Patents by Inventor Mark Stuart Day

Mark Stuart Day has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9124666
    Abstract: A system of network proxies distributes data to multiple servers. Each network proxy is associated with a server. A network proxy intercepts a client request for data. If the network proxy determines that the request can be served using a copy of data stored on the local server, rather than the data stored on a remote server, it diverts the request to the local server. If the network proxy determines that the request cannot be served using a data from the local server, the network proxy diverts the request to a remote server storing the primary copy of the data. A server map specifies the locations of the primary copies of data. When a primary copy of data is updated on one of the servers, the associated network proxy propagates the updated data to the other servers. The servers can provide data from files, e-mail services, databases, or multimedia services.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: September 1, 2015
    Assignee: RIVERBED TECHNOLOGY, INC.
    Inventors: Daniel Edwin Burman, Kartik Subbanna, Steven McCanne, David Tze-Si Wu, MArk Stuart Day
  • Patent number: 8762569
    Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.
    Type: Grant
    Filed: January 17, 2013
    Date of Patent: June 24, 2014
    Assignee: Riverbed Technology, Inc.
    Inventors: Kand Ly, Maksim Ioffe, Alfred Landrum, Mark Stuart Day
  • Patent number: 8688844
    Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.
    Type: Grant
    Filed: April 30, 2012
    Date of Patent: April 1, 2014
    Assignee: Riverbed Technology, Inc.
    Inventors: Mark Stuart Day, Brian Miller, Nitin Gupta, Alfred Landrum, Blanco Zee Leung Lam
  • Patent number: 8613071
    Abstract: Transaction accelerators can be configured to terminate secure connections. A server-side accelerator intercepts a secure connection request that is from a client and that is directed to a server. The server-side accelerator responds to the secure connection request in place of the server, thereby establishing a secure connection between the client and the server-side accelerator. Alternatively, the server-side accelerator monitors the establishment of a secure connection between the client and the server. After the secure connection has been established, the server-side accelerator forwards security information to a client-side accelerator, enabling the client-side accelerator to assume control of the secure connection. As a result of this arrangement, the client-side accelerator is able to encrypt and decrypt data on the secure connection and accelerate it in cooperation with the server-side accelerator.
    Type: Grant
    Filed: July 18, 2006
    Date of Patent: December 17, 2013
    Assignee: Riverbed Technology, Inc.
    Inventors: Mark Stuart Day, Case Larsen, Shashidhar Merugu
  • Patent number: 8380825
    Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.
    Type: Grant
    Filed: June 28, 2010
    Date of Patent: February 19, 2013
    Assignee: Riverbed Technology, Inc.
    Inventors: Kand Ly, Maksim Ioffe, Alfred Landrum, Mark Stuart Day
  • Patent number: 8364815
    Abstract: A system of network proxies distributes data to multiple servers. Each network proxy is associated with a server. A network proxy intercepts a client request for data. If the network proxy determines that the request can be served using a copy of data stored on the local server, rather than the data stored on a remote server, it diverts the request to the local server. If the network proxy determines that the request cannot be served using a data from the local server, the network proxy diverts the request to a remote server storing the primary copy of the data. A server map specifies the locations of the primary copies of data. When a primary copy of data is updated on one of the servers, the associated network proxy propagates the updated data to the other servers. The servers can provide data from files, e-mail services, databases, or multimedia services.
    Type: Grant
    Filed: October 3, 2005
    Date of Patent: January 29, 2013
    Assignee: Riverbed Technology, Inc.
    Inventors: Daniel Edwin Burman, Kartik Subbanna, Steven McCanne, David Tze-Si Wu, Mark Stuart Day
  • Patent number: 8180902
    Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: May 15, 2012
    Assignee: Riverbed Technology, Inc.
    Inventors: Mark Stuart Day, Brian Miller, Nitin Gupta, Alfred Landrum, Blanco Zee Leung Lam
  • Patent number: 8181060
    Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: May 15, 2012
    Assignee: Riverbad Technology, Inc.
    Inventors: Mark Stuart Day, Brian Miller, Nitin Gupta, Alfred Landrum, Blanco Zee Leung Lam
  • Patent number: 8151348
    Abstract: Presently disclosed are methods and apparatus for analyzing packets and packet flows to detect covert communications channels (including reverse tunnels) in real time. These systems actively probe a suspicious connection in ways that are not possible in prior art log-based techniques and may initiate countermeasures against discovered covert channels. The present system may be implemented in a network device, such as an intrusion detection system, content engine, or other intermediary device employing a web cache. Embodiments automatically detect suspicious activity at particular source addresses by using relatively simple tests to detect suspect packets that should receive more extensive scrutiny. After more rigorous secondary testing (optionally including active probing techniques), suspect packets are either returned to the occasionally-checked state or flagged for further action, such as raising an alert or taking automatic countermeasures against the covert channel or its originators.
    Type: Grant
    Filed: June 30, 2004
    Date of Patent: April 3, 2012
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7865559
    Abstract: Presently disclosed are apparatus and methods for coordinating the delivery of messages and/or message notifications among multiple messaging media and message services so that the successful delivery of one copy of a message results in the deletion of other, redundant message copies still in transit to the recipient and the cancellation of any other message waiting notifications still pending. The system may be implemented with a network-connected device (such as but not limited to a server, switch, or router) containing or having connected to it a user interface, a coordination server, and a plurality of message services. Embodiments of the invention thus provide message delivery management that is more user-friendly, computationally- and resource-efficient and more adaptable to changing user preferences and user locations/addresses.
    Type: Grant
    Filed: October 31, 2007
    Date of Patent: January 4, 2011
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Publication number: 20100268829
    Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.
    Type: Application
    Filed: June 28, 2010
    Publication date: October 21, 2010
    Applicant: Riverbed Technology, Inc.
    Inventors: Kand Ly, Maksim Ioffe, Alfred Landrum, Mark Stuart Day
  • Patent number: 7814542
    Abstract: In an edge network, message traffic between the edge network and a core network passes through the edge router. A port scanning attack directed to the network as a whole (core network) potentially emanates from within the LAN. The edge router includes a network throttling device which identifies and mitigates harmful transmissions such that they do not propagate to the core network. The network throttling device has a connection daemon to scan transactions and determine deviant or atypical connection attempts. A session database stores a transaction history representing a window of previous connection attempts. A pattern detector examines the history and looks for malicious behavior. Identified deviant patterns cause a throttler enforcer to limit the triggering user by restricting future connection attempts, thus mitigating harmful effects. Usage, therefore, is not prevented, but resilience to deviant practices is provided.
    Type: Grant
    Filed: June 30, 2003
    Date of Patent: October 12, 2010
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7769834
    Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.
    Type: Grant
    Filed: May 30, 2007
    Date of Patent: August 3, 2010
    Assignee: Riverbed Technology, Inc.
    Inventors: Kand Ly, Maksim Ioffe, Alfred Landrum, Mark Stuart Day
  • Patent number: 7756913
    Abstract: A GUI and CDN server device provide user modifiable selections of preferences for delivery treatment, and map the user selections to technical operational parameters in the CDN servers for effecting the requested delivery treatment. Users typically find it beneficial to interact with a file (content) entity in terms of the user visible delivery treatment. The server device provides the ability to define the delivery treatment according to the manner in which the user finds most beneficial. However, the CDN operational parameters for effecting such delivery are not readily available or understood by a typical user. Using the GUI, the CDN server identifies a content entity, and receives at least one user selection variable indicative of delivery treatment of the identified content entity.
    Type: Grant
    Filed: August 2, 2004
    Date of Patent: July 13, 2010
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7698724
    Abstract: Multicast groups provide a mechanism to deliver simultaneous media content to a plurality of users. In streaming media systems, such as audio and video systems, each multicast recipient simultaneously receives similar content. Accordingly, each recipient must initiate transmission at the same time. A data communications device delivers multiple media streams of similar content to each of a plurality of users by converging a set of media streams and merging the converged streams onto a single stream for simultaneous delivery to each of the plurality of users from a single media stream resource. A convergence processor identifies a set of streams carrying similar content in a slightly time-shifted manner with respect to the other streams. The convergence processor filters certain streams to augment the streams to converge at a particular point, at which time the streams align respect to media content therein, and merge onto a multicast stream for the duration.
    Type: Grant
    Filed: May 15, 2003
    Date of Patent: April 13, 2010
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7676568
    Abstract: Presently disclosed is a method and apparatus for monitoring and diagnosing a content delivery network (CDN) by examining received content elements that have been marked with one or more identifiers. Diagnosing is accomplished by using all or part of one or more of the identifiers associated with errored or corrupted content elements to determine which network elements or connection paths are faulty. The identifiers may contain content-, server-, or receiver-specific data that denotes, respectively, the source of the content, the links associated with one or more of the servers utilized in the network, and/or data associated with the receiving computer system. Both marking and diagnosing may be performed at any location within the CDN or at any host computer connected to the CDN or receiver. The marking may also be dynamically reconfigured in order to facilitate diagnosis.
    Type: Grant
    Filed: March 8, 2004
    Date of Patent: March 9, 2010
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7587760
    Abstract: Conventional countermeasures to Distributed Denial of Service (DDoS) attacks typically focus on practices and rules for organizing a robust, DDoS-resilient network which anticipates proactive cooperation of users. Such measures involve widespread implementation cooperation and may be difficult or problematic to enforce in a large organization. Configurations of the invention employ the attacker's technique preventatively against the attack to identify sources likely to be employed for DDoS attacks. Crawlers scan web sites for identifying pages likely to be exploited as launch pads by DDoS attackers. A scanner device dispatches robots for sending probe messages from the launch pads which emulate an actual attack. Each of the probe messages are sent to a known, predetermined destination for determining identifying characteristics of such a message. The identifying characteristics define a signature of messages emanating from the launch pad.
    Type: Grant
    Filed: July 26, 2004
    Date of Patent: September 8, 2009
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7574528
    Abstract: A presence server provides presence information to content subscribers via unicast transmission of the presence information. In the case where the presence server receives, from a subscriber, a subscription request for presence information having a relatively large number of subscribers, the presence server directs the content subscriber to a multicast transmission channel. The content subscriber, in turn, accesses the presence information via the multicast transmission channel. By directing content subscribers toward the multicast transmission channel, the presence server conserves connection resources associated with the presence system, thereby allowing the presence system to distribute presence information with a relatively high level of speed and efficiency. Furthermore, by directing content subscribers toward the multicast transmission channel, the presence server minimizes the costs associated with adding new subscribers to the presence system.
    Type: Grant
    Filed: August 27, 2003
    Date of Patent: August 11, 2009
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day
  • Patent number: 7508941
    Abstract: A control signal is provided to a video data acquisition system that generates video data. In response to receiving the control signal, the video data acquisition system modifies at least a portion of the video data to produce an output signal. Authenticity of the output signal from the video data acquisition system is verified by checking that the video data includes modifications according to the control signal. If the video data does not include such modifications, it is known that the video data acquisition system needs to be checked for tampering or system failures.
    Type: Grant
    Filed: July 22, 2003
    Date of Patent: March 24, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: James W. O'Toole, Jr., Mark Stuart Day
  • Patent number: 7403605
    Abstract: A system and method provide for transferring remote media from a remote media source to a communication or other end device at a time prior to a hold period, which media is usable as local MOH media during a hold period. A system and method further provide for responding to an initiated hold time by replacing remote MOH media with the local MOH media if remote MOH media is received in conjunction with the hold period.
    Type: Grant
    Filed: June 8, 2004
    Date of Patent: July 22, 2008
    Assignee: Cisco Technology, Inc.
    Inventor: Mark Stuart Day