&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
</head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12413512.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,413,512 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Application traffic flow prediction based on multi-stage network traffic flow scanning</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Daphne Sang,  Los Altos, CA (US); and  Harish Patil,  Fremont, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jul.  12, 2024, as Appl. No. 18/772,081.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/772,081 is a continuation of application No. 17/819,708, filed on Aug.  15, 2022, granted, now 12,068,950.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/367,029, filed on Jun.  24, 2022.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0372801 A1, Nov.  7, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 45/00</b></i> (2022.01); <i><b>H04L 41/0894</b></i> (2022.01); <i><b>H04L 43/026</b></i> (2022.01); <i><b>H04L 45/745</b></i> (2022.01); <i><b>H04L 47/10</b></i> (2022.01); <i><b>H04L 47/20</b></i> (2022.01); <i><b>H04L 47/2483</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 45/38</b></i> (2013.01)&#xa0;[<i><b>H04L 41/0894</b></i> (2022.05); <i><b>H04L 43/026</b></i> (2013.01); <i><b>H04L 45/745</b></i> (2013.01); <i><b>H04L 47/10</b></i> (2013.01); <i><b>H04L 47/20</b></i> (2013.01); <i><b>H04L 47/2483</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12413512-20250909-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">identifying a data protocol or application for a second network traffic flow expected to be subsequent to a first network traffic flow, wherein identifying the data protocol or application comprises,<div class="claim_text">based on identifying a first application level protocol for the first network traffic flow, selecting a pattern database of the first application level protocol;</div>
                  <div class="claim_text">based on matching a pattern in the first network traffic flow with an entry in the pattern database while scanning the first network traffic flow, extracting first traffic flow identifying information from the first network traffic flow according to the matching entry, wherein the matching entry indicates how to locate flow identifying information based on the matched pattern; and</div>
                  <div class="claim_text">associating an identifier of the first application level protocol with the first traffic flow identifying information; and</div>
                </div>
                <div class="claim_text">applying a policy indicated for the first application level protocol to the second network traffic flow based on the second network traffic flow being identified by the first traffic flow identifying information.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>