Patents by Inventor Jeffrey Michael Napper
Jeffrey Michael Napper has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146770Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.Type: ApplicationFiled: December 22, 2023Publication date: May 2, 2024Inventors: Hendrikus G.P. Bosch, Sape Jurrien Mullender, Jeffrey Michael Napper, Alessandro Duminuco, Shivani Raghav
-
Patent number: 11968201Abstract: Operations include transmitting, on behalf of a first application, a first request to a first service provider, the first request requesting first services from the first service provider, intercepting, at a local agent, a first redirect message from the first service provider to an identity provider, receiving an identity provider cookie from the identity provider based on a validation of credentials during the authentication process, storing a copy of the identity provider cookie, transmitting, on behalf of a second application, a second request to a second service provider, the second request requesting second services from the second service provider, intercepting a second redirect message from the second service provider to the identity provider, adding the identity provider cookie to the second redirect message, and receiving validation to access the second service provider from the identity provider based on the identity provider cookie stored by the local agent.Type: GrantFiled: January 4, 2021Date of Patent: April 23, 2024Assignee: Cisco Technology, Inc.Inventors: Ahmed Bakry Helmy Ahmed, Sape Jurrien Mullender, Hendrikus G. P. Bosch, Alessandro Duminuco, Jeffrey Michael Napper
-
Patent number: 11863588Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.Type: GrantFiled: May 6, 2020Date of Patent: January 2, 2024Assignee: Cisco Technology, Inc.Inventors: Hendrikus G. P. Bosch, Sape Jurriën Mullender, Jeffrey Michael Napper, Alessandro Duminuco, Shivani Raghav
-
Publication number: 20230283608Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.Type: ApplicationFiled: May 16, 2023Publication date: September 7, 2023Inventors: Hendrikus GP Bosch, Jeffrey Michael Napper, Alessandro Duminuco, Sape Jurrien Mullender, Julien Barbot, Vinny Parla
-
Patent number: 11683309Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.Type: GrantFiled: February 5, 2021Date of Patent: June 20, 2023Assignee: Cisco Technology, Inc.Inventors: Hendrikus GP Bosch, Jeffrey Michael Napper, Alessandro Duminuco, Sape Jurrien Mullender, Julien Barbot, Vinny Parla
-
Patent number: 11516260Abstract: Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.Type: GrantFiled: February 3, 2021Date of Patent: November 29, 2022Assignee: Cisco Technology, Inc.Inventors: Alessandro Duminuco, Hendrikus G. P. Bosch, Jeffrey Michael Napper, Vinny Parla, Julien Barbot, Sape Jurrien Mullender
-
Patent number: 11457008Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.Type: GrantFiled: October 13, 2020Date of Patent: September 27, 2022Assignee: Cisco Technology, Inc.Inventors: Hendrikus G. P. Bosch, Alessandro Duminuco, Julien Barbot, Jeffrey Michael Napper, Sape Jurrien Mullender
-
Patent number: 11425098Abstract: An identity provider (IdP) service interoperates with a Virtual Private Network (VPN) client. The IdP service receives a login request originating from the VPN client to establish a VPN tunnel between the VPN client and a VPN host, the login request indicating a user of the VPN client. The IdP service provides a response to the login request. The response includes at least both first information including an indication that the user of the VPN client is an authorized user and second information including an indication of a VPN policy for the VPN tunnel, the VPN policy including a VPN client policy to be utilized during the VPN tunnel by the VPN client and a VPN host policy to be utilized during the VPN tunnel by the VPN host.Type: GrantFiled: April 22, 2020Date of Patent: August 23, 2022Assignee: Cisco Technology, Inc.Inventors: Hendrikus G. P. Bosch, Alessandro Duminuco, Sape Jurriën Mullender, Jeffrey Michael Napper
-
Publication number: 20220255937Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.Type: ApplicationFiled: February 5, 2021Publication date: August 11, 2022Inventors: Hendrikus GP Bosch, Jeffrey Michael Napper, Alessandro Duminuco, Sape Jurrien Mullender, Julien Barbot, Vinny Parla
-
Publication number: 20220247791Abstract: Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.Type: ApplicationFiled: February 3, 2021Publication date: August 4, 2022Inventors: Alessandro Duminuco, Hendrikus G.P. Bosch, Jeffrey Michael Napper, Vinny Parla, Julien Barbot, Sape Jurrien Mullender
-
Publication number: 20220217132Abstract: Operations include transmitting, on behalf of a first application, a first request to a first service provider, the first request requesting first services from the first service provider, intercepting, at a local agent, a first redirect message from the first service provider to an identity provider, receiving an identity provider cookie from the identity provider based on a validation of credentials during the authentication process, storing a copy of the identity provider cookie, transmitting, on behalf of a second application, a second request to a second service provider, the second request requesting second services from the second service provider, intercepting a second redirect message from the second service provider to the identity provider, adding the identity provider cookie to the second redirect message, and receiving validation to access the second service provider from the identity provider based on the identity provider cookie stored by the local agent.Type: ApplicationFiled: January 4, 2021Publication date: July 7, 2022Inventors: Ahmed Bakry Helmy Ahmed, Sape Jurrien Mullender, Hendrikus G. P. Bosch, Alessandro Duminuco, Jeffrey Michael Napper
-
Publication number: 20220116381Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.Type: ApplicationFiled: October 13, 2020Publication date: April 14, 2022Inventors: Hendrikus G.P. Bosch, Alessandro Duminuco, Julien Barbot, Jeffrey Michael Napper, Sape Jurrien Mullender
-
Publication number: 20210273913Abstract: An identity provider (IdP) service interoperates with a Virtual Private Network (VPN) client. The IdP service receives a login request originating from the VPN client to establish a VPN tunnel between the VPN client and a VPN host, the login request indicating a user of the VPN client. The IdP service provides a response to the login request. The response includes at least both first information including an indication that the user of the VPN client is an authorized user and second information including an indication of a VPN policy for the VPN tunnel, the VPN policy including a VPN client policy to be utilized during the VPN tunnel by the VPN client and a VPN host policy to be utilized during the VPN tunnel by the VPN host.Type: ApplicationFiled: April 22, 2020Publication date: September 2, 2021Inventors: Hendrikus G.P. Bosch, Alessandro Duminuco, Sape Jurriën Mullender, Jeffrey Michael Napper
-
Patent number: 11012251Abstract: In one example embodiment, a server generates a candidate instantiation of virtual applications among a plurality of hosts in a data center to support a multicast stream. The server provides, to a first set of agents corresponding to a first set of the plurality of hosts, a command to initiate a test multicast stream. The server provides, to a second set of agents corresponding to a second set of the plurality of hosts, a command to join the test multicast stream. The server obtains, from the second set of agents, a message indicating whether the second set of agents received the test multicast stream. If the message indicates that the second set of agents received the test multicast stream, the server causes the virtual applications to be instantiated in accordance with the candidate instantiation of the virtual applications.Type: GrantFiled: October 2, 2018Date of Patent: May 18, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Hendrikus G. P. Bosch, Sape Jurriën Mullender, Ijsbrand Wijnands, Alessandro Duminuco, Jeffrey Michael Napper, Subhasri Dhesikan
-
Publication number: 20210044623Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.Type: ApplicationFiled: May 6, 2020Publication date: February 11, 2021Inventors: Hendrikus G.P. Bosch, Sape Jurriën Mullender, Jeffrey Michael Napper, Alessandro Duminuco, Shivani Raghav
-
Publication number: 20200106631Abstract: In one example embodiment, a server generates a candidate instantiation of virtual applications among a plurality of hosts in a data center to support a multicast stream. The server provides, to a first set of agents corresponding to a first set of the plurality of hosts, a command to initiate a test multicast stream. The server provides, to a second set of agents corresponding to a second set of the plurality of hosts, a command to join the test multicast stream. The server obtains, from the second set of agents, a message indicating whether the second set of agents received the test multicast stream. If the message indicates that the second set of agents received the test multicast stream, the server causes the virtual applications to be instantiated in accordance with the candidate instantiation of the virtual applications.Type: ApplicationFiled: October 2, 2018Publication date: April 2, 2020Inventors: Hendrikus G.P. Bosch, Sape Jurriën Mullender, IJsbrand Wijnands, Alessandro Duminuco, Jeffrey Michael Napper, Subhasri Dhesikan