公开(公告)号：US20240364678A1

公开(公告)日：2024-10-31

申请号：US18752532

申请日：2024-06-24

申请人： Cisco Technology, Inc.

发明人： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC分类号： H04L9/40 ,  H04L67/141

CPC分类号： H04L63/0823 ,  H04L63/0281 ,  H04L67/141

摘要： Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US20230093942A1

公开(公告)日：2023-03-30

申请号：US17484884

申请日：2021-09-24

申请人： Cisco Technology, Inc.

发明人： George Mathew Koikara ,  Apoorv Raj ,  Shibin Kandacheri Veedu

IPC分类号： H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  H04L29/08

摘要： Techniques are described for providing data such as, for example, keys, connection identifiers, and hashes to network devices using a secure database in order to facilitate client devices remaining connected or reconnecting with network sites when the client device moves among networks and to prevent replay attacks. For example, a method may include receiving, by a network device of a first network, encrypted traffic destined for a network site via the first network from a client device. The method may also include retrieving, by the network device from a database, data related to a previously established connection via a second network of the client device to the network site. In configurations, the data is received by the database from a proxy on the client device. The method may further include based at least in part on the data, passing, by the network device, the encrypted traffic to the network site.

公开(公告)号：US20240022555A1

公开(公告)日：2024-01-18

申请号：US17866871

申请日：2022-07-18

申请人： Cisco Technology, Inc.

发明人： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC分类号： H04L9/40 ,  H04L67/141

CPC分类号： H04L63/0823 ,  H04L63/0281 ,  H04L67/141

摘要： Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US12052235B2

公开(公告)日：2024-07-30

申请号：US17866871

申请日：2022-07-18

申请人： Cisco Technology, Inc.

发明人： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC分类号： H04L9/40 ,  H04L9/08 ,  H04L67/141

CPC分类号： H04L63/0823 ,  H04L63/0281 ,  H04L67/141

摘要： Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US11646995B2

公开(公告)日：2023-05-09

申请号：US16711101

申请日：2019-12-11

申请人： Cisco Technology, Inc.

发明人： Cynthia Leonard ,  George Mathew Koikara ,  Kaushal Bhandankar ,  Prajwal Srinivas Sreenath

IPC分类号： H04L9/40 ,  H04L12/46

CPC分类号： H04L63/0209 ,  H04L12/4645 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/168 ,  H04L63/20

摘要： This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.

公开(公告)号：US20210185006A1

公开(公告)日：2021-06-17

申请号：US16711101

申请日：2019-12-11

申请人： Cisco Technology, Inc.

发明人： Cynthia Leonard ,  George Mathew Koikara ,  Kaushal Bhandankar ,  Prajwal Srinivas Sreenath

IPC分类号： H04L29/06 ,  H04L12/46

摘要： This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.