公开(公告)号：US20250070989A1

公开(公告)日：2025-02-27

申请号：US18454416

申请日：2023-08-23

Applicant: Cisco Technology, Inc.

Inventor： Scott Roy Fluhrer ,  Gilberto Loprieno

IPC: H04L9/40 ,  H03M13/15

Abstract: In one example embodiment, data is received at a node of a network. The data includes encrypted data segments containing data portions and error correction information. The encrypted data segments are decrypted to produce the data portions and the error correction information. Error correction is performed on the data portions using the error correction information. Corrupt data is determined based on the error correction indicating uncorrectable data.

公开(公告)号：US10985847B2

公开(公告)日：2021-04-20

申请号：US15849959

申请日：2017-12-21

Applicant: Cisco Technology, Inc.

Inventor： Gilberto Loprieno ,  Scott Roy Fluhrer ,  Emanuele Umberto Giacometti

IPC: H04B10/85 ,  H04Q11/00 ,  H04L29/06 ,  H04L9/14 ,  H04J3/16 ,  H04L9/32

Abstract: A method divides data traffic into multiple optical transport units formatted according to an optical transport network (OTN) standard. The multiple optical transport units include a master optical network unit and one or more slave optical network units. Each optical network unit includes overhead and a payload. The overhead includes used overhead specifically defined in the OTN standard and unused overhead not specifically defined in the OTN standard. The method encrypts each optical network unit with a respective one of multiple encryption keys, defines security control parameters identifying the multiple encryption keys, and inserts the security control parameters into the unused overhead of a first slave optical network unit among the one or more slave optical network units. The method transmits the optical network units in encrypted form.

公开(公告)号：US20210226782A1

公开(公告)日：2021-07-22

申请号：US16749299

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  Scott Roy Fluhrer ,  Amjad Inamdar ,  David Arthur McGrew

IPC: H04L9/08 ,  H04L9/32 ,  G06N10/00 ,  H04L9/30

Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.

公开(公告)号：US10104050B2

公开(公告)日：2018-10-16

申请号：US15146695

申请日：2016-05-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Warren Scott Wainner ,  Brian E. Weis ,  Paul Quinn ,  Scott Roy Fluhrer

IPC: H04L29/06

Abstract: A method is provided in one example embodiment and includes receiving at a node of a transitive IP network a data packet including a Network Services Header (“NSH”); accessing by the transitive IP network node context contained in the NSH, wherein the context may be used by the transitive IP network node to perform an enhanced network service in connection with the received data packet; performing by the transitive IP network node the enhanced network service in connection with the received data packet using the accessed context; and, subsequent to the performing, forwarding the received packet to a next node.

公开(公告)号：US20170324714A1

公开(公告)日：2017-11-09

申请号：US15146695

申请日：2016-05-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Warren Scott Wainner ,  Brian E. Weis ,  Paul Quinn ,  Scott Roy Fluhrer

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0892 ,  H04L63/104

Abstract: A method is provided in one example embodiment and includes receiving at a node of a transitive IP network a data packet including a Network Services Header (“NSH”); accessing by the transitive IP network node context contained in the NSH, wherein the context may be used by the transitive IP network node to perform an enhanced network service in connection with the received data packet; performing by the transitive IP network node the enhanced network service in connection with the received data packet using the accessed context; and, subsequent to the performing, forwarding the received packet to a next node.

公开(公告)号：US20190199449A1

公开(公告)日：2019-06-27

申请号：US15849959

申请日：2017-12-21

Applicant: Cisco Technology, Inc.

Inventor： Gilberto Loprieno ,  Scott Roy Fluhrer ,  Emanuele Umberto Giacometti

IPC: H04B10/85 ,  H04Q11/00 ,  H04J3/16 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04B10/85 ,  H04J3/1652 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/123 ,  H04Q11/0066

Abstract: A method divides data traffic into multiple optical transport units formatted according to an optical transport network (OTN) standard. The multiple optical transport units include a master optical network unit and one or more slave optical network units. Each optical network unit includes overhead and a payload. The overhead includes used overhead specifically defined in the OTN standard and unused overhead not specifically defined in the OTN standard. The method encrypts each optical network unit with a respective one of multiple encryption keys, defines security control parameters identifying the multiple encryption keys, and inserts the security control parameters into the unused overhead of a first slave optical network unit among the one or more slave optical network units. The method transmits the optical network units in encrypted form.

公开(公告)号：US20230097734A1

公开(公告)日：2023-03-30

申请号：US17491163

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Kyle Andrew Donald Mestery ,  Rahim Lalani ,  Scott Roy Fluhrer

IPC: H04L29/06

Abstract: A system and computer-implemented method for routing an encrypted packet through a cloud enforcement network based on a metadata tag. The cloud enforcement network applies policy and routing attributions or tags outside of the encrypted packet payload in such a way as to not require an inner packet to first be decrypted. Traffic prioritization, data protection, and per application policies are achieved by using such metadata tags for internode routing without the need for DPI or decryption. Furthermore, the metadata itself can also be signed or encrypted depending on the provenance of the data. As such, applying meta-tagging external to an encrypted packet, the payload would not be needed to be decrypted during transit of the packet to express end-to-end policy and routing decisions.