Network communication method, system, computing device, and computer-readable storage medium
US-2021234944-A1 · Jul 29, 2021 · US
Prioritization of individual channels within multiplexed streams for zero trust network access (ZTNA)
US12418578B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12418578-B2 |
| Application number | US-202318122052-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 15, 2023 |
| Priority date | Mar 15, 2023 |
| Publication date | Sep 16, 2025 |
| Grant date | Sep 16, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for using a secure access gateway to signal compute and/or network prioritization to individual streams within multiplexed sessions for zero-trust network access (ZTNA). A secure access gateway may be configured to identify weighting data and/or prioritization data associated with individual streams within the multiplexed session comprising various protocols (e.g., HTTP/2 and/or HTTP/3) and determine a gateway priority value. That is, the secure access gateway may be configured to prioritize certain types of traffic (user roles, resource types, etc.) over others, regardless of the protocol employed by the individual stream. The secure access gateway may then prioritize the processing (e.g., networking and/or computational resources) of a first stream having a more favorable gateway priority value than a second stream. Additionally, the secure access gateway may be configured to transmit indications of the gateway priority value to a target resource, such that the streams may be prioritized in the reverse direction.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: establishing, by a secure access gateway, a first data stream connection with one or more client devices, wherein the first data stream connection comprises a hypertext transfer protocol (HTTP)/3 protocol; establishing, by the secure access gateway, a second data stream connection with the one or more client devices, wherein the second data stream connection comprises an HTTP/2 protocol; determining, by the secure access gateway and based at least in part on the one or more client devices, first prioritization data associated with the first data stream; determining, by the secure access gateway and based at least in part on the second data stream, first weighting data associated with the second data stream; storing, by the secure access gateway and based at least in part on the first prioritization data, a first mapping between the first data stream and a first priority value; storing, by the secure access gateway and based at least in part on the first weighting data, a second mapping between the second data stream and a second priority value; determining that the first priority value is more favorable than the second priority value; and processing the first data stream prior to processing the second data stream based at least in part on the first priority value being more favorable than the second priority value. 2. The method of claim 1 , wherein processing the first data stream comprises at least one of: performing an encryption process associated with the first data stream; performing a decryption process associated with the first data stream; performing a proxy process associated with the first data stream; performing a routing process associated with the first data stream; performing a forwarding process associated with the first data stream; performing an encapsulation process associated with the first data stream; and performing a decapsulation process associated with the first data stream. 3. The method of claim 1 , further comprising identifying, in a packet associated with the second data stream, one or more bits indicating the first weighting data, wherein determining the first weighting data associated with the second data stream is based at least in part on identifying the one or more bits. 4. The method of claim 1 , further comprising receiving, from a client device of the one or more client devices, an indication of the first prioritization data associated with the first data stream, wherein determining the first prioritization data associated with the first data stream is based at least in part on receiving the indication. 5. The method of claim 1 , further comprising: determining, by the secure access gateway, a target resource associated with the first data stream; establishing, by the secure access gateway, a third data stream connection with the target resource, wherein the third data stream comprises at least one of a QUIC protocol, a UDP protocol, or a transmission control protocol (TCP); and transmitting network data, received at the secure access gateway via the first data stream, to the target resource via the third data stream prior to processing the second data stream. 6. The method of claim 5 , further comprising: determining, by the secure access gateway, one or more quality of service (QOS) bits associated with the first data stream, the one or more QOS bits representing the first mapping between the first data stream and the first priority value; and sending, from the secure access gateway and to the target resource, the one or more QOS bits associated with the first data stream, the one or more QOS bits causing the target resource to process the first data stream prior to processing at least the second data stream. 7. A system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: establishing, by a secure access gateway, a multiplexed data stream connection with one or more client devices; determining, by the secure access gateway, a first indication of first prioritization data associated with a first data stream of the multiplexed data stream, the first data stream being associated with a first network hypertext transfer protocol (HTTP)/3 protocol; determining, by the secure access gateway, a second indication of first weighting data associated with a second data stream of the multiplexed data stream, the second data stream being associated with a second network protocol that is different from the first network protocol an HTTP/2 protocol; storing, by the secure access gateway and based at least in part on the first indication, a first mapping between the first data stream and a first priority value; storing, by the secure access gateway and based at least in part on the second indication, a second mapping between the second data stream and a second priority value; and performing a first operation associated with the first data stream prior to performing a second operation associated with the second data stream based at least in part on the first priority value being more favorable than the second priority value. 8. The system of claim 7 , wherein performing the operation associated with the first data stream comprises at least one of performing an encryption process associated with the first data stream; performing a decryption process associated with the first data stream; performing a proxy process associated with the first data stream; performing a routing process associated with the first data stream; performing a forwarding process associated with the first data stream; performing an encapsulation process associated with the first data stream; and performing a decapsulation process associated with the first data stream. 9. The system of claim 7 , the operations further comprising identifying, in a packet associated with the second data stream, one or more bits representing the second indication of the first weighting data, wherein determining the first weighting data associated with the second data stream is based at least in part on identifying the one or more bits. 10. The system of claim 7 , the operations further comprising receiving, from a client device of the one or more client devices, the first indication of the first prioritization data associated with the first data stream, wherein determining the first prioritization data associated with the first data stream is based at least in part on receiving the first indication. 11. The system of claim 7 , wherein the operation is a first operation, and the operations further comprising: determining, by the secure access gateway, a third indication of one of second prioritization data or second weighting data associated with a third data stream of the multiplexed data stream, the third data stream being associated with one of the first protocol or the second protocol; storing, by the secure access gateway and based at least in part on the third indication, a third mapping between the third data stream and a third priority value; determining, by the secure access gateway, that the third priority value is more favorable than the first priority value and the second priority value; and performing a third operation associated with the third data stream prior to performing the first operation associated with the first data stream and the second operation associated with the second data stream based at least in part on determining that the third priority value is more favorable than the first priority value and the second prior
Assignees
Inventors
Classifications
Arrangements for connecting between networks having differing types of switching systems, e.g. gateways · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
by securing the transmission between two devices or processes · CPC title
taking into account QoS or priority requirements · CPC title
- H04L67/02Primary
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12418578B2 cover?
- Techniques for using a secure access gateway to signal compute and/or network prioritization to individual streams within multiplexed sessions for zero-trust network access (ZTNA). A secure access gateway may be configured to identify weighting data and/or prioritization data associated with individual streams within the multiplexed session comprising various protocols (e.g., HTTP/2 and/or HTTP…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/02. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).