-
公开(公告)号:US12126590B2
公开(公告)日:2024-10-22
申请号:US18362072
申请日:2023-07-31
IPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511 , H04L101/618
CPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511 , H04L2101/618
摘要: A controller can securely publish an application of a tenant by securely extending a network fabric into the networks of the tenant with virtual private networks and NAT. After a tenant deploys an application into one or more networks of the tenant, the tenant can indicate select applications to publish. The network controller assigns a network address from the routable address space of the network fabric to the application and a network address aggregate to each application connector that will front an instance of the application, which securely extends the network fabric into the tenant network. The network controller configures NAT rules in the network fabric and on the application connector to create a route for traffic of the application through the network fabric to the application instance using a fully qualified domain name assigned to the application without exposing a private network address of the application instance and preserving security of other resource on the tenant network.
-
公开(公告)号:US12041173B2
公开(公告)日:2024-07-16
申请号:US18451155
申请日:2023-08-17
发明人: Mohit Sahni
CPC分类号: H04L9/3228 , H04L9/0863 , H04L9/3271 , H04L9/3297 , H04L67/02
摘要: Each tenant of a secure web gateway (SWG) is issued a secret key. A user accesses a unique secret key derived from the tenant's secret key and loads the secret key into an application which generates time-based one time passwords (TOTPs). When the SWG receives a connection request from a client and cannot decrypt the network traffic, the SWG challenges the client request and indicates an authentication scheme to be used. The client obtains user credentials, constructs a response to the challenge based on the authentication scheme, and issues a connection request to the SWG which indicates the response. The SWG determines an expected response based on a locally generated TOTP and the secret key of the corresponding tenant. If the expected response matches the provided response, the SWG authenticates the user, allows the connection request, and whitelists the client for a period longer than the lifetime of the TOTP.
-
公开(公告)号:US11764964B2
公开(公告)日:2023-09-19
申请号:US17314514
申请日:2021-05-07
发明人: Mohit Sahni
CPC分类号: H04L9/3228 , H04L9/0863 , H04L9/3271 , H04L9/3297 , H04L67/02
摘要: Each tenant of a secure web gateway (SWG) is issued a secret key. A user accesses a unique secret key derived from the tenant's secret key and loads the secret key into an application which generates time-based one time passwords (TOTPs). When the SWG receives a connection request from a client and cannot decrypt the network traffic, the SWG challenges the client request and indicates an authentication scheme to be used. The client obtains user credentials, constructs a response to the challenge based on the authentication scheme, and issues a connection request to the SWG which indicates the response. The SWG determines an expected response based on a locally generated TOTP and the secret key of the corresponding tenant. If the expected response matches the provided response, the SWG authenticates the user, allows the connection request, and whitelists the client for a period longer than the lifetime of the TOTP.
-
公开(公告)号:US11757826B1
公开(公告)日:2023-09-12
申请号:US18060774
申请日:2022-12-01
IPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511 , H04L101/618
CPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511 , H04L2101/618
摘要: A controller can securely publish an application of a tenant by securely extending a network fabric into the networks of the tenant with virtual private networks and NAT. After a tenant deploys an application into one or more networks of the tenant, the tenant can indicate select applications to publish. The network controller assigns a network address from the routable address space of the network fabric to the application and a network address aggregate to each application connector that will front an instance of the application, which securely extends the network fabric into the tenant network. The network controller configures NAT rules in the network fabric and on the application connector to create a route for traffic of the application through the network fabric to the application instance using a fully qualified domain name assigned to the application without exposing a private network address of the application instance and preserving security of other resource on the tenant network.
-
5.发明公开公开(公告)号:US20230403155A1
公开(公告)日:2023-12-14
申请号:US18451155
申请日:2023-08-17
发明人: Mohit Sahni
CPC分类号: H04L9/3228 , H04L9/3271 , H04L67/02 , H04L9/0863 , H04L9/3297
摘要: Each tenant of a secure web gateway (SWG) is issued a secret key. A user accesses a unique secret key derived from the tenant's secret key and loads the secret key into an application which generates time-based one time passwords (TOTPs). When the SWG receives a connection request from a client and cannot decrypt the network traffic, the SWG challenges the client request and indicates an authentication scheme to be used. The client obtains user credentials, constructs a response to the challenge based on the authentication scheme, and issues a connection request to the SWG which indicates the response. The SWG determines an expected response based on a locally generated TOTP and the secret key of the corresponding tenant. If the expected response matches the provided response, the SWG authenticates the user, allows the connection request, and whitelists the client for a period longer than the lifetime of the TOTP.
-
公开(公告)号:US20210377308A1
公开(公告)日:2021-12-02
申请号:US16888640
申请日:2020-05-29
发明人: Mohit Sahni , Saurabh Tripathi
摘要: For connection establishment, a system allocates memory that will be occupied by the data and handshake sub-protocol infrastructure that facilitates establishing a TLS connection. After connection establishment, the system allocates memory space for the data and record sub-protocol infrastructure that facilitates the asynchronous communication of application traffic. The memory space for the TLS session (i.e., the communication information separate from the handshake) has a substantially smaller footprint than the memory space for the TLS handshake. The TLS handshake memory space can be released and recycled for other connections while application communications use the smaller memory space allocated and populated with the TLS session data and infrastructure.
-
公开(公告)号:US20240187371A1
公开(公告)日:2024-06-06
申请号:US18362072
申请日:2023-07-31
IPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511
CPC分类号: H04L61/256 , H04L61/2592 , H04L61/4511 , H04L2101/618
摘要: A controller can securely publish an application of a tenant by securely extending a network fabric into the networks of the tenant with virtual private networks and NAT. After a tenant deploys an application into one or more networks of the tenant, the tenant can indicate select applications to publish. The network controller assigns a network address from the routable address space of the network fabric to the application and a network address aggregate to each application connector that will front an instance of the application, which securely extends the network fabric into the tenant network. The network controller configures NAT rules in the network fabric and on the application connector to create a route for traffic of the application through the network fabric to the application instance using a fully qualified domain name assigned to the application without exposing a private network address of the application instance and preserving security of other resource on the tenant network.
-
公开(公告)号:US11818173B2
公开(公告)日:2023-11-14
申请号:US16888640
申请日:2020-05-29
发明人: Mohit Sahni , Saurabh Tripathi
CPC分类号: H04L63/166 , G06F9/5016 , G06F9/5022 , H04L9/085 , H04L9/0819 , G06F2209/5011
摘要: For connection establishment, a system allocates memory that will be occupied by the data and handshake sub-protocol infrastructure that facilitates establishing a TLS connection. After connection establishment, the system allocates memory space for the data and record sub-protocol infrastructure that facilitates the asynchronous communication of application traffic. The memory space for the TLS session (i.e., the communication information separate from the handshake) has a substantially smaller footprint than the memory space for the TLS handshake. The TLS handshake memory space can be released and recycled for other connections while application communications use the smaller memory space allocated and populated with the TLS session data and infrastructure.
-
公开(公告)号:US20220360448A1
公开(公告)日:2022-11-10
申请号:US17314514
申请日:2021-05-07
发明人: Mohit Sahni
摘要: Each tenant of a secure web gateway (SWG) is issued a secret key. A user accesses a unique secret key derived from the tenant's secret key and loads the secret key into an application which generates time-based one time passwords (TOTPs). When the SWG receives a connection request from a client and cannot decrypt the network traffic, the SWG challenges the client request and indicates an authentication scheme to be used. The client obtains user credentials, constructs a response to the challenge based on the authentication scheme, and issues a connection request to the SWG which indicates the response. The SWG determines an expected response based on a locally generated TOTP and the secret key of the corresponding tenant. If the expected response matches the provided response, the SWG authenticates the user, allows the connection request, and whitelists the client for a period longer than the lifetime of the TOTP.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.015 秒)
