公开(公告)号：US11805112B2

公开(公告)日：2023-10-31

申请号：US17178234

申请日：2021-02-17

Applicant: Cisco Technology, Inc.

Inventor： David J Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L63/102 ,  H04L63/107 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L2463/082

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

公开(公告)号：US11863549B2

公开(公告)日：2024-01-02

申请号：US17178199

申请日：2021-02-17

Applicant: Cisco Technology, Inc.

Inventor： David J Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  H04L67/52 ,  G06Q30/018

CPC classification number: H04L63/0853 ,  H04L63/0263 ,  H04L63/0876 ,  H04L67/52 ,  G06Q30/018 ,  H04L2463/082

Abstract: This disclosure describes techniques for setting and/or adjusting a security policy associated with a device based on the physical locations of endpoint devices exchanging data with the device. An example method includes performing, at a first time, a first authentication of a first device connecting to a service; determining addresses of second devices exchanging data with the first device; determining physical locations of the second devices based on the addresses; and defining a reauthentication interval based on the physical locations of the second devices. At a second time that is after the first time by the reauthentication interval, the example method further includes disconnecting the first device from the service; and based on disconnecting the first device from the service, triggering a second authentication of the first device.

公开(公告)号：US12199968B2

公开(公告)日：2025-01-14

申请号：US18372028

申请日：2023-09-22

Applicant: Cisco Technology, Inc.

Inventor： David J Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  G06F21/31

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.