What technology area does this patent fall under?

Primary CPC classification H04L63/205. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 21 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Automatic network application security policy expansion

US11368496B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11368496-B2
Application number	US-202016898831-A
Country	US
Kind code	B2
Filing date	Jun 11, 2020
Priority date	Jun 11, 2019
Publication date	Jun 21, 2022
Grant date	Jun 21, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

First claim

Opening claim text (preview).

What is claimed is: 1. A method performed by at least one computer processor executing computer program instructions stored on at least one non-transitory computer-readable medium, the method comprising: (1) identifying a plurality of applications that have a similarity relation to a reference application; (1)(a) applying an LSH algorithm to binary files for a pair of applications to produce a similarity value; (1)(b) determining that the similarity value satisfies a similarity criterion; and (1)(c) including the pair of applications within the plurality of applications in response to determining that the similarity value satisfies the similarity criterion; (2) identifying a network security policy, wherein the network security policy specifies the reference application and another application, and indicates that the reference application is authorized to communicate with the other application; (3) intercepting a network connection request including a particular application, other than the reference application, in the set of applications; (4) determining, based on the network security policy and the identified plurality of applications, that the network security policy applies to the particular application; and (5) determining whether the network security policy covers the connection request. 2. The method of claim 1 , wherein the network security policy specifies the reference application as a source application, wherein the network security policy references the other application as a destination application, and wherein the network connection request comprises an outgoing network connection request from the particular application. 3. The method of claim 1 , wherein the network security policy specifies the reference application as a destination application, wherein the network security policy references the other application as a source application, and wherein the network connection request comprises an incoming network connection request to the particular application. 4. The method of claim 1 , further comprising, before (4): (6) modifying the network security policy to produce a modified network security policy, wherein the modified network security policy specifies that the reference application and the plurality of applications are authorized to communicate with the other application, and wherein (4) comprises determining, based on the modified network security policy, that the modified network security policy applies to the particular application. 5. The method of claim 1 , wherein the LSH algorithm comprises a TLSH algorithm. 6. The method of claim 1 , wherein (1) comprises, for each pair of applications A and B in a superset of the plurality of applications: (1)(a) applying the LSH algorithm to binary files for the pair of applications A and B to produce the similarity value for the pair of applications A and B; (1)(b) determining whether the similarity value satisfies a similarity criterion; (1)(c) if the similarity value is determined to satisfy the similarity criterion, then including the pair of applications A and B in the plurality of applications; and (1)(d) if the similarity value is not determined to satisfy the similarity criterion, then not including the pair of applications A and B in the plurality of applications. 7. The method of claim 6 , wherein the LSH algorithm comprises a TLSH algorithm. 8. The method of claim 1 , further comprising: (6) in response to determining that the network security policy covers the connection request, determining whether the network security policy allows the network connection request. 9. The method of claim 8 , further comprising: (7) in response to determining that the network security policy allows the network connection request, allowing the network connection request. 10. A system comprising at least one non-transitory computer-readable medium storing computer program instructions executable by at least one computer processor to perform a method, the method comprising: (1) identifying a plurality of applications that have a similarity relation to a reference application; (1)(a) applying an LSH algorithm to binary files for a pair of applications to produce a similarity value; (1)(b) determining that the similarity value satisfies a similarity criterion; and (1)(c) including the pair of applications within the plurality of applications in response to determining that the similarity value satisfies the similarity criterion; (2) identifying a network security policy, wherein the network security policy specifies the reference application and another application, and indicates that the reference application is authorized to communicate with the other application; (3) intercepting a network connection request including a particular application, other than the reference application, in the set of applications; (4) determining, based on the network security policy and the identified plurality of applications, that the network security policy applies to the particular application; and (5) determining whether the network security policy covers the connection request. 11. The system of claim 10 , wherein the network security policy specifies the reference application as a source application, wherein the network security policy references the other application as a destination application, and wherein the network connection request comprises an outgoing network connection request from the particular application. 12. The system of claim 10 , wherein the network security policy specifies the reference application as a destination application, wherein the network security policy references the other application as a source application, and wherein the network connection request comprises an incoming network connection request to the particular application. 13. The system of claim 10 , wherein the method further comprises, before (4): (6) modifying the network security policy to produce a modified network security policy, wherein the modified network security policy specifies that the reference application and the plurality of applications are authorized to communicate with the other application, and wherein (4) comprises determining, based on the modified network security policy, that the modified network security policy applies to the particular application. 14. The system of claim 10 , wherein the LSH algorithm comprises a TLSH algorithm. 15. The system of claim 10 , wherein (1) comprises, for each pair of applications A and B in a superset of the plurality of applications: (1)(a) applying the LSH algorithm to binary files for the pair of applications A and B to produce the similarity value for the pair of applications A and B; (1)(b) determining whether the similarity value satisfies a similarity criterion; (1)(c) if the similarity value is determined to satisfy the similarity criterion, then including the pair of applications A and B in the plurality of applications; and (1)(d) if the similarity value is not determined to satisfy the similarity criterion, then not including the pair of applications A and B in the plurality of applications. 16. The system of claim 15 , wherein the LSH algorithm comprises a TLSH algorithm. 17. The system of claim 10 , wherein the method further comprises: (6) in response to determining that the network security policy covers the connection request, determining whether the network security policy allows the network connection request. 18. The system of claim 17 , wherein the method further comprises: (7) in response to determining

Assignees

Zscaler Inc

Inventors

Classifications

H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
H04L9/0643Primary
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
G06F18/22
Matching criteria, e.g. proximity measures · CPC title
H04L63/0263
Rule management · CPC title
G06K9/6215
Physics · mapped topic

Patent family

Related publications grouped by family.

View patent family 73745324

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11368496B2 cover?: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over ti…
Who is the assignee on this patent?: Zscaler Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 21 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).