专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11463429B2 Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow 有权
公开(公告)号：US11463429B2
公开(公告)日：2022-10-04
申请号：US17070415
申请日：2020-10-14
申请人： Cisco Technology, Inc.
发明人： Syam Sundar Appala , Sanjay Kumar Hooda , Rex E. Fernando , Vikram Pendharkar
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06 , H04L9/40
摘要： Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.

2. 发明申请

US20160294797A1 SECURE TRANSMISSION OF A SESSION IDENTIFIER DURING SERVICE AUTHENTICATION 有权
标题翻译：服务认证期间会议认证者的安全传输
公开(公告)号：US20160294797A1
公开(公告)日：2016-10-06
申请号：US14674938
申请日：2015-03-31
申请人： Cisco Technology, Inc.
发明人： Antonio Martin , Syam Sundar Appala , Joseph Salowey
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/08 , H04L63/0236 , H04L63/0245 , H04L63/0272 , H04L63/0815 , H04L63/0892 , H04L63/1466 , H04L63/168 , H04L63/30 , H04L67/02 , H04L67/2814
摘要： In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.
摘要翻译：在一个实施例中，一种方法由网络接入设备（NAD）来执行。 NAD将第一个HTTPS请求从客户端计算机（UE）传送到身份提供者计算机（IdP）。 NAD从IdP将响应于第一HTTPS请求的先前重定向的URL传送到UE并且被配置为使得UE重定向到所述先前的重定向URL。通过安全网络链路，NAD从UE接收指定所述先前重定向URL的特定请求。响应于接收到特定请求，NAD生成响应，包括随后的重定向URL和会话标识符，并且被配置为使得UE通过HTTPS连接重定向到IdP。 NAD通过安全网络链路将所述后续的重定向URL传送给UE。 NAD将包括会话标识符的第二HTTPS请求从UE传送到IdP。

3. 发明授权

US10826775B1 Policy plane integration across multiple domains 有权
公开(公告)号：US10826775B1
公开(公告)日：2020-11-03
申请号：US16446338
申请日：2019-06-19
申请人： Cisco Technology, Inc.
发明人： Victor Moreno , Anand Oswal , Rex Emmanuel Fernando , Syam Sundar Appala , Sanjay Kumar Hooda
IPC分类号： H04L12/24 , H04L12/715 , H04L29/06 , G06F9/455 , H04L12/721
摘要： Systems, methods, and computer-readable media for providing cross-domain policy enforcement. In some examples, transit VRFs for a destination network domain and a source network domain are created. Route advertisements for nodes coupled to source VRFs in the source network domain are created that include identifications of the source VRFs. The route advertisements can be transmitted from a source transit VRF in the source network domain to a destination transit VRF in the destination network domain. The route advertisements can then be filtered at the destination transit VRF based on a cross-domain policy using the identifications of the source VRFs to export routes to destination VRFs in the destination network domain according to the cross-domain policy.

4. 发明授权

US11296985B2 Normalized lookup and forwarding for diverse virtual private networks 有权
公开(公告)号：US11296985B2
公开(公告)日：2022-04-05
申请号：US16939300
申请日：2020-07-27
申请人： CISCO TECHNOLOGY, INC.
发明人： Victor Moreno , Sanjay Kumar Hooda , Rex Emmanuel Fernando , Syam Sundar Appala
IPC分类号： H04L12/741 , H04L45/74 , H04L12/46
摘要： This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

5. 发明申请

US20220029915A1 NORMALIZED LOOKUP AND FORWARDING FOR DIVERSE VIRTUAL PRIVATE NETWORKS 有权
公开(公告)号：US20220029915A1
公开(公告)日：2022-01-27
申请号：US16939300
申请日：2020-07-27
申请人： CISCO TECHNOLOGY, INC.
发明人： Victor Moreno , Sanjay Kumar Hooda , Rex Emmanuel Fernando , Syam Sundar Appala
IPC分类号： H04L12/741 , H04L12/46
摘要： This technology enables normalized lookup and forwarding for diverse virtual private networks in multi-site network fabric deployments. A source device on a first Layer 2 site transmits a frame to a destination device on the same subnet, but on a second Layer 2 site. The frame is encapsulated and routed to a fabric border node. The fabric border node matches the source subnet to the destination subnet and transmits an address request protocol (“ARP”). In response to not receiving a reply to the ARP, the fabric border node transmits a map request to a Layer 3 transit fabric control plane node. The control plane node extracts a destination identifier from the map request and determines that the destination identifier is a Layer 2 identifier. The control plane node transmits a map reply to the fabric border node, where the frame is re-encapsulated and forwarded to the destination device.

6. 发明申请

US20210160175A1 GROUP-BASED POLICIES FOR INTER-DOMAIN TRAFFIC 有权
公开(公告)号：US20210160175A1
公开(公告)日：2021-05-27
申请号：US16697016
申请日：2019-11-26
申请人： Cisco Technology, Inc.
发明人： Anubhav Gupta , Rex Fernando , Sanjay Kumar Hooda , Syam Sundar Appala , Samir Thoria
IPC分类号： H04L12/725 , H04L12/741 , H04L12/813 , H04L12/28
摘要： In one embodiment, a method includes receiving a data packet from a first host located in the first site, where the data packet may be destined to a second host located in a second site that may be different from the first site, determining that an identifier of a second group to which the second host belongs is not available at the first network apparatus, sending a request for an identifier of the second group to a second network apparatus, where the request may comprise an address of the second host, receiving a response comprising the identifier of the second group from the second network apparatus, determining that the second group is a destination group, applying one or more policies associated with the destination group to the data packet, and causing the data packet to be routed to the second host.

7. 发明授权

US09578007B2 Secure transmission of a session identifier during service authentication 有权
标题翻译：在服务认证期间安全地传输会话标识符
公开(公告)号：US09578007B2
公开(公告)日：2017-02-21
申请号：US14674938
申请日：2015-03-31
申请人： Cisco Technology, Inc.
发明人： Antonio Martin , Syam Sundar Appala , Joseph Salowey
IPC分类号： H04L29/00 , H04L29/06 , H04L29/08
CPC分类号： H04L63/08 , H04L63/0236 , H04L63/0245 , H04L63/0272 , H04L63/0815 , H04L63/0892 , H04L63/1466 , H04L63/168 , H04L63/30 , H04L67/02 , H04L67/2814
摘要： In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.
摘要翻译：在一个实施例中，一种方法由网络接入设备（NAD）来执行。 NAD将第一个HTTPS请求从客户端计算机（UE）传送到身份提供者计算机（IdP）。 NAD从IdP将响应于第一HTTPS请求的先前重定向的URL传送到UE并且被配置为使得UE重定向到所述先前的重定向URL。通过安全网络链路，NAD从UE接收指定所述先前重定向URL的特定请求。响应于接收到特定请求，NAD生成响应，包括随后的重定向URL和会话标识符，并且被配置为使得UE通过HTTPS连接重定向到IdP。 NAD通过安全网络链路将所述后续的重定向URL传送给UE。 NAD将包括会话标识符的第二HTTPS请求从UE传送到IdP。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式