公开(公告)号：US11902277B2

公开(公告)日：2024-02-13

申请号：US17235284

申请日：2021-04-20

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L9/40 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L9/3263 ,  H04L63/20 ,  H04L63/101

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US09832175B2

公开(公告)日：2017-11-28

申请号：US15230924

申请日：2016-08-08

Applicant: Cisco Technology, Inc.

Inventor： Lewis Chen ,  Scott Fluhrer ,  Warren Scott Wainner ,  Brian Weis

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/104

Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.

公开(公告)号：US11050746B2

公开(公告)日：2021-06-29

申请号：US16260455

申请日：2019-01-29

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L29/06 ,  H04L12/851 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US20190319953A1

公开(公告)日：2019-10-17

申请号：US15954875

申请日：2018-04-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L29/06 ,  H04L9/32

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US20190110298A1

公开(公告)日：2019-04-11

申请号：US15726961

申请日：2017-10-06

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Richard Lee Barness, II

IPC: H04W72/04 ,  H04W48/04 ,  H04W48/16 ,  H04W88/12 ,  H04W92/10

CPC classification number: H04W72/0493 ,  H04W8/24 ,  H04W12/08 ,  H04W48/04 ,  H04W48/16 ,  H04W88/12 ,  H04W92/10

Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.

公开(公告)号：US20190089747A1

公开(公告)日：2019-03-21

申请号：US15708453

申请日：2017-09-19

Applicant: Cisco Technology, Inc.

Inventor： Wenyi Wang ,  Rashmikant B. Shah ,  Brian Weis ,  Michael L. Sullenberger ,  Yuan Cai

IPC: H04L29/06 ,  H04L9/08

Abstract: A process to protect secure communication sessions from a network device that may have been subjected to a malicious network attack or otherwise the source of malicious network traffic. A cellular-connected network device, such as an IoT gateway, may receive data from one or more IoT devices. The cellular-connected network device may also communicate with a datacenter via a communication tunnel. The network device may include a usage profile reference. The network device, before transmitting data received from the IoT devices, may transmit the usage profile reference to the datacenter for authentication purposes. The datacenter may use the usage profile reference to resolve a usage profile that the usage profile reference references. Using the usage profile, the datacenter may negotiate with the cellular-connected network device to restrict the types of data that is transmitted between the datacenter and the cellular-connected network device.

公开(公告)号：US09544282B2

公开(公告)日：2017-01-10

申请号：US14983001

申请日：2015-12-29

Applicant: Cisco Technology, Inc.

Inventor： Aamer S. Akhter ,  Rajiv Asati ,  Brian Weis ,  Mohamed Khalid

IPC: H04L29/06 ,  G06F15/16 ,  H04L9/08 ,  H04L29/12

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/0891 ,  H04L61/2076 ,  H04L63/0272 ,  H04L63/0428

Abstract: In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group.

Abstract translation: 在一个实施例中，一种方法包括获得已经与第一网络地址相关联并提供第一密钥信息的计算机节点处的第二网络地址; 向密钥服务器计算机发送包括所述第一网络地址和所述第二网络地址的更新消息; 使用第一密钥信息将计算机节点从第二网络地址发送的消息加密到组的一个或多个其他成员。

公开(公告)号：US20160380894A1

公开(公告)日：2016-12-29

申请号：US15258444

申请日：2016-09-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/46 ,  H04W28/02

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US09461914B2

公开(公告)日：2016-10-04

申请号：US14246351

申请日：2014-04-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805 ,  H04L29/06

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US09253172B2

公开(公告)日：2016-02-02

申请号：US14681602

申请日：2015-04-08

Applicant: Cisco Technology, Inc.

Inventor： Aamer S. Akhter ,  Rajiv Asati ,  Brian Weis ,  Mohamed Khalid

IPC: H04L29/06 ,  G06F15/16 ,  H04L9/08 ,  H04L29/12

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/0891 ,  H04L61/2076 ,  H04L63/0272 ,  H04L63/0428

Abstract: In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group.