公开(公告)号：US20240196220A1

公开(公告)日：2024-06-13

申请号：US18349681

申请日：2023-07-10

Applicant: Cisco Technology, Inc.

Inventor： Jordan Neidlinger ,  Benjamin Warren Freiband ,  Kyle Mills ,  Joshua King ,  Marshall Anderson ,  Aparna Ashok ,  Brendan Lau ,  Gursirat Singh ,  Dylan Miles Kite ,  Robert Small ,  Shayne Miel ,  Richard Harang

IPC: H04W12/50 ,  H04W12/03 ,  H04W12/069 ,  H04W12/63

CPC classification number: H04W12/50 ,  H04W12/03 ,  H04W12/069 ,  H04W12/63

Abstract: A device may receive, from a computing device, a request for a two-factor authentication of a user. A device may transmit, from a server to the computing device and based on the request, multi-factor authentication data to the computing device. A device may establish a short-distance wireless communication link between the computing device and a registered mobile device. A device may transmit, from the computing device and via the short-distance wireless communication link, encrypted data which is encrypted based on the multi-factor authentication data, to the registered mobile device. A device may receive, at the server and from the registered mobile device, a confirmation that corrected data was decrypted from the encrypted data. A device may provide, based on the confirmation, the user with access to a service via the computing device.

公开(公告)号：US20240195797A1

公开(公告)日：2024-06-13

申请号：US18063151

申请日：2022-12-08

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Richard Harang

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/107 ,  H04L63/20 ,  H04L2463/082

Abstract: The present technology provides for a proximity authentication technique in response to a detection of a possible attack, degradation in trust level, or as required by a policy associated with a first resource. Methods and systems include receiving an authentication request to authenticate a user account to a first service, where the authentication request is from an access device. A passcode is sent to the access device, where the d passcode is associated with the authentication request. Co-location of the authentication device and the access device is determined by receiving a communication from an authentication device including the passcode associated with the user account, where the authentication device extracted the passcode from a message broadcast over Bluetooth Low Energy from the access device.

公开(公告)号：US20240297887A1

公开(公告)日：2024-09-05

申请号：US18177502

申请日：2023-03-02

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Josh Matz ,  Nancy Cam-Winget ,  Joshua Terry ,  Brian Lindauer ,  David William Matteson ,  Jen Bammel ,  Courtney Irwin

IPC: H04L9/40

CPC classification number: H04L63/108 ,  H04L63/0876 ,  H04L63/105

Abstract: The present technology provides for receiving communications at an authentication service, and the communication is indicative of a change in a security posture of an authenticated session between a user device and a secure service. The authentication service can then determine that the change in the security posture of the authenticated session impacts the trust level associated with the user device and causes the trust level to fall below the threshold. The authentication service can then send an enforcement signal to a security agent on a network device that provides remedial actions that a user can undertake to improve the security posture of the authenticated session.

公开(公告)号：US12184642B2

公开(公告)日：2024-12-31

申请号：US17669241

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Richard Edward Harang ,  Joshua Brian Lindauer

IPC: H04W12/65 ,  H04L9/40 ,  H04W12/30

Abstract: This disclosure describes techniques and mechanisms for authenticating user device(s) by ensuring that two user devices accessing the same online service are co-located, while protecting private information associated with a user's network landscape and/or Bluetooth device(s). The techniques may ensure that a second factor authentication device is in the same location as a first factor access device, and that a first factor access device is in the same location as it was during previous access attempts).

公开(公告)号：US20240314554A1

公开(公告)日：2024-09-19

申请号：US18122942

申请日：2023-03-17

Applicant: Cisco Technology, Inc.

Inventor： Vishal Satyendra Desai ,  Shayne Miel ,  Ardalan Alizadeh

IPC: H04W12/06 ,  H04W12/79

CPC classification number: H04W12/06 ,  H04W12/79 ,  H04W84/12

Abstract: This disclosure describes techniques for using an anchored endpoint to enhance MFA authentication of a client device. A method performed at least in part by a security service includes authenticating of a client device connecting to a secure resource. The method also includes determining a first Wi-Fi fingerprint of the client device, determining that the client device is within a threshold proximity to an anchor device, and determining a second Wi-Fi fingerprint of the anchor device. The method also includes detecting a change to the first Wi-Fi fingerprint of the client device and determining that the second Wi-Fi fingerprint of the anchor device has not changed. The method also includes determining whether the client device is within the threshold proximity of the anchor device, if it is, access to the secured resource continues to be allowed, if it is not, a reauthentication of the client device is triggered.

公开(公告)号：US20240250942A1

公开(公告)日：2024-07-25

申请号：US18156974

申请日：2023-01-19

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Joshua Terry ,  Richard Harang ,  Kevin Tyler Burchfield ,  Gillian Gacusan ,  Patrick McMahon ,  Robert Small ,  Jake Ingman

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/1433

Abstract: The present technology provides for altering an authentication technique in response to a detection of a possible attack to which the authentication technique is vulnerable. An authentication provider can receive an authentication request to authenticate to a first resource, where the authentication to the first resource is permitted using a particular authentication technique, includes contextual information associated with the first access device and information identifying the first resource. Based on the contextual information, the authentication provider can determine that the authentication request is subject to an ongoing attack, and determine, an alternative authentication technique that is less vulnerable to the ongoing attack than the particular authentication technique. The authentication provider can require the first user account to authenticate with the first resource using the alternative authentication technique that is less vulnerable to the ongoing attack than the particular authentication technique.

公开(公告)号：US20240250812A1

公开(公告)日：2024-07-25

申请号：US18156993

申请日：2023-01-19

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Brian Lindauer ,  Glenn J. Stempeck ,  David William Matteson ,  Ian Edward Beals ,  Josh Matz ,  Edgar Calderon ,  Laura Cole

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0863 ,  H04L9/3234

Abstract: The present disclosure provides protection to communications after establishing a secured connection to a secured website or application. An authentication service, after establishing a secured session, can calculate a trust score for a user. Based on the trust score, the security agent can encrypt access tokens used to authenticate a secure connection. The system can interrupt the secure connection based on the trust score of the user or the user device. The interruption takes place by ignoring requests to decrypt the access token. Without the decrypted access token, the browser is unable to authenticate the session, preventing further communications. After the user improves the security posture of the device or user, the security agent can recalculate the trust score. When the trust score is above a threshold, the security agent can being decrypting the access token, thereby authenticating communications from the browser.

公开(公告)号：US20230254305A1

公开(公告)日：2023-08-10

申请号：US17669241

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Richard Edward Harang ,  Joshua Brian Lindauer

IPC: H04L9/40 ,  H04W12/65 ,  H04W12/30

CPC classification number: H04L63/0853 ,  H04W12/65 ,  H04W12/30 ,  H04L63/0861 ,  H04L63/0492 ,  H04L63/107 ,  H04L63/083 ,  H04L63/105

Abstract: This disclosure describes techniques and mechanisms for authenticating user device(s) by ensuring that two user devices accessing the same online service are co-located, while protecting private information associated with a user's network landscape and/or Bluetooth device(s). The techniques may ensure that a second factor authentication device is in the same location as a first factor access device, and that a first factor access device is in the same location as it was during previous access attempts).