Patents by Inventor Si Wu
Si Wu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818176Abstract: The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.Type: GrantFiled: August 12, 2022Date of Patent: November 14, 2023Assignee: Netskope, Inc.Inventors: David Tze-Si Wu, Siying Yang, Krishna Narayanaswamy
-
Publication number: 20230336592Abstract: The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.Type: ApplicationFiled: February 2, 2023Publication date: October 19, 2023Applicant: Netskope, Inc.Inventors: Krishna Narayanaswamy, David Tze-Si Wu, Prasenna Ravi
-
Patent number: 11757944Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.Type: GrantFiled: November 15, 2021Date of Patent: September 12, 2023Assignee: Netskope, Inc.Inventors: David Tze-Si Wu, Prasenna Ravi
-
Patent number: 11647052Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.Type: GrantFiled: April 22, 2021Date of Patent: May 9, 2023Assignee: Netskope, Inc.Inventors: David Tze-Si Wu, Prasenna Ravi
-
Patent number: 11593319Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.Type: GrantFiled: April 15, 2020Date of Patent: February 28, 2023Assignee: Riverbed Technology, Inc.Inventors: David Tze-Si Wu, Steven McCanne, Michael J. Demmer, Nitin Gupta
-
Publication number: 20230008293Abstract: A system and method for camera-based stress determination. The method includes: determining a plurality of regions-of-interest (ROIs) of a body part; determining a set of bitplanes in a captured image sequence for each ROI that represent HC changes using a trained machine learning model, the machine learning model trained with a hemoglobin concentration (HC) changes training set, the HC changes training set trained using bitplanes from previously captured image sequences of other human individuals as input and received cardiovascular data as targets; determining an HC change signal for each of the ROIs based on changes in the set of determined bitplanes; for each ROI, determining intervals between heartbeats based on peaks in the HC change signal; determining heart rate variability using the intervals between heartbeats; determining a stress level using at least one determination of a standard deviation of the heart rate variability; and outputting the stress level.Type: ApplicationFiled: September 15, 2022Publication date: January 12, 2023Inventors: Kang LEE, Pu ZHENG, Si WU
-
Publication number: 20220345493Abstract: The technology disclosed describes a system. The system comprises an edge network of a plurality of points of presence of a network security system. Points of presence in the plurality of points of presence are configured to intermediate traffic between clients and cloud applications and to use metadata to apply policies on the intermediated traffic. There are redundancies in metadata synchronization between the points of presence due to metadata migration to a second point of presence from a first point of presence handing off intermediation to the second point of presence within an application session. Each of the points of presence is configured with inline metadata generation logic. The inline metadata generation logic is configured to issue synthetic requests to provide the metadata to the second point of presence without requiring the metadata migration to the second point of presence.Type: ApplicationFiled: November 22, 2021Publication date: October 27, 2022Applicant: Netskope, Inc.Inventors: David Tze-Si WU, Prasenna RAVI
-
Publication number: 20220345495Abstract: The technology disclosed relates to application-specific data flow for synthetic request injection for cloud security enforcement. In particular, it relates to data flow logic configured to inject an incoming request directed to a cloud application in a processing path of a particular network security system.Type: ApplicationFiled: March 7, 2022Publication date: October 27, 2022Applicant: NETSKOPE, INC.Inventors: Prasenna RAVI, David Tze-Si WU
-
Publication number: 20220345496Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.Type: ApplicationFiled: March 7, 2022Publication date: October 27, 2022Applicant: NETSKOPE, INC.Inventors: Prasenna RAVI, David Tze-Si WU
-
Publication number: 20220345490Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.Type: ApplicationFiled: April 22, 2021Publication date: October 27, 2022Applicant: Netskope, Inc.Inventors: David Tze-Si WU, Prasenna RAVI
-
Publication number: 20220345463Abstract: The technology disclosed relates to an inline proxy configured with synthetic request injection logic to intercept incoming requests during an application session, and generate, during the application session, synthetic requests that are separate from the incoming requests.Type: ApplicationFiled: March 16, 2022Publication date: October 27, 2022Applicant: NETSKOPE, INC.Inventors: David Tze-Si WU, Prasenna RAVI
-
Publication number: 20220345500Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests towards a cloud application from a client during an application session, inject one or more synthetic requests into the application session to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application. The synthetic requests are constructed using one or more parameters of the incoming requests, and do not transmit the incoming requests.Type: ApplicationFiled: April 14, 2022Publication date: October 27, 2022Applicant: Netskope, Inc.Inventors: Prasenna RAVI, David Tze-Si WU
-
Publication number: 20220345492Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.Type: ApplicationFiled: November 15, 2021Publication date: October 27, 2022Applicant: Netskope, Inc.Inventors: David Tze-Si WU, Prasenna RAVI
-
Publication number: 20220345494Abstract: The technology disclosed relates to using synthetic request injection to improve cloud object security posture management.Type: ApplicationFiled: November 29, 2021Publication date: October 27, 2022Applicant: Netskope, Inc.Inventors: David Tze-Si WU, Prasenna RAVI
-
Patent number: 11471083Abstract: A system and method for camera-based stress determination. The method includes: determining a plurality of regions-of-interest (ROIs) of a body part; determining a set of bitplanes in a captured image sequence for each ROI that represent HC changes using a trained machine learning model, the machine learning model trained with a hemoglobin concentration (HC) changes training set, the HC changes training set trained using bitplanes from previously captured image sequences of other human individuals as input and received cardiovascular data as targets; determining an HC change signal for each of the ROIs based on changes in the set of determined bitplanes; for each ROI, determining intervals between heartbeats based on peaks in the HC change signal; determining heart rate variability using the intervals between heartbeats; determining a stress level using at least one determination of a standard deviation of the heart rate variability; and outputting the stress level.Type: GrantFiled: October 24, 2018Date of Patent: October 18, 2022Assignee: NURALOGIX CORPORATIONInventors: Kang Lee, Pu Zheng, Si Wu
-
Patent number: 11459887Abstract: A system for navigation detection and inclination measurement of advanced hydraulic supports, including a detection device module, a signal transfer transmission module, connected to the detection device module, and used to integrate ultrasonic signals and inclination signals received from all advanced hydraulic supports and then wirelessly transmit all the signals to an analysis and processing module. The analysis and processing module, connected to the signal transfer transmission module, and used to receive the signals from the signal integration and transmission device for analysis, where if an analysis result shows an abnormal situation, an alarm will b e immediately given to a worker. If the analysis result shows a continuous abnormal situation, or a relatively large value indicating the abnormal situation is generated, a command will be immediately sent to make the advanced hydraulic supports stop operating in a current mode.Type: GrantFiled: December 31, 2020Date of Patent: October 4, 2022Assignees: Shandong University of Science and Technology, Tiandi Science & Technology Co., Ltd.Inventors: Yuxia Li, Kun Zhang, Liangsong Huang, Yajun Xu, Ying Ma, Desheng Zhang, Shaoan Sun, Jinpeng Su, Hongyue Chen, Si Wu, Zengkai Liu
-
Publication number: 20220283126Abstract: A spray-capillary device is configured to process ultra-low-volume samples. The spray-capillary device includes a capillary tube that includes a lumen, an inner surface, an outer surface, an inlet end for receiving a fluid, and a discharge end having a porous section. A polymer material may be applied to the inner surface to form a polymer coating thereon. A downstream connector provides an interface between the porous section of the capillary tube, a conductive fluid, and a high voltage electrical source. The application of voltage to the downstream connector causes electrospray ionization, which can be used to draw ultra-low-volume samples into the inlet end. A gas injection assembly can be used to increase the pressure on the inlet end of the capillary tube to encourage movement of the sample therethrough. The spray-capillary device may be used to provide the ultra-low-volume samples to a mass spectrometer or other suitable analytic device.Type: ApplicationFiled: May 20, 2022Publication date: September 8, 2022Applicant: The Board of Regents of the University of OklahomaInventors: Si Wu, Lushuang Huang, Zhe Wang
-
Patent number: 11340200Abstract: A spray-capillary device is configured to process ultra low-volume samples. The spray-capillary device includes a spray capillary that includes an inlet end and a discharge end. The spray capillary includes a porous section at the discharge end. A downstream connector provides an interface between the porous section of the spray capillary, a conductive fluid, and a high voltage electrical source. The application of voltage to the downstream connector causes electrospray ionization, which can be used to draw ultra law volume samples into the inlet end. A gas injection assembly can be used to increase the pressure on the inlet end of the spray capillary to encourage movement of the sample through the spray capillary. The spray-capillary device is well suited for providing ultra low samples to a mass spectrometer detection device.Type: GrantFiled: March 8, 2021Date of Patent: May 24, 2022Assignee: The Board of Regents of the University of OklahomaInventors: Si Wu, Lushuang Huang, Zhe Wang
-
Patent number: 11336698Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests from a client during an application session, inject one or more synthetic requests into the application session independently of the incoming requests to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application.Type: GrantFiled: April 22, 2021Date of Patent: May 17, 2022Assignee: Netskope, Inc.Inventors: David Tze-Si Wu, Prasenna Ravi
-
Publication number: 20220120181Abstract: A system for navigation detection and inclination measurement of advanced hydraulic supports, including a detection device module, a signal transfer transmission module, connected to the detection device module, and used to integrate ultrasonic signals and inclination signals received from all advanced hydraulic supports and then wirelessly transmit all the signals to an analysis and processing module. The analysis and processing module, connected to the signal transfer transmission module, and used to receive the signals from the signal integration and transmission device for analysis, where if an analysis result shows an abnormal situation, an alarm will b e immediately given to a worker. If the analysis result shows a continuous abnormal situation, or a relatively large value indicating the abnormal situation is generated, a command will be immediately sent to make the advanced hydraulic supports stop operating in a current mode.Type: ApplicationFiled: December 31, 2020Publication date: April 21, 2022Inventors: Yuxia LI, Kun ZHANG, Liangsong HUANG, Yajun XU, Ying MA, Desheng ZHANG, Shaoan SUN, Jinpeng SU, Hongyue CHEN, Si WU, Zengkai LIU