公开(公告)号：US20240137220A1

公开(公告)日：2024-04-25

申请号：US18114693

申请日：2023-02-27

Applicant: Cisco Technology, Inc.

Inventor： Ruben Erick Escolero ,  Michael Freed ,  Fiona Hall-Zazueta ,  Jason Trung Hoa Tang

IPC: H04L9/08

CPC classification number: H04L9/0894 ,  H04L9/0825

Abstract: In various embodiments, a server stores a set of cryptographic keys associated with a client that includes a server-stored bootstrap key, a server-stored authentication key, and a server-stored proposed key. The server receives an authentication request from the client that includes a client-indicated bootstrap key, a client-indicated authentication key, and a client-indicated proposed key. The server makes a determination that the client is authenticated based in part on whether there is a match between the client-indicated authentication key and either the server-stored authentication key or the server-stored proposed key. The server provides, based on the determination, an authentication response to the client indicating that the client has been authenticated.

公开(公告)号：US10567242B2

公开(公告)日：2020-02-18

申请号：US15786471

申请日：2017-10-17

Applicant: Cisco Technology, Inc.

Inventor： Laurent Plumelle ,  Lawrence Rolfe Kreeger ,  Michael Freed ,  Rituraj Kirti ,  Joe Joseph Karimundackal ,  Elango Ganesan ,  Brian Yoshiaki Uchino ,  Siva M. Vaddepuri ,  Shubhashree Venkatesh

IPC: G06F15/177 ,  H04L12/24 ,  G06F9/50

Abstract: In one embodiment, the system may identify a virtual network, the virtual network including a plurality of virtual entities and connections among the plurality of virtual entities. The system may automatically map each of the plurality of virtual entities to one or more resources or resource pools such that the virtual network is mapped to a physical network, wherein mapping includes allocating one or more resources or resource pools to a corresponding one of the plurality of virtual entities.

公开(公告)号：US09825824B2

公开(公告)日：2017-11-21

申请号：US14578213

申请日：2014-12-19

Applicant: Cisco Technology, Inc.

Inventor： Laurent Plumelle ,  Lawrence Rolfe Kreeger ,  Michael Freed ,  Rituraj Kirti ,  Joe Joseph Karimundackal ,  Elango Ganesan ,  Brian Yoshiaki Uchino ,  Siva M. Vaddepuri ,  Shubhashree Venkatesh

IPC: H04L12/24 ,  G06F9/50

CPC classification number: H04L41/5054 ,  G06F9/50 ,  G06F9/5061

Abstract: In one embodiment, the system may identify a virtual network, the virtual network including a plurality of virtual entities and connections among the plurality of virtual entities. The system may automatically map each of the plurality of virtual entities to one or more resources or resource pools such that the virtual network is mapped to a physical network, wherein mapping includes allocating one or more resources or resource pools to a corresponding one of the plurality of virtual entities.

公开(公告)号：US12143492B2

公开(公告)日：2024-11-12

申请号：US17817422

申请日：2022-08-04

Applicant: Cisco Technology, Inc.

Inventor： Michael Freed ,  Elango Ganesan ,  Swapna Anandan

IPC: H04L9/32 ,  H04L9/40

Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.

公开(公告)号：US20210133559A1

公开(公告)日：2021-05-06

申请号：US16672696

申请日：2019-11-04

Applicant: Cisco Technology, Inc.

Inventor： Michael Freed ,  Akshay Khushu ,  Christin Lin ,  Andrew Ren Luo ,  Nina Maller ,  Janet Dukes Schlossberg ,  Shawn Brian Zhang

IPC: G06N3/08 ,  G06K9/62 ,  G05B23/02 ,  G01M7/02

Abstract: In one embodiment, a device in a network receives a machine learning encoder and decoder trained by a supervisory service. The service trains the encoder and decoder using vibration measurement data sent to the service by a plurality of devices. The device trains, based on the received encoder, a classifier to determine whether vibration measurement data is indicative of a behavioral anomaly. The device receives vibration measurement data captured by a particular set of one or more vibration sensors of a monitored system. The device evaluates, using the trained decoder, the received vibration measurement data to determine whether the data is indicative of a structural anomaly in the monitored system. The device evaluates, using the trained classifier, the received vibration measurement data to determine whether the data is indicative of a behavioral anomaly in the monitored system.

公开(公告)号：US10164938B2

公开(公告)日：2018-12-25

申请号：US15254591

申请日：2016-09-01

Applicant: Cisco Technology, Inc.

Inventor： Toerless Eckert ,  B. L. Balaji ,  Michael Freed

IPC: H04L29/12 ,  H04L12/24

Abstract: In one embodiment, an addressing agent determines a logical static IP addressing scheme for a computer network, the addressing scheme shared with an application server and defining a static mapping of IP addresses to particular types of application-based devices that are managed by the application server in particular physical locations within the computer network. The addressing agent determines a topology of the computer network indicative of application-based devices, their type, and their physical location. The addressing agent calculates a dynamic IP address for the devices based on their type and physical location as defined by the addressing scheme, and collaboratively assigns their corresponding calculated dynamic IP address. The application server can thus manage application-based devices according to whichever device of a particular type is in a particular physical location based on the addressing scheme, regardless of which particular application-based device of that particular type is in that particular physical location.

公开(公告)号：US20180063075A1

公开(公告)日：2018-03-01

申请号：US15254591

申请日：2016-09-01

Applicant: Cisco Technology, Inc.

Inventor： Toerless Eckert ,  B. L. Balaji ,  Michael Freed

IPC: H04L29/12 ,  H04L12/24

CPC classification number: H04L61/2015 ,  H04L41/12 ,  H04L61/2038 ,  H04L61/609

Abstract: In one embodiment, an addressing agent determines a logical static IP addressing scheme for a computer network, the addressing scheme shared with an application server and defining a static mapping of IP addresses to particular types of application-based devices that are managed by the application server in particular physical locations within the computer network. The addressing agent determines a topology of the computer network indicative of application-based devices, their type, and their physical location. The addressing agent calculates a dynamic IP address for the devices based on their type and physical location as defined by the addressing scheme, and collaboratively assigns their corresponding calculated dynamic IP address. The application server can thus manage application-based devices according to whichever device of a particular type is in a particular physical location based on the addressing scheme, regardless of which particular application-based device of that particular type is in that particular physical location.

公开(公告)号：US20240154954A1

公开(公告)日：2024-05-09

申请号：US18244452

申请日：2023-09-11

Applicant: Cisco Technology, Inc.

Inventor： Elango Ganesan ,  Michael Freed ,  Maged Khalil

IPC: H04L9/40

CPC classification number: H04L63/0838

Abstract: In some implementations, a device receives a login request from a web browser executed by a client endpoint in a first network. The device provides a one-time password to the web browser that causes the client endpoint to invoke a local handler process associated with an access service executed by the client endpoint or invoke access by the web browser to a particular uniform resource locator on the device. The device receives a remote connection request from the access service that includes the one-time password to access a target endpoint in a second network. The device configures, based on the remote connection request, a remote access connection between the client endpoint in the first network and the target endpoint in the second network.

公开(公告)号：US11917399B2

公开(公告)日：2024-02-27

申请号：US18104829

申请日：2023-02-02

Applicant: Cisco Technology, Inc.

Inventor： Elango Ganesan ,  Michael Freed ,  Scott Taft Potter

IPC: H04W72/04 ,  H04W12/04 ,  H04L12/46 ,  H04W8/18 ,  H04W64/00 ,  H04W12/06 ,  H04W60/00 ,  H04W12/088 ,  H04L61/5007

CPC classification number: H04W12/04 ,  H04L12/4633 ,  H04L12/4641 ,  H04L61/5007 ,  H04W8/18 ,  H04W12/06 ,  H04W12/088 ,  H04W60/00 ,  H04W64/00

Abstract: In one embodiment, a service receives a device registration request sent by an endpoint device, wherein the endpoint device executes an onboarding agent that causes the endpoint device to send the device registration request via a cellular connection to a private access point name (APN) associated with the service. The service verifies that a network address of the endpoint device from which the device registration request was sent is associated with an integrated circuit card identifier (ICCID) or international mobile equipment identity (IMEI) indicated by the device registration request. The service identifies a tenant identifier associated with the ICCID or IMEI. The service sends, based on the tenant identifier, a device registration response to the endpoint device via the private APN.

公开(公告)号：US11544557B2

公开(公告)日：2023-01-03

申请号：US16672696

申请日：2019-11-04

Applicant: Cisco Technology, Inc.

Inventor： Michael Freed ,  Akshay Khushu ,  Christin Lin ,  Andrew Ren Luo ,  Nina Maller ,  Janet Dukes Schlossberg ,  Shawn Brian Zhang

IPC: G01M7/02 ,  G06N3/08 ,  G05B23/02 ,  G06K9/62

Abstract: In one embodiment, a device in a network receives a machine learning encoder and decoder trained by a supervisory service. The service trains the encoder and decoder using vibration measurement data sent to the service by a plurality of devices. The device trains, based on the received encoder, a classifier to determine whether vibration measurement data is indicative of a behavioral anomaly. The device receives vibration measurement data captured by a particular set of one or more vibration sensors of a monitored system. The device evaluates, using the trained decoder, the received vibration measurement data to determine whether the data is indicative of a structural anomaly in the monitored system. The device evaluates, using the trained classifier, the received vibration measurement data to determine whether the data is indicative of a behavioral anomaly in the monitored system.