Distributed cloud-based dynamic name server surrogation systems and methods

A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.

TRANSMISSION AND RECEPTION PARAMETER CONTROL

A system and method for implementing transmission parameter control at a transmitting station is described. The exemplary system and method comprises querying a transmission parameter control module for a transmission schedule. The transmission schedule comprises at least one schedule entry defining a set of transmission parameter controls as they pertain to a destination address. At least one packet of data is then transmitted to the destination address according to the transmission parameters controls of at least one schedule entry from the transmission schedule. A system and method for selecting an antenna configuration corresponding to a next transmission of packet data is also disclosed.

Transmission and reception parameter control

A system and method for implementing transmission parameter control at a transmitting station is described. The exemplary system and method comprises querying a transmission parameter control module for a transmission schedule. The transmission schedule comprises at least one schedule entry defining a set of transmission parameter controls as they pertain to a destination address. At least one packet of data is then transmitted to the destination address according to the transmission parameters controls of at least one schedule entry from the transmission schedule. A system and method for selecting an antenna configuration corresponding to a next transmission of packet data is also disclosed.

Increasing reliable data throughput in a wireless network

Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network.

Cloud-based user-level policy, reporting, and authentication over DNS

A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user.

TRANSMISSION AND RECEPTION PARAMETER CONTROL

A system and method for implementing transmission parameter control at a transmitting station is described. The exemplary system and method comprises querying a transmission parameter control module for a transmission schedule. The transmission schedule comprises at least one schedule entry defining a set of transmission parameter controls as they pertain to a destination address. At least one packet of data is then transmitted to the destination address according to the transmission parameters controls of at least one schedule entry from the transmission schedule. A system and method for selecting an antenna configuration corresponding to a next transmission of packet data is also disclosed. 1. A system for selecting an antenna configuration corresponding to a next transmission of packet data , the system comprising:a processor configured to control an antenna element selector device to select an antenna configuration, the selection of an antenna configuration associated with accessing a transmission schedule having transmission parameter control data for a remote receiving node;a communication device configured to transmit packet data to the remote receiving node via an antenna apparatus in accordance with transmission parameters set forth in the transmission schedule;an antenna apparatus adjustable into a plurality of antenna configurations, each antenna configuration corresponding to a radiation pattern; andan antenna element selector device configured to respond to instructions received from the processor regarding selecting an antenna configuration from the transmission schedule.2. The system of claim 1 , further comprising a transmission parameter control module stored in memory and executable by the processor to provide a transmission schedule to the antenna element selector device claim 1 , the transmission schedule including at least one schedule entry defining a set of parameter controls associated with a destination address.3. The system of claim 2 , ...

TRANSMISSION AND RECEPTION PARAMETER CONTROL

A system and method for implementing transmission parameter control at a transmitting station is described. The exemplary system and method comprises querying a transmission parameter control module for a transmission schedule. The transmission schedule comprises at least one schedule entry defining a set of transmission parameter controls as they pertain to a destination address. At least one packet of data is then transmitted to the destination address according to the transmission parameters controls of at least one schedule entry from the transmission schedule. A system and method for selecting an antenna configuration corresponding to a next transmission of packet data is also disclosed. 1. A system for transmission parameter control in a wireless network , the system comprising:a processor configured to execute at least one program stored in memory, the at least one program comprising instructions for executing a transmission schedule, the transmission schedule comprising at least one schedule entry defining a set of transmission parameter controls associated with a destination address;an antenna apparatus adjustable into a plurality of antenna configurations, each antenna configuration corresponding to a radiation pattern;a communication device configured to implement at least one of a plurality of physical data rates as specified by the set of transmission parameter controls; and 'the antenna apparatus further configured to transmit one or more data packets to the destination address in accordance with the at least one of the physical data rates and the at least one of the plurality of antenna configurations as specified by the set of transmission parameter controls of the transmission schedule executed by the processor.', 'an antenna element selector device configured to implement at least one of the plurality of antenna configurations of the antenna apparatus as specified by the set of transmission parameter control,'}2. A machine-readable storage medium ...

THROUGHPUT ENHANCEMENT BY ACKNOWLEDGMENT SUPPRESSION

Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network. 1. A method for increasing data throughput , the method comprising:performing a handshake between an intermediate device and a destination device, wherein the handshake enables acknowledgement suppression between the intermediate device and the destination device;receiving data at the intermediate device, the received data originating from a source device and directed to the designation device;transmitting the received data using a higher layer protocol, from the intermediate device to the destination device;receiving a first acknowledgment of a lower layer protocol, sent from the destination device to the intermediate device, wherein the destination device suppresses any acknowledgement using the higher level protocol from being sent to the intermediate device;determining that the destination device received the data without error based on the first acknowledgement;synthesizing a second acknowledgement based on the first acknowledgement, the second acknowledgment spoofed as being from the destination device; andtransmitting the second acknowledgment using the higher layer protocol, ...

MAC BASED MAPPING IN IP BASED COMMUNICATIONS

An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet. 1receiving a series of multicast data packets, the series of multicast data packets corresponding to a video stream addressed to a group of one or more receiving nodes in a wireless network;executing instructions stored in memory, wherein execution of the instructions by a processor converts the received series of multicast data packets into one or more unicast packets addressed to the one or more receiving nodes in the wireless network; andwirelessly transmitting the one or more unicast data packets to the one or more receiving nodes using an 802.x protocol, wherein the effective unicast rate for the one or more unicast data packets exceeds a minimum data rate of the series of multicast data packets using the 802.x protocol.. A method for Internet-Protocol based communications in a wireless network, the method comprising: The present application is a continuation and claims the priority benefit of U.S. patent application Ser. No. 12/718,987 filed Mar. 7, 2010, which is a continuation and claims the priority benefit of U.S. patent application Ser. No. 11/985,865 filed Nov. 16, 2007, now U.S. Pat. No. 8,125,975, which is a division and claims the priority benefit of U.S. patent application Ser. ...

CLOUD-BASED USER-LEVEL POLICY, REPORTING, AND AUTHENTICATION OVER DNS

A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user. 1. A cloud-based method for user-level policy , reporting , and authentication over Domain Name System (DNS) , comprising:maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and', 'for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user., 'acting as a transparent proxy for all DNS requests from the users performing the steps of2. The cloud-based method of claim 1 , comprising:forwarding the DNS request to the cloud-based system with the identifier encapsulated therein, wherein the enterprise utilizes Network Address Translation and the IP address for the DNS request comprises an enterprise IP address shared by all of the users in the enterprise with the identifier uniquely identifying the user.3. The cloud-based method of claim 1 , wherein the cloud-based system comprises a multi-tenant cloud system providing differentiated user-level content and security filtering policies via DNS.4. The cloud-based method of claim 3 , comprising:receiving a ...

DISTRIBUTED CLOUD-BASED DYNAMIC NAME SERVER SURROGATION SYSTEMS AND METHODS

A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate. 1. A method implemented in a cloud network , the method comprising:receiving a Domain Name System (DNS) request;responsive to a policy associated with the DNS request, providing the DNS request to a surrogate of a plurality of surrogates, wherein one or more of the plurality of surrogates comprise clients receiving service from the cloud network; andresponsive to DNS resolution performed by the surrogate, providing a result of the DNS resolution as a response to the DNS request.2. The method of claim 1 , wherein the surrogate performs recursion to determine the result.3. The method of claim 1 , wherein the surrogate provides the result to the DNS request independent of a device receiving the DNS request.4. The method of claim 1 , wherein the surrogate is determined based on the policy.5. The method of claim 1 , wherein the surrogate is determined based on a location of a user device associated with the DNS request.6. The method of claim 1 , wherein the surrogate is configured to provide a request to an authoritative DNS server associated with a domain name of ...

INCREASING RELIABLE DATA THROUGHPUT IN A WIRELESS NETWORK

Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network. 1. A wireless local area network device , the device configured to:transmit data, according to a higher layer protocol, from a source to a destination in a wireless local area network;receive a first acknowledgment, according to a lower layer protocol, transmitted from the destination; andtransmit a second acknowledgment, according to the higher layer protocol, to the source based on the first acknowledgment, whereby the transmission of data is reliable and occurs without delaying acknowledgment transmissions to the source.2. The wireless local area network device of claim 1 , wherein the device is an access point.3. The wireless local area network device of claim 2 , wherein the access point includes an antenna apparatus and a RF communication apparatus.4. The wireless local area network device of claim 3 , wherein the RF communication apparatus operates utilizing the 802.11g protocol.5. The wireless local area network device of claim 1 , wherein the device is further configured to broadcast a beacon advertising a capability to generate transmission control protocol (TCP) ...

INCREASING RELIABLE DATA THROUGHPUT IN A WIRELESS NETWORK

Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network. 1. An access point device in a wireless network comprising:a transmitter for transmitting a first data packet, according to a higher layer protocol, received from a source network node, to a destination network node in the wireless network; anda receiver for receiving a first acknowledgment, according to a lower layer protocol, transmitted from the destination network node when the first data packet is received by the destination network node, whereinthe transmitter determines that the destination network node has received the first data packet without error based on the first acknowledgment according to the lower layer protocol received by the receiver, considers the first acknowledgment as a proxy for any further acknowledgements from the destination network node, and transmits a second acknowledgment, according to the higher layer protocol, to the source network node, as a final acknowledgment for the transmitted first data packet.2. The access point device of claim 1 , wherein the receiver receives a second data packet claim 1 , according to a higher layer protocol claim 1 , from ...

Secure application access systems and methods

Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto. 1. A secure application access system comprising: connect to a cloud-based system, via the network interface,', 'connect to one or more of a file share and an application, via the network interface, and', 'provide access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system., 'a lightweight connector comprising a network interface, a processor communicatively coupled to the network interface, and memory storing instructions that, when executed, cause the processor to'}2. The secure application access system of claim 1 , wherein the lightweight connector is in front of the file share and the application.3. The secure application access system of claim 1 , wherein the instructions that claim 1 , when executed claim 1 , cause the processor toprevent inbound connections to the network interface except through the cloud-based system.4. The secure application access system of claim 1 , wherein the cloud-based system includes a plurality of cloud nodes with the user device and the network interface each connected to a different cloud node.5. The secure application access system of claim 4 , wherein the cloud-based system includes a central authority configured to form the stitched connection.6 ...

Private application access with browser isolation

Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.

CLOUD-BASED VIRTUAL PRIVATE ACCESS SYSTEMS AND METHODS

A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information. 1. A virtual private access method implemented by a cloud system , the method comprising:receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet;forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources;receiving the connection information from the central authority responsive to an authorized policy look up; andcreating secure tunnels between the user device and the resources based on the connection information.2. The virtual private access method of claim 1 , wherein claim 1 , prior to the receiving claim 1 , a user executes an application on the user device claim 1 , provides authentication claim 1 , and provides the request with the application operating on the user device.3. The virtual private access method of claim 2 , wherein the application is configured to connect the user device to the cloud system claim 2 , via an optimized cloud node based on a location of the user device.4. The virtual private access method of claim 1 , wherein the resources are communicatively coupled to a lightweight connector ...

Connector selection through a cloud-based system for private application access

Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.

Cloud-based web application and API protection

Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.

Clientless connection setup for cloud-based virtual private access systems and methods

Virtual private access systems and methods implemented in a clientless manner on a user device include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components including a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; and, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources. 1. A virtual private access method implemented in a clientless manner on a user device , the method comprising:receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet;performing a series of connections between the exporter and i) the Web browser and ii) centralized components comprising a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; andsubsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.2. The virtual private access method of claim 1 , further comprising:prior to the request, uploading a private and public key to the centralized components via an Application Programming Interface (API); andencrypting and ...

CLOUD BASED SECURITY USING DNS

A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection. 1. A cloud-based security method using Domain Name System (DNS) , the cloud-based security method comprising:receiving a request from a user device at a DNS server;performing a security check on the request based on a policy look up associated with the user device;responsive to the policy look up, performing a DNS security check on the request; and allowing the request to the Internet;', 'blocking the request based on the policy; and', 'providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection., 'responsive to the DNS security check, performing one of'}2. The cloud-based security method of claim 1 , wherein the user device is configured with an associated address of the DNS server for servicing DNS requests claim 1 , and wherein the DNS server is one of a plurality of DNS servers preserving geo-localization of the user device.3. The cloud-based security method of claim 1 , wherein the policy is based on a location of the user device defined by one of a static Internet Protocol (IP) address claim 1 , a dynamic IP address claim 1 , and a tunnel to the DNS server.4. The cloud-based security method of claim 3 , wherein the policy is one of a plurality of policies for the location claim 3 , each of the plurality of policies is designated by a different address of the ...

Cloud-based virtual private access systems and methods

Systems and methods include receiving a request, in a cloud system from a user device, to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the cloud system, the application, and the user device to provide access to the application. 1. A non-transitory computer-readable medium comprising instructions that , when executed , cause a processor to perform the steps of:receiving a request, in a cloud system from a user device, to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet;determining if the user device is permitted to access the application;if the user device is not permitted to access the application, notifying the user device the application does not exist; andif the user device is permitted to access the application, stitching together connections between the cloud system, the application, and the user device to provide access to the application.2. The non-transitory computer-readable medium of claim 1 , wherein the determining includes determining if a user associated with the user device is permitted to access the application.3. The non-transitory computer-readable medium of claim 1 , wherein the stitching together the connections includes the cloud system creating both a connection to the user device and to the application to enable the user device and the application to communicate.4. The non-transitory computer-readable medium of claim 3 , wherein the stitching together the connections includes at least two tunnels ...

Cloud based security using DNS

The present disclosure includes, responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and forwarding the request to a system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked. 1. A system comprising:a server communicatively coupled to a user device;a policy data store communicatively coupled to the server and storing a policy for the user device; andan inline inspection system communicatively coupled to the server; responsive to a request from a user device, perform a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security;', 'responsive to the security check, perform one of:', 'directly allow the request to the Internet based on the security check determining the request is allowed by the settings;', 'directly block the request based on the security check determining the request is disallowed by the settings; and', 'cause inline inspection of the request, via forwarding the request to the inline inspection system, based on the security check determining the request includes suspicious content; and, 'wherein the server is configured to'} 'responsive to the inline inspection, one of allow the request to the Internet and block the request.', 'wherein the inline inspection system is configured to'}2. The system of claim 1 , wherein the inline inspection performs a plurality of malicious Uniform Resource Locator (URL) ...

Cloud based security using DNS

A cloud-based security method using Domain Name System (DNS) includes receiving a request from a user device at a DNS server; performing a security check on the request based on a policy look up associated with the user device; responsive to the policy look up, performing a DNS security check on the request; and responsive to the DNS security check, performing one of allowing the request to the Internet; blocking the request based on the policy; and providing the request to inline inspection based on the policy, wherein the request is one of allowed to the Internet or blocked based on the inline inspection.

Systems and methods for improved data throughput in communications networks

An access point of a communications network is disclosed configured to receive a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Increasing reliable data throughput in a wireless network

Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network.

Improved communications throughput with multiple physical data rate transmission determinations

A system for improving throughput in a communications network, the system comprising: a first node and a second node, the first node configured to: transmit to a second node of the communication network; determine a first physical data rate for transmitting to the second node a multicast or broadcast packet; determine a second physical data rate for transmitting to the second node one or more unicast packets resulting from conversion of the multicast or broadcast packet into the one or more unicast packets; and transmit the one or more unicast packets to the second node if the second physical data rate exceeds the first physical data rate and otherwise transmit the multicast or broadcast packet to the second node.

Generating zero-trust policy for application access using machine learning

Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.

Method for improved data throughput in communication networks

Method for improved data throughput in communications networks

MAC based mapping in IP based communications

An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Sub-clouds in a cloud-based system for private application access

Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.

Mac based mapping in ip based communications

An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Predefined signatures for inspecting private application access

Systems and methods include, responsive to security research identifying a zero-day Common Vulnerabilities and Exposure (CVE), receiving the associated signatures of the zero-day CVE; responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining an inspection profile for the user with the inspection profile including a plurality of rules; performing inspection of transactions after the access using the plurality of rules including a rule for identifying the zero-day CVE; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.

Cloud-based virtual private access systems and methods

A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.

Systems and methods for reducing server load with HTTPS cache

Techniques for processing web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic. A method implemented by a connector includes intercepting a Hypertext Transfer Protocol Secure (HTTPS) web probe request to a server, identifying a cache hit associated with the request in a cache, generating a synthetic Hypertext Transfer Protocol (HTTP) response based on information from the identified cache hit, wherein the generated synthetic HTTP response includes an extension header containing collected statistics, and sending the synthetic HTTP response. The method can further include simulating a Secure Socket Layer (SSL) handshake to estimate SSL cost.

Policy based agentless file transfer in zero trust private networks

Systems and methods for policy based agentless file transfer in zero trust private networks. Various systems and methods include receiving a request for a file transfer; determining a file transfer protocol; evaluating one or more criteria associated with the request, the criteria being associated with any of an end user and the contents of the file; and allowing or denying the file transfer based on the evaluating. Responsive to an end user's policy including a requirement for file inspection, the steps can further include sending the file to a sandbox for inspection, and receiving a result of the inspection from the sandbox.

Providing users secure access to business-to-business (B2B) applications

Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

Client forwarding policies for zero trust access for applications

Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.

Private application access with browser isolation

Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.

Systems and methods for utilizing sub-clouds in a cloud-based system for private application access

Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application.

Systems and methods for selecting application connectors through a cloud-based system for private application access

Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application.

Aufrechterhalten der entitätenreihenfolge bei gate-managern

Defending Against Volumetric Attacks

Systems and methods for defending against volumetric attacks, implemented in a cloud-based system. Embodiments include steps of, monitoring flows and a rate of requests to a Data Center (DC); receiving a request from an address to the DC, the request being for a service in a cloud-based system; determining if the address has been successfully authenticated within a past predetermined time period; responsive to the address not having been successfully authenticated within the past time period, and one of (i) the rate of requests being above a threshold or (ii) the number of flows being above a threshold, placing the address in a penalty box for a predetermined amount of time; and blocking requests from the address in the penalty box for the predetermined amount of time.

Mappage base sur mac dans communications ip

Verbesserter kommunikationsdurchsatz mit mehreren bestimmungen der physikalischen übertragungsgeschwindigkeit von übertragungen

Verfahren zur verbesserung des datendurchsatzes in kommunikationsnetzwerken

System and method for transmission parameter control for an antenna apparatus with selectable elements

A system and method for improved data transmission on a wireless link to a remote receiving node includes a communication device for converting packets to RF at a physical data rate, an antenna apparatus having a plurality of antenna configurations for transmitting the RF, and a processor for selecting the antenna configuration and the physical data rate based on whether the remote receiving node indicated reception of the data transmission. The processor may determine a table of success ratios for each antenna configuration and may rank each antenna configuration by the success ratio. The processor may transmit with an unused antenna configuration to probe the unused antenna configuration and update the table of success ratios. Similarly, the processor may maintain a table of effective user data rates, rank each physical data rate by the effective user data rate and probe unused physical data rates to update the table.

Zero trust approach to secure sensitive mobile applications and prevent distributed denial of service attacks

Systems and methods for protecting sensitive mobile applications from attack include incorporating private application access software in a mobile application that operates on a user device to provide functionality to an end user, the functionality is separate from the private application access; deploying application connectors in front of a private application that is accessed by the mobile application; responsive to a request to access the private application, authenticating the end user through the mobile application; and, responsive to authentication, providing access to the private application through the mobile application via a plurality of secure tunnels. The application connectors are configured to only provide outbound connections, thereby protecting the private application from the attack. The request to access is received via a cloud-based system which is configured to drop any invalid request, thereby protecting the private application from the attack.

Device and method for transmission parameter control for an antenna apparatus with selectable elements

System and method for transmission parameter control for an antenna apparatus with selectable elements

Disaster recovery for cloud-based private application access

Systems and methods include receiving one or more disaster recovery configurations via a cloud-based system; storing the one or more received disaster recovery configurations in one or more components of the cloud-based system; identifying activation of a disaster recovery mode; and providing private application access based on one or more disaster recovery configurations.

Policy based authentication for Privileged Remote Access (PRA) systems

Systems and methods for policy based seamless authentication for PRA systems through zero trust private networks. The various systems and methods described herein include steps of receiving a request to access a Privileged Remote Access (PRA) system; determining if any credential rules apply to a console associated with the request; retrieving credentials associated with any of a user and the console from a database, thereby avoiding the user being required to provide credentials; and providing access to the requested PRA system based on the retrieved credentials.

Systems and methods for reducing server load with HTTPS cache

Techniques for processing web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic. A method implemented by a connector includes intercepting a Hypertext Transfer Protocol Secure (HTTPS) web probe request to a server, identifying a cache hit associated with the request in a cache, generating a synthetic Hypertext Transfer Protocol (HTTP) response based on information from the identified cache hit, wherein the generated synthetic HTTP response includes an extension header containing collected statistics, and sending the synthetic HTTP response. The method can further include simulating a Secure Socket Layer (SSL) handshake to estimate SSL cost.