Patents by Inventor Patrick Foxhoven

Patrick Foxhoven has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10375024
    Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: August 6, 2019
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
  • Publication number: 20190158516
    Abstract: A Content Delivery Network (CDN) includes one or more cache servers communicatively coupled to end users for providing content thereto; and one or more origin servers communicatively coupled to the one or more cache servers through a plurality of nodes, the one or more cache servers are configured to receive traffic related to the content from the one or more origin servers through the one or more nodes of the plurality of nodes, based on one or more of a push technique and a pull technique, and the plurality of nodes are configured to monitor the traffic between the one or more origin servers and the one or more cache servers in an inline manner, process the traffic for malware and data leakage based on policy, and block the traffic responsive to detection of one or more of the malware and the data leakage, prior to traffic entering the CDN.
    Type: Application
    Filed: January 28, 2019
    Publication date: May 23, 2019
    Inventors: Dhawal Kumar Sharma, Manoj Apte, Patrick Foxhoven
  • Patent number: 10237286
    Abstract: Content Delivery Network (CDN) protection systems and methods, performed by a cloud node in a distributed security system include receiving traffic between one or more origin servers and the CDN; monitoring the traffic based on policy; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: March 19, 2019
    Assignee: Zscaler, Inc.
    Inventors: Dhawal Kumar Sharma, Manoj Apte, Patrick Foxhoven
  • Publication number: 20180270201
    Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components including a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; and, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.
    Type: Application
    Filed: May 23, 2018
    Publication date: September 20, 2018
    Inventors: John A. Chanak, Patrick Foxhoven, William Fehring, Denzil Wessels, Kunal Shah, Subramanian Srinivasan
  • Publication number: 20180113807
    Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.
    Type: Application
    Filed: December 14, 2017
    Publication date: April 26, 2018
    Inventors: Patrick Foxhoven, John Chanak, William Fehring
  • Patent number: 9882767
    Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.
    Type: Grant
    Filed: July 23, 2013
    Date of Patent: January 30, 2018
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John Chanak, Bill Fehring
  • Publication number: 20170310709
    Abstract: A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection.
    Type: Application
    Filed: July 10, 2017
    Publication date: October 26, 2017
    Inventors: Patrick Foxhoven, John Chanak, William Fehring
  • Publication number: 20170223029
    Abstract: Content Delivery Network (CDN) protection systems and methods, performed by a cloud node in a distributed security system include receiving traffic between one or more origin servers and the CDN; monitoring the traffic based on policy; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN.
    Type: Application
    Filed: January 29, 2016
    Publication date: August 3, 2017
    Applicant: Zscaler, Inc.
    Inventors: Dhawal Kumar Sharma, Manoj Apte, Patrick Foxhoven
  • Patent number: 9705922
    Abstract: A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user.
    Type: Grant
    Filed: August 4, 2014
    Date of Patent: July 11, 2017
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John Chanak, William Fehring
  • Publication number: 20160261564
    Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.
    Type: Application
    Filed: May 18, 2016
    Publication date: September 8, 2016
    Applicant: Zscaler, Inc.
    Inventors: Patrick FOXHOVEN, John A. CHANAK, William FEHRING, Denzil WESSELS, Purvi DESAI, Manoj APTE, Sudhindra P. HERLE
  • Patent number: 9350710
    Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: May 24, 2016
    Assignee: Zscaler, Inc.
    Inventors: Sudhindra P. Herle, Patrick Foxhoven
  • Publication number: 20160036857
    Abstract: A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user.
    Type: Application
    Filed: August 4, 2014
    Publication date: February 4, 2016
    Applicant: ZSCALER, INC.
    Inventors: Patrick FOXHOVEN, John CHANAK, William FEHRING
  • Publication number: 20150372982
    Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.
    Type: Application
    Filed: June 20, 2014
    Publication date: December 24, 2015
    Applicant: Zscaler, Inc.
    Inventors: Sudhindra P. Herle, Patrick Foxhoven
  • Patent number: 8464335
    Abstract: The present disclosure provides distributed, multi-tenant Virtual Private Network (VPN) cloud systems and methods for mobile security and user based policy enforcement. In an exemplary embodiment, plural mobile devices are configured to connect to one or more enforcement or processing nodes over VPN connections. The enforcement or processing nodes are configured to perform content filtering, policy enforcement, and the like on some or all of the traffic from the mobile devices. The present invention is described as multi-tenant as it can connect to plural clients across different companies with different policies in a single distributed system. Advantageously, the present invention allows smartphone and tablet users to protect themselves from mobile malware, without requiring a security applications on the device. It allows administrators to seamless enforce policy for a user regardless of the device or network they are connecting to, as well as get granular visibility into the user's network behavior.
    Type: Grant
    Filed: April 28, 2011
    Date of Patent: June 11, 2013
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Srikanth Devarajan, Patrick Foxhoven