公开(公告)号：US11134059B2

公开(公告)日：2021-09-28

申请号：US16209291

申请日：2018-12-04

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Matthias Falkner ,  Maik Guenter Seewald

IPC: H04L29/06 ,  H04L12/24

Abstract: A server, in communication with a plurality of microservices in a microservices mesh environment, obtains data about inbound communications to a first microservice and outbound communications from the first microservice of the plurality of microservices. The server analyzes the data to learn an operational behavior of the first microservice and determine a firewall rule set to be applied associated with the first microservice based on the operational behavior learned for the first microservice. The server causes a micro-firewall to be instantiated for the first microservice. The micro-firewall is configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.

公开(公告)号：US20210258767A1

公开(公告)日：2021-08-19

申请号：US17313924

申请日：2021-05-06

Applicant: Cisco Technology, Inc.

Inventor： Vishal Satyendra Desai ,  Jerome Henry ,  Robert Edgar Barton

IPC: H04W8/12 ,  H04W8/24 ,  H04W72/04 ,  H04B17/318 ,  H04W40/24

Abstract: The present disclosure is related to dynamic methods of managing roaming of client devices at boundaries of area serviced by access points. In one aspect, a method includes estimating by a controller, first signal information of a signal transmitted by an access point and received at a client device, the first signal information being from the perspective of the access point, the client device operating at a boundary of an area serviced by the access point; determining, by the controller, second signal information for the signal, the second signal information being from the perspective of the client device; and performing, by the controller, roaming management of the client device based on the first signal information and the second signal information.

公开(公告)号：US11064030B2

公开(公告)日：2021-07-13

申请号：US16655316

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Chui-Tin Yen ,  Aamer Saeed Akhter

IPC: H04W4/00 ,  H04L29/08 ,  H04L29/12 ,  H04L12/24 ,  H04L29/06 ,  H04L12/46

Abstract: In one embodiment, a master on-boarding agent establishes a virtual private network (VPN) connection with a local on-boarding agent executed by a gateway of a vehicle. The master on-boarding agent receives, via the VPN connection, vehicle data obtained by the local on-boarding agent from a co-pilot system of the vehicle. The master on-boarding agent configures, based on the received vehicle data, the gateway of the vehicle with a network configuration, wherein the network configuration includes an Internet Protocol (IP) address for the gateway. The master on-boarding agent coordinates, based on the network configuration, application of a security policy to the gateway.

公开(公告)号：US20210194760A1

公开(公告)日：2021-06-24

申请号：US16853622

申请日：2020-04-20

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Thomas Szigeti ,  Jerome Henry ,  Ruben Gerald Lobo ,  Laurent Jean Charles Hausermann ,  Maik Guenter Seewald ,  Daniel R. Behrens

IPC: H04L12/24 ,  G06Q10/08 ,  H04L12/46

Abstract: According to one or more embodiments of the disclosure, a service obtains one or more component tags and one or more activity tags that were assigned to an endpoint device in a network based on deep packet inspection of traffic associated with the endpoint device. The service determines an intent of the endpoint device, using the one or more component tags and the one or more activity tags that were assigned to the endpoint device. The service translates the intent of the endpoint device into a network segmentation policy. The service configures a network overlay in the network that implements the network segmentation policy.

公开(公告)号：US20210184935A1

公开(公告)日：2021-06-17

申请号：US17185382

申请日：2021-02-25

Applicant: Cisco Technology, Inc.

Inventor： M. David Hanes ,  Charles Calvin Byers ,  Joseph Michael Clarke ,  Gonzalo Salgueiro ,  Jerome Henry ,  Robert Edgar Barton

IPC: H04L12/24 ,  H04L12/26

Abstract: A method includes obtaining performance characterization values from endpoints managed by a first fog node at a first hierarchical level in a hierarchy of fog nodes. The method includes changing a first operating characteristic of the wireless network based on the performance characterization values. The first operating characteristic affects the operation of one or more of the endpoints. The method includes transmitting a portion of the performance characterization values to a second fog node at a second hierarchical level in the hierarchy of fog nodes. The method includes changing a second operating characteristic of the wireless network based on an instruction from the second fog node. The second operating characteristic affects the operation of the first fog node and/or other fog nodes at the first hierarchical level. Changing one or more of the first operating characteristic and the second operating characteristic satisfies an operating threshold for the wireless network.

公开(公告)号：US11036876B2

公开(公告)日：2021-06-15

申请号：US16105898

申请日：2018-08-20

Applicant: Cisco Technology, Inc.

Inventor： Maik Guenter Seewald ,  Robert Edgar Barton ,  Jerome Henry

IPC: G06F21/62 ,  H04L9/08 ,  G06F9/445 ,  H04L29/06

Abstract: The disclosed technology provides solutions that enable scalable and secure data retrieval between microservices by using microservice attributes to encrypt container based data stores. A process of the technology can include steps for: instantiating a first microservice and a second microservice in a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label, generating a first key based on the first attribute label and a second key based on the second attribute label, associating a first data store with the first microservice, wherein the first data store is encrypted using the first key, and associating a second data store with the second microservice, wherein the second data store is encrypted using the second key. Systems and machine readable media are also provided.

公开(公告)号：US11019481B2

公开(公告)日：2021-05-25

申请号：US16447454

申请日：2019-06-20

Applicant: Cisco Technology, Inc.

Inventor： Vishal Satyendra Desai ,  Jerome Henry ,  Robert Edgar Barton

IPC: H04W8/12 ,  H04W8/24 ,  H04W40/24 ,  H04B17/318 ,  H04W72/04

Abstract: The present disclosure is related to dynamic methods of managing roaming of client devices at boundaries of area serviced by access points. In one aspect, a method includes estimating by a controller, first signal information of a signal transmitted by an access point and received at a client device, the first signal information being from the perspective of the access point, the client device operating at a boundary of an area serviced by the access point; determining, by the controller, second signal information for the signal, the second signal information being from the perspective of the client device; and performing, by the controller, roaming management of the client device based on the first signal information and the second signal information.

公开(公告)号：US10951717B2

公开(公告)日：2021-03-16

申请号：US16156987

申请日：2018-10-10

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Jerome Henry ,  Robert Edgar Barton

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/725

Abstract: Systems, methods, and computer-readable media for differentiating service within a service mesh. A translator service receives network traffic directed to a service mesh from a communications network. The translator service can determine a service characteristic for the network traffic and update rulesets within the service mesh based on the determined service characteristic. The updated rulesets enable the service mesh to differentiate services for the network traffic similarly to forwarding rules within the communications network.

公开(公告)号：US20210068076A1

公开(公告)日：2021-03-04

申请号：US17097813

申请日：2020-11-13

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Vishal Satyendra Desai ,  Indermeet Singh Gandhi

IPC: H04W72/00 ,  H04W8/00 ,  H04W16/20 ,  H04W64/00 ,  H04W72/04 ,  H04W72/08

Abstract: Presented herein are methodologies for managing radio resources in a venue that implements a high density wireless infrastructure. The methodology includes detecting, using wireless access points, neighbor awareness networking (NAN) communications broadcast by a mobile device, determining a wireless channel on which the mobile device is sending the NAN communications, predicting a destination of the mobile device based on a path, through a predetermined venue, being taken by the mobile device, the path being detected using the wireless access points; and implementing a radio resource management remediation technique to reduce radio interference that is expected to be caused by the NAN communications broadcast by the mobile device at the destination based on the wireless channel and the destination.

公开(公告)号：US20200382519A1

公开(公告)日：2020-12-03

申请号：US16425520

申请日：2019-05-29

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Matthew William Gillies

IPC: H04L29/06 ,  H04L29/08

Abstract: Systems, methods, and computer-readable media for enforcing data sovereignty policies in a cloud environment are provided. An example method can include sending, by a cloud provider, to a government entity associated with a geographic area, a request for device certificates for nodes located within the geographic area; receiving device certificates for the nodes; creating a data sovereignty policy specifying that data associated with the government entity must be stored on nodes located within the geographic area; based on the device certificates, verifying those of the nodes that comply with the data sovereignty policy; and storing the data associated with the government entity on those of the nodes verified to comply with the data sovereignty policy.