公开(公告)号：US20240396938A1

公开(公告)日：2024-11-28

申请号：US18368421

申请日：2023-09-14

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrzej Konrad Kielbasinski ,  Valentiu Vlad Santau ,  Peter S. Davis

IPC: H04L9/40 ,  H04L61/4511

Abstract: Techniques for a client device configured with a kernel driver framework (KDF) to establish connection(s) with target workload(s) provisioned in remote network(s) (e.g., an enterprise network) using non-routable synthetic IP address(es) (e.g., a loopback address within a link-local address range, a unique local address within a discard prefix range, and/or the like). The KDF may intercept DNS requests from application(s) executing on a client device, generate and return a synthetic IP address associated with a given domain in the DNS request, and establish a connection with a secure access gateway using the non-routable synthetic IP address. Additionally, the KDF may invoke an external browser with an authentication redirect to a randomly generated synthetic IP address on a randomly generated port, where a local listener on a client device may listen on the synthetic IP address and random port to obtain and/or store authentication data for later use.

公开(公告)号：US20240243971A1

公开(公告)日：2024-07-18

申请号：US18620459

申请日：2024-03-28

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L41/082 ,  H04L12/46 ,  H04L45/00 ,  H04L67/1031 ,  H04L67/563

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L45/22 ,  H04L67/1031 ,  H04L67/563

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US11979284B2

公开(公告)日：2024-05-07

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L41/082 ,  H04L12/46 ,  H04L45/00 ,  H04L67/1031 ,  H04L67/563

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L45/22 ,  H04L67/1031 ,  H04L67/563

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

公开(公告)号：US20240146718A1

公开(公告)日：2024-05-02

申请号：US17977343

申请日：2022-10-31

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Valentiu Vlad Santau ,  Peter Davis ,  Andrzej Konrad Kielbasinski

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/0272

Abstract: Techniques for dynamically establishing, pausing, and/or terminating secure communication sessions. The techniques may include, detecting an occurrence of an authentication trigger event on a computing device and causing a user of the computing device to be authenticated for access to a resource that is to be accessed via a secure communication session. Based at least in part on authenticating the user for access to the resource, a token may be stored in a location that is accessible to a headend appliance associated with the secure communication session. The token may indicate that the user of the computing device is authenticated for access to the resource. In this way, at least partially responsive to detecting an occurrence of a networking trigger event, the secure communication session may be established between the computing device and the headend appliance to provide the computing device with access to the resource.

公开(公告)号：US20230066784A1

公开(公告)日：2023-03-02

申请号：US17462781

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Pankaj Chitrigi Ganesh ,  Kyle Andrew Donald Mestery ,  Danxiang Li ,  Rahim Lalani ,  Andrzej Konrad Kielbasinski

IPC: H04L12/24 ,  H04L12/707 ,  H04L29/08 ,  H04L12/46

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.