公开(公告)号：US11368487B2

公开(公告)日：2022-06-21

申请号：US16416794

申请日：2019-05-20

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis ,  David Arthur McGrew ,  Richard Lee Barnes, II

IPC: H04L29/06 ,  H04L9/40

Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.

公开(公告)号：US20230254154A1

公开(公告)日：2023-08-10

申请号：US17669302

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis ,  Dimitrios Sikeridis

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3239

Abstract: Methods and systems enable internal and external verification of computations performed by a code signing server according to hash-based signature techniques using unique state, and further for a code signing server to expose parts of a hash-based signature log without negating the security of the one-time signature key pairs generated by the code signing server. A signing module of a code signing server receives a signing request from a client computing system. The signing module configures the code signing server to generate a one-time signature key pair based on a Merkle tree state. The signing module configures the code signing server to issue a hash-based signature to the client computing system. The code signing server is configured to record the Merkle tree state and the issued HBS in an immutably ordered log at a logging server.

公开(公告)号：US11646883B2

公开(公告)日：2023-05-09

申请号：US16809135

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis

IPC: H04L9/08

CPC classification number: H04L9/0875 ,  H04L9/0852

Abstract: A method of selecting a particular cryptographic algorithm for an optimal cryptographic negotiation in which higher security level is obtained with an acceptable performance speed. The method includes exchanging information between a first device and a second device for establishing a secure communication connection, measuring network latency between the first device and the second device, and selecting a particular cryptographic algorithm from among a plurality of mutually supported cryptographic algorithms based on the network latency for establishing the secure communication connection.

公开(公告)号：US12267437B2

公开(公告)日：2025-04-01

申请号：US17669302

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis ,  Dimitrios Sikeridis

IPC: H04L9/32 ,  G06F15/16 ,  H04L15/16 ,  H04L29/06 ,  H04L29/08

Abstract: Methods and systems enable internal and external verification of computations performed by a code signing server according to hash-based signature techniques using unique state, and further for a code signing server to expose parts of a hash-based signature log without negating the security of the one-time signature key pairs generated by the code signing server. A signing module of a code signing server receives a signing request from a client computing system. The signing module configures the code signing server to generate a one-time signature key pair based on a Merkle tree state. The signing module configures the code signing server to issue a hash-based signature to the client computing system. The code signing server is configured to record the Merkle tree state and the issued HBS in an immutably ordered log at a logging server.

公开(公告)号：US20210281404A1

公开(公告)日：2021-09-09

申请号：US16809135

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis

IPC: H04L9/08

Abstract: A method of selecting a particular cryptographic algorithm for an optimal cryptographic negotiation in which higher security level is obtained with an acceptable performance speed. The method includes exchanging information between a first device and a second device for establishing a secure communication connection, measuring network latency between the first device and the second device, and selecting a particular cryptographic algorithm from among a plurality of mutually supported cryptographic algorithms based on the network latency for establishing the secure communication connection.

公开(公告)号：US20200374314A1

公开(公告)日：2020-11-26

申请号：US16416794

申请日：2019-05-20

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis ,  David Arthur McGrew ,  Richard Lee Barnes II

IPC: H04L29/06

Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.

公开(公告)号：US20190253319A1

公开(公告)日：2019-08-15

申请号：US15892951

申请日：2018-02-09

Applicant: Cisco Technology, Inc.

Inventor： Panagiotis Theodorou Kampanakis ,  Blake Harrell Anderson ,  Brian E. Weis ,  Charles Calvin Byers ,  M. David Hanes ,  Joseph Michael Clarke ,  Gonzalo Salgueiro

IPC: H04L12/24 ,  G06N5/02 ,  H04L12/26

CPC classification number: H04L41/0893 ,  G06N5/025 ,  H04L41/0816 ,  H04L43/08

Abstract: In one embodiment, a classification device in a computer network analyzes data from a given device in the computer network, and classifies the given device as a particular type of device based on the data. The classification device may then determine whether a manufacturer usage description (MUD) policy exists for the particular type of device. In response to there being no existing MUD policy for the particular type of device, the classification device may then determine patterns of the analyzed data, classify the patterns into context-based policies, and generate a derived MUD policy for the particular type of device based on the context-based policies. The classification device may then apply one of either the existing or derived MUD policy for the given device within the computer network.