公开(公告)号：US09912480B2

公开(公告)日：2018-03-06

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L12/24 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08 ,  G06F9/445

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US09621520B2

公开(公告)日：2017-04-11

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul Quinn ,  Scott Fluhrer ,  Jim Guichard ,  Tirumaleswar Reddy ,  Prashanth Patil ,  David Ward

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L12/953

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US09444796B2

公开(公告)日：2016-09-13

申请号：US14248399

申请日：2014-04-09

Applicant: Cisco Technology, Inc.

Inventor： Lewis Chen ,  Scott Fluhrer ,  Warren Scott Wainner ,  Brian Weis

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/104

Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.

Abstract translation: 呈现技术来优化网络中的安全通信。 第一路由器从第二路由器接收具有未知安全关联的加密分组。 第一个路由器检查数据包，以确定计数器值是否在预测计数器值的范围内。 另外，密钥服务器被配置为配置作为虚拟专用网络一部分的路由器。 密钥服务器选择作为安全关联的一部分的计数器值，并计算密钥值。 密钥服务器将密钥值与安全关联一起发送，以使路由器能够使用密钥值和安全关联在虚拟专用网络中彼此交换加密的数据包。 密钥服务器将计数器值递增到可由路由器预测的计数器值范围内的值。

公开(公告)号：US20230370169A1

公开(公告)日：2023-11-16

申请号：US18351321

申请日：2023-07-12

Applicant: Cisco Technology, Inc.

Inventor： Luca Della Chiesa ,  Louis Gwyn Samuel ,  Paul Polakos ,  Scott Fluhrer ,  Santanu Ganguly

IPC: H04B10/70 ,  H04B10/27

CPC classification number: H04B10/70 ,  H04B10/27

Abstract: A method for routing in a quantum network is provided. The method may include receiving parameters including a fidelity with coherence decay time and an entanglement generation rate for each quantum node in a mesh quantum network by a controller, the controller being configured to communicate with each quantum node of a plurality of quantum nodes in the mesh quantum network. Each quantum node includes a quantum memory and a processor. The method may also include analyzing the fidelity with coherence decay time and the entanglement generation rate to yield a determination of a path fidelity with a path coherence decay time and a path entanglement generation rate between at least one pair of quantum nodes. The method may further include, based on the determination, selecting a quantum communication path from a source node to a destination node.

公开(公告)号：US11018866B2

公开(公告)日：2021-05-25

申请号：US16163885

申请日：2018-10-18

Applicant: Cisco Technology, Inc.

Inventor： James Anil Pramod Kotwal ,  Christopher Blayne Dreier ,  David Aaron Wyde ,  Kellen Mac Arb ,  David McGrew ,  Scott Fluhrer

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06

Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.

公开(公告)号：US20190052462A1

公开(公告)日：2019-02-14

申请号：US16163885

申请日：2018-10-18

Applicant: Cisco Technology, Inc.

Inventor： James Anil Pramod Kotwal ,  Chritopher Blayne Dreier ,  David Aaron Wyde ,  Kellen Mac Arb ,  David McGrew ,  Scott Fluhrer

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.

公开(公告)号：US09832175B2

公开(公告)日：2017-11-28

申请号：US15230924

申请日：2016-08-08

Applicant: Cisco Technology, Inc.

Inventor： Lewis Chen ,  Scott Fluhrer ,  Warren Scott Wainner ,  Brian Weis

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/104

Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.