-
公开(公告)号:US20200280548A1
公开(公告)日:2020-09-03
申请号:US16401304
申请日:2019-05-02
Applicant: Cisco Technology, Inc.
Inventor: Andree Toonk , Grzegorz Boguslaw Duraj , Alvin Sai Weng Wong , Kyle Mestery
IPC: H04L29/06 , H04L12/707 , H04L12/761
Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.
-
Patent Agency Ranking
公开(公告)号:US11888831B2
公开(公告)日:2024-01-30
申请号:US17507312
申请日:2021-10-21
Applicant: Cisco Technology, Inc.
Inventor: Andree Toonk , Grzegorz Boguslaw Duraj , Alvin Sai Weng Wong , Kyle Mestery
CPC classification number: H04L63/0485 , H04L45/16 , H04L45/24 , H04L63/061 , H04L63/20
Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.
-
公开(公告)号:US20220224529A1
公开(公告)日:2022-07-14
申请号:US17705810
申请日:2022-03-28
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Grzegorz Boguslaw Duraj
Abstract: Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IPSec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.
-
公开(公告)号:US11368298B2
公开(公告)日:2022-06-21
申请号:US16569930
申请日:2019-09-13
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Grzegorz Boguslaw Duraj
Abstract: Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IPSec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.
-
公开(公告)号:US11075985B2
公开(公告)日:2021-07-27
申请号:US16185623
申请日:2018-11-09
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Ian Wells
IPC: G06F9/50 , H04L12/801 , H04L29/08 , H04L12/803 , G06F9/48
Abstract: A system is provided to support a serverless environment and quickly generate containers to handle requests. The system includes a first network node, a container orchestration system, and a serving node. The first network node receives an initial packet of a request from a host and sends a notification to a container orchestration system. The notification includes header information from the initial packet and signals the reception of the initial packet of the request. The container orchestration system creates one or more new containers in response to the notification based on the header information of the initial packet. The serving node instantiates the new containers, receives the request from the host, and processes the request from the host with the new containers.
-
公开(公告)号:US20200336465A1
公开(公告)日:2020-10-22
申请号:US16849251
申请日:2020-04-15
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Graham Bartlett
IPC: H04L29/06 , H04L12/46 , H04L12/801
Abstract: Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.
-
-
-
-
-
Search Results
16
records
(took 0.022 seconds)
