SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE
Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng ; fre ; ger |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | DUMINUCO, Alessandro BOSCH, Hendrikus G.P NAPPER, Jeffrey, Michael BARBOT, Julien PARLA, Vincent E MULLENDER, Sape Jurrien |
| description | Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_EP4289112A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EP4289112A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_EP4289112A13</originalsourceid><addsrcrecordid>eNqNjLEKwjAURbs4iPoP7wc6tDroGJKX-jC-hCRW6lKKxEm0UGe_3Qy6O10O53DnxTugQRmpRXDWkOxK5TMwEEf0El0ky2A1IEvfuYgKGOPZ-gNEL7QmCadIhi7EDQhQ9iiIgcURIaBvSSIIVtmEHBgsAzX5jn9yWcxuw31Kq-8uCtAY5b5M47NP0zhc0yO9enSberurqlpU6z-SD6LDOzg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE</title><source>esp@cenet</source><creator>DUMINUCO, Alessandro ; BOSCH, Hendrikus G.P ; NAPPER, Jeffrey, Michael ; BARBOT, Julien ; PARLA, Vincent E ; MULLENDER, Sape Jurrien</creator><creatorcontrib>DUMINUCO, Alessandro ; BOSCH, Hendrikus G.P ; NAPPER, Jeffrey, Michael ; BARBOT, Julien ; PARLA, Vincent E ; MULLENDER, Sape Jurrien</creatorcontrib><description>Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.</description><language>eng ; fre ; ger</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION ; WIRELESS COMMUNICATIONS NETWORKS</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20231213&DB=EPODOC&CC=EP&NR=4289112A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76289</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20231213&DB=EPODOC&CC=EP&NR=4289112A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>DUMINUCO, Alessandro</creatorcontrib><creatorcontrib>BOSCH, Hendrikus G.P</creatorcontrib><creatorcontrib>NAPPER, Jeffrey, Michael</creatorcontrib><creatorcontrib>BARBOT, Julien</creatorcontrib><creatorcontrib>PARLA, Vincent E</creatorcontrib><creatorcontrib>MULLENDER, Sape Jurrien</creatorcontrib><title>SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE</title><description>Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><subject>WIRELESS COMMUNICATIONS NETWORKS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNjLEKwjAURbs4iPoP7wc6tDroGJKX-jC-hCRW6lKKxEm0UGe_3Qy6O10O53DnxTugQRmpRXDWkOxK5TMwEEf0El0ky2A1IEvfuYgKGOPZ-gNEL7QmCadIhi7EDQhQ9iiIgcURIaBvSSIIVtmEHBgsAzX5jn9yWcxuw31Kq-8uCtAY5b5M47NP0zhc0yO9enSberurqlpU6z-SD6LDOzg</recordid><startdate>20231213</startdate><enddate>20231213</enddate><creator>DUMINUCO, Alessandro</creator><creator>BOSCH, Hendrikus G.P</creator><creator>NAPPER, Jeffrey, Michael</creator><creator>BARBOT, Julien</creator><creator>PARLA, Vincent E</creator><creator>MULLENDER, Sape Jurrien</creator><scope>EVB</scope></search><sort><creationdate>20231213</creationdate><title>SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE</title><author>DUMINUCO, Alessandro ; BOSCH, Hendrikus G.P ; NAPPER, Jeffrey, Michael ; BARBOT, Julien ; PARLA, Vincent E ; MULLENDER, Sape Jurrien</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_EP4289112A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng ; fre ; ger</language><creationdate>2023</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><topic>WIRELESS COMMUNICATIONS NETWORKS</topic><toplevel>online_resources</toplevel><creatorcontrib>DUMINUCO, Alessandro</creatorcontrib><creatorcontrib>BOSCH, Hendrikus G.P</creatorcontrib><creatorcontrib>NAPPER, Jeffrey, Michael</creatorcontrib><creatorcontrib>BARBOT, Julien</creatorcontrib><creatorcontrib>PARLA, Vincent E</creatorcontrib><creatorcontrib>MULLENDER, Sape Jurrien</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>DUMINUCO, Alessandro</au><au>BOSCH, Hendrikus G.P</au><au>NAPPER, Jeffrey, Michael</au><au>BARBOT, Julien</au><au>PARLA, Vincent E</au><au>MULLENDER, Sape Jurrien</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE</title><date>2023-12-13</date><risdate>2023</risdate><abstract>Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng ; fre ; ger |
| recordid | cdi_epo_espacenet_EP4289112A1 |
| source | esp@cenet |
| subjects | ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION WIRELESS COMMUNICATIONS NETWORKS |
| title | SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-07T01%3A02%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=DUMINUCO,%20Alessandro&rft.date=2023-12-13&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EEP4289112A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |