公开(公告)号：US20240195751A1

公开(公告)日：2024-06-13

申请号：US18588916

申请日：2024-02-27

Applicant: Cisco Technology, Inc.

Inventor： Shankar Ramanathan ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: H04L47/80

CPC classification number: H04L47/80

Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.

公开(公告)号：US11979403B2

公开(公告)日：2024-05-07

申请号：US17332589

申请日：2021-05-27

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Jerome Henry ,  Robert E. Barton ,  Bart A. Brinckman

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L63/10 ,  H04L9/3236 ,  H04L9/3263 ,  H04L63/0876

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

公开(公告)号：US11979384B2

公开(公告)日：2024-05-07

申请号：US18197867

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Nagendra Kumar Nainar ,  Arvind Tiwari ,  Rajiv Asati

IPC: H04L67/56 ,  H04L9/40 ,  H04L43/08 ,  H04L67/10 ,  G16Y10/75

CPC classification number: H04L63/0281 ,  H04L43/08 ,  H04L63/0263 ,  H04L63/10 ,  H04L63/1408 ,  H04L67/10 ,  H04L67/56 ,  G16Y10/75

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

公开(公告)号：US11968242B2

公开(公告)日：2024-04-23

申请号：US17305235

申请日：2021-07-01

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Malcolm M. Smith ,  Mark Grayson ,  Bart A. Brinckman

IPC: H04L9/40 ,  H04W12/06

CPC classification number: H04L63/205 ,  H04L63/0236 ,  H04L63/105 ,  H04W12/06

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

公开(公告)号：US11968172B2

公开(公告)日：2024-04-23

申请号：US17677134

申请日：2022-02-22

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert E. Barton ,  Jerome Henry

IPC: H04L61/5014 ,  H04W12/108 ,  H04W12/71 ,  H04L101/622

CPC classification number: H04L61/5014 ,  H04W12/108 ,  H04W12/71 ,  H04L2101/622

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

公开(公告)号：US11924223B2

公开(公告)日：2024-03-05

申请号：US17728333

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L69/22

CPC classification number: H04L63/123 ,  H04L63/1425 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US20240073177A1

公开(公告)日：2024-02-29

申请号：US17897745

申请日：2022-08-29

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L61/4511 ,  H04L61/2514 ,  H04L61/3015 ,  H04L67/1036

CPC classification number: H04L61/4511 ,  H04L61/2514 ,  H04L61/3015 ,  H04L67/1036

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

公开(公告)号：US20240056488A1

公开(公告)日：2024-02-15

申请号：US17886030

申请日：2022-08-11

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Vinay Saini ,  Akram Sheriff ,  Rajesh Indira Viswambharan ,  David John Zacks

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/0478

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

公开(公告)号：US11895504B2

公开(公告)日：2024-02-06

申请号：US17446921

申请日：2021-09-03

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Robert E. Barton ,  Carlos M. Pignataro ,  Jerome Henry

IPC: H04W12/06 ,  H04W76/10 ,  H04W12/30 ,  H04L9/40

CPC classification number: H04W12/35 ,  H04L63/0815 ,  H04W12/06 ,  H04W76/10

Abstract: Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to an Access Point (AP) of a wireless network, an attach request for the wireless network that includes authentication credentials for an identity provider independent from the wireless network to authenticate the UE to the wireless network; receiving, at the UE via the AP, an authentication success message for the wireless network from the independent identity provider; transmitting, from the UE to the AP, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the AP, a MEC response that identifies MEC resources that are available to the UE based on an identity for the UE confirmed by the identity provider to the wireless network.

公开(公告)号：US11882020B2

公开(公告)日：2024-01-23

申请号：US17988908

申请日：2022-11-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jaganbabu Rajamanickam ,  Madhan Sankaranarayanan

IPC: H04L45/00 ,  H04L45/7453 ,  H04L45/24

CPC classification number: H04L45/14 ,  H04L45/24 ,  H04L45/7453

Abstract: Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.