Patents by Inventor Nathan Sowatskey
Nathan Sowatskey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230344707Abstract: Techniques for an Application Programming Interface (API) gateway to workload placement and load balancing in a distributed system. The API gateway may route API requests, responses, and so forth, via a plurality of paths between the API gateway, API endpoint devices and API client devices. The API gateway may collect the path properties for the plurality of paths between itself, and the client devices and API endpoints. Additionally, or alternatively, the API gateway may collect process properties indicating the statistics of specific processes. Using this data, the API gateway may determine that a particular path, a particular process, etc., has experienced performance degradation. The API gateway may further determine, and perform, a remedial action to take to remedy the performance degradation of the path or processes.Type: ApplicationFiled: April 20, 2022Publication date: October 26, 2023Inventors: Nathan Sowatskey, John Joyce
-
Publication number: 20210027260Abstract: The present invention relates to the application of Distributed Ledger Technology (DLT) to the field of software defined networking in a system and method for providing an end-to-end network comprising a plurality of software defined networks (SDNs) wherein each of the plurality of software defined networks is controlled by a software defined network controller (SDNC), the system comprising: a distributed ledger, wherein the distributed ledger is associated with a Smart Contract, wherein the Smart Contract comprises software code configured to control access by SDNCs to the distributed ledger by assessing whether a business entity and an SDNC operated by the business entity, requesting access to the distributed ledger, meet predefined trust criteria.Type: ApplicationFiled: November 21, 2018Publication date: January 28, 2021Applicant: Zeetta Networks LimitedInventors: Crispin DENT-YOUNG, Nathan SOWATSKEY, Vassilis SEFERIDIS, Catherine Ellen Anne MULLIGAN
-
Patent number: 9876799Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.Type: GrantFiled: September 3, 2015Date of Patent: January 23, 2018Assignee: Cisco Technology, Inc.Inventor: Nathan Sowatskey
-
Patent number: 9356928Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.Type: GrantFiled: December 16, 2014Date of Patent: May 31, 2016Assignee: Cisco Technology, Inc.Inventors: Nathan Sowatskey, Nancy Cam-Winget, Susan E. Thomson, David Jones, Morteza Ansari, Klaas Wierenga, Joseph Salowey
-
Publication number: 20150381625Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.Type: ApplicationFiled: September 3, 2015Publication date: December 31, 2015Inventor: Nathan Sowatskey
-
Patent number: 9152781Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.Type: GrantFiled: August 9, 2012Date of Patent: October 6, 2015Assignee: Cisco Technology, Inc.Inventor: Nathan Sowatskey
-
Publication number: 20150106617Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.Type: ApplicationFiled: December 16, 2014Publication date: April 16, 2015Inventors: Nathan Sowatskey, Nancy Cam-Winget, Susan E. Thomson, David Jones, Morteza Ansari, Klaas Wierenga, Joseph Salowey
-
Patent number: 8949938Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device (IdP), to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the IdP. The IdP uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.Type: GrantFiled: October 27, 2011Date of Patent: February 3, 2015Assignee: Cisco Technology, Inc.Inventors: Nathan Sowatskey, Nancy Cam-Winget, Susan E. Thomson, David Jones, Morteza Ansari, Klaas Wierenga, Joseph Salowey
-
Publication number: 20140047532Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.Type: ApplicationFiled: August 9, 2012Publication date: February 13, 2014Applicant: Cisco Technology, Inc.Inventor: Nathan Sowatskey
-
Publication number: 20130111549Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device (IdP), to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the IdP. The IdP uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.Type: ApplicationFiled: October 27, 2011Publication date: May 2, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Nathan Sowatskey, Nancy Cam-Winget, Susan E. Thomson, David Jones, Morteza Ansari, Klaas Wierenga, Joseph Salowey
-
Publication number: 20130007867Abstract: Techniques are provided for asserting an identity of a client device with a server. A request is received from a client device to access processes hosted by the server. Network identifier information associated with the client device is obtained from the request. Confirmation of authentication of the client device is requested from an identity authentication server using the network identifier information. Access is provided to the client device for the processes hosted by the server when authentication of the client device is confirmed by the identity authentication server.Type: ApplicationFiled: June 30, 2011Publication date: January 3, 2013Applicant: CISCO TECHNOLOGY, INC.Inventors: Nathan Sowatskey, Einar Nilsen-Nygaard, Matthew King
-
Patent number: 7631264Abstract: A method for managing contents of a web site. A request to access a web site is received from a requestor, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requestor. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.Type: GrantFiled: September 6, 2006Date of Patent: December 8, 2009Assignee: Cisco Technology, Inc.Inventors: Ken Jarrad, Greg Wilkins, Nathan Sowatskey, Mark Paul Andrews, Ian Cotton, Mike Manning
-
Publication number: 20070011336Abstract: A method for managing contents of a web site. A request to access a web site is received from a requester, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requester. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.Type: ApplicationFiled: September 6, 2006Publication date: January 11, 2007Inventors: Ken Jarrad, Greg Wilkins, Nathan Sowatskey, Mark Andrews, Ian Cotton, Mike Manning
-
Patent number: 7127681Abstract: A method for managing contents of a web site. A request to access a web site is received from a requestor, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requestor. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.Type: GrantFiled: September 10, 2002Date of Patent: October 24, 2006Assignee: Cisco Technology Inc.Inventors: Ken Jarrad, Greg Wilkins, Nathan Sowatskey, Mark Paul Andrews, Ian Cotton, Mike Manning
-
Publication number: 20060069782Abstract: A method is disclosed for determining whether access to a host requested by a client session connection is permitted. After determining attributes of the client session connection, a list of hosts is selected based on the determined attributes of the client session connection. The list of hosts is then used to determine whether access to the requested host is permitted. The disclosed method can be used to allow for location-specific white lists of free URLs for a user at a wireless network hotspot that the user can access before being authenticated.Type: ApplicationFiled: September 16, 2004Publication date: March 30, 2006Inventors: Michael Manning, Chen Burshan, Nathan Sowatskey, Ritesh Kumar, Gregory Wilkins
-
Publication number: 20060056317Abstract: A method is disclosed for determining a location of a client session in a telecommunications network by comparing attributes of the client session connection to location definition information stored in a configuration file. A method of handling requests from proxy and non-proxy client connections in a telecommunications network by redirecting requests from unauthenticated proxy clients to a transparent proxy port on a captive portal such that the captive portal proxies the requests is also disclosed. The request may be directed to a service, such as a destination IP address and optional port number. A method for a proxy server to identify an edge session through an out-of-band request containing proxy metadata to a web portal for secure (HTTPS) requests is also disclosed. The edge session is identified for the web portal through a hostkey determined by the proxy server.Type: ApplicationFiled: April 19, 2005Publication date: March 16, 2006Inventors: Michael Manning, Chen Burshan, Nathan Sowatskey, Ritesh Kumar, Gregory Wilkins