-
11.发明申请公开(公告)号:US20160294803A1
公开(公告)日:2016-10-06
申请号:US14674596
申请日:2015-03-31
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Daniel Wing , Prashanth Patil
IPC: H04L29/06
CPC classification number: H04L67/42 , H04L63/0807 , H04L67/06 , H04L67/20 , H04L67/289
Abstract: In one embodiment, first content is served by an application server to a client computer through an Internet service provider network. The first content includes a link to second content on a third-party server. A token request is sent from the third-party server to the application server in response to selection of the link by the client computer. A token is provided to the third-party server by the application server in response to the token request. The token is configured to authorize data flow at a bandwidth for the second content by the Internet service provider network to the client computer. The data flow is authorized based on an agreement for the bandwidth between an operator of the application server and an operator of the Internet service provider network.
Abstract translation: 在一个实施例中,第一内容由应用服务器通过因特网服务提供商网络服务于客户端计算机。 第一内容包括指向第三方服务器上的第二内容的链接。 响应于客户端计算机的链接的选择,令牌请求从第三方服务器发送到应用服务器。 响应于令牌请求,应用服务器向第三方服务器提供令牌。 令牌被配置为授权由因特网服务提供商网络向客户端计算机的第二内容的带宽的数据流。 基于对应用服务器的运营商和因特网服务提供商网络的运营商之间的带宽的协议来授权数据流。
-
公开(公告)号:US20160080395A1
公开(公告)日:2016-03-17
申请号:US14488973
申请日:2014-09-17
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Prashanth Patil , Daniel Wing
CPC classification number: H04L63/1425 , H04L61/1511 , H04L61/2007 , H04L61/2514 , H04L63/0236 , H04L63/1408 , H04L63/145 , H04L67/02 , H04L67/10 , H04L69/16 , H04L69/22 , H04L2463/144
Abstract: In one implementation, a network device is configured to monitor communications associated with an endpoint and identify domain name service messages in the communications. Subsequently, the network device receives a hypertext transfer protocol (HTTP) request and determines whether a destination internet protocol (IP) address of the HTTP request is present in or absent from the domain name service messages. When the IP address is absent from the domain name service messages, the HTTP request is modified to trigger increased security.
Abstract translation: 在一个实现中,网络设备被配置为监视与端点相关联的通信并且识别通信中的域名服务消息。 随后,网络设备接收超文本传输协议(HTTP)请求,并确定HTTP请求的目标网际协议(IP)地址是否存在于或不存在于域名服务消息中。 当域名服务消息中不存在IP地址时,会修改HTTP请求以触发增加的安全性。
-
13.发明申请公开(公告)号:US20150067033A1
公开(公告)日:2015-03-05
申请号:US14019011
申请日:2013-09-05
Applicant: Cisco Technology, Inc
Inventor: Pål-Erik S. Martinsen , Prashanth Patil
IPC: H04L12/70
CPC classification number: H04L47/00 , H04L47/125
Abstract: Techniques are provided for optimizing a choice of relay servers for optimizing network traffic flow between peer devices in a network. An allocate request message is received from a router device in a network and is destined for a relay server in the network. The message requests a public identifier from the relay server for the client device. Identifier information is inserted in the message that indicates an identity of the router device. A server device configured to operate as a relay server in the network receives the allocate request message. Based on the identifier information, the server device selects a particular router device in the network path to operate as a newly designated relay server for the client device. The server device sends to the client device an alternate server response message that indicates that the particular router device is selected as the newly designated relay server.
Abstract translation: 提供了用于优化中继服务器的选择以优化网络中的对等设备之间的网络流量流的技术。 从网络中的路由器设备接收到分配请求消息,并发往网络中的中继服务器。 消息从中继服务器请求客户端设备的公共标识符。 在指示路由器设备的标识的消息中插入标识符信息。 被配置为在网络中作为中继服务器运行的服务器设备接收分配请求消息。 基于标识符信息,服务器设备选择网络路径中的特定路由器设备作为客户端设备的新指定中继服务器。 服务器设备向客户端设备发送指示特定路由器设备被选择为新指定的中继服务器的备用服务器响应消息。
-
公开(公告)号:US20150026757A1
公开(公告)日:2015-01-22
申请号:US13947498
申请日:2013-07-22
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Prashanth Patil , Ramesh Nethi , Daniel Wing , Christopher Wild
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/0281 , H04L63/10
Abstract: In one implementation, Web-Cache deployed in the Enterprise premises and cloud-based SecaaS are combined such that similar identity-based polices are enforced on both the SecaaS and content delivered from the Web-Cache. This identity-based policy implementation outside the network using SecaaS and within the network for web-cached content provides consistent identity-based security while still providing content to end-users with high performance. Content inspected and/or modified by SecaaS may be cached in the enterprise premises so that requests for content from an origin server decreases, freeing Internet bandwidth and reducing access time. Local caching of streaming content may decrease latency while local implementation of identity-based policy continues to limit the streamed content as appropriate. Local implementation of identity-based policy may reduce the load on SecaaS. Rather than using content delivery networks provided by a service provider for web-content, a cache server within the enterprise is used.
Abstract translation: 在一个实现中,部署在企业场所和基于云的SecaaS中的Web-Cache组合起来,从而在SecaaS和从Web-Cache传递的内容上实施类似的基于身份的策略。 网络外的基于身份的策略实施使用SecaaS并在网络缓存的内容中提供了一致的基于身份的安全性,同时仍向最终用户提供高性能的内容。 SecaaS检查和/或修改的内容可能会缓存在企业场所,以便来自原始服务器的内容请求减少,释放Internet带宽并减少访问时间。 流内容的本地缓存可能会降低延迟,而本地实施基于身份的策略会继续适当地限制流内容。 基于身份的策略的本地实施可能会降低对SecaaS的负担。 不使用服务提供商提供的内容传递网络进行Web内容,而是使用企业内的缓存服务器。
-
公开(公告)号:US20140237539A1
公开(公告)日:2014-08-21
申请号:US13773157
申请日:2013-02-21
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Daniel G. Wing , Srinivas Chivukula , Tirumaleswar Reddy , Prashanth Patil
IPC: H04L29/06
CPC classification number: H04L63/08 , H04L61/2514 , H04L63/20 , H04L67/02 , H04L67/146 , H04L69/161 , H04L69/22
Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.
Abstract translation: 在一个实现中,基于身份的安全特征和策略被应用于中间设备(例如网络地址转换设备)之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输协议(HTTP)包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息,从而允许其他应用和协议的身份传播。
-
Patent Agency Ranking
公开(公告)号:US11539747B2
公开(公告)日:2022-12-27
申请号:US16780047
申请日:2020-02-03
Applicant: Cisco Technology, Inc.
Inventor: K Tirumaleswar Reddy , Prashanth Patil , Carlos M. Pignataro
Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.
-
17.发明申请公开(公告)号:US20220078209A1
公开(公告)日:2022-03-10
申请号:US17014875
申请日:2020-09-08
Applicant: Cisco Technology, Inc.
Inventor: Rajesh I V , Rammohan Ravindranath , Prashanth Patil , Vinay Saini
Abstract: A trusted application manager (TAM) includes a processor, and a non-transitory computer-readable media storing instructions that, when executed by the processor, causes the processor to perform operations comprising obtaining, from a secure access service edge (SASE) device executing a security service, a data set defining intelligence provided by the security service, defining a policy based at least in part on the intelligence provided by the security service, and managing a trusted application (TA) based on the policy.
-
18.发明申请公开(公告)号:US20210119974A1
公开(公告)日:2021-04-22
申请号:US17116111
申请日:2020-12-09
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L29/06
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
公开(公告)号:US20200267520A1
公开(公告)日:2020-08-20
申请号:US16277309
申请日:2019-02-15
Applicant: Cisco Technology, Inc.
Inventor: Prashanth Patil , Ram Mohan Ravindranath
Abstract: Systems, methods, and computer-readable mediums for federating an enterprise and a SaaS provider across one or more network slices of a network service provider. A SaaS provided by a SaaS provider for provisioning to an enterprise can be recognized. One or more network slices within a network of a network service provider between the enterprise and the SaaS provider can be identified. The one or more network slices can be used to provision the SaaS to the enterprise. As follows, the SaaS provider can be federated with the enterprise across one or more network service providers, including the network service provider. Specifically, the SaaS provider can be federated with the enterprise by uniquely associating the one or more network slices provided by the network service provider with the SaaS provisioned by the SaaS provider to the enterprise.
-
公开(公告)号:US10742612B2
公开(公告)日:2020-08-11
申请号:US15784708
申请日:2017-10-16
Applicant: Cisco Technology, Inc.
Inventor: Prashanth Patil , K. Tirumaleswar Reddy , Justin James Muller , Judith Ying Priest , Puneeth Rao Lokapalli
Abstract: In a network that includes a client, a server and one or more proxy entities that intercept network traffic between the client and the server, a computer-implemented method is provided including: establishing trust with a permissioned distributed database; computing hashes from packet payloads of network traffic originated, intercepted or received; storing the hashes to the permissioned distributed database so that the permissioned distributed database maintains hashes computed from packets of the network traffic originated, intercepted or received by the client, server and the one or more proxy entities; and validating the hashes by comparing, with each other, the hashes stored to the permissioned distributed database by the client, server and the one or more proxy entities to determine whether any packet payload of the network traffic was modified in transit.
-
-
-
-
-
-
-
-
-
Search Results
111
records
(took 0.024 seconds)
