公开(公告)号：US20250071083A1

公开(公告)日：2025-02-27

申请号：US18237578

申请日：2023-08-24

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric A. Voit ,  Eric Levy-Abegnoli

IPC: H04L61/2503 ,  H04L9/40 ,  H04L61/4511

Abstract: Techniques for using Prefix Address Translation (PAT), Mobile Internet Protocol (MIP), and/or other techniques to anonymize server-side addresses in data communications. Rather than allowing a server and/or endpoint have visibility of a client IP address of a client device accessing the server and/or endpoint, a virtual network service instead returns a PAT IP address that is mapped to the client device and/or the endpoint device. In this way, IP addresses of clients devices are obfuscated by the virtual network. The client device may then communicate data packets to the server and/or endpoint using the PAT IP address as the source address, and the virtual network service that works in conjunction with the server and/or endpoints can convert the PAT IP address to the actual IP address of the client for return packets using PAT and forward the return packet onto the client device.

公开(公告)号：US20250071060A1

公开(公告)日：2025-02-27

申请号：US18409701

申请日：2024-01-10

Applicant: Cisco Technology, Inc.

Inventor： Steven Wood ,  Balaji Sundararajan ,  Laxmikantha Reddy Ponnuru ,  Avinash Shah ,  Pritam Baruah ,  Venkatesh Nataraj ,  Ganesh Devendrachar

IPC: H04L45/76 ,  H04L12/46

Abstract: Generally, Software-Defined Wide Area Networks (SD-WAN) generally do not support network segmentation. The concepts disclosed herein connects IPSec SD-WAN fabric to a Virtual Routing and Forwarding (VRF) router and make use of a Software Defined Cloud Interconnect (SDCI) Router to route traffic from IPSec SD-WAN to various cloud services from the SDCI Router in the fabric. The concepts disclosed herein also provides for tunnel multi-plexing that takes incoming and outgoing traffic and maps VPNs to any service VRF associated with the cloud based services.

公开(公告)号：US20250071058A1

公开(公告)日：2025-02-27

申请号：US18946588

申请日：2024-11-13

Applicant: Cisco Technology, Inc.

Inventor： Arul Murugan Manickam ,  Laxmikantha Reddy Ponnuru ,  Avinash Shah ,  Vishali Somaskanthan

IPC: H04L45/745 ,  H04L47/2483 ,  H04L47/43

Abstract: An efficient method to handle fragmented packets in multi-node all-active clusters. In one particular embodiment, a method includes receiving an initial fragment packet at a node in a cluster, creating a secondary flow table, linking the secondary flow table to a primary flow table, determining the primary flow owner of the initial fragment packet, and transmitting initial and succeeding fragment packets out of the cluster through, if possible, the primary flow owner.

公开(公告)号：US20250071044A1

公开(公告)日：2025-02-27

申请号：US18454704

申请日：2023-08-23

Applicant: Cisco Technology, Inc.

Inventor： Vijay Kumar Devendran ,  Rajagopalan Janakiraman ,  Sathiskumar Segamalai Murugesan ,  Kirankumar Meda

IPC: H04L43/20 ,  H04L43/0852 ,  H04L43/0876 ,  H04L45/12

Abstract: This disclosure describes techniques for enabling distributed path computation and centralized path enforcement in a computer network used to implement a software application. In some cases, the disclosed techniques include using a central controller that initializes and coordinates monitoring agents deployed to network regions. The monitoring agents may collect monitoring data associated with application segments in their respective regions and share this data with each other. Using the aggregated data, the agents can compute optimal paths between application segment pairs spanning multiple regions. The optimal inter-region paths may be sent to the controller, which can program the paths into the routing application programming interfaces (APIs) of the various network environments like public cloud and on-premises networks.

公开(公告)号：US20250070980A1

公开(公告)日：2025-02-27

申请号：US18237583

申请日：2023-08-24

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric A. Voit ,  Eric Levy-Abegnoli ,  Patrick Wetterwald ,  Jonas Zaddach

IPC: H04L9/32 ,  H04L61/2503

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications and verify an authenticity of a client device attempting to use a virtual IP (VIP) address. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a VIP address that is mapped to the client device and the endpoint device. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can verify an authenticity of the client device and convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US12238856B2

公开(公告)日：2025-02-25

申请号：US17503000

申请日：2021-10-15

Applicant: Cisco Technology, Inc.

Inventor： Paul Ton ,  Yaotsan Tsai

IPC: H05K1/02 ,  H01L23/473 ,  H05K7/20

Abstract: A heat sink component includes a cold plate including a first surface configured to engage a circuit component and a second surface opposing the first surface, and a plurality of fins extending transversely from the second surface of the cold plate. The first surface includes a non-planar surface portion and a planar surface portion surrounding the non-planar surface portion. The non-planar surface portion of the cold plate provides an adaptive contour to complement a surface of a circuit component that experiences thermal warpage due to change in temperature during operation.

公开(公告)号：US12238054B2

公开(公告)日：2025-02-25

申请号：US17699579

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L51/212 ,  G06N20/00 ,  H04L9/40 ,  H04L51/42

Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.

公开(公告)号：US20250063658A1

公开(公告)日：2025-02-20

申请号：US18449817

申请日：2023-08-15

Applicant: Cisco Technology, Inc.

Inventor： Mike Sapozhnikov ,  David Nozadze ,  Joel Richard Goergen ,  Wenbin Ma ,  Upen Reddy Kareti ,  Weiying Ding

IPC: H05K1/11 ,  H05K1/02 ,  H05K3/40

Abstract: In some embodiments, an apparatus, includes a pad of a printed circuit board (PCB) configured to couple to an electrical component separate from the PCB and a via formed through the pad. The via is offset from a center of the pad such that a distance between the via and a most adjacent trace electrically separate from the via is above a threshold distance.

公开(公告)号：US20250063590A1

公开(公告)日：2025-02-20

申请号：US18449560

申请日：2023-08-14

Applicant: Cisco Technology Inc.

Inventor： Brian Donald Hart ,  Matthew A. Silverman ,  Malcolm Smith

IPC: H04W72/543 ,  H04W72/044 ,  H04W72/566

Abstract: The present disclosure is directed to determining a first radio as a downlink for transmitting data frames from a first wireless endpoint device to second wireless endpoint devices, determining a second radio as an uplink for transmitting data frames from the second wireless endpoint devices to the first wireless endpoint device, enabling transmissions of data frames from the second wireless endpoint devices to the first wireless endpoint device on the uplink, detecting a first data frame with a latency requirement to be transmitted from the first wireless endpoint device to a targeted second wireless endpoint device, replacing any data frame not associated with a latency requirement in an aggregated MAC protocol data unit with the first data frame, and transmitting the first data frame to the targeted second wireless endpoint device on the downlink.

公开(公告)号：US20250063033A1

公开(公告)日：2025-02-20

申请号：US18936901

申请日：2024-11-04

Applicant: Cisco Technology, Inc.

Inventor： Indermeet Gandhi ,  Srinath Gundavelli

IPC: H04L9/40 ,  G06F3/01 ,  H04L25/02 ,  H04W4/02

Abstract: This disclosure describes techniques for performing multi-factor authentication (MFA) by utilizing user generated authenticating gestures. The techniques may include establishing and monitoring peer-to-peer communication links between user devices. The techniques may include monitoring channel properties for fluctuations in the channel properties associated with the user generated authenticating gesture passing through signals of the communication links. The techniques may further include comparing a gesture performed by a user to a predefined authenticating gesture. The techniques may include determining a pattern of fluctuations in the channel properties associated with the predefined authenticating gesture. The techniques may include determining a confidence score associated with comparing the gesture performed and the predefined authenticating gesture. The techniques may further include determining a proximity of the user and/or the gesture to the user device. The techniques may further include granting or denying the user based at least in part on the proximity and/or the comparison.