公开(公告)号：US20240137428A1

公开(公告)日：2024-04-25

申请号：US17973115

申请日：2022-10-24

Applicant: Cisco Technology, Inc.

Inventor： Rajvardhan Somraj Deshmukh ,  Nancy Patricia Cam-Winget ,  James W. Kasper

IPC: H04L69/16 ,  H04L9/40 ,  H04L45/02

CPC classification number: H04L69/16 ,  H04L45/02 ,  H04L63/0236

Abstract: Techniques are described for managing QUIC connections. The techniques include identifying a first QUIC connection between a first and second device. Determining, from the connection, a first IP address and port number of the first device, a second IP address and port number of the second device, and a first CID. Storing an association between the first and second IP addresses, port numbers and first CID. Identifying a second QUIC connection between the first device and another device. Identifying, from the second connection, the first IP address and port number, a second CID, and a third IP address and port number. Determining if two of the following are met: the second IP address corresponds to the third IP address, the second port number corresponds to the third port number, the second CID corresponds to the first CID, if two are met, the first and second QUIC connections are the same.

公开(公告)号：US20240236210A9

公开(公告)日：2024-07-11

申请号：US17973115

申请日：2022-10-25

Applicant: Cisco Technology, Inc.

Inventor： Rajvardhan Somraj Deshmukh ,  Nancy Patricia Cam-Winget ,  James W. Kasper

IPC: H04L69/16 ,  H04L9/40 ,  H04L45/02

CPC classification number: H04L69/16 ,  H04L45/02 ,  H04L63/0236

Abstract: Techniques are described for managing QUIC connections. The techniques include identifying a first QUIC connection between a first and second device. Determining, from the connection, a first IP address and port number of the first device, a second IP address and port number of the second device, and a first CID. Storing an association between the first and second IP addresses, port numbers and first CID. Identifying a second QUIC connection between the first device and another device. Identifying, from the second connection, the first IP address and port number, a second CID, and a third IP address and port number. Determining if two of the following are met: the second IP address corresponds to the third IP address, the second port number corresponds to the third port number, the second CID corresponds to the first CID, if two are met, the first and second QUIC connections are the same.

公开(公告)号：US20240406147A1

公开(公告)日：2024-12-05

申请号：US18526253

申请日：2023-12-01

Applicant: Cisco Technology, Inc.

Inventor： Andrew E. Ossipov ,  James W. Kasper

IPC: H04L9/40

Abstract: Techniques for augmenting deep packet inspection capabilities of a network security device provisioned in a networked computing environment with inference-based flow selection to focus processing resources on network traffic that is likely to be malicious. The network device(s) may receive decryption policies comprising one or more decrypt and/or do not decrypt rules for applying the decryption policy to the network traffic. The network device may receive network traffic associated with a given connection flow through the network between a client device and a workload application, and the network device may determine whether to decrypt or refrain from decrypting the network traffic associated with the network flow based on a risk score that is generated by the network device using connection fingerprints associated with the client device and the workload application, respectively, based on behavioral characteristics of the client device and the workload, respectively.