公开(公告)号：US20240250812A1

公开(公告)日：2024-07-25

申请号：US18156993

申请日：2023-01-19

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Brian Lindauer ,  Glenn J. Stempeck ,  David William Matteson ,  Ian Edward Beals ,  Josh Matz ,  Edgar Calderon ,  Laura Cole

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0863 ,  H04L9/3234

Abstract: The present disclosure provides protection to communications after establishing a secured connection to a secured website or application. An authentication service, after establishing a secured session, can calculate a trust score for a user. Based on the trust score, the security agent can encrypt access tokens used to authenticate a secure connection. The system can interrupt the secure connection based on the trust score of the user or the user device. The interruption takes place by ignoring requests to decrypt the access token. Without the decrypted access token, the browser is unable to authenticate the session, preventing further communications. After the user improves the security posture of the device or user, the security agent can recalculate the trust score. When the trust score is above a threshold, the security agent can being decrypting the access token, thereby authenticating communications from the browser.

公开(公告)号：US20240031365A1

公开(公告)日：2024-01-25

申请号：US18477063

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： David Steven Gross ,  Jennifer Lee Bammel ,  David William Matteson ,  Christopher Carl Cassell ,  Kyle David Mills

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L2101/663

Abstract: This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.

公开(公告)号：US20220286455A1

公开(公告)日：2022-09-08

申请号：US17194000

申请日：2021-03-05

Applicant: Cisco Technology, Inc.

Inventor： David Steven Gross ,  Jennifer Lee Bammel ,  David William Matteson ,  Christopher Carl Cassell ,  Kyle David Mills

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.

公开(公告)号：US20240297887A1

公开(公告)日：2024-09-05

申请号：US18177502

申请日：2023-03-02

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Josh Matz ,  Nancy Cam-Winget ,  Joshua Terry ,  Brian Lindauer ,  David William Matteson ,  Jen Bammel ,  Courtney Irwin

IPC: H04L9/40

CPC classification number: H04L63/108 ,  H04L63/0876 ,  H04L63/105

Abstract: The present technology provides for receiving communications at an authentication service, and the communication is indicative of a change in a security posture of an authenticated session between a user device and a secure service. The authentication service can then determine that the change in the security posture of the authenticated session impacts the trust level associated with the user device and causes the trust level to fall below the threshold. The authentication service can then send an enforcement signal to a security agent on a network device that provides remedial actions that a user can undertake to improve the security posture of the authenticated session.

公开(公告)号：US11799856B2

公开(公告)日：2023-10-24

申请号：US17194000

申请日：2021-03-05

Applicant: Cisco Technology, Inc.

Inventor： David Steven Gross ,  Jennifer Lee Bammel ,  David William Matteson ,  Christopher Carl Cassell ,  Kyle David Mills

IPC: H04L9/40 ,  H04L101/663

CPC classification number: H04L63/0876 ,  H04L2101/663

Abstract: This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.