公开(公告)号：US20240364678A1

公开(公告)日：2024-10-31

申请号：US18752532

申请日：2024-06-24

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC: H04L9/40 ,  H04L67/141

CPC classification number: H04L63/0823 ,  H04L63/0281 ,  H04L67/141

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US20230093942A1

公开(公告)日：2023-03-30

申请号：US17484884

申请日：2021-09-24

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Apoorv Raj ,  Shibin Kandacheri Veedu

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  H04L29/08

Abstract: Techniques are described for providing data such as, for example, keys, connection identifiers, and hashes to network devices using a secure database in order to facilitate client devices remaining connected or reconnecting with network sites when the client device moves among networks and to prevent replay attacks. For example, a method may include receiving, by a network device of a first network, encrypted traffic destined for a network site via the first network from a client device. The method may also include retrieving, by the network device from a database, data related to a previously established connection via a second network of the client device to the network site. In configurations, the data is received by the database from a proxy on the client device. The method may further include based at least in part on the data, passing, by the network device, the encrypted traffic to the network site.

公开(公告)号：US20240022555A1

公开(公告)日：2024-01-18

申请号：US17866871

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC: H04L9/40 ,  H04L67/141

CPC classification number: H04L63/0823 ,  H04L63/0281 ,  H04L67/141

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US20250023915A1

公开(公告)日：2025-01-16

申请号：US18220057

申请日：2023-07-10

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje

IPC: H04L9/40

Abstract: Techniques and architecture are described for eliminating double encryption in zero-trust network access authenticated sessions. The techniques include an endpoint client-based proxy of a network receiving, from a browser, a request to access a protected private service. The endpoint client-based proxy pauses access of the browser to the protected private service and establishes a transport layer security (TLS) connection between the endpoint client-based proxy and a zero-trust network access (ZTNA) gateway. The ZTNA gateway determines whether the protected private service uses a secure transport mechanism and establishes either a null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway or a non-null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway. The endpoint client-based proxy resumes access of the browser to the protected private service.

公开(公告)号：US12052235B2

公开(公告)日：2024-07-30

申请号：US17866871

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC: H04L9/40 ,  H04L9/08 ,  H04L67/141

CPC classification number: H04L63/0823 ,  H04L63/0281 ,  H04L67/141

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US11646995B2

公开(公告)日：2023-05-09

申请号：US16711101

申请日：2019-12-11

Applicant: Cisco Technology, Inc.

Inventor： Cynthia Leonard ,  George Mathew Koikara ,  Kaushal Bhandankar ,  Prajwal Srinivas Sreenath

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0209 ,  H04L12/4645 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/168 ,  H04L63/20

Abstract: This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.

公开(公告)号：US20210185006A1

公开(公告)日：2021-06-17

申请号：US16711101

申请日：2019-12-11

Applicant: Cisco Technology, Inc.

Inventor： Cynthia Leonard ,  George Mathew Koikara ,  Kaushal Bhandankar ,  Prajwal Srinivas Sreenath

IPC: H04L29/06 ,  H04L12/46

Abstract: This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.