公开(公告)号：US09819512B2

公开(公告)日：2017-11-14

申请号：US14989132

申请日：2016-01-06

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Prashanth Patil ,  K. Tirumaleswar Reddy ,  Carlos M. Pignataro

IPC: H04L12/28 ,  H04L12/46 ,  H04L12/751 ,  H04L12/741 ,  H04L29/08

CPC classification number: H04L12/4633 ,  H04L45/02 ,  H04L45/74 ,  H04L67/146 ,  H04L67/16

Abstract: A classifier node in a service function chaining system receives a media stream from an endpoint device. The media stream is associated with a media session between the endpoint and at least one other endpoint. The classifier node determines a service function path for the media stream. The service function path includes an ordered list of service functions to process the media stream. The classifier node determines a session identifier for the media stream and encapsulates the media stream with a Network Service Header. The Network Service Header includes an indication of the service function path and a metadata header with the session identifier.

公开(公告)号：US20170264537A1

公开(公告)日：2017-09-14

申请号：US15066467

申请日：2016-03-10

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K. Tirumaleswar Reddy ,  Gonzalo Salgueiro ,  James N. Guichard ,  Carlos M. Pignataro

IPC: H04L12/721

CPC classification number: H04L45/566 ,  H04L45/302

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

公开(公告)号：US20170222917A1

公开(公告)日：2017-08-03

申请号：US15013027

申请日：2016-02-02

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  James Neil Guichard

IPC: H04L12/707 ,  H04L12/851 ,  H04L12/741

CPC classification number: H04L45/24 ,  H04L45/74 ,  H04L47/193 ,  H04L47/2441

Abstract: A service classifier network device receives a subflow and identifies that the subflow is one of at least two subflows in a multipath data flow. Related data packets are sent from a source node to a destination node in the multipath data flow. The service classifier generates a multipath flow identifier and encapsulates the subflow with a header to produce an encapsulated first subflow. The header identifies a service function path and includes metadata with the multipath flow identifier.

公开(公告)号：US20170142096A1

公开(公告)日：2017-05-18

申请号：US14942898

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Prashanth Patil ,  Sandeep Rao

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L12/1813 ,  H04L12/1827 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0884 ,  H04L63/101 ,  H04L65/1069 ,  H04L65/1096 ,  H04L65/403

Abstract: In one embodiment, a first request may be received from a first endpoint to access a cloud-based conference platform. The first request can include a first access token. Based at least on the first request, a first certificate may be provided to the first endpoint, wherein the first certificate may not include an identity of the first endpoint. A second request may be received from a second endpoint to access the cloud-based conference platform. The second request can include a second access token. Based at least on the second request, a second certificate can be provided to the second endpoint, wherein the second certificate may not include an identity of the second endpoint. Data can be routed within the cloud-based conference platform between the first endpoint and second endpoint based at least upon the first certificate and the second certificate.

公开(公告)号：US09648141B2

公开(公告)日：2017-05-09

申请号：US14674596

申请日：2015-03-31

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L67/42 ,  H04L63/0807 ,  H04L67/06 ,  H04L67/20 ,  H04L67/289

Abstract: In one embodiment, first content is served by an application server to a client computer through an Internet service provider network. The first content includes a link to second content on a third-party server. A token request is sent from the third-party server to the application server in response to selection of the link by the client computer. A token is provided to the third-party server by the application server in response to the token request. The token is configured to authorize data flow at a bandwidth for the second content by the Internet service provider network to the client computer. The data flow is authorized based on an agreement for the bandwidth between an operator of the application server and an operator of the Internet service provider network.

公开(公告)号：US20160366191A1

公开(公告)日：2016-12-15

申请号：US14734164

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel G. Wing ,  James Guichard

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L63/0281 ,  H04L63/0471 ,  H04L63/166 ,  H04L67/141 ,  H04L67/28

Abstract: A first service node receives a message configured to set up a secure communication session between a client and a server, in which the first service node acts as a proxy. Data packets in the secure communication session are subject to multiple service functions that require decryption of the data packets. A service function chain assigns a service node to each of the service functions. A service header is generated including metadata instructing the service nodes other than the first service node not to act as proxies in the secure communication session. The message and the service header are transmitted to a second service node in the service function chain.

Abstract translation: 第一服务节点接收被配置为在客户机和服务器之间建立安全通信会话的消息，其中第一服务节点用作代理。 安全通信会话中的数据分组受到需要解密数据分组的多种服务功能。 服务功能链将服务节点分配给每个服务功能。 生成服务报头，包括指示不同于第一服务节点的服务节点的元数据不作为安全通信会话中的代理。 消息和服务头部被发送到服务功能链中的第二服务节点。

公开(公告)号：US20160269365A1

公开(公告)日：2016-09-15

申请号：US14643802

申请日：2015-03-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel G. Wing ,  Prashanth Patil ,  Ram Mohan R.

IPC: H04L29/06 ,  H04L9/14

Abstract: In one implementation, a media stream is recorded using one or more keys. The one or more keys are also encrypted. The one or more encrypted keys may be stored with the encrypted media session at a cloud storage service. A network device receives a request to record a media stream and accesses at least one stream key for the media stream. The stream key is for encrypting the media stream. The network device encrypts the stream key with a master key. The encrypted stream key is stored in association with the encrypted media stream.

Abstract translation: 在一个实现中，使用一个或多个键来记录媒体流。 一个或多个键也被加密。 一个或多个加密密钥可以与云存储服务处的加密的媒体会话一起存储。 网络设备接收记录媒体流的请求，并访问媒体流的至少一个流密钥。 流密钥用于加密媒体流。 网络设备用主密钥加密流密钥。 加密的流密钥与加密的媒体流相关联地存储。

公开(公告)号：US20150334029A1

公开(公告)日：2015-11-19

申请号：US14278598

申请日：2014-05-15

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel Wing ,  William Ver Steeg

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L12/6418 ,  H04L29/06 ,  H04L41/5019 ,  H04L41/5038 ,  H04L47/2441 ,  H04L63/145 ,  H04L67/02 ,  H04L67/06

Abstract: Various embodiments are disclosed for prioritizing network flows and providing differentiated quality of service in a telecommunications network. In some embodiments, a SecaaS can be utilized to signal flow characteristics of one or more network flows to a connector in a network so that the network can install differentiated quality of service against the one or more network flows based upon the received flow characteristics. Some embodiments enable a connector in a network to act as a PCP client to signal received flow characteristics to an upstream PCP server hosted by an adjacent access network.

Abstract translation: 公开了各种实施例用于优先化网络流并在电信网络中提供差异化​​的服务质量。 在一些实施例中，可以使用SecaaS来向网络中的连接器发送一个或多个网络流的流特性，使得网络可以基于所接收的流特性来针对所述一个或多个网络流安装差异化服务质量。 一些实施例使得网络中的连接器能够充当PCP客户端，以将接收到的流量特性信号发送到由相邻接入网络托管的上游PCP服务器。

公开(公告)号：US09185562B2

公开(公告)日：2015-11-10

申请号：US13944607

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06 ,  H04W12/08 ,  G06F15/16

CPC classification number: H04W12/08 ,  G06F15/16 ,  H04L29/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract translation: 在一个实现中，移动网络中的流量被定向到单个云服务器或安全服务器（例如，作为服务的安全性）的多个路径。 移动设备通过基于通过移动设备的第一接口的附件或连接的主连接来检测云连接器。 移动设备向云连接器发送请求以识别与云连接器相关联的云安全服务器。 在接收到云安全服务器的标识之后，移动设备将用于移动设备的第二接口或另一接口的一个或多个后续数据流或子流引导到云服务器或安全服务器。 第二数据流和第二接口与企业网络外部的另一网络和可信网络连接相关联，或者与企业网络和可信网络连接不相关联。

公开(公告)号：US20150149657A1

公开(公告)日：2015-05-28

申请号：US14089193

申请日：2013-11-25

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  William Ver Steeg ,  Daniel Wing

IPC: H04L12/721

CPC classification number: H04L45/72 ,  H04L63/0245 ,  H04L63/1408 ,  H04L63/20

Abstract: In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.

Abstract translation: 在一个实现中，使用安全即服务（SecaaS）系统下载流内容更为有效，因为部分流媒体内容可能不被SecaaS检查。 接收到从内容提供商下载内容的第一请求，并且与安全提供者发起连接，安全提供者检查内容的第一块，并且基于第一内容块的检查来生成路由指令。 基于路由指令和对第一块的检查，流式传输内容的第二块的请求被寻址到内容提供商。 流媒体内容的第二大部分规避了SecaaS系统。