Patents by Inventor Shaohong Wei
Shaohong Wei has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8289981Abstract: One embodiment relates to a network gateway apparatus configured for high-performance network content processing. The apparatus includes data storage configured to store computer-readable code and data, and a processor configured to execute computer-readable code and to access said data storage. Computer-readable code implements a plurality of packet processors, each packet processor being configured with different processing logic. Computer-readable code further implements a packet handler which is configured to send incoming packets in parallel to the plurality of packet processors. Another embodiment relates to a method for high-performance network content processing. Other embodiments, aspects and features are also disclosed.Type: GrantFiled: April 29, 2009Date of Patent: October 16, 2012Assignee: Trend Micro IncorporatedInventors: Shaohong Wei, Viswa Soubramanien
-
Publication number: 20120163186Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.Type: ApplicationFiled: March 1, 2012Publication date: June 28, 2012Applicant: Fortinet, Inc.Inventors: Shaohong Wei, Zhongqiang Chen, Ping Ng, Gang Duan
-
Patent number: 8204933Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.Type: GrantFiled: July 15, 2009Date of Patent: June 19, 2012Assignee: Fortinet, Inc.Inventors: Shaohong Wei, Zhongqiang Chen, Ping Ng, Gang Duan
-
Patent number: 8166547Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.Type: GrantFiled: September 6, 2005Date of Patent: April 24, 2012Assignee: Fortinet, Inc.Inventors: Stephen John Bevan, Michael Xie, Hongwei Li, Wenping Luo, Shaohong Wei
-
Patent number: 8132258Abstract: A client computer may be configured to perform computer security operations in conjunction with a remotely located security server. Upon detection of a computer security event, such as reception of a file, the client computer may generate a query input and determine if the query input has corresponding security information in the security server. When the query input has corresponding security information, the client computer may forward the query input to the security server. In response, the security server may retrieve the security information using the query input and provide the security information to the client computer. As a particular example, the security event may be reception of a file in the client computer and the security information may indicate whether or not the file is infected with a computer virus.Type: GrantFiled: June 12, 2008Date of Patent: March 6, 2012Assignee: Trend Micro IncorporatedInventors: Wayne Jens Jensen, Shaohong Wei
-
Publication number: 20120023228Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.Type: ApplicationFiled: September 30, 2011Publication date: January 26, 2012Applicant: Fortinet, Inc.Inventors: Stephen John Bevan, Michael Xie, Hongwei Li, Wenping Luo, Shaohong Wei
-
Publication number: 20120023557Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.Type: ApplicationFiled: September 30, 2011Publication date: January 26, 2012Applicant: Fortinet, Inc.Inventors: Stephen John Bevan, Michael Xie, Hongwei Li, Wenping Luo, Shaohong Wei
-
Publication number: 20100153507Abstract: A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object. A system for processing electronic data includes an input for receiving electronic data, a processor configured for identifying one or more portions of the electronic data, each of the one or more portions represented as a typed object, and a buffer configured to store data associated with no more than one object at a time.Type: ApplicationFiled: December 17, 2009Publication date: June 17, 2010Applicant: Fortinet, Inc.Inventors: Shaohong Wei, Anthony James, Todd A. Nelson
-
Publication number: 20100122344Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.Type: ApplicationFiled: December 17, 2009Publication date: May 13, 2010Applicant: Fortinet, Inc.Inventors: Shaohong Wei, Gang Duan, Zhongqiang Chen, Bing Xie
-
Publication number: 20100011124Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.Type: ApplicationFiled: September 24, 2009Publication date: January 14, 2010Applicant: Fortinet, Inc.Inventors: Shaohong Wei, Gang Duan, Zhongqiang Chen, Bing Xie
-
Publication number: 20090303994Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.Type: ApplicationFiled: August 12, 2009Publication date: December 10, 2009Applicant: Fortinet, Inc.Inventors: Michael Xie, Jin Shang, Anthony James, Shaohong Wei
-
Publication number: 20090268617Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.Type: ApplicationFiled: July 15, 2009Publication date: October 29, 2009Applicant: Fortinet, Inc.Inventors: Shaohong Wei, Zhongqiang Chen, Ping Ng, Gang Duan
-
Patent number: 7609625Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.Type: GrantFiled: July 6, 2005Date of Patent: October 27, 2009Assignee: Fortinet, Inc.Inventors: Shaohong Wei, Gang Duan, Zhongqiang Chen, Bing Xie
-
Patent number: 7606225Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.Type: GrantFiled: February 6, 2006Date of Patent: October 20, 2009Assignee: Fortinet, Inc.Inventors: Michael Xie, Jin Shang, Anthony James, Shaohong Wei
-
Patent number: 7580974Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.Type: GrantFiled: February 16, 2006Date of Patent: August 25, 2009Assignee: Fortinet, Inc.Inventors: Shaohong Wei, Zhongqiang Chen, Ping Ng, Gang Duan
-
Publication number: 20070192481Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.Type: ApplicationFiled: February 16, 2006Publication date: August 16, 2007Inventors: Shaohong Wei, Zhongqiang Chen, Ping Ng, Gang Duan
-
Publication number: 20070183433Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.Type: ApplicationFiled: February 6, 2006Publication date: August 9, 2007Inventors: Michael Xie, Jin Shang, Anthony James, Shaohong Wei
-
Publication number: 20070053382Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.Type: ApplicationFiled: September 6, 2005Publication date: March 8, 2007Inventors: Stephen Bevan, Michael Xie, Hongwei Li, Wenping Luo, Shaohong Wei
-
Publication number: 20070019543Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.Type: ApplicationFiled: July 6, 2005Publication date: January 25, 2007Inventors: Shaohong Wei, Gang Duan, Zhongqiang Chen, Bing Xie
-
Publication number: 20060272006Abstract: A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object. A system for processing electronic data includes an input for receiving electronic data, a processor configured for identifying one or more portions of the electronic data, each of the one or more portions represented as a typed object, and a buffer configured to store data associated with no more than one object at a time.Type: ApplicationFiled: October 17, 2005Publication date: November 30, 2006Inventors: Shaohong Wei, Anthony James, Todd Nelson