公开(公告)号：US10735203B2

公开(公告)日：2020-08-04

申请号：US15728208

申请日：2017-10-09

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Puneeth Rao Lokapalli ,  Carlos M. Pignataro

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

Abstract: In an example embodiment, a validating peer of a plurality of validating peers in a blockchain network receives, from a non-validating peer, a request to create a root block of a blockchain. The root block includes information related to a potential computer security threat. The validating peer creates the root block with a root block pending validation status. The validating peer shares, with other validating peers of the plurality of validating peers, a notification of the root block with the root block pending validation status to provide an indication of the information. The validating peer determines whether the information is authentic. If the information is determined to be authentic, the validating peer changes the root block pending validation status to a root block authenticated validation status and shares, with the other validating peers, a notification of the root block authenticated validation status to indicate that the information is authentic.

公开(公告)号：US20200007438A1

公开(公告)日：2020-01-02

申请号：US16558367

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K Tirumaleswar Reddy ,  Steven Richard Stites ,  James N. Guichard

IPC: H04L12/725 ,  H04L12/46

Abstract: A network node in a service function chain system receives a peer detection packet from a service function device in a service function path. The peer detection packet includes an inner packet with a header, such as a network service header. The network node detects a status indicator in the header that indicates a degradation in performing a service function at the service function device. The network node adjusts the service function path to compensate for the degradation in performing the service function at the service function device.

公开(公告)号：US20190356694A1

公开(公告)日：2019-11-21

申请号：US15984637

申请日：2018-05-21

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Prashanth Patil ,  Flemming Andreasen ,  Nancy Cam-Winget ,  Hari Shankar

IPC: H04L29/06

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

公开(公告)号：US10404488B2

公开(公告)日：2019-09-03

申请号：US15712400

申请日：2017-09-22

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Prashanth Patil ,  K. Tirumaleswar Reddy ,  Carlos M. Pignataro

IPC: H04L12/28 ,  H04L12/46 ,  H04L12/751 ,  H04L12/741 ,  H04L29/08

Abstract: A network node in a service function chaining system receives a media stream from an endpoint device. The media stream is associated with a media session between the endpoint and at least one other endpoint. The network node determines a path for the media stream. The path includes an ordered list of functions to process the media stream. The network node determines a session identifier for the media stream and encapsulates the media stream with a header. The header includes an indication of the path and the session identifier.

公开(公告)号：US20190260776A1

公开(公告)日：2019-08-22

申请号：US15898915

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Saman Taghavi Zargar ,  Subharthi Paul ,  Prashanth Patil ,  Jayaraman Iyer ,  Hari Shankar

IPC: H04L29/06 ,  H04L12/24 ,  G06N99/00

Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.

公开(公告)号：US10257214B2

公开(公告)日：2019-04-09

申请号：US15191152

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: G06F17/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30 ,  G06F7/00 ,  G06F15/18 ,  H04L29/06 ,  H04L12/833 ,  H04L12/851 ,  H04L12/46 ,  G06N99/00 ,  H04L12/24 ,  H04L12/26

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

公开(公告)号：US20180316724A1

公开(公告)日：2018-11-01

申请号：US15582026

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/166 ,  H04L9/0822 ,  H04L9/0827 ,  H04L63/0435 ,  H04L2463/062

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US10015208B2

公开(公告)日：2018-07-03

申请号：US14734164

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel G. Wing ,  James Guichard

IPC: G06F13/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L63/0281 ,  H04L63/0471 ,  H04L63/166 ,  H04L67/141 ,  H04L67/28

Abstract: A first service node receives a message configured to set up a secure communication session between a client and a server, in which the first service node acts as a proxy. Data packets in the secure communication session are subject to multiple service functions that require decryption of the data packets. A service function chain assigns a service node to each of the service functions. A service header is generated including metadata instructing the service nodes other than the first service node not to act as proxies in the secure communication session. The message and the service header are transmitted to a second service node in the service function chain.

公开(公告)号：US20170331780A1

公开(公告)日：2017-11-16

申请号：US15152841

申请日：2016-05-12

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/851

CPC classification number: H04L47/2483 ,  H04L45/306 ,  H04L45/66 ,  H04L61/1511 ,  H04L61/6009 ,  H04L61/6013 ,  H04L67/02 ,  H04L69/16

Abstract: An optimized approach to whitelisting includes, at a domain name service server, determining whether a first domain and a second domain resolve to a same Internet Protocol (IP) address, and in response to a request from a domain name service proxy as to whether the first domain resolves to an IP address shared by another domain, notifying the domain name service proxy that the first domain resolves to an IP address shared by another domain. The method further includes the domain name service proxy receiving from the domain name service server a response that indicates that the first domain resolves to an IP address shared by another domain, and storing, in memory, the IP address and an indication that the IP address is shared by another domain. A data flow associated with a shared IP address is subjected to further scrutiny even if the IP address is on a whitelist.

公开(公告)号：US09729565B2

公开(公告)日：2017-08-08

申请号：US14488973

申请日：2014-09-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/1425 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2514 ,  H04L63/0236 ,  H04L63/1408 ,  H04L63/145 ,  H04L67/02 ,  H04L67/10 ,  H04L69/16 ,  H04L69/22 ,  H04L2463/144

Abstract: In one implementation, a network device is configured to monitor communications associated with an endpoint and identify domain name service messages in the communications. Subsequently, the network device receives a hypertext transfer protocol (HTTP) request and determines whether a destination internet protocol (IP) address of the HTTP request is present in or absent from the domain name service messages. When the IP address is absent from the domain name service messages, the HTTP request is modified to trigger increased security.