Patents by Inventor Hendrikus G.P. Bosch

Hendrikus G.P. Bosch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240298180
    Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.
    Type: Application
    Filed: May 10, 2024
    Publication date: September 5, 2024
    Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G. P. Bosch, Jeffrey Napper, Anubhav Gupta
  • Publication number: 20240291734
    Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.
    Type: Application
    Filed: April 29, 2024
    Publication date: August 29, 2024
    Inventors: Alberto Rodriguez Natal, Hendrikus G.P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
  • Publication number: 20240273203
    Abstract: In one embodiment, a method for detecting an unknown attack vector, by a system, includes receiving a marked span that has been flagged for inspection. The method further includes conducting a root cause analysis to determine if the marked span should be classified as an attack. In response to a determination that the marked span should be classified as an attack, the method further includes determining whether the marked span engaged with data corresponding to one or more application services defining the marked span. The method further includes designating the data corresponding to the one or more application services as compromised in response to a determination that the marked span did engage with said data.
    Type: Application
    Filed: May 31, 2023
    Publication date: August 15, 2024
    Inventors: Mirko Raca, Marcelo Yannuzzi, Jeffrey M. Napper, Hendrikus G. P. Bosch
  • Publication number: 20240273187
    Abstract: In one embodiment, a method for storing auditable metadata, by a system, includes receiving incoming signals communicated from at least one application service to a first pod associated with a user space of a node. The method further includes extracting metadata associated with data provided by the received incoming signals. The method further includes receiving outgoing signals communicated from the first pod to an external entity, wherein the incoming signals and the outgoing signals are received by a listener module. The method further includes comparing the incoming signals to the outgoing signals to detect a variation and determining that the data has been transmitted to the external entity based on a determination that there is no detected variation from the comparison between the incoming signals and the outgoing signals.
    Type: Application
    Filed: May 31, 2023
    Publication date: August 15, 2024
    Inventors: Marcelo Yannuzzi, Jean Diaconu, Jeffrey M. Napper, Herve Muyal, Hendrikus G. P. Bosch
  • Patent number: 12063228
    Abstract: In one embodiment, a method comprises: receiving, by a process, an executed function flow of a daisy chained serverless function-as-a-service (FaaS) function, the executed function flow having been injected with a particular trace identifier in response to an initial event trigger and span identifiers having been injected by each service that was executed; generating, by the process, a serverless flow graph associated with the particular trace identifier based on linking a path of serverless functions according to correlation of the span identifiers between the serverless functions; performing, by the process, a trace-based analysis of the serverless flow graph through comparison to a baseline of expectation; detecting, by the process, one or more anomalies in the serverless flow graph according to the trace-based analysis; and mitigating, by the process, the one or more anomalies in the serverless flow graph.
    Type: Grant
    Filed: December 22, 2021
    Date of Patent: August 13, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Akram Ismail Sheriff, Rajiv Asati, Nagendra Kumar Nainar, Ariel Shuper, Hendrikus G. P. Bosch
  • Patent number: 12063149
    Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.
    Type: Grant
    Filed: July 17, 2023
    Date of Patent: August 13, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Alberto Rodriguez Natal, Hendrikus G. P. Bosch, Fabio Maino, Lars Olaf Stefan Olofsson, Jeffrey Napper, Anubhav Gupta
  • Publication number: 20240265112
    Abstract: A system and a method to map attack paths in a visualization interface may include storing in a memory asset inventory indicating application assets, attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may obtain security parameters from a security framework indicating one or more attack techniques, associate each of the vulnerable assets to one or more of the security parameters, and generate a visual interface showing the vulnerable assets and the security parameters. The processor may determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers and the security parameters in the visual interface.
    Type: Application
    Filed: June 6, 2023
    Publication date: August 8, 2024
    Inventors: Jeffrey M. Napper, Hendrikus G. P. Bosch, Jean Diaconu, Marcelo Yannuzzi, Alessandro Duminuco, Guillaume Sauvage De Saint Marc, Marc Scibelli
  • Publication number: 20240265113
    Abstract: A system and a method to determine attack paths to application assets may include storing in a memory asset inventory indicating multiple application assets, multiple attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information configured to associate each of the application assets to one or more of the application layers. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may determine feasibility parameters that indicate a likelihood of the attack path to occur in the system, generate a visual interface showing the vulnerable assets, determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers in the visual interface based at least in part upon the feasibility parameters.
    Type: Application
    Filed: June 6, 2023
    Publication date: August 8, 2024
    Inventors: Jeffrey M. Napper, Hendrikus G. P. Bosch, Jean Diaconu, Marcelo Yannuzzi, Alessandro Duminuco
  • Patent number: 12052569
    Abstract: In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.
    Type: Grant
    Filed: August 16, 2021
    Date of Patent: July 30, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Stefan Olofsson, Ijsbrand Wijnands, Hendrikus G. P. Bosch, Jeffrey Napper, Anubhav Gupta
  • Publication number: 20240232354
    Abstract: In one embodiment, a method includes generating an application programming interface (API) definition by observing traffic. The API definition is associated with an API definition name and an API specification. The method also includes mounting the API definition with an application and deploying the application by a Continuous Integration/Continuous Delivery (CI/CD) pipeline. The method further includes implementing a runtime API and mapping the runtime API to the API definition.
    Type: Application
    Filed: May 15, 2023
    Publication date: July 11, 2024
    Inventors: Alexei Kravtsov, Giovanni Conte, Hendrikus G. P. Bosch
  • Publication number: 20240231973
    Abstract: In one embodiment, a method includes generating an application stack. The application stack includes an application logic module. The method also includes embedding a service mesh module into the application stack. The method further includes managing, by the service mesh module, security of a network packet while maintaining separation of memory regions between the application logic module and the service mesh module.
    Type: Application
    Filed: April 28, 2023
    Publication date: July 11, 2024
    Inventors: Hendrikus G. P. Bosch, Jeffrey M. Napper, Zsolt Varga, Nándor István Krácser, Krisztián Gacsal
  • Patent number: 12033010
    Abstract: In one embodiment, a method includes generating an application stack. The application stack includes an application logic module. The method also includes embedding a service mesh module into the application stack. The method further includes managing, by the service mesh module, security of a network packet while maintaining separation of memory regions between the application logic module and the service mesh module.
    Type: Grant
    Filed: April 28, 2023
    Date of Patent: July 9, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Hendrikus G. P. Bosch, Jeffrey M. Napper, Zsolt Varga, Nándor István Krácser, Krisztián Gacsal
  • Publication number: 20240146770
    Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.
    Type: Application
    Filed: December 22, 2023
    Publication date: May 2, 2024
    Inventors: Hendrikus G.P. Bosch, Sape Jurrien Mullender, Jeffrey Michael Napper, Alessandro Duminuco, Shivani Raghav
  • Publication number: 20240134725
    Abstract: In one embodiment, a method includes generating an application stack. The application stack includes an application logic module. The method also includes embedding a service mesh module into the application stack. The method further includes managing, by the service mesh module, security of a network packet while maintaining separation of memory regions between the application logic module and the service mesh module.
    Type: Application
    Filed: April 27, 2023
    Publication date: April 25, 2024
    Inventors: Hendrikus G. P. Bosch, Jeffrey M. Napper, Zsolt Varga, Nándor István Krácser, Krisztián Gacsal
  • Publication number: 20240134979
    Abstract: In one embodiment, a method includes generating an application programming interface (API) definition by observing traffic. The API definition is associated with an API definition name and an API specification. The method also includes mounting the API definition with an application and deploying the application by a Continuous Integration/Continuous Delivery (CI/CD) pipeline. The method further includes implementing a runtime API and mapping the runtime API to the API definition.
    Type: Application
    Filed: May 14, 2023
    Publication date: April 25, 2024
    Inventors: Alexei Kravtsov, Giovanni Conte, Hendrikus G. P. Bosch
  • Patent number: 11968201
    Abstract: Operations include transmitting, on behalf of a first application, a first request to a first service provider, the first request requesting first services from the first service provider, intercepting, at a local agent, a first redirect message from the first service provider to an identity provider, receiving an identity provider cookie from the identity provider based on a validation of credentials during the authentication process, storing a copy of the identity provider cookie, transmitting, on behalf of a second application, a second request to a second service provider, the second request requesting second services from the second service provider, intercepting a second redirect message from the second service provider to the identity provider, adding the identity provider cookie to the second redirect message, and receiving validation to access the second service provider from the identity provider based on the identity provider cookie stored by the local agent.
    Type: Grant
    Filed: January 4, 2021
    Date of Patent: April 23, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Ahmed Bakry Helmy Ahmed, Sape Jurrien Mullender, Hendrikus G. P. Bosch, Alessandro Duminuco, Jeffrey Michael Napper
  • Publication number: 20240098090
    Abstract: A system and method for an extended security scheme for reducing the prevalence of broken object level authorization. In one embodiment, a method includes receiving code associated with an application programming interface (API), wherein the code includes one of an API definition and an API server stub, and parsing the code for one or more keywords associated with an extended security scheme. If the code includes the API definition, the method further includes generating an associated API server stub based on at least one of the one or more keywords and the API definition. If the code includes the API server stub, the method further includes generating an associated API definition based on at least one of the one or more keywords and the API server stub.
    Type: Application
    Filed: November 18, 2022
    Publication date: March 21, 2024
    Inventors: Rami Haddad, Rim El Malki, Daniel-Serban Cozma, Hendrikus G. P. Bosch
  • Patent number: 11902168
    Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.
    Type: Grant
    Filed: June 24, 2021
    Date of Patent: February 13, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent Parla, Andrew Zawadowskiy, Oleg Bessonov, Hendrikus G. P. Bosch
  • Patent number: 11899780
    Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.
    Type: Grant
    Filed: April 9, 2021
    Date of Patent: February 13, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Hendrikus G. P. Bosch, Alessandro Duminuco, Sape Jurriën Mullender, Jaffar Alaoui
  • Publication number: 20240015140
    Abstract: A system of one embodiment allows for redirecting service and API calls for containerized applications in a computer network. The system includes a memory and a processor. The system processes a plurality of application workflows of a containerized application workload. The system then identifies at least one application workflow of the plurality of application workflows and at least one workflow-specific routing rule associated with the at least one application workflow. The system then determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. Then the system determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. The system then may communicate the at least one identified application workflow to the at least one proxy server using the at least one determined proxy server addresses.
    Type: Application
    Filed: July 5, 2022
    Publication date: January 11, 2024
    Inventors: Hendrikus G. P. Bosch, Alessandro Duminuco, Zohar Kaufman