公开(公告)号：US20220222335A1

公开(公告)日：2022-07-14

申请号：US17226304

申请日：2021-04-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jaffar Alaoui

IPC: G06F21/52 ,  G06F9/54

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.

公开(公告)号：US09479443B2

公开(公告)日：2016-10-25

申请号：US14285843

申请日：2014-05-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Ian McDowell Campbell ,  Humberto J. La Roche ,  James N. Guichard ,  Surendra M. Kumar ,  Paul Quinn ,  Alessandro Duminuco ,  Jeffrey Napper ,  Ravi Shekhar

IPC: H04L12/851 ,  H04L12/801 ,  H04W72/04 ,  H04L12/721 ,  H04W88/16

CPC classification number: H04L47/2408 ,  H04L45/38 ,  H04L47/12 ,  H04L47/14 ,  H04W72/0493 ,  H04W88/16

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract translation: 在一个示例性实施例中提供了示例性方法，并且可以包括在网关处接收订户的分组，其中所述网关包括用于与一个或多个策略服务器进行接口的本地策略锚点以及用于与一个或多个服务 每个服务链包括由网关可访问的一个或多个服务; 确定服务链以接收订户的分组; 用标题附加订户的分组，其中该报头至少部分地包括用户的标识信息和用于本地策略锚的因特网协议（IP）地址; 以及将包括所述头部的分组注入到为所述用户确定的服务链中。

公开(公告)号：US09413659B2

公开(公告)日：2016-08-09

申请号：US14301767

申请日：2014-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Jeffrey Napper

IPC: H04L12/26 ,  H04L12/741 ,  H04L12/801 ,  H04L12/851

CPC classification number: H04L45/745 ,  H04L47/18 ,  H04L47/2441

Abstract: An example method for distributed network address and port translation (NAPT) for migrating flows between service chains in a network environment is provided and includes distributing translation state for a flow traversing the network across a plurality of NAPT service nodes in the network, with packets belonging to the flow being translated according to the translation state, associating the flow with a first service chain at a flow classifier in the network, and updating the association when the flow migrates from the first service chain to a second service chain, with packets belonging to the migrated flow also being translated according to the translation state. The method may be executed at a pool manager in the network. In specific embodiments, the pool manager may include a distributed storage located across the plurality of NAPT service nodes.

Abstract translation: 提供了一种用于在网络环境中的服务链之间迁移流的分布式网络地址和端口转换（NAPT）的示例方法，并且包括：跨越网络中的多个NAPT服务节点的跨流过的流的分发转换状态，分组属于 根据所述翻译状态对所述流进行翻译，将所述流与所述网络中的流分类器处的第一服务链相关联，以及当所述流从所述第一服务链迁移到第二服务链时更新所述关联，其中分组属于 迁移流也根据翻译状态进行翻译。 该方法可以在网络中的池管理器处执行。 在具体实施例中，池管理器可以包括跨越多个NAPT服务节点的分布式存储器。

公开(公告)号：US20240004973A1

公开(公告)日：2024-01-04

申请号：US17854180

申请日：2022-06-30

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Zohar Kaufman

IPC: G06F21/31

CPC classification number: G06F21/31

Abstract: The present disclosure is directed to systems and methods for minimizing data exposure in API responses and includes the performance of operations and/or the steps of receiving, from a client, a request for a data object from an API, wherein the data object comprises one or more data elements; identifying a client type associated with the client; receiving, from the API, a response to the request from the client; and modifying the response based on the identified client type.

公开(公告)号：US20220398324A1

公开(公告)日：2022-12-15

申请号：US17346898

申请日：2021-06-14

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender

IPC: G06F21/57

Abstract: The present disclosure is directed to systems and methods for vulnerability analysis using continuous application attestation, a method including receiving a load map associated with an application , the load map indicating loaded modules of the application; determining whether at least one notification is received indicating at least one update to the loaded modules of the application, wherein, if the at least one notification is received, the load map is updated based on the indicated at least one update, and wherein, if the at least one notification is not received, the load map is retained in an existing state; periodically retrieving call traces associated with the application, the call traces indicating executed modules of the application; and generating a continuous application attestation comprising at least a combination of the updated load map or the retained load map, and the retrieved call traces associated with the application at a given time.

公开(公告)号：US20220255937A1

公开(公告)日：2022-08-11

申请号：US17169086

申请日：2021-02-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus GP Bosch ,  Jeffrey Michael Napper ,  Alessandro Duminuco ,  Sape Jurrien Mullender ,  Julien Barbot ,  Vinny Parla

IPC: H04L29/06 ,  H04L29/12

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

公开(公告)号：US20220116381A1

公开(公告)日：2022-04-14

申请号：US17069540

申请日：2020-10-13

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Julien Barbot ,  Jeffrey Michael Napper ,  Sape Jurrien Mullender

IPC: H04L29/06

Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.

公开(公告)号：US11190445B2

公开(公告)日：2021-11-30

申请号：US16531549

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L12/761 ,  H04L29/08 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US11146620B2

公开(公告)日：2021-10-12

申请号：US15899179

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Peter Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Michael Francis O'Gorman ,  Sean Chandler ,  Roman Sorokin ,  David Delano Ward ,  Baton Daullxhi ,  Florin Stelian Balus

IPC: H04L29/08 ,  G06F9/50 ,  G06F8/35 ,  G06F8/60 ,  G06F8/71

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

公开(公告)号：US10511590B1

公开(公告)日：2019-12-17

申请号：US16413411

申请日：2019-05-15

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper ,  David Delano Ward ,  Syed Khalid Raza ,  Sape Jurrien Mullender

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.