Patents by Inventor Vincent E. Parla

Vincent E. Parla has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240129378
    Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.
    Type: Application
    Filed: December 15, 2023
    Publication date: April 18, 2024
    Inventors: Kyle Andrew Donald Mestery, Vincent E. Parla
  • Publication number: 20240089254
    Abstract: Techniques for using device proximity of a primary device and a secondary device to allow or deny connections to network resource(s), as well as terminate existing connections to the network resource(s). The techniques may include monitoring a proximity-based direct networking connection between a primary device and a secondary device, the proximity-based direct networking connection established in association with authenticating the primary device to access a resource. The techniques may also include determining, based at least in part on the monitoring, that a network proximity between the primary device and the secondary device exceeds a threshold proximity. Based at least in part on determining that the network proximity exceeds the threshold proximity, the techniques may include causing termination of the access to the resource for the primary device.
    Type: Application
    Filed: September 8, 2022
    Publication date: March 14, 2024
    Inventors: Vincent E. Parla, Nancy Patricia Cam-Winget
  • Patent number: 11930069
    Abstract: Techniques for determining whether HTTP/2 or HTTP/3 is a preferred protocol for communication between a client device and a server over a network are described. A change associated with a network interface of a client device is detected. Based at least in part on detecting the change, a determination is made to identify a preferred communication protocol for a network over which the client device communicates using the network interface. A HTTP/2 probe is transmitted over the network and to a server. A HTTP/3 probe is transmitted over the network and to the server. In response to not receiving a HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/2. In response to receiving the HTTP/2 probe response and the HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/3. The client device communicates with the server over the network using the preferred communication protocol.
    Type: Grant
    Filed: February 28, 2023
    Date of Patent: March 12, 2024
    Assignee: Cisco Technology, Inc.
    Inventor: Vincent E. Parla
  • Publication number: 20240080308
    Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.
    Type: Application
    Filed: November 14, 2023
    Publication date: March 7, 2024
    Inventors: Kyle Andrew Donald Mestery, Vincent E. Parla
  • Publication number: 20240080313
    Abstract: Techniques for combining independent sessions between application(s) and a VPN, proxy service, or similar system, including inner protocol sessions (e.g., such as QUIC, etc.), coming from a single device to form a single logical session, where the single logical session could share a single authentication/authorization token are described. The techniques include receiving, from a device within a network, a request for a first application to access a service associated with the proxy service or the VPN, sending, to the device, a first authentication request, and receiving, from the device, a message including a token. The techniques may further include authenticating, by the proxy service or the VPN, the token using a unique identifier associated with the device and enabling, by the proxy service or the VPN, the device to access the service via a first session flow.
    Type: Application
    Filed: September 2, 2022
    Publication date: March 7, 2024
    Inventors: Vincent E. Parla, Kyle Andrew Donald Mestery
  • Patent number: 11924299
    Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.
    Type: Grant
    Filed: April 13, 2022
    Date of Patent: March 5, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Kyle Andrew Donald Mestery, Vincent E. Parla
  • Patent number: 11924107
    Abstract: Techniques for orchestrating workloads based on policy to operate in optimal host and/or network proximity in cloud-native environments are described herein. The techniques may include receiving flow data associated with network paths between workloads hosted by a cloud-based network. Based at least in part on the flow data, the techniques may include determining that a utilization of a network path between a first workload and a second workload is greater than a relative utilization of other network paths between the first workload and other workloads. The techniques may also include determining that reducing the network path would optimize communications between the first workload and the second workload without adversely affecting communications between the first workload and the other workloads. The techniques may also include causing at least one of a redeployment or a network path re-routing to reduce the networking proximity between the first workload and the second workload.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: March 5, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vincent E. Parla, Kyle Andrew Donald Mestery
  • Publication number: 20240073188
    Abstract: Techniques for preserving privacy while still allowing secure access to private resources. Among other things, the techniques may include receiving a request to provide a remote device with access to a private resource. In some instances, the request may be redirected to an identity provider service to authenticate the user of the remote device to maintain anonymity of an identity of the user. The techniques may also include receiving an indication of an entitlement-set provided by the identity provider service, the indication of the entitlement-set indicative of whether the user is entitled to access the resource without revealing the identity of the user. The techniques may also include at least one of authorizing the remote device to access the resource or refraining from authorizing the remote device to access the resource based at least in part on the indication of the entitlement-set.
    Type: Application
    Filed: December 29, 2022
    Publication date: February 29, 2024
    Inventor: Vincent E. Parla
  • Publication number: 20240073284
    Abstract: In one embodiment, an illustrative method herein may comprise: obtaining, by a device, one or more independent telemetry streams, wherein each of the one or more independent telemetry streams is uniquely identifiable by a span identifier; translating, by the device, each of the one or more independent telemetry streams into a corresponding QUIC protocol stream; mapping, by the device, the span identifier of each of the one or more independent telemetry streams to a respective stream identifier that uniquely identifies a QUIC channel of a multiplexed QUIC protocol stream; and communicating, by the device, the multiplexed QUIC protocol stream containing each of the one or more independent telemetry streams on its corresponding QUIC channel to cause a retrieving device to determine the span identifier of each of the one or more independent telemetry streams based on their respective stream identifier.
    Type: Application
    Filed: August 25, 2022
    Publication date: February 29, 2024
    Inventor: Vincent E. Parla
  • Publication number: 20240070315
    Abstract: Techniques for preserving privacy while still allowing secure access to private resources. Among other things, the techniques may include receiving a request to provide a remote device with access to a private resource. In some instances, the request may be redirected to an identity provider service to authenticate the user of the remote device to maintain anonymity of an identity of the user. The techniques may also include receiving an indication of an entitlement-set provided by the identity provider service, the indication of the entitlement-set indicative of whether the user is entitled to access the resource without revealing the identity of the user. The techniques may also include at least one of authorizing the remote device to access the resource or refraining from authorizing the remote device to access the resource based at least in part on the indication of the entitlement-set.
    Type: Application
    Filed: December 29, 2022
    Publication date: February 29, 2024
    Inventor: Vincent E. Parla
  • Publication number: 20240028742
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow diagram for a process on a computing system and monitoring execution of the process on the computing system using the control flow diagram. An unobserved transition is determined based on the learned control flow diagram and the unobserved transition is classified as safe or unsafe based on a monitoring component analysis. An action is performed based on the safety classification and the learned control flow diagram.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Andrew Zawadowskiy, Vincent E. Parla, Oleg Bessonov
  • Publication number: 20240031411
    Abstract: This disclosure describes techniques and mechanisms for defining dynamic security compliance in networks to proactively prevent security policy violations from being added and/or made, retroactively and continuously identify security policy violations based on data from the changing threat landscape, and provide auto-remediation of non-compliant security policies. The techniques enable automated security policies and provide improved network security against a dynamic threat landscape.
    Type: Application
    Filed: July 22, 2022
    Publication date: January 25, 2024
    Inventors: Doron Levari, Tariq Ahmed Farhan, Vincent E. Parla, Ido Tamir, Adam Bragg, Jason M. Perry
  • Publication number: 20240028708
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for executable code of an application by observing executions of transitions during an observation period and determining destinations of indirect transfers based on the learned control flow directed graph. Next a disassembly of the executable code is determined based on the learned control flow directed graph, the destinations of the transfers, and the executable code.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Andrew Zawadowskiy, Vincent E. Parla, Oleg Bessonov
  • Publication number: 20240028741
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include receiving a report of a first anomaly based on real-time control flow graph diagram monitoring of an application at a first system and receiving a second report of a second anomaly from a second system. An exploit report may be generated by providing the first report and the second report to a machine learning model trained to output information related to an exploit based on input reports, and subsequently to provide the output information to a cloud-based reporting tool.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Vincent E. Parla, Thomas Szigeti
  • Publication number: 20240028701
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Andrew Zawadowskiy, Vincent E. Parla, Thomas Szigeti, Oleg Bessonov, Ashok Krishnaji Moghe
  • Publication number: 20240028743
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a program and subsequently determining valid target destinations for transitions within the program. The instructions of the program may be executed by determining a destination for a transition, performing the transition when the destination is included in the list of valid target destinations, and performing a secondary action when the destination is not included in the list of valid target destinations.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Vincent E. Parla, Andrew Zawadowskiy
  • Publication number: 20240028709
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a process executed on the computing system. A system call is identified during execution of the process as well as a predetermined number of transitions leading to the system call. A validity of the transitions leading the system call is determined based on the learned control flow directed graph and the computing system may perform an action based on the validity.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Andrew Zawadowskiy, Oleg Bessonov, Vincent E. Parla
  • Publication number: 20240031394
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a process executed on the computing system. A vulnerability may be determined or identified within the process as well as a software bill of materials for the process. A code portion of the process associated with the vulnerability is determined based on the software bill of materials. A tainted control flow directed graph is generated based on the code portion and excluded from the learned control flow directed graph. The adjusted control flow directed graph may be used to prevent execution of the vulnerability.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Vincent E. Parla, Thomas Szigeti
  • Publication number: 20240028724
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. Transition to the monitoring phase may be based on determining a confidence score in the observed control flow directed graph and causing the transition when the confidence score is above a threshold.
    Type: Application
    Filed: May 16, 2023
    Publication date: January 25, 2024
    Inventors: Vincent E. Parla, Andrew Zawadowskiy, Thomas Szigeti, Oleg Bessonov, Ashok Krishnaji Moghe
  • Publication number: 20240028712
    Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining telemetry representing execution of a process on a computing system and accessing a learned control flow diagram graph for the process. A transfer of an instruction pointer is determined based on the telemetry and a validity of the transfer is determined based on the learned control flow directed graph. If invalid, then an action to terminate the process is determined, otherwise the action may be allowed to execute when valid.
    Type: Application
    Filed: December 19, 2022
    Publication date: January 25, 2024
    Inventors: Vincent E. Parla, Andrew Zawadowskiy, Oleg Bessonov, Thomas Szigeti, Ashok Krishnaji Moghe