SonicWALL, Inc.

United States of America

Back to Profile

1-85 of 85 for SonicWALL, Inc. Sort by
Query
Aggregations
Jurisdiction
        United States 78
        World 7
Date
New (last 4 weeks) 2
2026 June (MTD) 1
2026 May 1
2026 (YTD) 8
2025 10
See more
IPC Class
H04L 9/40 - Network security protocols 35
H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks 23
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements 22
H04L 29/06 - Communication control; Communication processing characterised by a protocol 14
H04W 12/088 - Access security using filters or firewalls 8
See more
Status
Pending 18
Registered / In Force 67
Found results for  patents

1.

STREAMLINED CREATION AND EXPANSION OF A WIRELESS MESH NETWORK

      
Application Number 19442941
Status Pending
Filing Date 2026-01-07
First Publication Date 2026-06-04
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to methods and apparatus that registers and configures mesh node devices to operate as part of a wireless mesh network as part of a process that may be referred to as an onboarding process that streamlines. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes when mesh node devices are added to a wireless mesh network.

IPC Classes  ?

  • H04W 12/50 - Secure pairing of devices
  • H04L 9/40 - Network security protocols
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 76/11 - Allocation or use of connection identifiers
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

2.

FIREWALL ACCESS RULE AUTHENTICATED BY SECURITY ASSERTION MARKUP LANGUAGE (SAML)

      
Application Number 19401722
Status Pending
Filing Date 2025-11-26
First Publication Date 2026-05-28
Owner SonicWALL Inc. (USA)
Inventor
  • Cai, Riji
  • Zhang, Hao
  • Zheng, Rui

Abstract

Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for providing access to a network. According to at least one example, a method includes: intercepting a request at a firewall the request sent from a computing device regarding establishment of a secure communication session with a network; in response to determining that the request is unauthenticated, notifying a service provider node of the request, wherein the service provider node is configured to: generating a communication session between the computing device and a RBI server; receiving at the firewall authentication information pertaining to authorization for the computing device to establish the secure communication session with the network; identifying that the secure communication session is allowed to be established based on the authentication information; and providing access at the firewall to the computing device to establish the secure communication session with the network.

IPC Classes  ?

3.

CONNECTOR MANAGEMENT & IMPLEMENTATION FOR FLEXIBLE PLATFORM

      
Application Number 18773965
Status Pending
Filing Date 2024-07-16
First Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for connecting an end-user device to a private network using a firewall connector. Connecting the end-user device to the private network using the firewall connector includes assigning a unique source IP address to the end-user device by a centralized management platform, receiving the data packet from an access tier at the firewall connector, wherein the access tier receives the data packet from the end-user device for the private network, and changing, by the firewall connector, the unique source IP address or a destination IP address of the data packet.

IPC Classes  ?

4.

INTEGRATION & IMPLEMENTATION OF GLOBAL EDGE FUNCTIONALITIES

      
Application Number 18773978
Status Pending
Filing Date 2024-07-16
First Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for securely routing and controlling access of various types of traffic for one or more end-user devices. Securely routing and controlling access of the various types of traffic includes securely routing private application traffic from a first end-user device to a private network, securely routing private network traffic from a second end-user device to a private network, and filtering and monitoring Internet traffic for a third end-user device from the Internet or a Software-as-a-Service (SaaS) application. Securely routing and controlling access of the various types of traffic includes using a Zero Trust Network Access (ZTNA) proxy to authenticate the end-user devices and a firewall connector coupled with a network firewall to establish a connector tunnel.

IPC Classes  ?

5.

TRIGGERING PROVISIONING OF CLOUD-BASED SECURITY THROUGH FIREWALL

      
Application Number 18773972
Status Pending
Filing Date 2024-07-16
First Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for triggering provisioning of cloud-based security through a network firewall. Triggering provisioning includes an access control service verifying authorization of the end-user device to access the private network and evaluating device characteristics of the end-user device, applying configured application control policies based on the device characteristics, evaluating Zero Trust Network Access (ZTNA) policies based on the device characteristics and application configured application control policies, generating a unique session token when the request is approved, providing the unique session token to the firewall connector, and forming a connector tunnel that establishes a secure connection between the end-user device and the private network.

IPC Classes  ?

6.

CONNECTOR MANAGEMENT & IMPLEMENTATION FOR FLEXIBLE PLATFORM

      
Application Number US2025037972
Publication Number 2026/019965
Status In Force
Filing Date 2025-07-16
Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for connecting an end-user device to a private network using a firewall connector. Connecting the end-user device to the private network using the firewall connector includes assigning a unique source IP address to the end-user device by a centralized management platform, receiving the data packet from an access tier at the firewall connector, wherein the access tier receives the data packet from the end-user device for the private network, and changing, by the firewall connector, the unique source IP address or a destination IP address of the data packet.

IPC Classes  ?

  • H04L 61/59 - Network arrangements, protocols or services for addressing or naming using proxies for addressing
  • H04L 61/2503 - Translation of Internet protocol [IP] addresses
  • H04L 61/50 - Address allocation
  • H04L 12/46 - Interconnection of networks
  • H04L 41/08 - Configuration management of networks or network elements

7.

TRIGGERING PROVISIONING OF CLOUD-BASED SECURITY THROUGH FIREWALL

      
Application Number US2025037975
Publication Number 2026/019968
Status In Force
Filing Date 2025-07-16
Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for triggering provisioning of cloud-based security through a network firewall. Triggering provisioning includes an access control service verifying authorization of the end-user device to access the private network and evaluating device characteristics of the end-user device, applying configured application control policies based on the device characteristics, evaluating Zero Trust Network Access (ZTNA) policies based on the device characteristics and application configured application control policies, generating a unique session token when the request is approved, providing the unique session token to the firewall connector, and forming a connector tunnel that establishes a secure connection between the end-user device and the private network.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • G06F 21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

8.

INTEGRATION & IMPLEMENTATION OF GLOBAL EDGE FUNCTIONALITIES

      
Application Number US2025037976
Publication Number 2026/019969
Status In Force
Filing Date 2025-07-16
Publication Date 2026-01-22
Owner SONICWALL INC. (USA)
Inventor
  • Desikan, Tarun
  • Gummaraju, Jayanth
  • Turner, Yoshio
  • Sanghvi, Jasmine S.

Abstract

This disclosure is related to methods and apparatus for securely routing and controlling access of various types of traffic for one or more end-user devices. Securely routing and controlling access of the various types of traffic includes securely routing private application traffic from a first end-user device to a private network, securely routing private network traffic from a second end-user device to a private network, and filtering and monitoring Internet traffic for a third end-user device from the Internet or a Software-as-a-Service (SaaS) application. Securely routing and controlling access of the various types of traffic includes using a Zero Trust Network Access (ZTNA) proxy to authenticate the end-user devices and a firewall connector coupled with a network firewall to establish a connector tunnel.

IPC Classes  ?

  • H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
  • H04L 9/40 - Network security protocols

9.

DETECTING PROFILE-BASED WIRELESS MESH NODE FAILOVER IN COMMUNICATION NETWORKS

      
Application Number 19284430
Status Pending
Filing Date 2025-07-29
First Publication Date 2025-12-25
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to methods and apparatus that registers a plurality of mesh node devices to operate as part of a wireless mesh network after a user device scans encoded information that is unique to each mesh node of a plurality of different mesh nodes. After codes associated with different respective mesh nodes are scanned by a user device, that user device may communicate with these different mesh nodes via a low power communication interface and the user device may send registration information to a registration computer via a secure communication channel. Apparatus consistent with the present disclosure may also receive a validation code from the registration computer via a communication channel that is different from the secure communication channel and these apparatus may then send the validation code to the registration computer via the secure communication channel when the user device is validated by the registration computer.

IPC Classes  ?

  • H04W 60/04 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration using triggered events
  • G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
  • G06K 7/14 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
  • H04L 9/40 - Network security protocols
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/03 - Protecting confidentiality, e.g. by encryption
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

10.

ADAPTIVE CPU USAGE MECHANISM FOR NETWORKING SYSTEM IN A VIRTUAL ENVIRONMENT

      
Application Number 19310651
Status Pending
Filing Date 2025-08-26
First Publication Date 2025-12-25
Owner SONICWALL INC. (USA)
Inventor
  • Mao, Miao
  • Zhou, Wei
  • Chen, Zhong

Abstract

Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.

IPC Classes  ?

  • G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
  • G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
  • G06F 9/46 - Multiprogramming arrangements
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

11.

METHOD FOR PROVIDING AN ELASTIC CONTENT FILTERING SECURITY SERVICE IN A MESH NETWORK

      
Application Number 19063051
Status Pending
Filing Date 2025-02-25
First Publication Date 2025-08-21
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.

IPC Classes  ?

  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks
  • H04W 40/12 - Communication route or path selection, e.g. power-based or shortest path routing based on transmission quality or channel quality
  • H04W 40/24 - Connectivity information management, e.g. connectivity discovery or connectivity update

12.

Providing Access to Data in a Secure Communication

      
Application Number 19097706
Status Pending
Filing Date 2025-04-01
First Publication Date 2025-08-07
Owner SONICWALL INC. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]

13.

METHOD OF CREATING HIGH AVAILABILITY FOR SINGLE POINT NETWORK GATEWAY USING CONTAINERS

      
Application Number 19000994
Status Pending
Filing Date 2024-12-24
First Publication Date 2025-06-26
Owner SONICWALL INC. (USA)
Inventor
  • Xiang, Dong
  • Liu, Yunfeng
  • Chen, Zhong

Abstract

Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources when different processes are performed in a virtual computing environment. Methods consistent with the present disclosure may be used to provide a form of redundancy that does not require two physically distinct computers. Such methods may use a set of physical hardware components and two or more sets of synchronized virtual gateway software. Architectural features of physical hardware components included in an apparatus consistent with the present disclosure may be abstracted from sets of virtual program code when one virtual software process backs up another virtual software process at the apparatus.

IPC Classes  ?

  • G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
  • G06F 9/445 - Program loading or initiating
  • G06F 9/46 - Multiprogramming arrangements
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

14.

EARLY FILTERING OF CLEAN FILE USING DYNAMIC ANALYSIS

      
Application Number 18984089
Status Pending
Filing Date 2024-12-17
First Publication Date 2025-06-19
Owner SonicWall, Inc. (USA)
Inventor
  • Das, Soumyadipta
  • Kuchan, Sushikumar
  • Dubrovsky, Aleksnadr

Abstract

The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

IPC Classes  ?

  • G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

15.

METHOD FOR PROVIDING AN ELASTIC CONTENT FILTERING SECURITY SERVICE IN A MESH NETWORK

      
Application Number 18984055
Status Pending
Filing Date 2024-12-17
First Publication Date 2025-06-12
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • H04W 12/122 - Counter-measures against attacksProtection against rogue devices
  • H04W 80/06 - Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

16.

DETECTION OF EXPLOITATIVE PROGRAM CODE

      
Application Number 18930636
Status Pending
Filing Date 2024-10-29
First Publication Date 2025-04-17
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Ganachari, Sai
  • He, Yao
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

17.

VISUALIZATION TOOL FOR REAL-TIME NETWORK RISK ASSESSMENT

      
Application Number 18795717
Status Pending
Filing Date 2024-08-06
First Publication Date 2025-01-30
Owner SONICWALL INC. (USA)
Inventor
  • Conner, F. William
  • Nguyenle, Minhdung Joe
  • Dhablania, Atul
  • Chio, Richard
  • Jose, Justin
  • Dampanaboina, Lalith Kumar

Abstract

The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04L 43/028 - Capturing of monitoring data by filtering
  • H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data

18.

Real-time prevention of malicious content via dynamic analysis

      
Application Number 18795848
Grant Number 12647433
Status In Force
Filing Date 2024-08-06
First Publication Date 2025-01-23
Grant Date 2026-06-02
Owner SONICWALL INC. (USA)
Inventor
  • Cheetancheri, Senthil
  • Dubrovsky, Alex
  • Holagi, Sachin

Abstract

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

19.

CLOUD BASED JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION

      
Application Number 18823389
Status Pending
Filing Date 2024-09-03
First Publication Date 2024-12-26
Owner SONICWALL INC. (USA)
Inventor
  • Dubrovsky, Aleksandr
  • Das, Soumyadipta
  • Cheetancheri, Senthilkumar Gopinathan

Abstract

Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine

20.

ANALYSIS OF HISTORICAL NETWORK TRAFFIC TO IDENTIFY NETWORK VULNERABILITIES

      
Application Number 18795585
Status Pending
Filing Date 2024-08-06
First Publication Date 2024-12-19
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • H04L 9/40 - Network security protocols

21.

Firewall access rule authenticated by security assertion markup language (SAML)

      
Application Number 18210569
Grant Number 12513111
Status In Force
Filing Date 2023-06-15
First Publication Date 2024-12-19
Grant Date 2025-12-30
Owner SonicWALL Inc. (USA)
Inventor
  • Cai, Riji
  • Zhang, Hao
  • Zheng, Rui

Abstract

Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for providing access to a network. According to at least one example, a method includes: intercepting a request at a firewall the request sent from a computing device regarding establishment of a secure communication session with a network; in response to determining that the request is unauthenticated, notifying a service provider node of the request, wherein the service provider node is configured to: generating a communication session between the computing device and a RBI server; receiving at the firewall authentication information pertaining to authorization for the computing device to establish the secure communication session with the network; identifying that the secure communication session is allowed to be established based on the authentication information; and providing access at the firewall to the computing device to establish the secure communication session with the network.

IPC Classes  ?

22.

DYNAMIC BYPASS

      
Application Number 18816546
Status Pending
Filing Date 2024-08-27
First Publication Date 2024-12-19
Owner SonicWALL Inc. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04L 67/01 - Protocols
  • H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
  • H04L 67/141 - Setup of application sessions

23.

Securing transmission paths in a mesh network

      
Application Number 18816879
Grant Number 12634695
Status In Force
Filing Date 2024-08-27
First Publication Date 2024-12-19
Grant Date 2026-05-19
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to securely setting up mesh networks in a secure manner that does not require a physical network cable being attached to a wireless device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may use different communication interfaces and different types of channels to ensure that devices included in or being added to a wireless mesh network always communicate securely. Methods and apparatus consistent with the present disclosure may use a combination of conventional secure communication methods, such as secure hypertext transfer protocol (HTTPS) communications, low power signals that travel over short distances, and other types of communications to create a system that only uses secure communications when setting up or expanding a wireless mesh network.

IPC Classes  ?

  • H04W 12/08 - Access security
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
  • H04L 9/40 - Network security protocols
  • H04W 12/06 - Authentication
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

24.

Elastic security services load balancing in a wireless mesh network

      
Application Number 18809807
Grant Number 12641430
Status In Force
Filing Date 2024-08-20
First Publication Date 2024-12-12
Grant Date 2026-05-26
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • H04L 67/5682 - Policies or rules for updating, deleting or replacing the stored data
  • H04W 12/10 - Integrity
  • H04W 28/08 - Load balancing or load distribution
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

25.

Just in time memory analysis for malware detection

      
Application Number 18733034
Grant Number 12639438
Status In Force
Filing Date 2024-06-04
First Publication Date 2024-11-07
Grant Date 2026-05-26
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Dubrovsky, Alex
  • Korsunsky, Igor

Abstract

Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.

IPC Classes  ?

  • G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

26.

Streamlined creation and expansion of a wireless mesh network

      
Application Number 18753727
Grant Number 12543047
Status In Force
Filing Date 2024-06-25
First Publication Date 2024-10-17
Grant Date 2026-02-03
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Methods, systems, computer readable storage medium and apparatus, as described herein, registers and configures mesh node devices to operate in a wireless mesh network as part of a process that may be referred to as an onboarding process. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software

IPC Classes  ?

  • H04W 12/50 - Secure pairing of devices
  • H04L 9/40 - Network security protocols
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 76/11 - Allocation or use of connection identifiers
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

27.

Detecting profile-based wireless mesh node failover in communication networks

      
Application Number 18673699
Grant Number 12376062
Status In Force
Filing Date 2024-05-24
First Publication Date 2024-09-26
Grant Date 2025-07-29
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Apparatuses, methods, and non-transitory computer-readable storage media are described for detecting profile-based wireless mesh node failover in communication networks. An apparatus can receive authentication information sent from a first wireless mesh node of a plurality of wireless mesh nodes in a wireless communication network, generate a profile for configuring wireless mesh nodes according to the authentication information, establish a communication session with the first wireless mesh node and a second wireless mesh node based on the profile, detect a failure at the first wireless mesh node that triggers to probe the profile for a communication policy that specifies one or more available wireless mesh nodes that includes the second wireless mesh node, and switch a communication connection to the second wireless mesh node in accordance with the communication policy.

IPC Classes  ?

  • H04W 60/04 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration using triggered events
  • G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
  • G06K 7/14 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/03 - Protecting confidentiality, e.g. by encryption
  • H04L 9/40 - Network security protocols
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

28.

Adaptive CPU usage mechanism for networking system in a virtual environment

      
Application Number 18624288
Grant Number 12399741
Status In Force
Filing Date 2024-04-02
First Publication Date 2024-09-19
Grant Date 2025-08-26
Owner SONICWALL INC. (USA)
Inventor
  • Mao, Miao
  • Zhou, Wei
  • Chen, Zhong

Abstract

Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.

IPC Classes  ?

  • G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
  • G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
  • G06F 9/46 - Multiprogramming arrangements
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

29.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 18384103
Grant Number 12170900
Status In Force
Filing Date 2023-10-26
First Publication Date 2024-02-15
Grant Date 2024-12-17
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • H04W 12/122 - Counter-measures against attacksProtection against rogue devices
  • H04W 80/06 - Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

30.

Analysis of historical network traffic to identify network vulnerabilities

      
Application Number 18215943
Grant Number 12056237
Status In Force
Filing Date 2023-10-30
First Publication Date 2024-02-08
Grant Date 2024-08-06
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • H04L 9/40 - Network security protocols

31.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 18378583
Grant Number 12238825
Status In Force
Filing Date 2023-10-10
First Publication Date 2024-02-08
Grant Date 2025-02-25
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.

IPC Classes  ?

  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks
  • H04W 40/12 - Communication route or path selection, e.g. power-based or shortest path routing based on transmission quality or channel quality
  • H04W 40/24 - Connectivity information management, e.g. connectivity discovery or connectivity update

32.

Cloud based just in time memory analysis for malware detection

      
Application Number 18369926
Grant Number 12079340
Status In Force
Filing Date 2023-09-19
First Publication Date 2024-01-11
Grant Date 2024-09-03
Owner SONICWALL INC. (USA)
Inventor
  • Dubrovsky, Aleksandr
  • Das, Soumyadipta
  • Cheetancheri, Senthilkumar Gopinathan

Abstract

Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine

33.

Elastic security services load balancing in a wireless mesh network

      
Application Number 18234152
Grant Number 12069480
Status In Force
Filing Date 2023-08-15
First Publication Date 2023-12-14
Grant Date 2024-08-20
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • H04L 67/5682 - Policies or rules for updating, deleting or replacing the stored data
  • H04W 12/10 - Integrity
  • H04W 28/08 - Load balancing or load distribution
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

34.

Providing access to data in a secure communication

      
Application Number 18220436
Grant Number 12267362
Status In Force
Filing Date 2023-07-11
First Publication Date 2023-12-14
Grant Date 2025-04-01
Owner SONICWALL INC. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04L 9/40 - Network security protocols
  • H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]

35.

Instant secure wireless network setup

      
Application Number 18138840
Grant Number 12279115
Status In Force
Filing Date 2023-04-25
First Publication Date 2023-11-09
Grant Date 2025-04-15
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.

IPC Classes  ?

  • H04W 12/08 - Access security
  • H04L 9/40 - Network security protocols
  • H04W 12/06 - Authentication
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

36.

Reassembly free deep packet inspection for peer to peer networks

      
Application Number 18215669
Grant Number 12095779
Status In Force
Filing Date 2023-06-28
First Publication Date 2023-10-19
Grant Date 2024-09-17
Owner SonicWALL Inc. (USA)
Inventor
  • Ling, Hui
  • Yu, Cuiping
  • Chen, Zhong

Abstract

The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

IPC Classes  ?

37.

Call location based access control of query to database

      
Application Number 18206135
Grant Number 12406078
Status In Force
Filing Date 2023-06-06
First Publication Date 2023-10-05
Grant Date 2025-09-02
Owner SONICWALL INC. (USA)
Inventor
  • Joshipura, Bhushit
  • Das, Soumyadipta
  • Yogeesh, Arun
  • Ashok, Navaneeth

Abstract

The present disclosure is directed to protecting data stored at a database in a manner that increases data protection minimizing performance reductions. Apparatus and methods consistent with the present disclosure may collect information from user devices from which user inputs are received when collecting data that may be used to protect database data. Methods consistent with the present disclosure may identify code paths traversed, pages of program code where actions were initiated, and functions associated with those actions. This information may be cross-referenced with a set of data, constraints, rules, or command parameters when data associated with a database query is initially associated with an “allow” action or a “deny” action. This information may also be used to evaluate whether newly generated database queries should be allowed to be sent to a database server or to identify whether a database request should be blocked.

IPC Classes  ?

  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • G06F 16/14 - Details of searching files based on file metadata
  • G06F 21/31 - User authentication
  • G06F 21/44 - Program or device authentication

38.

VPN deep packet inspection

      
Application Number 18103898
Grant Number 12058109
Status In Force
Filing Date 2023-01-31
First Publication Date 2023-08-10
Grant Date 2024-08-06
Owner SonicWALL Inc. (USA)
Inventor
  • Work, Steven C.
  • Masanagi, Prakash N.
  • Peterson, Christopher D.

Abstract

Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04L 9/40 - Network security protocols

39.

Detection of exploitative program code

      
Application Number 18095340
Grant Number 12130919
Status In Force
Filing Date 2023-01-10
First Publication Date 2023-07-13
Grant Date 2024-10-29
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Ganachari, Sai Sravan Kumar
  • He, Yao
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

40.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 18088273
Grant Number 11863987
Status In Force
Filing Date 2022-12-23
First Publication Date 2023-06-29
Grant Date 2024-01-02
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • H04W 12/122 - Counter-measures against attacksProtection against rogue devices
  • H04W 80/06 - Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

41.

Early filtering of clean file using dynamic analysis

      
Application Number 17991749
Grant Number 12169564
Status In Force
Filing Date 2022-11-21
First Publication Date 2023-05-18
Grant Date 2024-12-17
Owner SonicWall, Inc. (USA)
Inventor
  • Das, Soumyadipta
  • Kuchan, Sushilkumar
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

IPC Classes  ?

  • G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

42.

Real-time prevention of malicious content via dynamic analysis

      
Application Number 17949796
Grant Number 12058154
Status In Force
Filing Date 2022-09-21
First Publication Date 2023-01-19
Grant Date 2024-08-06
Owner SONICWALL INC. (USA)
Inventor
  • Cheetancheri, Senthil
  • Dubrovsky, Alex
  • Holagi, Sachin

Abstract

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

43.

Visualization tool for real-time network risk assessment

      
Application Number 17862948
Grant Number 12058147
Status In Force
Filing Date 2022-07-12
First Publication Date 2023-01-05
Grant Date 2024-08-06
Owner SonicWALL Inc. (USA)
Inventor
  • Conner, F. William
  • Nguyenle, Minhdung Joe
  • Dhablania, Atul
  • Chio, Richard
  • Jose, Justin
  • Dampanaboina, Lalith Kumar

Abstract

The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04L 43/028 - Capturing of monitoring data by filtering
  • H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data

44.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 17899959
Grant Number 11800598
Status In Force
Filing Date 2022-08-31
First Publication Date 2022-12-29
Grant Date 2023-10-24
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.

IPC Classes  ?

  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks
  • H04W 40/24 - Connectivity information management, e.g. connectivity discovery or connectivity update
  • H04W 40/12 - Communication route or path selection, e.g. power-based or shortest path routing based on transmission quality or channel quality

45.

Elastic security services and load balancing in a wireless mesh network

      
Application Number 17716860
Grant Number 11729621
Status In Force
Filing Date 2022-04-08
First Publication Date 2022-07-28
Grant Date 2023-08-15
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • H04W 12/10 - Integrity
  • H04W 28/08 - Load balancing or load distribution
  • H04L 67/5682 - Policies or rules for updating, deleting or replacing the stored data
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

46.

Cloud based just in time memory analysis for malware detection

      
Application Number 17584152
Grant Number 11797677
Status In Force
Filing Date 2022-01-25
First Publication Date 2022-07-14
Grant Date 2023-10-24
Owner SonicWALL Inc. (USA)
Inventor
  • Dubrovsky, Aleksandr
  • Das, Soumyadipta
  • Cheetancheri, Senthilkumar Gopinathan

Abstract

Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine

47.

Just in time memory analysis for malware detection

      
Application Number 17505327
Grant Number 12001554
Status In Force
Filing Date 2021-10-19
First Publication Date 2022-02-03
Grant Date 2024-06-04
Owner SonicWALL Inc. (USA)
Inventor
  • Das, Soumyadipta
  • Dubrovsky, Alex
  • Korsunsky, Igor

Abstract

Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.

IPC Classes  ?

  • G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

48.

Adaptive CPU usage mechanism for networking system in a virtual environment

      
Application Number 17350239
Grant Number 11948001
Status In Force
Filing Date 2021-06-17
First Publication Date 2021-12-23
Grant Date 2024-04-02
Owner SONICWALL INC. (USA)
Inventor
  • Mao, Miao
  • Zhou, Wei
  • Chen, Zhong

Abstract

Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.

IPC Classes  ?

  • G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
  • G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
  • G06F 9/46 - Multiprogramming arrangements
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

49.

Method of creating high availability for single point network gateway using containers

      
Application Number 17350243
Grant Number 12175284
Status In Force
Filing Date 2021-06-17
First Publication Date 2021-12-23
Grant Date 2024-12-24
Owner SONICWALL INC. (USA)
Inventor
  • Xiang, Dong
  • Liu, Yunfeng
  • Chen, Zhong

Abstract

Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources when different processes are performed in a virtual computing environment. Methods consistent with the present disclosure may be used to provide a form of redundancy that does not require two physically distinct computers. Such methods may use a set of physical hardware components and two or more sets of synchronized virtual gateway software. Architectural features of physical hardware components included in an apparatus consistent with the present disclosure may be abstracted from sets of virtual program code when one virtual software process backs up another virtual software process at the apparatus.

IPC Classes  ?

  • G06F 9/46 - Multiprogramming arrangements
  • G06F 9/445 - Program loading or initiating
  • G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

50.

Providing access to data in a secure communication

      
Application Number 17166773
Grant Number 11700277
Status In Force
Filing Date 2021-02-03
First Publication Date 2021-07-29
Grant Date 2023-07-11
Owner SONICWALL INC. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04L 9/40 - Network security protocols
  • H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]

51.

Reassembly free deep packet inspection for peer to peer networks

      
Application Number 17174182
Grant Number 11695784
Status In Force
Filing Date 2021-02-11
First Publication Date 2021-07-29
Grant Date 2023-07-04
Owner SONICWALL INC. (USA)
Inventor
  • Ling, Hui
  • Yu, Cuiping
  • Chen, Zhong

Abstract

The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

IPC Classes  ?

52.

Instant secure wireless network setup

      
Application Number 17223526
Grant Number 11638149
Status In Force
Filing Date 2021-04-06
First Publication Date 2021-07-22
Grant Date 2023-04-25
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.

IPC Classes  ?

  • H04W 12/08 - Access security
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 12/06 - Authentication
  • H04L 9/40 - Network security protocols
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

53.

IDENTIFICATION OF POTENTIAL NETWORK VULNERABILITY AND SECURITY RESPONSES IN LIGHT OF REAL-TIME NETWORK RISK ASSESSMENT

      
Application Number 17111398
Status Pending
Filing Date 2020-12-03
First Publication Date 2021-06-24
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol

54.

Real-time prevention of malicious content via dynamic analysis

      
Application Number 17128639
Grant Number 11558405
Status In Force
Filing Date 2020-12-21
First Publication Date 2021-06-17
Grant Date 2023-01-17
Owner SonicWALL Inc. (USA)
Inventor
  • Cheetancheri, Senthil
  • Dubrovsky, Alex
  • Holagi, Sachin

Abstract

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

55.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 17111391
Grant Number 11540132
Status In Force
Filing Date 2020-12-03
First Publication Date 2021-06-10
Grant Date 2022-12-27
Owner SonicWALL Inc. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • H04W 80/06 - Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
  • H04W 12/122 - Counter-measures against attacksProtection against rogue devices
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

56.

Analysis of historical network traffic to identify network vulnerabilities

      
Application Number 17111414
Grant Number 11693961
Status In Force
Filing Date 2020-12-03
First Publication Date 2021-06-03
Grant Date 2023-07-04
Owner SonicWall Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • H04L 9/40 - Network security protocols

57.

Call location based access control of query to database

      
Application Number 16779262
Grant Number 11675920
Status In Force
Filing Date 2020-01-31
First Publication Date 2021-06-03
Grant Date 2023-06-13
Owner SonicWALL Inc. (USA)
Inventor
  • Joshipura, Bhushit
  • Das, Soumyadipta
  • Yogeesh, Arun
  • Ashok, Navaneeth

Abstract

The present disclosure is directed to protecting data stored at a database in a manner that increases data protection minimizing performance reductions. Apparatus and methods consistent with the present disclosure may collect information from user devices from which user inputs are received when collecting data that may be used to protect database data. Methods consistent with the present disclosure may identify code paths traversed, pages of program code where actions were initiated, and functions associated with those actions. This information may be cross-referenced with a set of data, constraints, rules, or command parameters when data associated with a database query is initially associated with an “allow” action or a “deny” action. This information may also be used to evaluate whether newly generated database queries should be allowed to be sent to a database server or to identify whether a database request should be blocked.

IPC Classes  ?

  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • G06F 21/31 - User authentication
  • G06F 16/14 - Details of searching files based on file metadata
  • G06F 21/44 - Program or device authentication

58.

Early filtering of clean file using dynamic analysis

      
Application Number 16783065
Grant Number 11507664
Status In Force
Filing Date 2020-02-05
First Publication Date 2021-06-03
Grant Date 2022-11-22
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Kuchan, Sushilkumar
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

IPC Classes  ?

  • G06F 11/00 - Error detectionError correctionMonitoring
  • G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • G06F 12/16 - Protection against loss of memory contents

59.

Visualization tool for real-time network risk assessment

      
Application Number 16863933
Grant Number 11388176
Status In Force
Filing Date 2020-04-30
First Publication Date 2021-06-03
Grant Date 2022-07-12
Owner SONICWALL INC. (USA)
Inventor
  • Conner, F. William
  • Nguyenle, Minhdung Joe
  • Dhablania, Atul
  • Chio, Richard
  • Jose, Justin
  • Dampanaboina, Lalith Kumar

Abstract

The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
  • H04L 43/028 - Capturing of monitoring data by filtering

60.

Method for providing an elastic content filtering security service in a mesh network

      
Application Number 17111388
Grant Number 11438963
Status In Force
Filing Date 2020-12-03
First Publication Date 2021-05-27
Grant Date 2022-09-06
Owner SONICWALL INC. (USA)
Inventor Duo, Zhuangzhi

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.

IPC Classes  ?

  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks
  • H04W 40/24 - Connectivity information management, e.g. connectivity discovery or connectivity update
  • H04W 40/12 - Communication route or path selection, e.g. power-based or shortest path routing based on transmission quality or channel quality

61.

Dynamic bypass

      
Application Number 17075492
Grant Number 12074863
Status In Force
Filing Date 2020-10-20
First Publication Date 2021-05-06
Grant Date 2024-08-27
Owner SonicWALL Inc. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.

IPC Classes  ?

  • H04L 9/40 - Network security protocols
  • H04L 67/01 - Protocols
  • H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
  • H04L 67/141 - Setup of application sessions

62.

Securing transmission paths in a mesh network

      
Application Number 16911111
Grant Number 12075246
Status In Force
Filing Date 2020-06-24
First Publication Date 2020-12-17
Grant Date 2024-08-27
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Securely setting up mesh networks in a secure manner that does not require a physical network cable being attached to a wireless device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus may use different communication interfaces and different types of channels to ensure that devices included in or being added to a wireless mesh network always communicate securely. Methods and apparatus may use a combination of conventional secure communication methods, such as secure hypertext transfer protocol (HTTPS) communications, low power signals that travel over short distances, and other types of communications to create a system that only uses secure communications when setting up or expanding a wireless mesh network.

IPC Classes  ?

  • H04W 12/08 - Access security
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
  • H04L 9/40 - Network security protocols
  • H04W 12/06 - Authentication
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

63.

Detection of exploitative program code

      
Application Number 16903060
Grant Number 11550912
Status In Force
Filing Date 2020-06-16
First Publication Date 2020-12-03
Grant Date 2023-01-10
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Ganachari, Sai Sravan Kumar
  • He, Yao
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

64.

Establishing simultaneous mesh node connections

      
Application Number 16883275
Grant Number 11997635
Status In Force
Filing Date 2020-05-26
First Publication Date 2020-11-12
Grant Date 2024-05-28
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

Methods and apparatus that registers a plurality of mesh node devices to operate as part of a wireless mesh network after a user device scans encoded information that is unique to each mesh node of a plurality of different mesh nodes. After codes associated with different respective mesh nodes are scanned by a user device, that user device may communicate with these different mesh nodes via a low power communication interface and the user device may send registration information to a registration computer via a secure communication channel. Apparatus may also receive a validation code from the registration computer via a communication channel that is different from the secure communication channel and these apparatus may then send the validation code to the registration computer via the secure communication channel when the user device is validated by the registration computer.

IPC Classes  ?

  • H04W 60/04 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration using triggered events
  • G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
  • G06K 7/14 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 12/03 - Protecting confidentiality, e.g. by encryption
  • H04L 9/40 - Network security protocols
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

65.

Instant secure wireless network setup

      
Application Number 16397935
Grant Number 10972916
Status In Force
Filing Date 2019-04-29
First Publication Date 2020-10-29
Grant Date 2021-04-06
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.

IPC Classes  ?

  • H04W 12/08 - Access security
  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04W 12/06 - Authentication
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

66.

Elastic security services and load balancing in a wireless mesh network

      
Application Number 16397951
Grant Number 11310665
Status In Force
Filing Date 2019-04-29
First Publication Date 2020-10-29
Grant Date 2022-04-19
Owner SONICWALL INC. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.

IPC Classes  ?

  • H04W 12/088 - Access security using filters or firewalls
  • H04L 67/5682 - Policies or rules for updating, deleting or replacing the stored data
  • G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
  • H04W 12/10 - Integrity
  • H04W 28/08 - Load balancing or load distribution
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

67.

Streamlined creation and expansion of a wireless mesh network

      
Application Number 16404655
Grant Number 12022295
Status In Force
Filing Date 2019-05-06
First Publication Date 2020-10-29
Grant Date 2024-06-25
Owner SonicWALL Inc. (USA)
Inventor
  • Duo, Zhuangzhi
  • Dhablania, Atul

Abstract

The present disclosure relates to methods and apparatus that registers and configures mesh node devices to operate as part of a wireless mesh network as part of a process that may be referred to as an onboarding process that streamlines. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes when mesh node devices are added to a wireless mesh network.

IPC Classes  ?

  • H04W 12/50 - Secure pairing of devices
  • H04L 9/40 - Network security protocols
  • H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
  • H04W 60/00 - Affiliation to network, e.g. registrationTerminating affiliation with the network, e.g. de-registration
  • H04W 76/11 - Allocation or use of connection identifiers
  • H04W 80/10 - Upper layer protocols adapted for session management, e.g. SIP [Session Initiation Protocol]
  • H04W 12/55 - Secure pairing of devices involving three or more devices, e.g. group pairing
  • H04W 84/18 - Self-organising networks, e.g. ad hoc networks or sensor networks

68.

VPN deep packet inspection

      
Application Number 16590253
Grant Number 11570150
Status In Force
Filing Date 2019-10-01
First Publication Date 2020-04-02
Grant Date 2023-01-31
Owner SONICWALL INC. (USA)
Inventor
  • Work, Steven C.
  • Masanagi, Prakash N.
  • Peterson, Christopher D.

Abstract

Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04L 9/40 - Network security protocols

69.

Application signature authorization

      
Application Number 16533665
Grant Number 11140131
Status In Force
Filing Date 2019-08-06
First Publication Date 2020-02-13
Grant Date 2021-10-05
Owner SONICWALL INC. (USA)
Inventor
  • Medappa, Chemira
  • Peterson, Christopher D.
  • Telehowski, David

Abstract

An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04W 12/08 - Access security
  • H04W 12/37 - Managing security policies for mobile devices or for controlling mobile applications
  • H04L 29/08 - Transmission control procedure, e.g. data link level control procedure

70.

CLOUD BASED JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION

      
Application Number US2019032283
Publication Number 2019/222261
Status In Force
Filing Date 2019-05-14
Publication Date 2019-11-21
Owner SONICWALL INC. (USA)
Inventor
  • Dubrovsky, Aleksandr
  • Das, Soumyadipta
  • Cheetancherl, Senthilkumar Gopinathan

Abstract

Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

IPC Classes  ?

  • G06F 11/00 - Error detectionError correctionMonitoring
  • G06F 12/14 - Protection against unauthorised use of memory
  • G06F 12/16 - Protection against loss of memory contents
  • G08B 23/00 - Alarms responsive to unspecified undesired or abnormal conditions

71.

Cloud based just in time memory analysis for malware detection

      
Application Number 16055958
Grant Number 11232201
Status In Force
Filing Date 2018-08-06
First Publication Date 2019-11-14
Grant Date 2022-01-25
Owner SonicWALL Inc. (USA)
Inventor
  • Dubrovsky, Aleksandr
  • Das, Soumyadipta
  • Cheetancheri, Senthilkumar Gopinathan

Abstract

Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
  • G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine

72.

Just in time memory analysis for malware detection

      
Application Number 15890192
Grant Number 10902122
Status In Force
Filing Date 2018-02-06
First Publication Date 2019-08-01
Grant Date 2021-01-26
Owner SonicWALL Inc. (USA)
Inventor
  • Das, Soumyadipta
  • Dubrovsky, Aleksandr
  • Korsunsky, Igor
  • Dhablania, Atul
  • Gmuender, John E.

Abstract

Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set.

IPC Classes  ?

  • G06F 21/55 - Detecting local intrusion or implementing counter-measures
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

73.

Detection of exploitative program code

      
Application Number 15858785
Grant Number 10685110
Status In Force
Filing Date 2017-12-29
First Publication Date 2019-07-04
Grant Date 2020-06-16
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Ganachari, Sai Sravan Kumar
  • He, Yao
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

IPC Classes  ?

  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

74.

DETECTION OF EXPLOITATIVE PROGRAM CODE

      
Application Number US2018067541
Publication Number 2019/133637
Status In Force
Filing Date 2018-12-26
Publication Date 2019-07-04
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Ganachari, Sai Sravan Kumar
  • He, Yao
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

IPC Classes  ?

  • G06F 11/00 - Error detectionError correctionMonitoring

75.

Providing access to data in a secure communication

      
Application Number 15851108
Grant Number 10924508
Status In Force
Filing Date 2017-12-21
First Publication Date 2019-06-27
Grant Date 2021-02-16
Owner SonicWALL Inc. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]

76.

Dynamic bypass

      
Application Number 15834914
Grant Number 10812468
Status In Force
Filing Date 2017-12-07
First Publication Date 2019-06-13
Grant Date 2020-10-20
Owner SONICWALL INC. (USA)
Inventor
  • Raman, Raj
  • Dubrovsky, Aleksandr

Abstract

Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.

IPC Classes  ?

  • H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
  • H04L 29/06 - Communication control; Communication processing characterised by a protocol

77.

Just in time memory analysis for malware detection

      
Application Number 15783793
Grant Number 11151252
Status In Force
Filing Date 2017-10-13
First Publication Date 2019-04-18
Grant Date 2021-10-19
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Dubrovsky, Alex
  • Korsunsky, Igor

Abstract

Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.

IPC Classes  ?

  • G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

78.

JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION

      
Application Number US2018055694
Publication Number 2019/075388
Status In Force
Filing Date 2018-10-12
Publication Date 2019-04-18
Owner SONICWALL INC. (USA)
Inventor
  • Das, Soumyadipta
  • Dubrovsky, Alex
  • Korsunsky, Igor

Abstract

Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.

IPC Classes  ?

79.

Real-time prevention of malicious content via dynamic analysis

      
Application Number 15671445
Grant Number 10873589
Status In Force
Filing Date 2017-08-08
First Publication Date 2019-02-14
Grant Date 2020-12-22
Owner SonicWALL Inc. (USA)
Inventor
  • Cheetancheri, Senthil
  • Dubrovsky, Alex
  • Holagi, Sachin

Abstract

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements

80.

REAL-TIME PREVENTION OF MALICIOUS CONTENT VIA DYNAMIC ANALYSIS

      
Application Number US2018045814
Publication Number 2019/032702
Status In Force
Filing Date 2018-08-08
Publication Date 2019-02-14
Owner SONICWALL INC. (USA)
Inventor
  • Cheetancheri, Senthil
  • Dubrovsky, Alex
  • Holagi, Sachin

Abstract

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

IPC Classes  ?

  • G06F 11/00 - Error detectionError correctionMonitoring

81.

Two stage memory allocation using a cache

      
Application Number 15596987
Grant Number 09898217
Status In Force
Filing Date 2017-05-16
First Publication Date 2017-08-31
Grant Date 2018-02-20
Owner SONICWALL INC. (USA)
Inventor Zhang, Xiangyang

Abstract

The presently claimed invention manages memory in a multi-processor system. The presently claimed invention may use a combination of global and local locks when allocating memory and de-allocating memory in a multi-processor system. A method consistent with the presently claimed invention may first receive an allocation of a first memory space in the system memory of a multi-core processing system. The allocation of the first memory space may globally locks the first memory space where the memory space may administered by a software module using one or more local locks.

IPC Classes  ?

  • G06F 12/00 - Accessing, addressing or allocating within memory systems or architectures
  • G06F 13/00 - Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
  • G06F 3/06 - Digital input from, or digital output to, record carriers
  • G06F 9/52 - Program synchronisationMutual exclusion, e.g. by means of semaphores
  • G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]

82.

Managing persistent cookies on a corporate web portal

      
Application Number 14991567
Grant Number 10021036
Status In Force
Filing Date 2016-01-08
First Publication Date 2017-04-13
Grant Date 2018-07-10
Owner SonicWALL Inc. (USA)
Inventor
  • Peterson, Christopher D.
  • Kulkarni, Jeetendra

Abstract

Systems and methods for management of persistent cookies in a corporate web portal are described. A plurality of zones may be defined and stored in memory. Each zone may be associated with a zone property indicative of whether cookies are allowed. A resource request may be received from a user device over a network where access to the requested resource may require a cookie. The user device may be classified into a zone from the plurality of zones based on the attributes of the user device. The cookie may be automatically installed on the user device based on a zone property for the zone and for those resources that have been configured to require installation of a cookie installed without requiring further user interaction following the request.

IPC Classes  ?

  • H04L 29/06 - Communication control; Communication processing characterised by a protocol
  • H04L 12/911 - Network admission control and resource allocation, e.g. bandwidth allocation or in-call renegotiation
  • H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
  • H04L 12/58 - Message switching systems
  • H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
  • H04W 12/08 - Access security

83.

Unified source user checking of TCP data packets for network data leakage prevention

      
Application Number 14819104
Grant Number 10015145
Status In Force
Filing Date 2015-08-05
First Publication Date 2017-02-09
Grant Date 2018-07-03
Owner SonicWALL Inc. (USA)
Inventor
  • Ling, Hui
  • Chen, Zhong
  • Yu, Cuiping
  • Cheng, Zunping

Abstract

Systems and methods are directed towards network data leakage prevention (DLP). More specifically, the systems and methods are directed towards using TCP (Transmission Control Protocol) data packets in conjunction with the DLP monitor. The network DLP utilizes TCP data packets to carry source user identity. With the source user identity, the DLP monitor can determine if sensitive data can be transmitted based on the provided user information and corresponding DLP policies for each user. Furthermore, the DLP monitor can determine if sensitive data can also be transmitted for particular users in situations where multiple users share the same IP address.

IPC Classes  ?

  • G06F 17/00 - Digital computing or data processing equipment or methods, specially adapted for specific functions
  • H04L 29/06 - Communication control; Communication processing characterised by a protocol

84.

Adaptive core grouping

      
Application Number 14819403
Grant Number 10198262
Status In Force
Filing Date 2015-08-05
First Publication Date 2017-02-09
Grant Date 2019-02-05
Owner SONICWALL INC. (USA)
Inventor
  • Mao, Miao
  • Chen, Zhong
  • Gmuender, John

Abstract

The present invention relates to a system, method, and non-transitory storage medium executable by one or more processors at a multi-processor system that improves load monitoring and processor-core assignments as compared to conventional approaches. A method consistent with the present invention includes a first data packet being received at a multi-processor system. After the first packet is received it may be sent to a first processor where the first processor identifies a first processing task associated with the first data packet. The first data packet may then be forwarded to a second processor that is optimized for processing the first processing task of the first data packet. The second processor may then process the first processing task of the first data packet. Program code associated with the first processing task may be stored in a level one (L1) cache at the first processor.

IPC Classes  ?

  • G06F 9/30 - Arrangements for executing machine instructions, e.g. instruction decode
  • G06F 12/0875 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack

85.

Mobile device identify factor for access control policies

      
Application Number 14167985
Grant Number 10091201
Status In Force
Filing Date 2014-01-29
First Publication Date 2014-05-29
Grant Date 2018-10-02
Owner SonicWALL Inc. (USA)
Inventor Peterson, Christopher D.

Abstract

A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

IPC Classes  ?

  • H04L 29/00 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups
  • H04L 29/06 - Communication control; Communication processing characterised by a protocol