公开(公告)号：US20250024258A1

公开(公告)日：2025-01-16

申请号：US18351289

申请日：2023-07-12

Applicant: Cisco Technology, Inc.

Inventor： Timothy P. Stammers ,  Bhavik Yogeshkumar Adhvaryu ,  Sri Gundavelli

IPC: H04W12/069 ,  H04W12/082 ,  H04W12/43

Abstract: The method disclosed herein manages and generates enterprise-policy compliant guest credentials for connectivity to one or more enterprise networks. The method may include receiving a request from a guest user device to connect to a first network provided by an enterprise. The method may further comprise determining that the guest user device is authorized to access the first network when the access by the guest user is subject to a movement and roaming policy. A first credential may be provisioned for the guest user to access the first network that is consistent with the movement and roaming policy. Prior to receiving a second request to connect to a second network of the enterprise from the guest user device, provisioning a second credential, consistent with the movement and roaming policy, to the guest user.

公开(公告)号：US20250023913A1

公开(公告)日：2025-01-16

申请号：US18351195

申请日：2023-07-12

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman

IPC: H04L9/40 ,  H04L41/16

Abstract: A system and method are provided for detecting malicious messages using a two-step Bayesian approach. A discrimination engine determines for each of the messages a first score and a second score. The first score represents a likelihood that the respective messages are malicious messages, and the second score represents a likelihood that they were generated by a machine learning (ML) method, such as a large language model (LLM). Using a combination of these two scores, message with a high probability of being malicious message are discriminated and marked as such. For example, messages for which the first and second scores exceed respective thresholds are marked as suspicious.

公开(公告)号：US20250023797A1

公开(公告)日：2025-01-16

申请号：US18899239

申请日：2024-09-27

Applicant: Cisco Technology, Inc.

Inventor： Ricardo V. OLIVEIRA ,  Nelson Jorge SILVA RODRIGUES ,  Prabhnit SINGH ,  Victor ORLOV ,  Florent Patrick Jean GARIT

IPC: H04L41/22 ,  H04L41/0681 ,  H04L43/045 ,  H04L43/16

Abstract: In one embodiment, a method comprises: obtaining a plurality of results for a corresponding plurality of independent tests performed on a corresponding plurality of services in a computer network, the plurality of results comprising one or more determined pathways through the computer network; determining a specified subset selection regarding the plurality of results, the specified subset selection corresponding to at least two independent service-related tests; combining a portion of the plurality of results into an aggregated results subset according to the specified subset selection; generating a graphical representation visualization of the aggregated results subset, the graphical representation visualization illustrating a plurality of specific pathways through the computer network corresponding to the aggregated results subset; and providing, to a graphical user interface, the graphical representation visualization of the aggregated results subset, the graphical user interface providing for further specification of the specified subset selection regarding the plurality of results.

公开(公告)号：US12200475B2

公开(公告)日：2025-01-14

申请号：US18481034

申请日：2023-10-04

Applicant: Cisco Technology, Inc.

Inventor： Vishal S. Desai ,  Benjamin J. Cizdziel ,  Santosh B. Kulkarni ,  Young Il Choi

IPC: H04W4/00 ,  H04W36/00 ,  H04W36/30

Abstract: Network environment health monitoring is provided by receiving an alert indicating that a first station (STA) is experiencing a connection with a first Access Point (AP) below a quality threshold; identifying a set of APs connected to a shared network with the first AP within one hop of the first AP; aggregating signal metrics for the first STA from the first AP and each AP of the set of APs; identifying a cause for the connection performing below the quality threshold based on the signal metrics as aggregated; and performing a remediation strategy based on the cause as identified.

公开(公告)号：US12199942B1

公开(公告)日：2025-01-14

申请号：US18484897

申请日：2023-10-11

Applicant: Cisco Technology, Inc.

Inventor： Balaji Sundararajan ,  Ajeet Pal Singh Gill ,  Sampath Sthothra Bhasham ,  Satish Kumar Mahadevan ,  Madhusudan V. Gindi ,  Tahir Ali

IPC: G06F15/16 ,  H04L12/46 ,  H04L61/256

Abstract: A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.

公开(公告)号：US12199847B2

公开(公告)日：2025-01-14

申请号：US17696532

申请日：2022-03-16

Applicant: Cisco Technology, Inc.

Inventor： Vinay Kumar Kolar ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-André Savalle

IPC: G06N5/04 ,  G06F17/18 ,  G06F18/24 ,  G06N20/00 ,  H04L43/00 ,  H04L43/08

Abstract: In one embodiment, a service tracks performance of a machine learning model over time. The machine learning model is used to monitor one or more computer networks based on data collected from the one or more computer networks. The service also tracks performance metrics associated with training of the machine learning model. The service determines that a degradation of the performance of the machine learning model is anomalous, based on the tracked performance of the machine learning model and performance metrics associated with training of the model. The service initiates a corrective measure for the degradation of the performance, in response to determining that the degradation of the performance is anomalous.

公开(公告)号：US20250016136A1

公开(公告)日：2025-01-09

申请号：US18621596

申请日：2024-03-29

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Patel ,  Jonathan A. Kunder ,  Ashish K. Dey ,  Andrew E. Ossipov ,  Jianxin Wang

IPC: H04L9/40 ,  G06F16/901 ,  H04L47/2441

Abstract: A first packet of a packet flow is received at a classifying network device. The first packet is forwarded from the classifying network device to a firewall network device. An indication that the packet flow is to be offloaded is received at the classifying network device. Data is stored at the classifying network device indicating that the packet flow is to be offloaded. A non-control packet of the packet flow is received at the classifying network device. A determination is made that the non-control packet belongs to the packet flow by comparing data contained in the non-control packet to the stored data. The non-control packet of the packet flow is directed to a processing entity in response to the determining. A control packet of the packet flow is received at the classifying network device. The control packet of the packet flow is directed to the firewall network device.

公开(公告)号：US20250013512A1

公开(公告)日：2025-01-09

申请号：US18219184

申请日：2023-07-07

Applicant: Cisco Technology, Inc.

Inventor： Prasenjit Sarkar

IPC: G06F9/54 ,  G06F9/50

Abstract: In one embodiment, a device determines whether applications in a messaging system are data producers or data consumers. The device determines workloads of the applications. The device assigns message brokers of the messaging system to the applications based on the workloads of the applications and whether the applications are data producers or data consumers.

公开(公告)号：US12192316B2

公开(公告)日：2025-01-07

申请号：US17558313

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： Sreejith Avikkal ,  Nancy Patricia Cam-Winget ,  Lizbeth Berenice Guerra Martinez ,  Natasha Wong ,  Jessica Lynne Poole

IPC: H04L9/40 ,  H04L7/10 ,  H04L9/32

Abstract: In one embodiment, methods for monitoring devices within a network by a controller are described. The method may include receiving a first request from a first device to authenticate a role of the first device as a grandmaster in a precision time protocol (PTP). Additionally, the method may include granting the first request designating the role of the first device as the grandmaster. The method may further include receiving a second request from a second device to authenticate that a clock announce message is from an authorized grandmaster. Additionally, the method may include determining whether the first device is authorized to send the clock announce message to the second device and, based on the determining, sending a message granting or denying permission for the first device to sync with the second device.

公开(公告)号：US12192224B2

公开(公告)日：2025-01-07

申请号：US17823256

申请日：2022-08-30

Applicant: Cisco Technology Inc.

Inventor： Walter T. Hulick, Jr. ,  Ashutosh Kulshreshtha

IPC: H04L9/40

Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.