-
公开(公告)号:US20220150798A1
公开(公告)日:2022-05-12
申请号:US17091102
申请日:2020-11-06
Applicant: Cisco Technology, Inc.
Inventor: Timothy Peter Stammers , Flemming Andreasen
Abstract: Techniques are provided to use a trusted identity and location to select the most appropriate point of interconnect to edge application execution environments as well as a specific edge application execution environment. The techniques may involve obtaining, on behalf of a wireless mobile device, an access identifier that indicates an access location of the wireless mobile device that is wirelessly connected to wireless network infrastructure equipment operated by an access network provider that is associated with, and a member of, a federation of access network providers. The access location for the wireless mobile device is derived based on the access identifier, and the access location is used to select an edge resource to be used by the wireless mobile device.
-
公开(公告)号:US11611579B2
公开(公告)日:2023-03-21
申请号:US17715284
申请日:2022-04-07
Applicant: Cisco Technology, Inc.
Inventor: David Mcgrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
IPC: H04L9/40 , H04L61/4511
Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
3.发明申请公开(公告)号:US20210119974A1
公开(公告)日:2021-04-22
申请号:US17116111
申请日:2020-12-09
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L29/06
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
4.发明申请公开(公告)号:US20190356694A1
公开(公告)日:2019-11-21
申请号:US15984637
申请日:2018-05-21
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L29/06
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
5.发明授权公开(公告)号:US11483292B2
公开(公告)日:2022-10-25
申请号:US17116111
申请日:2020-12-09
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L9/40
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
Patent Agency Ranking
公开(公告)号:US11303664B2
公开(公告)日:2022-04-12
申请号:US16669831
申请日:2019-10-31
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
IPC: H04L29/06 , H04L29/12 , H04L61/4511
Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
7.发明授权公开(公告)号:US10911409B2
公开(公告)日:2021-02-02
申请号:US15984637
申请日:2018-05-21
Applicant: Cisco Technology, Inc.
Inventor: Jianxin Wang , Prashanth Patil , Flemming Andreasen , Nancy Cam-Winget , Hari Shankar
IPC: H04L29/06
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
-
公开(公告)号:US11785041B2
公开(公告)日:2023-10-10
申请号:US17696081
申请日:2022-03-16
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
IPC: H04L9/40 , H04L61/4511
CPC classification number: H04L63/1441 , H04L61/4511 , H04L63/145 , H04L63/1408 , H04L63/0428 , H04L63/166
Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
公开(公告)号:US11540202B2
公开(公告)日:2022-12-27
申请号:US17091102
申请日:2020-11-06
Applicant: Cisco Technology, Inc.
Inventor: Timothy Peter Stammers , Flemming Andreasen
Abstract: Techniques are provided to use a trusted identity and location to select the most appropriate point of interconnect to edge application execution environments as well as a specific edge application execution environment. The techniques may involve obtaining, on behalf of a wireless mobile device, an access identifier that indicates an access location of the wireless mobile device that is wirelessly connected to wireless network infrastructure equipment operated by an access network provider that is associated with, and a member of, a federation of access network providers. The access location for the wireless mobile device is derived based on the access identifier, and the access location is used to select an edge resource to be used by the wireless mobile device.
-
公开(公告)号:US20220210183A1
公开(公告)日:2022-06-30
申请号:US17696081
申请日:2022-03-16
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Daniel G. Wing , Flemming Andreasen
IPC: H04L9/40 , H04L61/4511
Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.018 seconds)
