Patents by Inventor Philip Kwan
Philip Kwan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838214Abstract: Stateful inspection and classification of packets is disclosed. A first differentiated services header value (DSHV) to associate with a first packet type and a corresponding first quality of service treatment is received from a configuration interface for a first packet type associated with a network traffic flow originating from a first application type. A second DSHV is received from the configuration interface to associate with a second packet type. A first packet having the first packet type is received and the first quality of service treatment is applied to the first packet. A second packet having the second packet type is received and the second quality of service treatment is applied to the second packet.Type: GrantFiled: January 14, 2022Date of Patent: December 5, 2023Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Shu Lin
-
Patent number: 11824897Abstract: An indication that a change associated with adjusting capacity to provide security services to network traffic in a network environment is received. In response to receiving the indication, a set of instructions for configuring at least one of: a network device and a security appliance is determined. As a result of applying the instructions, at least one of: an amount of network traffic provided by the network device to the security appliance will increase, or at least a portion of network traffic that would otherwise be provided by the network device to the security appliance will instead be provided to another security appliance. The set of instructions is transmitted.Type: GrantFiled: December 22, 2021Date of Patent: November 21, 2023Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Sudeep Padiyar
-
Patent number: 11736390Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.Type: GrantFiled: December 7, 2021Date of Patent: August 22, 2023Assignee: Palo Alto Networks, Inc.Inventors: Chunqing Cai, Philip Kwan, Lin Wang, Lei Chang, Sameer Kumar, Pulikeshi Ramanath, Santosh Narayankhedkar
-
Publication number: 20220141144Abstract: Stateful inspection and classification of packets is disclosed. A first differentiated services header value (DSHV) to associate with a first packet type and a corresponding first quality of service treatment is received from a configuration interface for a first packet type associated with a network traffic flow originating from a first application type. A second DSHV is received from the configuration interface to associate with a second packet type. A first packet having the first packet type is received and the first quality of service treatment is applied to the first packet. A second packet having the second packet type is received and the second quality of service treatment is applied to the second packet.Type: ApplicationFiled: January 14, 2022Publication date: May 5, 2022Inventors: Philip Kwan, Shu Lin
-
Publication number: 20220116427Abstract: An indication that a change associated with adjusting capacity to provide security services to network traffic in a network environment is received. In response to receiving the indication, a set of instructions for configuring at least one of: a network device and a security appliance is determined. As a result of applying the instructions, at least one of: an amount of network traffic provided by the network device to the security appliance will increase, or at least a portion of network traffic that would otherwise be provided by the network device to the security appliance will instead be provided to another security appliance. The set of instructions is transmitted.Type: ApplicationFiled: December 22, 2021Publication date: April 14, 2022Inventors: Philip Kwan, Sudeep Padiyar
-
Publication number: 20220103466Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.Type: ApplicationFiled: December 7, 2021Publication date: March 31, 2022Inventors: Chunqing Cai, Philip Kwan, Lin Wang, Lei Chang, Sameer Kumar, Pulikeshi Ramanath, Santosh Narayankhedkar
-
Patent number: 11258715Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.Type: GrantFiled: November 4, 2019Date of Patent: February 22, 2022Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Shu Lin
-
Patent number: 11252192Abstract: An indication that a change implicating security in a network environment needs to be made is received. In response to receiving the indication, a first set of instructions for reconfiguring at least one network device is determined, and a second set of instructions for reconfiguring at least one security device is determined. At least one network device and at least one security device are, respectively, caused to be reconfigured in accordance with the respective first and second set of instructions.Type: GrantFiled: March 29, 2019Date of Patent: February 15, 2022Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Sudeep Padiyar
-
Patent number: 11252084Abstract: Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.Type: GrantFiled: September 29, 2020Date of Patent: February 15, 2022Assignee: Palo Alto Networks, Inc.Inventors: Chunqing Cai, Philip Kwan, Lin Wang, Lei Chang, Sameer Kumar, Pulikeshi Ramanath, Santosh Narayankhedkar
-
Publication number: 20200067834Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.Type: ApplicationFiled: November 4, 2019Publication date: February 27, 2020Inventors: Philip Kwan, Shu Lin
-
Patent number: 10516609Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value (DSHV) is determined to associate with the first packet. The DSHV is used to perform a lookup of a quality of service treatment associated with the DSHV. The treatment is applied to the first packet. A determination is made, for a second packet associated with the network traffic flow, to associate a second DSHV with the second, where the second DSHV is different from the first DSHV.Type: GrantFiled: November 27, 2017Date of Patent: December 24, 2019Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Shu Lin
-
Patent number: 10257121Abstract: Embodiments include systems and methods for transmitting data over high-speed data channels in context of serializer/deserializer circuits. Some embodiments include a novel full-rate source-series-terminated (SST) transmitter driver architecture with output charge sharing isolation. Certain implementations have a programmable floating tap (e.g., in addition to standard taps) with both positive and negative FIR values and cursor reduction, which can help achieve large FIR range and high channel equalization capability. Some embodiments operate with multi-phase clocking having phased clock error correction, which can facilitate operation with low-jitter and low-DCD clocks. Some implementations also include novel output inductor structures that are disposed to partially overlap output interface bumps.Type: GrantFiled: October 2, 2017Date of Patent: April 9, 2019Assignee: Oracle International CorporationInventors: Zuxu Qin, Baoqing Huang, Dawei Huang, Kuai Yin, Maoqing Yao, Philip Kwan
-
Publication number: 20190104088Abstract: Embodiments include systems and methods for transmitting data over high-speed data channels in context of serializer/deserializer circuits. Some embodiments include a novel full-rate source-series-terminated (SST) transmitter driver architecture with output charge sharing isolation. Certain implementations have a programmable floating tap (e.g., in addition to standard taps) with both positive and negative FIR values and cursor reduction, which can help achieve large FIR range and high channel equalization capability. Some embodiments operate with multi-phase clocking having phased clock error correction, which can facilitate operation with low-jitter and low-DCD clocks. Some implementations also include novel output inductor structures that are disposed to partially overlap output interface bumps.Type: ApplicationFiled: October 2, 2017Publication date: April 4, 2019Inventors: Zuxu Qin, Baoqing Huang, Dawei Huang, Kuai Yin, Maoqing Yao, Philip Kwan
-
Patent number: 10135864Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.Type: GrantFiled: July 31, 2017Date of Patent: November 20, 2018Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Chang Li
-
Patent number: 10129121Abstract: Embodiments include systems and methods for calibrating clocking circuits for improved jitter performance. Embodiments operate in context of a clocking circuit coupled with a transceiver system that has a receiver that tracks a recovered clock phase according to a tracking code. For example, candidate configurations can be identified, each corresponding to a different respective combination of parameter values for programmable clocking circuit parameters. For each candidate configuration, embodiments can configure the clocking system accordingly, and can sample the tracking code over a sample window to measure a tracking code spread for the candidate configuration. The clocking circuit can be programmed according to which of the candidate configurations manifested a minimum tracking code spread, thereby effectively configuring the clocking circuit for minimum jitter generation and optimizing jitter performance of the transceiver.Type: GrantFiled: March 6, 2017Date of Patent: November 13, 2018Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Philip Kwan, Dawei Huang
-
Publication number: 20180254964Abstract: Embodiments include systems and methods for calibrating clocking circuits for improved jitter performance. Embodiments operate in context of a clocking circuit coupled with a transceiver system that has a receiver that tracks a recovered clock phase according to a tracking code. For example, candidate configurations can be identified, each corresponding to a different respective combination of parameter values for programmable clocking circuit parameters. For each candidate configuration, embodiments can configure the clocking system accordingly, and can sample the tracking code over a sample window to measure a tracking code spread for the candidate configuration. The clocking circuit can be programmed according to which of the candidate configurations manifested a minimum tracking code spread, thereby effectively configuring the clocking circuit for minimum jitter generation and optimizing jitter performance of the transceiver.Type: ApplicationFiled: March 6, 2017Publication date: September 6, 2018Inventors: Philip Kwan, Dawei Huang
-
Publication number: 20180084006Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.Type: ApplicationFiled: July 31, 2017Publication date: March 22, 2018Inventors: Philip Kwan, Chang Li
-
Patent number: 9893878Abstract: Embodiments include systems and methods for on-chip random jitter (RJ) measurement in a clocking circuit (e.g., in a phase-locked loop of a serializer/deserializer circuit). Some embodiments determine a reference delay code sweep window to capture at least a candidate RJ range of a feedback clock signal, the reference delay code sweep window comprising a sequence of reference delay codes. A distribution of one-scores can be computed over the reference delay code sweep window, so that the distribution indicates a relatively likelihood, for each reference delay code, of obtaining a ‘1’ sample when sampling the feedback clock signal according to the delayed clock signal (delayed by an amount according to the reference delay code). The distribution can be transformed into a time domain by computing code offset times for the reference delay codes. A RJ output can be computed as a function of the distribution in the time domain.Type: GrantFiled: March 15, 2017Date of Patent: February 13, 2018Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Long Kong, Ben Li Chen, Philip Kwan, Zuxu Qin, Dawei Huang
-
Patent number: 9860166Abstract: Stateful inspection and classification of packets is disclosed. For a first packet associated with a network traffic flow, a differentiated services header value is determined. The differentiated services header value is used to perform a lookup of a quality of service treatment associated with the differentiated services header value. The treatment is applied to the first packet. A return traffic packet is received. A differentiated services header value is written in the header of the return traffic packet.Type: GrantFiled: December 18, 2013Date of Patent: January 2, 2018Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Shu Lin
-
Patent number: 9762610Abstract: Techniques for latency-based policy activation are disclosed. In some embodiments, a system for latency-based policy activation includes collecting a plurality of latency measures associated with monitored network communications; correlating the plurality of latency measures associated with the monitored network communications to detect anomalous network activity based on a profile; and performing a mitigation response to the anomalous network activity based on a policy.Type: GrantFiled: October 30, 2015Date of Patent: September 12, 2017Assignee: Palo Alto Networks, Inc.Inventors: Philip Kwan, Chang Li