Patents by Inventor Vincent E. Parla

Vincent E. Parla has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20180309658
    Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.
    Type: Application
    Filed: July 26, 2017
    Publication date: October 25, 2018
    Inventors: Vincent E. Parla, Valentiu Vlad Santau, Peter S. Davis
  • Patent number: 10027626
    Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: July 17, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Todd Short, Andrew Zawadowskiy, Antonio Martin, Vincent E. Parla
  • Patent number: 10027627
    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: July 17, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Hari Shankar, Constantinos Kleopa, Venkatesh N. Gautam, Gerald N. A. Selvam
  • Patent number: 9894055
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: February 13, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Publication number: 20180026993
    Abstract: A method is disclosed in which a system compares a first set of reports characterizing network traffic flows originating from an endpoint device with a second set of reports characterizing network traffic flows originating from the endpoint device and stored at an external network device to determine whether the first set and second set of reports characterizing network traffic flows originating from an endpoint device are different. In response to determining that the first and second reports characterizing network traffic flows are different, the system identifies the network traffic flows originating from the endpoint device and reported by an external network device, but not reported by the endpoint device, as possibly indicative of malware and forwards the network traffic flows originating from the endpoint device to an analyzer for further processing.
    Type: Application
    Filed: July 20, 2016
    Publication date: January 25, 2018
    Inventors: Vincent E. Parla, Andrey Zawadowskiy, Donovan O'Hara
  • Patent number: 9660833
    Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.
    Type: Grant
    Filed: May 9, 2014
    Date of Patent: May 23, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Andrew Zawadowskiy, Vincent E. Parla, Donovan O'Hara
  • Publication number: 20170104722
    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
    Type: Application
    Filed: October 7, 2015
    Publication date: April 13, 2017
    Inventors: Vincent E. Parla, Hari Shankar, Constantinos Kleopa, Venkatesh N. Gautam, Gerald N.A. Selvam
  • Patent number: 9455909
    Abstract: One embodiment provides selectively routing Domain Name System (DNS) request for sub-domains associated with a first network through a tunnel associated with the first network via the interface. DNS requests for sub-domains associated with a second network are selectively routed through a tunnel associated with the second network via the interface. Embodiments include replacing the destination address for DNS requests for sub-domains associated with the second network to match an address of a DNS server associated with the second network. Data representative of DNS requests for sub-domains associated with the second network is stored. Embodiments forward the DNS requests for sub-domains associated with the second network with the address of the DNS server associated with the second network.
    Type: Grant
    Filed: September 1, 2015
    Date of Patent: September 27, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Vlad Santau, Timothy Steven Champagne, Jr., Kerry Hannigan Munz
  • Publication number: 20160261562
    Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.
    Type: Application
    Filed: May 17, 2016
    Publication date: September 8, 2016
    Inventors: Todd Short, Andrew Zawadowskiy, Antonio Martin, Vincent E. Parla
  • Patent number: 9369435
    Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: June 14, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Todd Short, Andrew Zawadowskiy, Antonio Martin, Vincent E. Parla
  • Publication number: 20160149898
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Application
    Filed: January 29, 2016
    Publication date: May 26, 2016
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Patent number: 9336356
    Abstract: In an example embodiment, a technique that applies a network policy responsive to specified events, or triggers, to a networked device. If a specified event occurs, the network policy may restrict the device's access to the network. For example, if a user walks away from their networked device, such as a laptop, the device's network access changes. For example, depending upon the policy, network traffic may be blocked or otherwise restricted.
    Type: Grant
    Filed: October 6, 2011
    Date of Patent: May 10, 2016
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vincent E. Parla, Eli John Gelasco, Paul Michael Tillotson
  • Patent number: 9294462
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: March 22, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Publication number: 20150372912
    Abstract: One embodiment provides selectively routing Domain Name System (DNS) request for sub-domains associated with a first network through a tunnel associated with the first network via the interface. DNS requests for sub-domains associated with a second network are selectively routed through a tunnel associated with the second network via the interface. Embodiments include replacing the destination address for DNS requests for sub-domains associated with the second network to match an address of a DNS server associated with the second network. Data representative of DNS requests for sub-domains associated with the second network is stored. Embodiments forward the DNS requests for sub-domains associated with the second network with the address of the DNS server associated with the second network.
    Type: Application
    Filed: September 1, 2015
    Publication date: December 24, 2015
    Inventors: Vincent E. PARLA, Vlad SANTAU, Timothy Steven CHAMPAGNE, JR., Kerry Hannigan MUNZ
  • Publication number: 20150326486
    Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.
    Type: Application
    Filed: May 9, 2014
    Publication date: November 12, 2015
    Applicant: Cisco Technology, Inc.
    Inventors: Andrew Zawadowskiy, Vincent E. Parla, Donovan O'Hara
  • Patent number: 9137211
    Abstract: In an example embodiment, a method of dynamically tunneling specific, or per application, services on demand without having to build complex split tunneling policies on Virtual Private Network (VPN) terminators. In particular embodiments, the method can allow for tunneling to multiple data centers on devices with limited, e.g., single, concentrator capabilities.
    Type: Grant
    Filed: May 16, 2013
    Date of Patent: September 15, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Vlad Santau, Timothy Steven Champagne, Jr., Kerry Hannigan Munz
  • Publication number: 20150200924
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Application
    Filed: January 15, 2014
    Publication date: July 16, 2015
    Applicant: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Patent number: 9077730
    Abstract: In an example embodiment, disclosed herein is an apparatus comprising an interface configured to communicate with at least one external device, and processing logic coupled with the interface. The processing logic determines whether the interface is connected directly to a predefined network. The processing logic restricts access to the interface responsive to determining the interface is connected to a network other than the predefined network. The processing logic does not restrict access to the interface while the interface is directly connected with the predefined network.
    Type: Grant
    Filed: February 2, 2011
    Date of Patent: July 7, 2015
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vincent E. Parla, Philip John Steuart Gladstone, Christopher Fitzgerald
  • Patent number: 9032506
    Abstract: Described in an example embodiment herein is a Multiple Application Container. Various embodiments of the Multiple Application Container may include, but are not limited to: (1) managed intranet access via a dedicated Virtual Private Network (VPN) tunnel shared amongst applications within the container, (2) managed file/data encryption, (3) native look and feel applications for the base Operating System (OS), (4) isolation from any non-OS based services on the device, and/or (5) Mobile Device Management (MDM) based capabilities, such as policy enforcement.
    Type: Grant
    Filed: August 9, 2012
    Date of Patent: May 12, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Brian Henry Pescatore, Timothy Steven Champagne
  • Publication number: 20150096008
    Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.
    Type: Application
    Filed: September 30, 2013
    Publication date: April 2, 2015
    Applicant: Cisco Technology, Inc.
    Inventors: Todd Short, Andrew Zawadowskiy, Antonio Martin, Vincent E. Parla