Patent application number | Description | Published |
20080229418 | System and Method to Customize a Security Log Analyzer - Systems and methods adapted to customize a security log analyzer to recognize a security log, the system including at least one network security device for processing data traffic on a data network, the network security device associated with at least one computing device, and adapted to generate a security log, the system further including rule builder software adapted to generate a rule for recognizing at least one item in a security log and a log analyzer adapted to apply the rule in analyzing a security log. | 09-18-2008 |
20090049537 | System and Method for Distributed Multi-Processing Security Gateway - A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided. | 02-19-2009 |
20100217819 | System and Method to Associate a Private User Identity with a Public User Identity - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 08-26-2010 |
20100235880 | System and Method to Apply Network Traffic Policy to an Application Session - Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session. | 09-16-2010 |
20100238927 | METHOD AND SYSTEM FOR INTELLIGENTLY FORWARDING MULTICAST PACKETS - A routing system utilizes a layer 2 switch interconnecting several routers to intelligently forward multicast packets throughout an interne exchange carrying multicast content. The layer 2 switch performs protocol snooping to extract a lookup key that is based on network layer protocol information. The lookup key is uniquely formulated to support either shared or explicit source distribution trees. The lookup key is used to query a forwarding memory that returns an outgoing port index. The outgoing port index points to one or more outgoing ports that are eligible to receive the multicast packet. The outgoing ports are also connected to the neighboring device(s) that are designated to receive the multicast packet. The routing system also supports real time maintenance and updating of the forwarding memory based on the periodic exchange of control messages. The routing system is configured to support PIM routers operating in PIM SM or PIM SSM modes. However, the routing system can also support other multicast protocols and/or standards. | 09-23-2010 |
20110064078 | METHOD AND SYSTEM FOR INTELLIGENTLY FORWARDING MULTICAST PACKETS - A routing system utilizes a layer 2 switch interconnecting several routers to intelligently forward multicast packets throughout an internet exchange carrying multicast content. The layer 2 switch performs protocol snooping to extract a lookup key that is based on network layer protocol information. The lookup key is uniquely formulated to support either shared or explicit source distribution trees. The lookup key is used to query a forwarding memory that returns an outgoing port index. The outgoing port index points to one or more outgoing ports that are eligible to receive the multicast packet. The outgoing ports are also connected to the neighboring device(s) that are designated to receive the multicast packet. The routing system also supports real time maintenance and updating of the forwarding memory based on the periodic exchange of control messages. The routing system is configured to support PIM routers operating in PIM SM or PIM SSM modes. However, the routing system can also support other multicast protocols and/or standards. | 03-17-2011 |
20110093522 | Method and System to Determine an Application Delivery Server Based on Geo-Location Information - A method and system to determine a web server based on geo-location information is disclosed. The system includes: a local DNS server coupled to a web client; a plurality of web servers; and a global load balancer coupled to the local DNS server. The global load balancer: receives a request for a web service sent by the web client, the request comprising local DNS server information; determines a geographic location for the local DNS server based on the local DNS server information; determines a web server from the plurality of web servers based on the requested web service; determines a geographic location for the determined web server; determines that the geographic location for the local DNS server matches the geographic location for the determined web server; selects the determined web server; and sends a response comprising information on the selected web server to the local DNS server. | 04-21-2011 |
20110239289 | System and Method to Associate a Private User Identity with a Public User Identity - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 09-29-2011 |
20120084419 | SYSTEM AND METHOD TO BALANCE SERVERS BASED ON SERVER LOAD STATUS - A method, system, and computer program product for balancing servers based on server load status, include: receiving from a server a service response to a service request, the service response including a result from a processing of the service request and a server status indicating a computing load status of the server; obtaining the server status from the service response; receiving a next service request from a host, the next service request comprising a Uniform Resource Locator (URL); determining that the server is configured to process the URL; determining whether the server status indicates that the server is available to process the next service request; and in response to determining that the server status indicates that the server is available to process the next service request, sending the next service request to the server. | 04-05-2012 |
20120204236 | Systems and Methods for User Access Authentication Based on Network Access Point - Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. | 08-09-2012 |
20120216266 | SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 08-23-2012 |
20140059702 | System and Method to Associate a Private User Identity with a Public User Identity - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record. | 02-27-2014 |
20150047012 | SYSTEM AND METHOD FOR DISTRIBUTED MULTI-PROCESSING SECURITY GATEWAY - A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided. | 02-12-2015 |