a video player is connected to a video content provider over a network via an access gateway. The video content provider receives a request for a video content from the video player, determines a popularity count for the video content and a geographical area for the video player, selects the advertisement based on the popularity count and the geographical area, and sends the video content combined with the advertisement to the video player. In one embodiment, the advertisement has a corresponding advertisement rule with an advertising condition which specifies a required popularity count and geographical area. If the advertisement condition is satisfied, then the advertisement is selected. In this manner, an advertisement for video on demand is selected based upon both demographics information and location of the video player increasing the effectiveness of the advertisement.Type: GrantFiled: January 31, 2007Date of Patent: August 12, 2014Assignee: TP Lab, Inc.Inventors: Chi Fai Ho, Shin Cheung Simon Chiu, John Chiong
-
Patent number: 8782751Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.Type: GrantFiled: March 19, 2012Date of Patent: July 15, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Yang Yu
-
Publication number: 20140059702Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: ApplicationFiled: October 17, 2013Publication date: February 27, 2014Applicant: A10 NETWORKS, INC.Inventors: Xin Wang, Lee Chen, John Chiong
-
Patent number: 8595791Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.Type: GrantFiled: October 12, 2012Date of Patent: November 26, 2013Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Dennis Oshiba
-
Patent number: 8595383Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: GrantFiled: June 3, 2011Date of Patent: November 26, 2013Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Xin Wang
-
Patent number: 8584199Abstract: A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy.Type: GrantFiled: December 15, 2012Date of Patent: November 12, 2013Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Dennis Oshiba
-
Patent number: 8423676Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: GrantFiled: May 3, 2012Date of Patent: April 16, 2013Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Xin Wang
-
Patent number: 8312507Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.Type: GrantFiled: May 27, 2010Date of Patent: November 13, 2012Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Dennis Oshiba
-
Publication number: 20120216266Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: ApplicationFiled: May 3, 2012Publication date: August 23, 2012Applicant: A10 NETWORKS, INC.Inventors: Xin WANG, Lee CHEN, John CHIONG
-
Publication number: 20120204236Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.Type: ApplicationFiled: March 19, 2012Publication date: August 9, 2012Applicant: A10 NETWORKS, INC.Inventors: Lee Chen, John Chiong, Yang Yu
-
Patent number: 8151322Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. The secure data network may comprise an application level secure data network, in which the user uses the user device to request access to a network application.Type: GrantFiled: May 16, 2006Date of Patent: April 3, 2012Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Yang Yu
-
Publication number: 20110239289Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: ApplicationFiled: June 3, 2011Publication date: September 29, 2011Applicant: A10 Networks, Inc.Inventors: Xin Wang, Lee Chen, John Chiong
-
Patent number: 7979585Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.Type: GrantFiled: April 30, 2010Date of Patent: July 12, 2011Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Xin Wang
-
Publication number: 20110093522Abstract: A method and system to determine a web server based on geo-location information is disclosed. The system includes: a local DNS server coupled to a web client; a plurality of web servers; and a global load balancer coupled to the local DNS server. The global load balancer: receives a request for a web service sent by the web client, the request comprising local DNS server information; determines a geographic location for the local DNS server based on the local DNS server information; determines a web server from the plurality of web servers based on the requested web service; determines a geographic location for the determined web server; determines that the geographic location for the local DNS server matches the geographic location for the determined web server; selects the determined web server; and sends a response comprising information on the selected web server to the local DNS server.Type: ApplicationFiled: October 21, 2009Publication date: April 21, 2011Applicant: A10 NETWORKS, INC.Inventors: Lee Chen, John Chiong
-
Publication number: 20100235880Abstract: Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.Type: ApplicationFiled: May 27, 2010Publication date: September 16, 2010Applicant: A10 NETWORKS, INC.Inventors: Lee Chen, John Chiong, Dennis Oshiba