公开(公告)号：US20240364678A1

公开(公告)日：2024-10-31

申请号：US18752532

申请日：2024-06-24

申请人： Cisco Technology, Inc.

发明人： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC分类号： H04L9/40 ,  H04L67/141

CPC分类号： H04L63/0823 ,  H04L63/0281 ,  H04L67/141

摘要： Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US12132723B2

公开(公告)日：2024-10-29

申请号：US17646651

申请日：2021-12-30

申请人： BMC Software Israel Ltd

发明人： Nathan Amichay ,  Eissam Yasin ,  Yaniv Adler ,  Erez Gordon ,  Roman Zemelman ,  Ronit Avrahami ,  Osnat Nagar

IPC分类号： H04L9/40

CPC分类号： H04L63/0823 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

摘要： This document describes systems and techniques enabling the secure registration of an agent such that the agent has secure and trusted access to its specific tenant and specific resources in a multi-region, multi-tenant, multi-cell SaaS platform. The systems and techniques use a secure and robust agent registration process to enable the creation of a unique security profile for each specific agent to enable access only to its specific tenant and specific resources that the agent uses to communicate with the SaaS platform to carry out jobs. The systems and techniques result in a registration process that is scalable for thousands or millions of agents in an environment having segregated SaaS platform cells.

公开(公告)号：US12132722B1

公开(公告)日：2024-10-29

申请号：US16457478

申请日：2019-06-28

申请人： Amazon Technologies, Inc.

发明人： Todd Cignetti ,  Michael S. Slaughter ,  Dayong Hao

IPC分类号： H04L9/40

CPC分类号： H04L63/0823 ,  H04L63/108 ,  H04L63/164

摘要： Methods, systems, and computer-readable media for a certificate management system with forced certificate renewal are disclosed. The certificate management system may receive a request to renew a digital certificate. The request may be received at a selected time prior to an automatic renewal date for the certificate, and the automatic renewal date may be stored by the certificate management system. The certificate management system may acquire, based at least in part on the request to renew the certificate, a renewed certificate from a certificate authority. The renewed certificate may be obtained prior to the automatic renewal date. The renewed certificate may be exported from the certificate management system and bound to a computing resource (e.g., a server) prior to the automatic renewal date.

公开(公告)号：US12132710B2

公开(公告)日：2024-10-29

申请号：US17711919

申请日：2022-04-01

申请人： Arista Networks, Inc.

发明人： Douglas Gourlay ,  Ethan Rahn ,  Fred Hsu ,  Steve Magers

IPC分类号： H04L9/40 ,  H04L9/32 ,  H04L41/0873

CPC分类号： H04L63/0428 ,  H04L9/3236 ,  H04L9/3247 ,  H04L41/0873 ,  H04L63/0823

摘要： Embodiments of the present disclosure include techniques for securing the flow of configuration commands issued to network devices. When an authorized command source, such as an authorized user or program, issues a command, security data for the command is generated and associated with the command. The command and security data may flow across multiple software applications to the network device. The network device receiving the command may use the security data to verify that the command source is an authorized source and to validate that the command was unaltered.

公开(公告)号：US20240356909A1

公开(公告)日：2024-10-24

申请号：US18763971

申请日：2024-07-03

申请人： Snowflake Inc.

发明人： Alexander Hess ,  Joshua Vittum Makinen

IPC分类号： H04L9/40 ,  H04L9/08

CPC分类号： H04L63/0823 ,  H04L9/0825 ,  H04L9/085

摘要： A system and method of signing messages using public key cryptography and certificate verification. The method includes generating a digital certificate based on a signed request. The method includes causing the digital certificate to be stored in a shared data storage available to a first client device. The method includes signing a message using a first private key associated with the first client device to generate a signed message. The first private key is inaccessible to the first client device.

公开(公告)号：US12126715B2

公开(公告)日：2024-10-22

申请号：US18222915

申请日：2023-07-17

申请人： Civic Technologies, Inc.

发明人： Jonathan Robert Smith ,  Vinodan Karthikeya Lingham ,  John Driscoll ,  Iain Charles Fraser

IPC分类号： H04L9/08 ,  G06Q20/02 ,  G06Q20/06 ,  G06Q20/32 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/00 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  H04L9/40

CPC分类号： H04L9/0861 ,  G06Q20/02 ,  G06Q20/065 ,  G06Q20/3276 ,  G06Q20/3278 ,  G06Q20/3674 ,  G06Q20/38215 ,  G06Q20/3829 ,  G06Q20/4015 ,  G06Q20/407 ,  H04L9/0637 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3066 ,  H04L9/3236 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/0492 ,  H04L63/061 ,  H04L63/0823 ,  G06Q2220/00 ,  H04L9/50 ,  H04L2209/56

摘要： A method and system of providing verification of information of a user relating to an attestation transaction is provided, and includes sending a request for information of the user, wherein the information has been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address; receiving at a processor associated with a verifier the information of the user; sending a cryptographic challenge nonce; receiving at the processor associated with the verifier the cryptographic challenge nonce signed by the user's private key; verifying user identity with the cryptographic challenge nonce signed by the user's private key; deriving a public attest key by using the information of the user; deriving an attestation address using the public attest key; and verifying the existence of the attestation transaction at the attestation address in the centralized or distributed ledger.

公开(公告)号：US12126610B1

公开(公告)日：2024-10-22

申请号：US17530064

申请日：2021-11-18

申请人： Wells Fargo Bank, N.A.

发明人： Andrei Stoica ,  Sumit Murarka ,  Michael Peter Ridilla ,  Samir Rameshchandra Sanghvi ,  Jerome Pradier

IPC分类号： H04L9/32 ,  H04L9/40

CPC分类号： H04L63/0823 ,  H04L9/3268 ,  H04L9/3263

摘要： A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.

公开(公告)号：US20240348597A1

公开(公告)日：2024-10-17

申请号：US18753183

申请日：2024-06-25

申请人： Gigamon Inc.

发明人： Manish Pathak ,  Kishor Joshi ,  Murali Bommana

IPC分类号： H04L9/40 ,  H04L43/0876 ,  H04L61/5007 ,  H04L67/568

CPC分类号： H04L63/0823 ,  H04L43/0876 ,  H04L61/5007 ,  H04L67/568

摘要： A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate associated with the server. In response to a determination not to decrypt data transmitted between the client device and the server, the network appliance establishes a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server only over the single connection.

公开(公告)号：US20240348596A1

公开(公告)日：2024-10-17

申请号：US18752280

申请日：2024-06-24

申请人： Entrust Corporation

发明人： MICHAEL MALLINSON ,  IAN REILLY ,  RATHNAVALLI JAYAPRAKASH ,  MARTIN DALE LYNESS ,  TIM GERLACH

IPC分类号： H04L9/40 ,  H04L9/32 ,  H04W4/80 ,  H04W12/06

CPC分类号： H04L63/0815 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/0823 ,  H04L63/0853 ,  H04W12/068 ,  H04W4/80

摘要： Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

公开(公告)号：US20240340279A1

公开(公告)日：2024-10-10

申请号：US18747916

申请日：2024-06-19

申请人： Viam Inc.

发明人： Eliot Horowitz ,  Eric Daniels

IPC分类号： H04L9/40 ,  H04L67/12

CPC分类号： H04L63/0823 ,  H04L67/12

摘要： In variants, a fleet management method can include: determining information about a device; and sending information to the device, including authentication credentials, wherein the device can authenticate itself with other devices within the fleet using the authentication credentials. The fleet management system can function to scalably manage the operation and permissioning of one or more fleets of devices.