-
公开(公告)号:US10419446B2
公开(公告)日:2019-09-17
申请号:US15644982
申请日:2017-07-10
发明人: K. Tirumaleswar Reddy , Prashanth Patil , Carlos M. Pignataro , Puneeth Rao Lokapalli , Judith Ying Priest
摘要: Managing policies for a chain of administrative domains, from end-to-end, includes receiving, at a network device associated with an administrative domain that is part of a chain of administrative domains provisioning an Internet-based application or an Internet-based service to a network, a root block for a blockchain. The root block is generated by a network device in the network and includes a request for a specific network parameter over a specific time period. The network device associated with the administrative domain appends a first block to the blockchain including the root block to accept the request and configures the administrative domain in accordance with the specific network parameter when an end-to-end path in the chain of administrative domains accepts the request. The network device associated with the administrative domain also generates blockchain transactions that append network status updates to the blockchain during the specific time period.
-
公开(公告)号:US10305934B2
公开(公告)日:2019-05-28
申请号:US15165032
申请日:2016-05-26
摘要: A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).
-
公开(公告)号:US20190109717A1
公开(公告)日:2019-04-11
申请号:US15728208
申请日:2017-10-09
摘要: In an example embodiment, a validating peer of a plurality of validating peers in a blockchain network receives, from a non-validating peer, a request to create a root block of a blockchain. The root block includes information related to a potential computer security threat. The validating peer creates the root block with a root block pending validation status. The validating peer shares, with other validating peers of the plurality of validating peers, a notification of the root block with the root block pending validation status to provide an indication of the information. The validating peer determines whether the information is authentic. If the information is determined to be authentic, the validating peer changes the root block pending validation status to a root block authenticated validation status and shares, with the other validating peers, a notification of the root block authenticated validation status to indicate that the information is authentic.
-
公开(公告)号:US10230694B2
公开(公告)日:2019-03-12
申请号:US15211259
申请日:2016-07-15
IPC分类号: H04L29/06 , H04N21/2347 , H04N21/266 , H04N21/643 , H04N21/4405 , H04N7/14 , H04N7/15
摘要: A media distribution network device connects to an online collaborative session between a first participant network device, a second participant network device, and a security participant network device. The security participant network device is configured to decrypt packets of the online collaborative session to apply security polices to the packets. An encrypted packet is received at the media distribution network device. The encrypted packet is received from the first participant network device containing data to be distributed as part of the online collaborative session. The encrypted packet is distributed to the security participant network device prior to distributing the encrypted packet to the second participant network device.
-
公开(公告)号:US20190020678A1
公开(公告)日:2019-01-17
申请号:US15646429
申请日:2017-07-11
CPC分类号: H04L63/1458 , H04L9/3228 , H04L9/3236 , H04L9/3297 , H04L63/0838 , H04L63/1425 , H04L65/1006 , H04L65/403
摘要: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.
-
公开(公告)号:US10135826B2
公开(公告)日:2018-11-20
申请号:US14845505
申请日:2015-09-04
摘要: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.
-
公开(公告)号:US09843505B2
公开(公告)日:2017-12-12
申请号:US14724635
申请日:2015-05-28
发明人: K. Tirumaleswar Reddy , Prashanth Patil , Daniel G. Wing , Ram Mohan Ravindranath , William C. VerSteeg , Charles U. Eckel
IPC分类号: H04L12/721 , H04L12/851 , H04L12/46 , H04L29/06 , H04L12/725
CPC分类号: H04L45/38 , H04L12/4633 , H04L45/302
摘要: A computer-implemented method includes sending a first request message to a first server associated with a first access network indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic, receiving a first response message from the first server indicative of whether the first server is configured to support prioritization of tunneled traffic, establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller. The first network controller is configured to apply a quality of service policy within the first access network for each tunnel in accordance with the flow characteristics.
-
公开(公告)号:US20170346855A1
公开(公告)日:2017-11-30
申请号:US15165032
申请日:2016-05-26
CPC分类号: H04L63/20 , H04L61/1511 , H04L61/6009 , H04L63/104 , H04L67/2842
摘要: A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).
-
公开(公告)号:US20170339130A1
公开(公告)日:2017-11-23
申请号:US15157588
申请日:2016-05-18
CPC分类号: H04L63/0823 , H04L9/30 , H04L9/3263 , H04L61/1511 , H04L61/6013 , H04L63/0428 , H04L63/1466 , H04L63/166 , H04L67/2847 , H04L69/326
摘要: In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.
-
公开(公告)号:US20170331854A1
公开(公告)日:2017-11-16
申请号:US15151709
申请日:2016-05-11
发明人: Tirumaleswar Reddy , Daniel Wing , Prashanth Patil
CPC分类号: H04L63/1458 , H04L9/0861 , H04L9/14 , H04L9/30 , H04L9/3263 , H04L63/0236 , H04L63/0823 , H04L63/1425 , H04L63/168 , H04L65/1006 , H04L67/02 , H04L67/10 , H04L69/329
摘要: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.
-
-
-
-
-
-
-
-
-
搜索结果
111 条记录 (耗时 0.027 秒)
