&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12224982.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,224,982 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Distributed identity-based firewall policy evaluation</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Liron Levin,  Kefar Sava (IL);  Eran Yanay,  Modiin (IL); and  Dima Stopel,  Herzliya (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  18, 2023, as Appl. No. 18/489,392.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/489,392 is a continuation of application No. 16/930,732, filed on Jul.  16, 2020, granted, now 11,838,267.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0073185 A1, Feb.  29, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/0236</b></i> (2013.01)&#xa0;[<i><b>H04L 63/101</b></i> (2013.01); <i><b>H04L 63/126</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12224982-20250211-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">intercepting a first packet incoming to a first entity, wherein the first packet comprises metadata;</div>
                <div class="claim_text">based on determining that the metadata of the first packet comprise an extension header, determining whether the first packet can be verified, wherein the determination of whether the first packet can be verified comprises determining whether the extension header comprises a signature that includes an encoded identifier of a sender entity of the first packet;</div>
                <div class="claim_text">in response to determining that the first packet can be verified based on determining that the extension header comprises the signature that includes the encoded identifier of the sender entity of the first packet, determining based on a firewall policy whether the sender entity and the first entity are permitted to communicate, wherein determining whether the sender entity and the first entity are permitted to communicate comprises:<div class="claim_text">decoding the encoded identifier to obtain an identifier of the sender entity, wherein the identifier of the sender entity was determined for the sender entity based on the firewall policy and differs from an Internet Protocol (IP) address of the sender entity; and</div>
                  <div class="claim_text">evaluating the first packet for compliance with the firewall policy based on the identifier of the sender entity, wherein the firewall policy comprises rules for communications of a plurality of entities based on a plurality of identifiers of a corresponding plurality of entities, wherein the plurality of identifiers are unique to respective ones of the plurality of entities and differs from IP addresses of the plurality of entities, and wherein the plurality of identifiers includes the identifier of the sender entity; and</div>
                </div>
                <div class="claim_text">in response to determining that the first packet cannot be verified based on determining that the extension header does not comprise the signature that includes the encoded identifier of the sender entity of the first packet or that the metadata of the first packet do not comprise an extension header, performing one or more mitigation actions.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>