公开(公告)号：US11323480B2

公开(公告)日：2022-05-03

申请号：US16405308

申请日：2019-05-07

Applicant: Cisco Technology, Inc.

Inventor： Jeremy Lee Erickson ,  Nicholas Hamilton Steele ,  Nicholas James Mooney

IPC: H04L29/06

Abstract: An authentication system handles authentication requests to apply introspection and policy enforcement. A policy server obtains a client security policy and an authenticator security policy. The policy server obtains an encrypted credential request with client metadata from a client and determines whether the client metadata satisfies the client security policy. The policy server provides the encrypted credential request to an authenticator device and obtains an encrypted credential response with authenticator metadata in response. The policy server determines whether the authenticator metadata satisfies the authenticator security policy. The policy server processes the encrypted credential response, without decrypting the encrypted credential request or the encrypted credential response, based on a determination of whether the client metadata satisfies the client security policy and the authenticator metadata satisfies the authenticator security policy.

公开(公告)号：US12166898B2

公开(公告)日：2024-12-10

申请号：US17456759

申请日：2021-11-29

Applicant: Cisco Technology, Inc.

Inventor： Michael Brown ,  Oliver Robert Stocker ,  Jeremy Lee Erickson

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: In one embodiment, a method includes establishing, by an identity agent installed on a device, a connection to a browser installed on the device and generating, by the identity agent, first device information, a public key, and a private key. The method also includes communicating, by the identity agent, the first device information and the public key to an authentication service and receiving, by the identity agent, a unique identifier from the authentication service. The method further includes generating, by the identity agent, a first signature of the first device information and communicating, by the identity agent, the first signature, the first device information, and the unique identifier to the browser.

公开(公告)号：US20240275786A1

公开(公告)日：2024-08-15

申请号：US18643700

申请日：2024-04-23

Applicant: Cisco Technology, Inc.

Inventor： Oliver Robert Stocker ,  Jeremy Lee Erickson ,  David Steven Gross

IPC: H04L9/40

CPC classification number: H04L63/0884

Abstract: In one embodiment, a method includes receiving, by a WebAuthn proxy, login prompt information from a browser. The WebAuthn proxy and the browser are installed on a device. The method also includes generating, by the WebAuthn proxy, a WebAuthn credential request based on the login prompt information and communicating, by the WebAuthn proxy, the WebAuthn credential request to a WebAuthn authenticator. The method further includes receiving, by the WebAuthn proxy, a WebAuthn response from the WebAuthn authenticator and communicating, by the WebAuthn proxy, the WebAuthn response to the browser.

公开(公告)号：US20230171110A1

公开(公告)日：2023-06-01

申请号：US17456759

申请日：2021-11-29

Applicant: Cisco Technology, Inc.

Inventor： Michael Brown ,  Oliver Robert Stocker ,  Jeremy Lee Erickson

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3247 ,  H04L9/0825 ,  H04L63/0236 ,  H04L63/0876

Abstract: In one embodiment, a method includes establishing, by an identity agent installed on a device, a connection to a browser installed on the device and generating, by the identity agent, first device information, a public key, and a private key. The method also includes communicating, by the identity agent, the first device information and the public key to an authentication service and receiving, by the identity agent, a unique identifier from the authentication service. The method further includes generating, by the identity agent, a first signature of the first device information and communicating, by the identity agent, the first signature, the first device information, and the unique identifier to the browser.

公开(公告)号：US12284185B2

公开(公告)日：2025-04-22

申请号：US18643700

申请日：2024-04-23

Applicant: Cisco Technology, Inc.

Inventor： Oliver Robert Stocker ,  Jeremy Lee Erickson ,  David Steven Gross

IPC: H04L9/40

Abstract: In one embodiment, a method includes receiving, by a WebAuthn proxy, login prompt information from a browser. The WebAuthn proxy and the browser are installed on a device. The method also includes generating, by the WebAuthn proxy, a WebAuthn credential request based on the login prompt information and communicating, by the WebAuthn proxy, the WebAuthn credential request to a WebAuthn authenticator. The method further includes receiving, by the WebAuthn proxy, a WebAuthn response from the WebAuthn authenticator and communicating, by the WebAuthn proxy, the WebAuthn response to the browser.

公开(公告)号：US20230171252A1

公开(公告)日：2023-06-01

申请号：US17456690

申请日：2021-11-29

Applicant: Cisco Technology, Inc.

Inventor： Oliver Robert Stocker ,  Jeremy Lee Erickson ,  David Steven Gross

IPC: G06F21/44

CPC classification number: H04L63/0884

Abstract: In one embodiment, a method includes receiving, by a WebAuthn proxy, login prompt information from a browser. The WebAuthn proxy and the browser are installed on a device. The method also includes generating, by the WebAuthn proxy, a WebAuthn credential request based on the login prompt information and communicating, by the WebAuthn proxy, the WebAuthn credential request to a WebAuthn authenticator. The method further includes receiving, by the WebAuthn proxy, a WebAuthn response from the WebAuthn authenticator and communicating, by the WebAuthn proxy, the WebAuthn response to the browser.

公开(公告)号：US20250088368A1

公开(公告)日：2025-03-13

申请号：US18954775

申请日：2024-11-21

Applicant: Cisco Technology, Inc.

Inventor： Michael Brown ,  Oliver Robert Stocker ,  Jeremy Lee Erickson

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: In one embodiment, a method includes establishing, by an identity agent installed on a device, a connection to a browser installed on the device and generating, by the identity agent, first device information, a public key, and a private key. The method also includes communicating, by the identity agent, the first device information and the public key to an authentication service and receiving, by the identity agent, a unique identifier from the authentication service. The method further includes generating, by the identity agent, a first signature of the first device information and communicating, by the identity agent, the first signature, the first device information, and the unique identifier to the browser.

公开(公告)号：US11997090B2

公开(公告)日：2024-05-28

申请号：US17456690

申请日：2021-11-29

Applicant: Cisco Technology, Inc.

Inventor： Oliver Robert Stocker ,  Jeremy Lee Erickson ,  David Steven Gross

IPC: H04L9/40

CPC classification number: H04L63/0884

Abstract: In one embodiment, a method includes receiving, by a WebAuthn proxy, login prompt information from a browser. The WebAuthn proxy and the browser are installed on a device. The method also includes generating, by the WebAuthn proxy, a WebAuthn credential request based on the login prompt information and communicating, by the WebAuthn proxy, the WebAuthn credential request to a WebAuthn authenticator. The method further includes receiving, by the WebAuthn proxy, a WebAuthn response from the WebAuthn authenticator and communicating, by the WebAuthn proxy, the WebAuthn response to the browser.