-
公开(公告)号:US20170070506A1
公开(公告)日:2017-03-09
申请号:US14845505
申请日:2015-09-04
Applicant: Cisco Technology, Inc.
Inventor: K. Tirumaleswar Reddy , Prashanth Patil , Daniel Wing
CPC classification number: H04L63/10 , G06F21/56 , H04L63/0428 , H04L63/06 , H04L63/062 , H04L63/102 , H04L63/20 , H04L67/06 , H04L67/10
Abstract: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.
Abstract translation: 利用基于云的文件共享的安全即服务的方法包括在企业网络外部的基于云的文件共享服务器上接收与企业网络的连接,来自企业网络的指令以验证文件 在允许文件下载之前由与企业网络相关联的第一用户上传。 然后,文件共享服务器可以从第一用户接收文件,并将文件转发到也在企业网络外部并且具有到企业网络的连接的基于云的安全即服务(SECaaS)服务器。 文件共享服务器接收来自基于云的SECaaS服务器的确认确定,并允许第二用户基于确定来下载文件。 为了做出决定,SECaaS服务器从基于云的密钥管理服务器检索密码密钥资料,并解密该文件。
-
公开(公告)号:US09413560B2
公开(公告)日:2016-08-09
申请号:US14278598
申请日:2014-05-15
Applicant: Cisco Technology, Inc.
Inventor: Prashanth Patil , Tirumaleswar Reddy , Daniel Wing , William Ver Steeg
IPC: H04L12/851 , H04L12/24 , H04L29/06 , H04L12/64 , H04L29/08
CPC classification number: H04L12/6418 , H04L29/06 , H04L41/5019 , H04L41/5038 , H04L47/2441 , H04L63/145 , H04L67/02 , H04L67/06
Abstract: Various embodiments are disclosed for prioritizing network flows and providing differentiated quality of service in a telecommunications network. In some embodiments, a SecaaS can be utilized to signal flow characteristics of one or more network flows to a connector in a network so that the network can install differentiated quality of service against the one or more network flows based upon the received flow characteristics. Some embodiments enable a connector in a network to act as a PCP client to signal received flow characteristics to an upstream PCP server hosted by an adjacent access network.
Abstract translation: 公开了各种实施例用于优先化网络流并在电信网络中提供差异化的服务质量。 在一些实施例中,可以使用SecaaS来向网络中的连接器发送一个或多个网络流的流特性,使得网络可以基于所接收的流特性来针对所述一个或多个网络流安装差异化服务质量。 一些实施例使得网络中的连接器能够充当PCP客户端,以将接收到的流量特性信号发送到由相邻接入网络托管的上游PCP服务器。
-
公开(公告)号:US09154484B2
公开(公告)日:2015-10-06
申请号:US13773157
申请日:2013-02-21
Applicant: Cisco Technology, Inc.
Inventor: Daniel G. Wing , Srinivas Chivukula , Tirumaleswar Reddy , Prashanth Patil
CPC classification number: H04L63/08 , H04L61/2514 , H04L63/20 , H04L67/02 , H04L67/146 , H04L69/161 , H04L69/22
Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.
Abstract translation: 在一个实现中,基于身份的安全特征和策略被应用于中间设备(例如网络地址转换设备)之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输协议(HTTP)包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息,从而允许其他应用和协议的身份传播。
-
公开(公告)号:US20240147232A1
公开(公告)日:2024-05-02
申请号:US18052013
申请日:2022-11-02
Applicant: Cisco Technology, Inc.
Inventor: Rajesh Indira Viswambharan , Ram Mohan Ravindranath , Prashanth Patil
CPC classification number: H04W12/06 , H04L63/20 , H04W12/63 , H04L2463/082
Abstract: Disclosed herein are systems, methods, and computer-readable media for enabling multi-factor authentication (MFA) for an Internet Of Things (IoT) device. In one aspect, a method includes receiving a network connection request from the IoT device to connect to a network. In one aspect, the method includes fetching authentication information for the device in response to the request. In one aspect, the method includes authenticating the device to the network. In one aspect, the method includes in response to the authentication of the device to the network, establishing a network connection between the IoT device and the network. In one aspect, the method includes applying the MFA policy. In one aspect, the method includes after successful compliance with the MFA policy establishing a session between the device and the application over the network.
-
85.发明授权公开(公告)号:US11483292B2
公开(公告)日:2022-10-25
申请号:US17116111
申请日:2020-12-09
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L9/40
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
Patent Agency Ranking
公开(公告)号:US11108814B2
公开(公告)日:2021-08-31
申请号:US16551280
申请日:2019-08-26
Applicant: Cisco Technology, Inc.
Inventor: K Tirumaleswar Reddy , Ram Mohan Ravindranath , Prashanth Patil , Carlos M. Pignataro
Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.
-
公开(公告)号:US20210044678A1
公开(公告)日:2021-02-11
申请号:US16536679
申请日:2019-08-09
Applicant: Cisco Technology, Inc.
Inventor: Prashanth Patil , Rajesh Indira Viswambharan , Ram Mohan Ravindranath
Abstract: In one embodiment, a domain name system (DNS) service receives a DNS request sent by a client for a particular destination. The DNS service determines that a connection between the client and the particular destination will not support use of the Quick User Datagram Protocol (UDP) Internet Connections (QUIC) protocol. The DNS service generates a DNS response to the DNS request that includes an indication that the connection between the client and the particular destination will not support use of the QUIC protocol within an Extensions Mechanisms for DNS (EDNS) field of the DNS response. The DNS service sends the DNS response, to cause an intermediary between the client and the particular destination to explicitly reject a QUIC protocol connection attempted by the client with the particular destination.
-
88.发明授权公开(公告)号:US10911409B2
公开(公告)日:2021-02-02
申请号:US15984637
申请日:2018-05-21
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L29/06
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
公开(公告)号:US10554689B2
公开(公告)日:2020-02-04
申请号:US15582026
申请日:2017-04-28
Applicant: Cisco Technology, Inc.
Inventor: K Tirumaleswar Reddy , Prashanth Patil , Carlos M. Pignataro
IPC: H04L29/06
Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.
-
公开(公告)号:US20190297017A1
公开(公告)日:2019-09-26
申请号:US15934247
申请日:2018-03-23
Applicant: Cisco Technology, Inc.
Inventor: Carlos M. Pignataro , Prashanth Patil , Nagendra Kumar Nainar , Robert Edgar Barton , Jerome Henry , Muthurajah Sivabalan
IPC: H04L12/803 , H04L12/801 , H04L12/26 , H04L29/06
Abstract: In one example embodiment, a first path computation element of a first segment routing domain includes a plurality of path computation clients. The first path computation element obtains, from at least one path computation client of the plurality of path computation clients, telemetry data indicating network traffic congestion for the at least one path computation client. Based on the telemetry data, the first path computation element determines that the at least one path computation client is experiencing at least a predetermined amount of network traffic congestion. In response to determining that the at least one path computation client is experiencing at least the predetermined amount of network traffic congestion, the first path computation element sends, to a second path computation element of a second segment routing domain, an indication of the network traffic congestion for the at least one path computation client.
-
-
-
-
-
-
-
-
-
Search Results
111
records
(took 0.024 seconds)
