公开(公告)号：US20160205171A1

公开(公告)日：2016-07-14

申请号：US14636208

申请日：2015-03-03

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar REDDY ,  Daniel Wing ,  Bill Ver Steeg

IPC: H04L29/08

CPC classification number: H04L67/06 ,  H04L67/104 ,  H04L67/1085

Abstract: In one embodiment, there is provided a device implementing a leecher peer, the device including a processor to request a list of seeder peers from a tracker, receive the list, select a first seeder peer from the list from which to download at least part of a content item, start downloading the at least part of the content item from the first seeder peer, receive a message from the first seeder peer indicating a deterioration in an upload flow characteristic of the first seeder peer, in response to receiving the message, request an updated list of seeder peers, receive the updated list, select a second one of the seeder peers from the updated list from which to download another part of the content item, cease downloading the content item from the first seeder peer, and start downloading the other part of the content item from the second seeder peer.

Abstract translation: 在一个实施例中，提供了实现leecher对等体的设备，该设备包括处理器，用于从跟踪器请求播种器对等体的列表，接收列表，从列表中选择第一播种器对等体，从该列表中下载至少一部分 内容项目，开始从所述第一播种器对等体下载所述内容项目的所述至少一部分，响应于接收到所述消息，请求从所述第一播种器对等体接收指示所述第一播种器对等体的上传流特性恶化的消息 播种器对等体的更新列表，接收更新的列表，从更新的列表中选择播种器对等体的第二个，从其下载另一部分内容项，停止从第一播种器对等体下载内容项，并开始下载 来自第二播种机对等体的内容项目的其他部分。

公开(公告)号：US10404781B2

公开(公告)日：2019-09-03

申请号：US14636208

申请日：2015-03-03

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Bill Ver Steeg

IPC: G06F15/16 ,  H04L29/08

Abstract: In one embodiment, there is provided a device implementing a leecher peer, the device including a processor to request a list of seeder peers from a tracker, receive the list, select a first seeder peer from the list from which to download at least part of a content item, start downloading the at least part of the content item from the first seeder peer, receive a message from the first seeder peer indicating a deterioration in an upload flow characteristic of the first seeder peer, in response to receiving the message, request an updated list of seeder peers, receive the updated list, select a second one of the seeder peers from the updated list from which to download another part of the content item, cease downloading the content item from the first seeder peer, and start downloading the other part of the content item from the second seeder peer.

公开(公告)号：US10135826B2

公开(公告)日：2018-11-20

申请号：US14845505

申请日：2015-09-04

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: G06F21/56 ,  H04L29/06 ,  H04L29/08

Abstract: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.

公开(公告)号：US20170331854A1

公开(公告)日：2017-11-16

申请号：US15151709

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

CPC classification number: H04L63/1458 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/0236 ,  H04L63/0823 ,  H04L63/1425 ,  H04L63/168 ,  H04L65/1006 ,  H04L67/02 ,  H04L67/10 ,  H04L69/329

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

公开(公告)号：US09648141B2

公开(公告)日：2017-05-09

申请号：US14674596

申请日：2015-03-31

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L67/42 ,  H04L63/0807 ,  H04L67/06 ,  H04L67/20 ,  H04L67/289

Abstract: In one embodiment, first content is served by an application server to a client computer through an Internet service provider network. The first content includes a link to second content on a third-party server. A token request is sent from the third-party server to the application server in response to selection of the link by the client computer. A token is provided to the third-party server by the application server in response to the token request. The token is configured to authorize data flow at a bandwidth for the second content by the Internet service provider network to the client computer. The data flow is authorized based on an agreement for the bandwidth between an operator of the application server and an operator of the Internet service provider network.

公开(公告)号：US20150334029A1

公开(公告)日：2015-11-19

申请号：US14278598

申请日：2014-05-15

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel Wing ,  William Ver Steeg

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L12/6418 ,  H04L29/06 ,  H04L41/5019 ,  H04L41/5038 ,  H04L47/2441 ,  H04L63/145 ,  H04L67/02 ,  H04L67/06

Abstract: Various embodiments are disclosed for prioritizing network flows and providing differentiated quality of service in a telecommunications network. In some embodiments, a SecaaS can be utilized to signal flow characteristics of one or more network flows to a connector in a network so that the network can install differentiated quality of service against the one or more network flows based upon the received flow characteristics. Some embodiments enable a connector in a network to act as a PCP client to signal received flow characteristics to an upstream PCP server hosted by an adjacent access network.

Abstract translation: 公开了各种实施例用于优先化网络流并在电信网络中提供差异化​​的服务质量。 在一些实施例中，可以使用SecaaS来向网络中的连接器发送一个或多个网络流的流特性，使得网络可以基于所接收的流特性来针对所述一个或多个网络流安装差异化服务质量。 一些实施例使得网络中的连接器能够充当PCP客户端，以将接收到的流量特性信号发送到由相邻接入网络托管的上游PCP服务器。

公开(公告)号：US09185562B2

公开(公告)日：2015-11-10

申请号：US13944607

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06 ,  H04W12/08 ,  G06F15/16

CPC classification number: H04W12/08 ,  G06F15/16 ,  H04L29/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract translation: 在一个实现中，移动网络中的流量被定向到单个云服务器或安全服务器（例如，作为服务的安全性）的多个路径。 移动设备通过基于通过移动设备的第一接口的附件或连接的主连接来检测云连接器。 移动设备向云连接器发送请求以识别与云连接器相关联的云安全服务器。 在接收到云安全服务器的标识之后，移动设备将用于移动设备的第二接口或另一接口的一个或多个后续数据流或子流引导到云服务器或安全服务器。 第二数据流和第二接口与企业网络外部的另一网络和可信网络连接相关联，或者与企业网络和可信网络连接不相关联。

公开(公告)号：US20150149657A1

公开(公告)日：2015-05-28

申请号：US14089193

申请日：2013-11-25

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  William Ver Steeg ,  Daniel Wing

IPC: H04L12/721

CPC classification number: H04L45/72 ,  H04L63/0245 ,  H04L63/1408 ,  H04L63/20

Abstract: In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.

Abstract translation: 在一个实现中，使用安全即服务（SecaaS）系统下载流内容更为有效，因为部分流媒体内容可能不被SecaaS检查。 接收到从内容提供商下载内容的第一请求，并且与安全提供者发起连接，安全提供者检查内容的第一块，并且基于第一内容块的检查来生成路由指令。 基于路由指令和对第一块的检查，流式传输内容的第二块的请求被寻址到内容提供商。 流媒体内容的第二大部分规避了SecaaS系统。

公开(公告)号：US20150113588A1

公开(公告)日：2015-04-23

申请号：US14059853

申请日：2013-10-22

Applicant: Cisco Technology, Inc.

Inventor： Daniel Wing ,  Tirumaleswar Reddy

IPC: H04L29/06

CPC classification number: H04L63/0227

Abstract: A PCP-aware firewall or other firewall validating a media session using third-party authorization receives more information than just the results of cryptographic token validation. The intent for each media stream of a media session is received from the Authorization Server. The intent may be used to compare to the received traffic of the media session. If the traffic is different than the intended traffic, then the exception to permit the firewall may be closed.

Abstract translation: 使用第三方授权验证媒体会话的PCP感知防火墙或其他防火墙接收的信息不仅仅是加密令牌验证的结果。 从授权服务器接收媒体会话的每个媒体流的意图。 该意图可以用于与媒体会话的接收流量进行比较。 如果流量与预期流量不同，则允许防火墙的异常可能会被关闭。

公开(公告)号：US10104119B2

公开(公告)日：2018-10-16

申请号：US15151709

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/08 ,  H04L9/32 ,  H04L9/14 ,  H04L9/30

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.