US 11,683,309 B2
Nonce-based enterprise security policy enforcement
Hendrikus GP Bosch, Aalsmeer (NL); Jeffrey Michael Napper, Delft (NL); Alessandro Duminuco, Milan (IT); Sape Jurrien Mullender, Amsterdam (NL); Julien Barbot, Villebon-sur-Yvette (FR); and Vinny Parla, North Hampton, NH (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Feb. 5, 2021, as Appl. No. 17/169,086.
Prior Publication US 2022/0255937 A1, Aug. 11, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/10 (2013.01) [H04L 61/4511 (2022.05); H04L 63/0876 (2013.01); H04L 63/20 (2013.01); H04L 63/0272 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method performed at least partly by a domain name service (DNS), comprising:
by the DNS, receiving a name resolution request from a client computing device, the name resolution request being associated with a destination;
determining, using a routing policy, that traffic from the client device sent to the destination is to be processed by a service;
generating a nonce that is associated with the service; and
by the DNS, providing nonce to the client computing device such that the traffic sent from the client device using the nonce is routed to the service, wherein the service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce.