公开(公告)号：US10693878B2

公开(公告)日：2020-06-23

申请号：US15498192

申请日：2017-04-26

Applicant: Cisco Technology, Inc.

Inventor： Jazib Frahim ,  Haseeb Sarwar Niazi ,  Hazim Hashim Dahir ,  Aamer Saeed Akhter ,  Nancy Cam-Winget ,  Aun Raza

IPC: H04L29/06

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

公开(公告)号：US20140365512A1

公开(公告)日：2014-12-11

申请号：US13913623

申请日：2013-06-10

Applicant: Cisco Technology, Inc.

Inventor： Allan Thomson ,  Nancy Cam-Winget ,  Vanaja Ravi ,  Pok Wong

IPC: G06F17/30

CPC classification number: G06F17/30699 ,  G06F17/30867 ,  G06F17/3089

Abstract: Presented herein are object filtering techniques that optimize the communication of information over an infrastructure that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. In the object filtering techniques, a single information publisher can share that information in an associated object graph with many different consumers over the infrastructure without sharing the entire object graph.

Abstract translation: 这里提出的是通过支持发布订阅（pub-sub）和直接查询（同步）通信的基础设施优化信息通信的对象过滤技术。 在对象过滤技术中，单个信息发布者可以在相关对象图中与基础架构上的许多不同的消费者共享该信息，而不共享整个对象图。

公开(公告)号：US20240430305A1

公开(公告)日：2024-12-26

申请号：US18340426

申请日：2023-06-23

Applicant: Cisco Technology, Inc.

Inventor： Pallavi Kalapatapu ,  Nancy Cam-Winget

IPC: H04L9/40

Abstract: Systems and methods for providing system wide cyber security policies include providing a unified security policy to a distributed cloud environment that includes cloud, edge, and local infrastructure. The method includes identifying one or more assets and using telemetry and logs associated with the assets to determine one or more paths connecting the one or more assets. Once one or more paths are determined, the method produces a map of the paths and determines the level of compliance for each. The paths are ranked and a user, such as an administrator or CISO, may be informed of the rankings.

公开(公告)号：US12081988B2

公开(公告)日：2024-09-03

申请号：US17355700

申请日：2021-06-23

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Robert E. Barton

IPC: H04W12/45 ,  H04L9/40 ,  H04W12/06

CPC classification number: H04W12/45 ,  H04L63/0876 ,  H04L63/1466 ,  H04L63/1483 ,  H04W12/06

Abstract: To improve adaptation of network infrastructure to address rotations performed by wireless client device, embodiments provide for an exchange of a stable machine identifier (SMI) between a network access device and an authentication service. Some embodiments define a new SMI attribute that is included in a authentication service access-request and/or access-accept message. When a network access device obtains an SMI for a particular wireless client device, the network access device passes the SMI to the authentication service. Similarly, if an authentication service obtains a SMI value for a wireless client device, this information is provided to a network access device.

公开(公告)号：US20210194912A1

公开(公告)日：2021-06-24

申请号：US16721513

申请日：2019-12-19

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Nancy Cam-Winget ,  Eric Voit ,  Jesse Daniel Backman

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.

公开(公告)号：US20200304506A1

公开(公告)日：2020-09-24

申请号：US16895548

申请日：2020-06-08

Applicant: Cisco Technology, Inc.

Inventor： Jazib Frahim ,  Haseeb Sarwar Niazi ,  Hazim Hashim Dahir ,  Aamer Saeed Akhter ,  Nancy Cam-Winget ,  Aun Raza

IPC: H04L29/06

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

公开(公告)号：US10547503B2

公开(公告)日：2020-01-28

申请号：US15007859

申请日：2016-01-27

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Nancy Cam-Winget ,  Brian Weis

IPC: H04L12/24 ,  H04L29/08

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).

公开(公告)号：US10462137B2

公开(公告)日：2019-10-29

申请号：US15010939

申请日：2016-01-29

Applicant: Cisco Technology, Inc.

Inventor： Xuechen Yang ,  Nancy Cam-Winget

IPC: H04L29/06 ,  G06Q50/04

Abstract: In one embodiment, a system and method are disclosed for receiving a request for authorization to commission a target device based, at least in part, on a plurality of requested commissioning actions; determining whether each of the requested commissioning actions is authorized; sending a commissioning authorization, which includes information identifying the one or more authorized commissioning actions; receiving a commissioning complete confirmation message, which includes information identifying one or more completed commissioning actions; validating the commissioning complete confirmation message, in order to ensure that each of the completed actions had been previously authorized; and if all of the completed commissioning actions were previously authorized, sending an acknowledgement message.

公开(公告)号：US09755943B2

公开(公告)日：2017-09-05

申请号：US13961991

申请日：2013-08-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Mark Krischer ,  Tom Koenig ,  Nancy Cam-Winget

IPC: G06F3/00 ,  G06F13/00 ,  G06F13/36 ,  G06F12/14 ,  G06F13/14 ,  H04L12/26 ,  H04N7/18 ,  H04L29/06 ,  H04W12/12 ,  H04L29/12

CPC classification number: H04L43/16 ,  H04L61/2015 ,  H04L63/1458 ,  H04L2463/141 ,  H04N7/18 ,  H04W12/12

Abstract: In an example embodiment, there is described herein a location based detection technique that determines whether multiple requests from different addresses, such as a Layer 2 MAC (Media Access Control) address and/or layer 3 IP (Internet Protocol) address are being sent form a single device. In particular embodiments, if the device sends more than a predefined threshold number of requests, those requests can be ignored and/or denied.

公开(公告)号：US20170033984A1

公开(公告)日：2017-02-02

申请号：US15007859

申请日：2016-01-27

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Nancy Cam-Winget ,  Brian Weis

IPC: H04L12/24 ,  H04L29/08

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).

Abstract translation: 这里提出的技术是其中一个或多个网络设备可以使用由专用网络连接设备提供的信息来检索与专用网络连接设备相关联的使用简档（即配置文件）。 检索到的使用简档，其包括/描述与专用网络连接设备相关联的预选（预定）使用说明，然后可以用于配置一个或多个网络设备。 例如，与专用网络连接设备相关联的预定使用说明可以在网络设备上被实例化和实施，或者可以使用预定的使用说明来审核专用网络连接设备（例如，监视网络内的业务） 。