公开(公告)号：US20160308941A1

公开(公告)日：2016-10-20

申请号：US14691112

申请日：2015-04-20

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: H04L29/08

CPC classification number: H04L67/06 ,  G06F17/30067 ,  G06F17/30097 ,  G06F17/30165

Abstract: Techniques are presented herein for receiving a hash value of a file computed by a collaboration client prior to the collaboration client uploading the file to a collaboration server in an attempt to share the file with another collaboration client. The collaboration server may query an internal file storage system of file hashes for a hash value of a previously uploaded file that matches the hash value of the file to be uploaded. In response to the collaboration server receiving a notification that a matching hash value was not found in the file storage system, the collaboration server queries a first connector service that is in communication with a first service that has access to at least a first file storage system that is external to the collaboration server. The collaboration server queries the first connector service with the hash value of the file to be uploaded.

Abstract translation: 本文介绍了技术，用于在协作客户端将文件上传到协作服务器之前尝试与其他协作客户端共享文件，以接收由协作客户端计算的文件的散列值。 协作服务器可以查询文件哈希的内部文件存储系统，以获得与要上传的文件的哈希值匹配的先前上传的文件的哈希值。 响应于协作服务器接收到在文件存储系统中没有找到匹配的散列值的通知，协作服务器查询与可访问至少第一文件存储系统的第一服务通信的第一连接器服务 这在协作服务器的外部。 协作服务器使用要上传的文件的哈希值来查询第一个连接器服务。

公开(公告)号：US20170163611A1

公开(公告)日：2017-06-08

申请号：US15435717

申请日：2017-02-17

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: H04L29/06 ,  H04L9/08 ,  G06F17/30 ,  H04L9/32

CPC classification number: H04L63/0428 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/3048 ,  G06F17/30864 ,  G06F17/30867 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3242 ,  H04L9/3263 ,  H04L63/06 ,  H04L63/061 ,  H04L67/1097

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

公开(公告)号：US09614684B2

公开(公告)日：2017-04-04

申请号：US15151864

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  G06F17/30 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L63/0428 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/3048 ,  G06F17/30864 ,  G06F17/30867 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3242 ,  H04L9/3263 ,  H04L63/06 ,  H04L63/061 ,  H04L67/1097

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

公开(公告)号：US20150281185A1

公开(公告)日：2015-10-01

申请号：US14225644

申请日：2014-03-26

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0428 ,  G06F16/951 ,  H04L63/061 ,  H04L67/10 ,  H04L67/14

Abstract: The embodiments presented herein provide for a method for a key management service (KMS) to provide a conversation key over individually established secure channels. The KMS establishes, with a first device, a first ephemerally secure communication channel over an unsecure network. The KMS receives, over the first ephemerally secure communication channel, a first request for a conversation key. After obtaining the conversation key, the KMS transmits the conversation key to the first device over the first ephemerally secure communication channel. The KMS establishes, with a second device, a second ephemerally secure communication channel over the unsecure network. The KMS receives, over the second ephemerally secure communication channel, a second request for the conversation key. The conversation key is transmitted to the second device over the second ephemerally secure communication channel.

Abstract translation: 这里提出的实施例提供了一种用于密钥管理服务（KMS）在单独建立的安全信道上提供会话密钥的方法。 KMS通过第一设备建立通过不安全网络的第一个短时间安全的通信通道。 KMS通过第一临时安全通信信道接收对话密钥的第一请求。 在获得会话密钥之后，KMS通过第一临时安全通信信道将会话密钥发送到第一设备。 KMS与第二设备建立了不安全网络上的第二个临时安全通信通道。 在第二临时安全通信信道上，KMS接收对话密钥的第二请求。 会话密钥通过第二临时安全通信信道发送到第二设备。

公开(公告)号：US10104084B2

公开(公告)日：2018-10-16

申请号：US14942195

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Hua Cui ,  Ian Remmel

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/33

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.

公开(公告)号：US09871775B2

公开(公告)日：2018-01-16

申请号：US14943184

申请日：2015-11-17

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L12/58

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US10110660B2

公开(公告)日：2018-10-23

申请号：US14691112

申请日：2015-04-20

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: G06F17/30 ,  H04L29/08

Abstract: Techniques are presented herein for receiving a hash value of a file computed by a collaboration client prior to the collaboration client uploading the file to a collaboration server in an attempt to share the file with another collaboration client. The collaboration server may query an internal file storage system of file hashes for a hash value of a previously uploaded file that matches the hash value of the file to be uploaded. In response to the collaboration server receiving a notification that a matching hash value was not found in the file storage system, the collaboration server queries a first connector service that is in communication with a first service that has access to at least a first file storage system that is external to the collaboration server. The collaboration server queries the first connector service with the hash value of the file to be uploaded.

公开(公告)号：US10021080B2

公开(公告)日：2018-07-10

申请号：US15830291

申请日：2017-12-04

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L12/58 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US20180091489A1

公开(公告)日：2018-03-29

申请号：US15830291

申请日：2017-12-04

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L12/58

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US09923877B2

公开(公告)日：2018-03-20

申请号：US15435717

申请日：2017-02-17

Applicant: Cisco Technology, Inc.

Inventor： Shaun Cooley

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F17/30

CPC classification number: H04L63/0428 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/3048 ,  G06F17/30864 ,  G06F17/30867 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3242 ,  H04L9/3263 ,  H04L63/06 ,  H04L63/061 ,  H04L67/1097

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.