Patent · US Active

Identity propagation

US9154484B2 · kind B2 · utility

6Cited by

3References

14Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Daniel G. Wing · San Jose, US
Srinivas Chivukula · Bengaluru, IN
Tirumaleswar Reddy · Bengaluru, IN
Prashanth Patil · San Jose, US

Key dates

Filing date	Feb 21, 2013
Grant date	Oct 6, 2015
Priority date	—
Expiry date	Apr 4, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.