What technology area does this patent fall under?

Primary CPC classification H04L63/12. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 09 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Distributed application awareness

US9258313B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9258313-B1
Application number	US-201213631563-A
Country	US
Kind code	B1
Filing date	Sep 28, 2012
Priority date	Sep 28, 2012
Publication date	Feb 9, 2016
Grant date	Feb 9, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.

First claim

Opening claim text (preview).

What is claimed: 1. A system, comprising: an edge device, of a plurality of edge devices in communication with a security device, the security device being included in a network, the edge device being positioned at an edge of the network between the security device and a user device attempting to access the network via the edge device, and the edge device being to: receive network traffic, generated by an application executing on the user device; determine, based on information included in the network traffic, a flow associated with the network traffic; determine an application identifier associated with the flow, the application identifier identifying the application; determine whether the application identifier matches one of a first plurality of application identifiers stored by the edge device, the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices; when the application identifier matches the one of the first plurality of application identifiers: identify a policy associated with the one of the first plurality of application identifiers; when the application identifier does not match the one of the first plurality of application identifiers: send information associated with the network traffic to the security device, and receive the policy from the security device; and apply the policy to the network traffic. 2. The system of claim 1 , where the first plurality of application identifiers, stored by the edge device, is a subset of the second plurality of application identifiers stored by the security device. 3. The system of claim 1 , where the edge device is further to: store information identifying the flow in a flow table; and store the application identifier, in association with the information identifying the flow, as a flow record in the flow table. 4. The system of claim 3 , where the edge device is further to: share the flow record with one or more other edge devices of the plurality of edge devices, each particular edge device, of the one or more other edge devices, storing the flow record in a respective flow table stored by the particular edge device. 5. The system of claim 1 , where the edge device, when sending the information associated with the network traffic, is to: send the information, associated with the network traffic, via a secure communication channel to the security device. 6. The system of claim 1 , where the plurality of edge devices and the security device collectively perform distributed application awareness functions to identify and track end user applications associated with the network, the end user applications including the application. 7. The system of claim 1 , where, when determining the flow associated with the network traffic, the edge device is to: determine one or more of: a source address associated with the network traffic, a destination address associated with the network traffic, a source port associated with the network traffic, a destination port associated with the network traffic, or a protocol associated with the network traffic, and determine the information identifying the flow based on the one or more of the source address, the destination address, the source port, the destination port, or the protocol. 8. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions which, when executed by one or more processors, of an edge device, of a plurality of edge devices in communication with a security device, cause the one or more processors to: receive network traffic generated by an application executing on a user device, the edge device being positioned at an edge of a network between the user device and the security device, the plurality of edge devices and the security device being included in the network, and the user device attempting to access the network via the edge device; determine, based on information included in the network traffic, a flow associated with the network traffic; determine an application identifier associated with the flow, the application identifier identifying the application; determine whether the application identifier matches one of a first plurality of application identifiers stored by the edge device, the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices; when the application identifier matches the one of the first plurality of application identifiers: identify a policy associated with the one of the first plurality of application identifiers; when the application identifier does not match the one of the first plurality of application identifiers: obtain the policy from the security device; and apply the policy. 9. The non-transitory computer-readable medium of claim 8 , where the first plurality of application identifiers, stored by the edge device, is a subset of the second plurality of application identifiers stored by the security device. 10. The non-transitory computer-readable medium of claim 8 , where the instructions further comprise: one or more instructions which, when executed by the one or more processors, cause the one or more processors to: store information identifying the flow in a flow table; and store the application identifier, in association with the information identifying the flow, as a flow record in the flow table. 11. The non-transitory computer-readable medium of claim 8 , where the one or more instructions to determine the flow associated with the network traffic include: one or more instructions which, when executed by the one or more processors, cause the one or more processors to: determine one or more of: a source address associated with the network traffic, a destination address associated with the network traffic, a source port associated with the network traffic, a destination port associated with the network traffic, or a protocol associated with the network traffic, and determine the information identifying the flow based on the one or more of the source address, the destination address, the source port, the destination port, or the protocol. 12. The non-transitory computer-readable medium of claim 10 , where the one or more instructions to determine the application identifier include: one or more instructions which, when executed by the one or more processors, cause the one or more processors to: read the application identifier from the flow table. 13. The non-transitory computer-readable medium of claim 10 , where the instructions further comprise: one or more instructions which, when executed by the one or more processors, cause the one or more processors to: share the flow record with one or more other edge devices of the plurality of edge devices, each particular edge device, of the one or more other edge devices, storing the flow record in a respective flow table stored by the particular edge device. 14. A method, comprising: receiving, by an edge device of a plurality of edge devices, network traffic generated by an application executing on a user device, the user device attempting to access a network via t

Assignees

Juniper Networks Inc

Inventors

Classifications

H04L63/12Primary
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/0281
Proxies · CPC title
H04L63/0236Primary
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title

Patent family

Related publications grouped by family.

View patent family 55235725

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9258313B1 cover?: A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when…
Who is the assignee on this patent?: Juniper Networks Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/12. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 09 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).