公开(公告)号：US11277337B2

公开(公告)日：2022-03-15

申请号：US16750139

申请日：2020-01-23

Applicant: Cisco Technology Inc.

Inventor： Hendrikus G. P. Bosch ,  Stefan Olofsson ,  Ijsbrand Wijnands ,  Anubhav Gupta ,  Jeffrey Napper ,  Sape Jurriën Mullender

IPC: H04L12/723 ,  H04L12/755 ,  H04L12/717 ,  H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L12/741 ,  H04L12/725 ,  H04L45/50 ,  H04L45/021 ,  H04L67/63 ,  H04L61/4511 ,  H04L45/42

Abstract: In one embodiment, a method includes detecting a request to route traffic to a service associated with an application. The method also includes identifying an application identifier associated with the application and selecting, using the application identifier, a label from a plurality of labels included in a routing table. The label includes one or more routes. The method further includes routing the traffic to the service associated with the application using the label.

公开(公告)号：US11018886B1

公开(公告)日：2021-05-25

申请号：US16136636

申请日：2018-09-20

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Subhasri Dhesikan

IPC: H04L12/18 ,  H04L29/06 ,  H04L12/935

Abstract: An IP multicast group may include a plurality of group members corresponding to a plurality of host receivers that are connected to router nodes of a multicast distribution tree and joined in the multicast group. At least some of the router nodes may store a plurality of group member indicator bits associated with the multicast group. Each group member indicator bit may be assigned to a respective one of the group members and indicate whether the respective group member is reachable downstream from the router node. During IP multicast, the router node may receive an IP multicast message having a destination address field, a source address field, and a payload field. The payload field may include one or more data items of a multicast data stream. The destination address field may include a multicast group address for addressing communications to the multicast group.

公开(公告)号：US10313118B2

公开(公告)日：2019-06-04

申请号：US15336722

申请日：2016-10-27

Applicant: Cisco Technology, Inc.

Inventor： Sape Jurriën Mullender ,  Hendrikus Bosch ,  David Lake

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  H04W4/38 ,  H04L9/12 ,  H04L9/32

Abstract: In one embodiment, a method comprises: receiving, by a requestor device in a data network, authentication request parameters for generating a secured request for a data object, the authentication request parameters comprising a shared encryption key and a prescribed update time interval value; generating, by the requestor device, the secured request based on generating a reduced-resolution time value by dividing a current device timestamp value of the requestor device by the prescribed update time interval value, and encrypting the reduced-resolution time value using the shared encryption key; and outputting, by the requestor device, the secured request specifying an object name identifying the data object and the encrypted reduced-resolution time value, enabling a content supplier device to authenticate the secured request based on determining whether the reduced-resolution time value, multiplied by the prescribed update time interval, substantially matches a corresponding timestamp value of the content supplier device.

公开(公告)号：US20170208000A1

公开(公告)日：2017-07-20

申请号：US14997212

申请日：2016-01-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus Bosch ,  Sape Jurriën Mullender ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco

IPC: H04L12/721 ,  H04L12/741

CPC classification number: H04L45/38 ,  H04L45/745

Abstract: Particular embodiments described herein provide for a communication system that can be configured for receiving, at a network element, a flow offload decision for a first service node. The flow offload decision can include a portion of a service chain for processing a flow and updating next hop flow based routing information for the flow. A next hop in the flow can insert flow specific route information in its routing tables to bypass a packet forwarder serving the service that offloaded the flow in the reverse direction.

公开(公告)号：US11863588B2

公开(公告)日：2024-01-02

申请号：US16867642

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Jeffrey Michael Napper ,  Alessandro Duminuco ,  Shivani Raghav

IPC: H04L9/00 ,  H04L9/40 ,  G06F21/57 ,  G06F9/54

CPC classification number: H04L63/20 ,  G06F9/547 ,  G06F21/575 ,  H04L63/0272 ,  H04L63/0853 ,  H04L63/1425 ,  H04L63/1433

Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.

公开(公告)号：US11809571B2

公开(公告)日：2023-11-07

申请号：US17346898

申请日：2021-06-14

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: The present disclosure is directed to systems and methods for vulnerability analysis using continuous application attestation, a method including receiving a load map associated with an application, the load map indicating loaded modules of the application; determining whether at least one notification is received indicating at least one update to the loaded modules of the application, wherein, if the at least one notification is received, the load map is updated based on the indicated at least one update, and wherein, if the at least one notification is not received, the load map is retained in an existing state; periodically retrieving call traces associated with the application, the call traces indicating executed modules of the application; and generating a continuous application attestation comprising at least a combination of the updated load map or the retained load map, and the retrieved call traces associated with the application at a given time.

公开(公告)号：US20230004445A1

公开(公告)日：2023-01-05

申请号：US17662459

申请日：2022-05-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Randy Birdsall ,  Alessandro Duminuco ,  Zohar Kaufman ,  Sape Jurriën Mullender

IPC: G06F9/50 ,  G06F9/54

Abstract: According to some embodiments, a method is performed by a distributed cloud-native application. The method comprises receiving a request from a user to perform an operation. The user is associated with a risk profile. The method further comprises determining a call path through the distributed cloud-native application to perform the operation and classifying a risk level associated with the determined call path based on a distributed call graph. The distributed call graph comprises a risk value for each call path through the distributed cloud-native application and each call path comprises one or more distributed cloud-native application components. The risk value is based on a weakness rating associated with each component in the call path. The method further comprises determining the risk level associated with the determined call path is acceptable based on the risk profile associated with the user and performing the operation.

公开(公告)号：US11425098B2

公开(公告)日：2022-08-23

申请号：US16855809

申请日：2020-04-22

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jeffrey Michael Napper

IPC: H04L9/40 ,  H04L12/46

Abstract: An identity provider (IdP) service interoperates with a Virtual Private Network (VPN) client. The IdP service receives a login request originating from the VPN client to establish a VPN tunnel between the VPN client and a VPN host, the login request indicating a user of the VPN client. The IdP service provides a response to the login request. The response includes at least both first information including an indication that the user of the VPN client is an authorized user and second information including an indication of a VPN policy for the VPN tunnel, the VPN policy including a VPN client policy to be utilized during the VPN tunnel by the VPN client and a VPN host policy to be utilized during the VPN tunnel by the VPN host.

公开(公告)号：US20220222335A1

公开(公告)日：2022-07-14

申请号：US17226304

申请日：2021-04-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jaffar Alaoui

IPC: G06F21/52 ,  G06F9/54

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.

公开(公告)号：US11899780B2

公开(公告)日：2024-02-13

申请号：US17226304

申请日：2021-04-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jaffar Alaoui

IPC: G06F21/57 ,  G06F21/52 ,  G06F9/54

CPC classification number: G06F21/52 ,  G06F9/544 ,  G06F2221/031

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.