公开(公告)号：US20170289104A1

公开(公告)日：2017-10-05

申请号：US15086961

申请日：2016-03-31

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hari Shankar ,  Jin Teng ,  Venkatesh Narsipur Gautam

IPC: H04L29/06

CPC classification number: H04L63/029 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/062 ,  H04L63/166

Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.

公开(公告)号：US20170104722A1

公开(公告)日：2017-04-13

申请号：US14877116

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Hari Shankar ,  Constantinos Kleopa ,  Venkatesh N. Gautam ,  Gerald N.A. Selvam

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0254 ,  H04L63/1425

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

公开(公告)号：US20170005805A1

公开(公告)日：2017-01-05

申请号：US14788862

申请日：2015-07-01

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Hari Shankar

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  G06F21/00 ,  G06F21/33 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2135 ,  H04L9/3268 ,  H04L63/0823 ,  H04L63/1416

Abstract: A computer-implemented method is provided to detect a compromised Certificate Authority (CA). Over time reports are received containing data describing certificate authority certificates captured from messages exchanged between clients and servers. These reports may be received by a central computing entity. Metadata and statistics for certificates contained in the reports are stored. It is determined whether a certificate authority has been compromised based on the metadata and statistics.

Abstract translation: 提供了一种计算机实现的方法来检测受损的证书颁发机构（CA）。 随着时间的推移，报告包含描述从客户机和服务器之间交换的消息中获取的证书颁发机构证书的数据。 这些报告可能由中央计算实体接收。 存储报告中包含的证书的元数据和统计信息。 确定证书颁发机构是否已经基于元数据和统计信息进行泄密。

公开(公告)号：US11483292B2

公开(公告)日：2022-10-25

申请号：US17116111

申请日：2020-12-09

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Prashanth Patil ,  Flemming Andreasen ,  Nancy Cam-Winget ,  Hari Shankar

IPC: H04L9/40

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

公开(公告)号：US10911409B2

公开(公告)日：2021-02-02

申请号：US15984637

申请日：2018-05-21

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Prashanth Patil ,  Flemming Andreasen ,  Nancy Cam-Winget ,  Hari Shankar

IPC: H04L29/06

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

公开(公告)号：US09686081B2

公开(公告)日：2017-06-20

申请号：US14788862

申请日：2015-07-01

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Hari Shankar

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3263 ,  G06F21/00 ,  G06F21/33 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2135 ,  H04L9/3268 ,  H04L63/0823 ,  H04L63/1416

Abstract: A computer-implemented method is provided to detect a compromised Certificate Authority (CA). Over time reports are received containing data describing certificate authority certificates captured from messages exchanged between clients and servers. These reports may be received by a central computing entity. Metadata and statistics for certificates contained in the reports are stored. It is determined whether a certificate authority has been compromised based on the metadata and statistics.

公开(公告)号：US09306955B2

公开(公告)日：2016-04-05

申请号：US14753743

申请日：2015-06-29

Applicant: Cisco Technology, Inc.

Inventor： Haiyan Luo ,  Hari Shankar ,  Daryl Odnert ,  Niranjan Koduri

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/62

CPC classification number: H04L63/105 ,  G06F21/552 ,  G06F21/6218 ,  H04L63/0227 ,  H04L63/0281

Abstract: A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.

公开(公告)号：US11943078B2

公开(公告)日：2024-03-26

申请号：US17860926

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Hari Shankar ,  Rashmi Garg ,  Benoit Ganne ,  Jerome Tollet ,  Nathan Skrzypczak

IPC: H04L12/46 ,  H04L12/44 ,  H04L45/02 ,  H04L45/44 ,  H04L45/741

CPC classification number: H04L12/4683 ,  H04L12/44 ,  H04L45/04 ,  H04L45/44 ,  H04L45/741 ,  H04L2012/445

Abstract: Techniques for a hub node, provisioned in a site of a hub and spoke overlay network, to receive, store, and/or forward network routing information associated with a spoke, and send packets directly to spoke(s) that are remote from the hub node. A first hub node may receive a network advertisement including a border gateway protocol (BGP) large community string from a first spoke local to the first hub node. The first hub node may send the BGP large community string to a second hub node remote from the first hub node. The second hub node may decode network routing information from the BGP large community string and store the network routing information locally. The second hub node may send a packet from a second spoke local to the second hub node directly to the first spoke without the data packet being routed via the first hub node.

公开(公告)号：US20220303251A1

公开(公告)日：2022-09-22

申请号：US17833458

申请日：2022-06-06

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Hari Shankar

IPC: H04L9/40 ,  H04L9/08

Abstract: In one embodiment, a network security device is configured to monitor data traffic between a first device and a second device. The network security device may be configured to intercept a first initial message of a first encrypted handshaking procedure for a first secure communication session between the first device and the second device, the first initial message specifying a hostname that has been encrypted using first key information associated with the network security device, decrypt at least a portion of the first initial message using the first key information to determine the hostname, re-encrypt the hostname using second key information associated with the second device, and send, to the second device, a second initial message of a second encrypted handshaking procedure for a second secure communication session between the network security device and the second device, the second initial message specifying the hostname re-encrypted using the second key information.

公开(公告)号：US11095670B2

公开(公告)日：2021-08-17

申请号：US16030116

申请日：2018-07-09

Applicant: Cisco Technology, Inc.

Inventor： Subharthi Paul ,  Saman Taghavi Zargar ,  Jayaraman Iyer ,  Hari Shankar

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: In one example embodiment, a network management device generates a first script defining a first function for detecting a first customizable network event in a sequence of customizable network events indicative of a security threat to a network. The network management device activates the first script at a first network device in the network so as to cause the first network device to execute the first function for detecting the first customizable network event, and obtains, from the first network device, one or more indications that the first network device has detected the first customizable network event. Based on the one or more indications, the network management device determines whether to activate a second script defining a second function for detecting a second customizable network event in the sequence at a second network device in the network capable of detecting the second customizable network event.