公开(公告)号：US10666608B2

公开(公告)日：2020-05-26

申请号：US16286128

申请日：2019-02-26

申请人： Cisco Technology, Inc.

发明人： Geoff Townsend ,  Michael Ellery ,  Lucas Siba ,  Brian Somers

IPC分类号： H04L29/12 ,  H04L29/06 ,  H04L29/08

摘要： A DNS nameserver processes requests for domain name information based on subscriber identifiers, and optionally subscriber information. Based on a subscriber identifier, requests for a target domain name may generate a DNS response with domain name information for a proxy service. Techniques are provided to seamlessly and transparently authenticate a subscriber at the proxy service. The proxy service generates a redirect with a unique domain name including a tracking identifier in response to requests for a target domain name. The nameserver receives a request associated with the unique domain name. The nameserver responds with domain name information of the proxy service and generates a message to the proxy service mapping the tracking identifier to the subscriber identifier. The client then generates a request to the proxy service that includes the tracking identifier. The proxy service uses the mapping from the nameserver to authenticate the corresponding subscriber identifier.

公开(公告)号：US10277554B2

公开(公告)日：2019-04-30

申请号：US14196973

申请日：2014-03-04

申请人： Cisco Technology, Inc.

发明人： Geoff Townsend ,  Michael Ellery ,  Lucas Siba ,  Brian Somers

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04L29/12

摘要： A DNS nameserver processes requests for domain name information based on subscriber identifiers, and optionally subscriber information. Based on a subscriber identifier, requests for a target domain name may generate a DNS response with domain name information for a proxy service. Techniques are provided to seamlessly and transparently authenticate a subscriber at the proxy service. The proxy service generates a redirect with a unique domain name including a tracking identifier in response to requests for a target domain name. The nameserver receives a request associated with the unique domain name. The nameserver responds with domain name information of the proxy service and generates a message to the proxy service mapping the tracking identifier to the subscriber identifier. The client then generates a request to the proxy service that includes the tracking identifier. The proxy service uses the mapping from the nameserver to authenticate the corresponding subscriber identifier.

公开(公告)号：US20190199678A1

公开(公告)日：2019-06-27

申请号：US16286128

申请日：2019-02-26

申请人： Cisco Technology, Inc.

发明人： Geoff Townsend ,  Michael Ellery ,  Lucas Siba ,  Brian Somers

IPC分类号： H04L29/12 ,  H04L29/06

CPC分类号： H04L61/20 ,  H04L61/1511 ,  H04L63/0884 ,  H04L67/2804 ,  H04L67/327

摘要： A DNS nameserver processes requests for domain name information based on subscriber identifiers, and optionally subscriber information. Based on a subscriber identifier, requests for a target domain name may generate a DNS response with domain name information for a proxy service. Techniques are provided to seamlessly and transparently authenticate a subscriber at the proxy service. The proxy service generates a redirect with a unique domain name including a tracking identifier in response to requests for a target domain name. The nameserver receives a request associated with the unique domain name. The nameserver responds with domain name information of the proxy service and generates a message to the proxy service mapping the tracking identifier to the subscriber identifier. The client then generates a request to the proxy service that includes the tracking identifier. The proxy service uses the mapping from the nameserver to authenticate the corresponding subscriber identifier.

公开(公告)号：US20170374015A1

公开(公告)日：2017-12-28

申请号：US15189268

申请日：2016-06-22

申请人： Cisco Technology, Inc.

发明人： Lucas Jonathan Siba ,  Brian Somers

IPC分类号： H04L29/12

CPC分类号： H04L61/1511 ,  H04L61/6059

摘要： Techniques are presented herein for a DNS resolver to encode a falsified IP address with a client identifier that identifies a client attempting to access a blocked domain. The DNS resolver receives, from a client, a DNS request that contains a requested domain name and a client identifier. The DNS resolver then determines the identity of the client from the client identifier in the DNS request. The DNS resolver then applies policies for the domain name system request to determine that the requested domain name should be blocked for the identity of the client. The DNS resolver may then construct a falsified Internet Protocol address when the domain name should be blocked for the identified client, where the falsified Internet Protocol is encoded with the client identifier. The DNS resolver then sends to the client, in response to the DNS request, the falsified Internet Protocol address.