Phantom Technologies, Inc. Patent applications |
Patent application number | Title | Published |
20150281275 | NETWORK NOTIFICATIONS - A request is received from a device within a network for a resource on server outside of the network. The resource is subject to a policy of the network. An informational webpage is served to the device; the webpage includes an interface element. An indication of a selection of the interface element is received the resource is served to the device from a proxy server configured to apply the policy to the resource. | 10-01-2015 |
20150256516 | MANAGE ENCRYPTED NETWORK TRAFFIC USING SPOOFED ADDRESSES - Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; identifying a user identity associated with the secure request; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting and/or blocking the secure request based at least in part on determining that the secure request is directed to the domain name and based at least in part on the user identity associated with the secure request. | 09-10-2015 |
20150242415 | DETECTING AND MANAGING ABNORMAL DATA BEHAVIOR - Methods and systems for providing destination-specific network management are described. One example method includes determining a normal data movement profile for a computing device based on observed normal data transfer behavior by the computing device; identifying a data movement rule associated with the computing device, the data movement rule including a deviation amount, and one or more actions to take when the computing device deviates from the normal data movement profile by more than the deviation amount; detecting a data movement associated with the computing device; determining that the detected data movement exceeds the deviation amount included in the data movement rule relative to the normal data movement profile for the computing device; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule. | 08-27-2015 |
20150143110 | MANAGE ENCRYPTED NETWORK TRAFFIC USING SPOOFED ADDRESSES - Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name, the response including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting the secure request based at least in part on determining that the secure request is directed to the domain name. | 05-21-2015 |
20150052345 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource. | 02-19-2015 |
20150046588 | SWITCHING BETWEEN NETWORKS - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for switching between parallel networks. One of the methods includes maintaining a plurality of parallel networks including a first network that precludes access to secure resources, and a second network that provides access both to unsecured resources and secured resources, enabling a user device access to connect to the first network, receiving input from the user device seeking access to one or more secured resources, in response to the received input, installing a device management profile on the user device, and causing the user device to switch from the connection to the first network to a connection to the second network. | 02-12-2015 |
20150046343 | USER DEVICE RECYCLING - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for recycling a user device. One of the methods includes facilitating a device analysis application to be stored and installed on a user device, testing, by the device analysis application executing on the user device, one or more properties of the user device, determining an exchange value of the user device based at least in part on a result of testing the one or more properties of the user device, and presenting the determined exchange value to an operator of the user device. | 02-12-2015 |
20150039713 | CONTENT CACHING - A gateway within a network intercepts a request by a client within the network for content associated with a server outside the network, the client having a direct connection with the server outside the network. The method further includes determining whether a copy of the requested content is available in a cache within the network. The method further includes, if the copy of the requested content is determined to be available in the cache within the network, transmitting a redirect response to the client to cause the cause to retrieve the copy of the requested client from the cache within the network. The method further includes if the copy of the requested content is determined not to be available in the cache within the network, permitting the intercepted content request by the client to be transmitted to the server outside the network to cause the requested content to be retrieved via the direct connection between the server outside the network and the client within the network. | 02-05-2015 |
20150033298 | DEVICE AUTHENTICATION USING PROXY AUTOMATIC CONFIGURATION SCRIPT REQUESTS - Methods and systems for performing device authentication using proxy automatic configuration script requests are described. One example method includes generating a unique key for a client device; configuring the client device to send a request for a proxy automatic configuration (PAC) script upon accessing a network, the request including the unique key; receiving, over a network, a request for the PAC script including a request key; and authenticating the client device on the network if the request key matches the client device's unique key. | 01-29-2015 |
20150029850 | LOAD BALANCING NETWORK ADAPTER - Methods and systems for providing device-specific authentication are described. One example method includes receiving, by an input port of a network adapter within the computer system, a stream of network traffic; dividing, by load balancing logic within the network adapter, the received stream of network traffic into a plurality of substreams; and presenting the plurality of substreams to respective interfaces of the network adapter, each network adapter interface being accessible by an operating system executing on the computer system. | 01-29-2015 |
20140351573 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource. | 11-27-2014 |
20140343989 | IMPLICITLY LINKING ACCESS POLICIES USING GROUP NAMES - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implicitly linking access policies using group names. One of the methods includes receiving first information corresponding to a directory service of network users, the directory service configured to organize the network users into a plurality of user roles, receiving second information corresponding to a resource available to the network users, the resource having a plurality of policy groups, identifying at least one first user role name that matches at least one first policy group name, and linking the user role corresponding to the matched first user role name with the policy group corresponding to the matched first policy group name such that the one or more network users in the linked user role are subject to the usage policies associated with the linked policy group. | 11-20-2014 |
20140337613 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - An agent on a device within a network receives a request to access a resource outside the network. A first encrypted connection is established between the device and the agent, and a second encrypted connection is established between the agent and the resource, to facilitate encrypted communication traffic between the device and the resource. The agent sends a policy request to a network appliance within the network, the request specifying the resource. The agent receives a policy response indicating that the resource is associated with one or more security policies of the network. Traffic passing between the device and the resource is selectively decrypted and inspected depending on the security policies. | 11-13-2014 |
20140304808 | Device-Specific Authentication Credentials - Methods and systems for providing device-specific authentication are described. One example method includes generating device-specific credentials, associating the device-specific credentials with a device, authenticating the device based on the device-specific credentials, and after authenticating the device, authenticating a user of the device based on user-specific credentials associated with the user and different than the device-specific credentials. | 10-09-2014 |
20130315566 | Recording Activity-Triggered Computer Video Output - An application that is capable of monitoring Internet or network traffic and performing recordings of computer video output based on one or more violations of network activity policies. The recording application can be installed on the computer to be recorded or another computer or server that is connected through the network to the computer to be recorded. The monitoring application contains a configuration interface that allows a user to set thresholds for certain types of network policy violations. When the one or more violations are detected, the recording application will begin recording video of the computer's video activity. The application can be configured to include settings such as the length of the recording. In a typical environment, the application is a hardware appliance that is capable of monitoring web activity and network traffic and can connect to the computer over the network in order to perform the recording. | 11-28-2013 |