知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

108 records (took 0.018 seconds)

    ENTERPRISE-MANAGED AUTHENTICATION AND AUTHORIZATION
    21.
    发明申请
    ENTERPRISE-MANAGED AUTHENTICATION AND AUTHORIZATION 有权

    公开(公告)号:US20250023860A1

    公开(公告)日:2025-01-16

    申请号:US18219901

    申请日:2023-07-10

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Michael F. O'Gorman Cullen Frishman Jennings

    IPC: H04L9/40

    Abstract: Techniques for syncing authentication and/or authorization tokens, cookies, and related metadata across different browser instances to enable disparate applications to share a single authentication/authorization ceremony. The techniques may include receiving a policy indicating multiple enterprise-managed applications that are capable of sharing tokens or cookies for user authentication. The techniques may also include receiving a token or a cookie indicating that a user is authenticated to access a first application of the multiple enterprise-managed applications. Based at least in part on the policy, the token or the cookie may be provided to a browser such that a second application of the multiple enterprise-managed applications refrains from causing the user to authenticate for access to the second application.

    Binding flows to unique addresses or ports
    22.
    发明授权
    Binding flows to unique addresses or ports 有权

    公开(公告)号:US12170644B2

    公开(公告)日:2024-12-17

    申请号:US17678472

    申请日:2022-02-23

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Vincent E. Parla

    IPC: H04L61/2557 H04L9/40 H04L61/256 H04L61/4511

    Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

    IMPLEMENTING POLICY BASED ON UNIQUE ADDRESSES OR PORTS
    23.
    发明申请
    IMPLEMENTING POLICY BASED ON UNIQUE ADDRESSES OR PORTS 有权

    公开(公告)号:US20240372896A1

    公开(公告)日:2024-11-07

    申请号:US18771800

    申请日:2024-07-12

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Vincent E. Parla

    IPC: H04L9/40

    Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

    END-TO-END TRANSACTIONAL MICROSEGMENTATION
    24.
    发明公开
    END-TO-END TRANSACTIONAL MICROSEGMENTATION 审中-公开

    公开(公告)号:US20240333822A1

    公开(公告)日:2024-10-03

    申请号:US18126735

    申请日:2023-03-27

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Walter Hulick

    IPC: H04L69/166 H04L69/321

    CPC classification number: H04L69/166 H04L69/321

    Abstract: Techniques for microsegmenting network communication transactions from end-to-end over an entire network communication path between a client device and a workload. The techniques may include determining that a first layer of a packet traversing the communication path includes a first metadata tag associated with a first segmentation ecosystem applying a microsegmentation policy along a first portion of the communication path. Based at least in part on the first metadata tag, a second metadata tag may be determined that is associated with a second segmentation ecosystem applying the microsegmentation policy along a second portion of the communication path. The second metadata tag may then be embedded within a second layer of the packet such that the second segmentation ecosystem is capable of applying the microsegmentation policy to the packet along the second portion of the communication path.

    Network address translation (NAT)-based traffic steering
    25.
    发明授权
    Network address translation (NAT)-based traffic steering 有权

    公开(公告)号:US12095665B2

    公开(公告)日:2024-09-17

    申请号:US17572320

    申请日:2022-01-10

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Vincent E. Parla Ian James Wells

    IPC: H04L45/74 H04L69/165

    CPC classification number: H04L45/74 H04L69/165

    Abstract: Techniques for Network Address Translation (NAT)-based steering of traffic in cloud-based networks. The techniques may include establishing, by a frontend node of a network, a connection with a client device. The frontend node may receive, via the connection, a packet including an indication of an identity of a service hosted on a backend node of the network. Based at least in part on the indication, the frontend node may establish a second connection with the backend node. Additionally, the frontend node may store a mapping indicating that packets received from the client device are to be sent to the backend node. The techniques may also include receiving another packet at the frontend node or another frontend node of the network. Based at least in part on the mapping, the frontend node or other frontend node may alter one or more network addresses of the other packet and forward it to the backend node.

    Implementing policy based on unique addresses or ports
    27.
    发明授权
    Implementing policy based on unique addresses or ports 有权

    公开(公告)号:US12069103B2

    公开(公告)日:2024-08-20

    申请号:US17678560

    申请日:2022-02-23

    Applicant: Cisco Technology, Inc.

    Inventor: Kyle Andrew Donald Mestery Vincent E. Parla

    IPC: H04L9/40

    CPC classification number: H04L63/205 H04L63/0254 H04L63/0272

    Abstract: Techniques for binding communication flows to unique addresses and/or ports, and configuring networking devices internal to a network to apply policy without the need to further introspect a given stream. Further, by creating mappings of unique addresses and/or ports to flows, the network devices are able to enforce policy without needing to coordinate with an edge node of the network at which the communication session terminates. Further, the techniques may include providing an SDN controller with a mapping between a unique address/port and a network flow, determining flow-specific policy to enforce on the flow, and programming one or more network devices to enforce the flow-specific policy in the network using the unique address/port.

    DYNAMIC USER AUTHENTICATION AND TRAFFIC STEERING
    28.
    发明公开
    DYNAMIC USER AUTHENTICATION AND TRAFFIC STEERING 审中-公开

    公开(公告)号:US20240146718A1

    公开(公告)日:2024-05-02

    申请号:US17977343

    申请日:2022-10-31

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Valentiu Vlad Santau Peter Davis Andrzej Konrad Kielbasinski

    IPC: H04L9/40

    CPC classification number: H04L63/083 H04L63/0272

    Abstract: Techniques for dynamically establishing, pausing, and/or terminating secure communication sessions. The techniques may include, detecting an occurrence of an authentication trigger event on a computing device and causing a user of the computing device to be authenticated for access to a resource that is to be accessed via a secure communication session. Based at least in part on authenticating the user for access to the resource, a token may be stored in a location that is accessible to a headend appliance associated with the secure communication session. The token may indicate that the user of the computing device is authenticated for access to the resource. In this way, at least partially responsive to detecting an occurrence of a networking trigger event, the secure communication session may be established between the computing device and the headend appliance to provide the computing device with access to the resource.

    PROXIMITY-AWARE MULTIFACTOR AUTHENTICATION FOR CONTINUOUS TRUSTED ACCESS
    30.
    发明公开
    PROXIMITY-AWARE MULTIFACTOR AUTHENTICATION FOR CONTINUOUS TRUSTED ACCESS 审中-公开

    公开(公告)号:US20240089254A1

    公开(公告)日:2024-03-14

    申请号:US17940299

    申请日:2022-09-08

    Applicant: Cisco Technology, Inc.

    Inventor: Vincent E. Parla Nancy Patricia Cam-Winget

    IPC: H04L9/40

    CPC classification number: H04L63/0853 H04L63/20

    Abstract: Techniques for using device proximity of a primary device and a secondary device to allow or deny connections to network resource(s), as well as terminate existing connections to the network resource(s). The techniques may include monitoring a proximity-based direct networking connection between a primary device and a secondary device, the proximity-based direct networking connection established in association with authenticating the primary device to access a resource. The techniques may also include determining, based at least in part on the monitoring, that a network proximity between the primary device and the secondary device exceeds a threshold proximity. Based at least in part on determining that the network proximity exceeds the threshold proximity, the techniques may include causing termination of the access to the resource for the primary device.

Patent Agency Ranking