Patents by Inventor Stacey SHELDON
Stacey SHELDON has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11316791Abstract: The present disclosure relates to scalable network security functions and handling of packet flows between network security zones in a communications network. Packets that are part of a bidirectional packet flow between the network security zones are received, and a determination is made as to an instance of a security application to which to assign the bidirectional packet flow for security processing. The determination is made based on relative loading of a plurality of identical instances of the security application running on a host machine. All of the received packets that are part of the bidirectional packet flow are directed for processing on the host machine by the one of the security application instances.Type: GrantFiled: January 24, 2020Date of Patent: April 26, 2022Inventors: Stacey Sheldon, Peter Bengough, Ian Mes, Ian Dublin
-
Patent number: 11310158Abstract: A key is descriptive of a data packet, and a fingerprint hash function is applied to such a key to generate a fixed length fingerprint of the key. An index value is determined based on a portion of the fingerprint. A hash table could be populated by storing in a memory, at a memory location associated with the index value: a remainder of the fingerprint other than the portion of the fingerprint that was used to determine the index value, to indicate that data packets consistent with the key are to be handled in accordance with packet handling metadata. During packet processing, if a memory location associated with an index value stores a remainder of the fingerprint other than the portion of the fingerprint that was used to determine the index value, a data packet is handled according to packet handling metadata associated with the fingerprint.Type: GrantFiled: December 8, 2017Date of Patent: April 19, 2022Inventors: Peter Bengough, Stacey Sheldon, Jonathan Sewter
-
Patent number: 11115333Abstract: A packet sub-engine coupled to a packet buffer determines which of multiple look up tables (LUTs) is to be searched for a matching entry that matches a received data packet. Each LUT corresponds to a different type of packet handling action and includes multiple entries, each with a match field and a corresponding collection of one or more actions for handling packets that match the match field. The packet sub-engine searches the determined LUT for a matching entry, processes the received data packet according to the action(s) in the matching entry, and determines whether a further LUT is to be searched for a further matching entry. The processed data packet is provided as an output if no further LUT is to be searched, or otherwise the packet sub-engine searches the further LUT and further processes the processed packet according to the action(s) in the further matching entry.Type: GrantFiled: July 15, 2020Date of Patent: September 7, 2021Assignee: CORSA TECHNOLOGY INC.Inventors: Stacey Sheldon, Jonathan Sewter, Peter Bengough
-
Publication number: 20210234800Abstract: The present disclosure relates to scalable network security functions and handling of packet flows between network security zones in a communications network. Packets that are part of a bidirectional packet flow between the network security zones are received, and a determination is made as to an instance of a security application to which to assign the bidirectional packet flow for security processing. The determination is made based on relative loading of a plurality of identical instances of the security application running on a host machine. All of the received packets that are part of the bidirectional packet flow are directed for processing on the host machine by the one of the security application instances.Type: ApplicationFiled: January 24, 2020Publication date: July 29, 2021Inventors: Stacey SHELDON, Peter BENGOUGH, Ian MES, Ian DUBLIN
-
Patent number: 11032190Abstract: The present disclosure relates to handling of packet flows between a pair of network security zones in a communications network. A packet that is sent from one of the network security zones toward the other of the network security zones is directed to a packet processing service chain, based on a packet handling classification of a packet flow of which the packet is a part. The service chain has multiple identical service chain instances to perform a service on packets, and the packet is directed to one of the service chain instances within the service chain. A packet that is processed by any of the service chain instances is transmitted to the other network security zone.Type: GrantFiled: September 12, 2018Date of Patent: June 8, 2021Inventors: Peter Bengough, Yuri Kolomiyets, Carolyn Raab, Stuart Reid, Jonathan Sewter, Stacey Sheldon
-
Publication number: 20200351200Abstract: A packet sub-engine coupled to a packet buffer determines which of multiple look up tables (LUTs) is to be searched for a matching entry that matches a received data packet. Each LUT corresponds to a different type of packet handling action and includes multiple entries, each with a match field and a corresponding collection of one or more actions for handling packets that match the match field. The packet sub-engine searches the determined LUT for a matching entry, processes the received data packet according to the action(s) in the matching entry, and determines whether a further LUT is to be searched for a further matching entry. The processed data packet is provided as an output if no further LUT is to be searched, or otherwise the packet sub-engine searches the further LUT and further processes the processed packet according to the action(s) in the further matching entry.Type: ApplicationFiled: July 15, 2020Publication date: November 5, 2020Inventors: Stacey SHELDON, Jonathan SEWTER, Peter BENGOUGH
-
Patent number: 10764179Abstract: A packet sub-engine coupled to a packet buffer determines which of multiple look up tables (LUTs) is to be searched for a matching entry that matches a received data packet. Each LUT corresponds to a different type of packet handling action and includes multiple entries, each with a match field and a corresponding collection of one or more actions for handling packets that match the match field. The packet sub-engine searches the determined LUT for a matching entry, processes the received data packet according to the action(s) in the matching entry, and determines whether a further LUT is to be searched for a further matching entry. The processed data packet is provided as an output if no further LUT is to be searched, or otherwise the packet sub-engine searches the further LUT and further processes the processed packet according to the action(s) in the further matching entry.Type: GrantFiled: July 19, 2017Date of Patent: September 1, 2020Assignee: CORSA TECHNOLOGY INC.Inventors: Stacey Sheldon, Jonathan Sewter, Peter Bengough
-
Publication number: 20200084141Abstract: The present disclosure relates to handling of packet flows between a pair of network security zones in a communications network. A packet that is sent from one of the network security zones toward the other of the network security zones is directed to a packet processing service chain, based on a packet handling classification of a packet flow of which the packet is a part. The service chain has multiple identical service chain instances to perform a service on packets, and the packet is directed to one of the service chain instances within the service chain. A packet that is processed by any of the service chain instances is transmitted to the other network security zone.Type: ApplicationFiled: September 12, 2018Publication date: March 12, 2020Inventors: Peter BENGOUGH, Yuri KOLOMIYETS, Carolyn RAAB, Stuart REID, Jonathan SEWTER, Stacey SHELDON
-
Patent number: 10389631Abstract: An IP address of a received data packet is determined. An IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses, for every possible IP address within an IP address space of the IP address, is accessed to determine set membership for the IP address of the data packet. A further action to be performed on the packet is determined based on the set membership that is determined for the IP address of the data packet. Embodiments could be applied to source IP address filtering, destination IP address filtering, or both. Blacklist and whitelist embodiments, and associated further actions that could be applied to packets in such embodiments, are contemplated.Type: GrantFiled: April 28, 2017Date of Patent: August 20, 2019Assignee: Corsa Technology Inc.Inventors: Stacey Sheldon, Jonathan Sewter
-
Publication number: 20190182160Abstract: A key is descriptive of a data packet, and a fingerprint hash function is applied to such a key to generate a fixed length fingerprint of the key. An index value is determined based on a portion of the fingerprint. A hash table could be populated by storing in a memory, at a memory location associated with the index value: a remainder of the fingerprint other than the portion of the fingerprint that was used to determine the index value, to indicate that data packets consistent with the key are to be handled in accordance with packet handling metadata. During packet processing, if a memory location associated with an index value stores a remainder of the fingerprint other than the portion of the fingerprint that was used to determine the index value, a data packet is handled according to packet handling metadata associated with the fingerprint.Type: ApplicationFiled: December 8, 2017Publication date: June 13, 2019Inventors: Peter BENGOUGH, Stacey SHELDON, Jonathan SEWTER
-
Publication number: 20190028391Abstract: A packet sub-engine coupled to a packet buffer determines which of multiple look up tables (LUTs) is to be searched for a matching entry that matches a received data packet. Each LUT corresponds to a different type of packet handling action and includes multiple entries, each with a match field and a corresponding collection of one or more actions for handling packets that match the match field. The packet sub-engine searches the determined LUT for a matching entry, processes the received data packet according to the action(s) in the matching entry, and determines whether a further LUT is to be searched for a further matching entry. The processed data packet is provided as an output if no further LUT is to be searched, or otherwise the packet sub-engine searches the further LUT and further processes the processed packet according to the action(s) in the further matching entry.Type: ApplicationFiled: July 19, 2017Publication date: January 24, 2019Inventors: Stacey SHELDON, Jonathan SEWTER, Peter BENGOUGH
-
Publication number: 20180316611Abstract: An IP address of a received data packet is determined. An IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses, for every possible IP address within an IP address space of the IP address, is accessed to determine set membership for the IP address of the data packet. A further action to be performed on the packet is determined based on the set membership that is determined for the IP address of the data packet. Embodiments could be applied to source IP address filtering, destination IP address filtering, or both. Blacklist and whitelist embodiments, and associated further actions that could be applied to packets in such embodiments, are contemplated.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Stacey SHELDON, Jonathan SEWTER
-
Patent number: 10110491Abstract: Data packets are received at a communication device that is coupled to a network node in a communication network, to a gateway router that is coupled to other network nodes in the communication network, and to a further communication network. For each received data packet, a determination is made as to whether the received data packet is to be routed toward a destination by the communication device instead of by the gateway router. The received data packet is routed toward the destination by the communication device based on determining that the received data packet is to be routed toward the destination by the communication device instead of by the gateway router. Otherwise, the received data packet is switched from the communication device to the gateway router to be routed by the gateway router toward the destination.Type: GrantFiled: January 27, 2017Date of Patent: October 23, 2018Assignee: CORSA TECHNOLOGY INC.Inventors: Thomas Benjamin Mack-Crane, Stacey Sheldon
-
Publication number: 20170222926Abstract: Data packets are received at a communication device that is coupled to a network node in a communication network, to a gateway router that is coupled to other network nodes in the communication network, and to a further communication network. For each received data packet, a determination is made as to whether the received data packet is to be routed toward a destination by the communication device instead of by the gateway router. The received data packet is routed toward the destination by the communication device based on determining that the received data packet is to be routed toward the destination by the communication device instead of by the gateway router. Otherwise, the received data packet is switched from the communication device to the gateway router to be routed by the gateway router toward the destination.Type: ApplicationFiled: January 27, 2017Publication date: August 3, 2017Inventors: Thomas Benjamin MACK-CRANE, Stacey SHELDON