公开(公告)号：US09954767B2

公开(公告)日：2018-04-24

申请号：US14573830

申请日：2014-12-17

Applicant: Cisco Technology, Inc.

Inventor： Paal-Erik Martinsen ,  Daniel Wing

IPC: H04L12/28 ,  H04L12/761 ,  H04L12/721 ,  H04L12/749 ,  H04L12/801 ,  H04L12/841 ,  H04L12/833

CPC classification number: H04L45/16 ,  H04L45/44 ,  H04L45/741 ,  H04L47/17 ,  H04L47/2458 ,  H04L47/286

Abstract: In one implementation, an endpoint or client device sends a control message into a network to control how a subsequent flow from the endpoint is handled by one or more nodes in the network. A node in the network receives the control message including an encapsulated command and a counter value and modifies the counter value. The node compares the modified counter value to a predetermined limit. When the modified counter value is equal to the predetermined limit, the control message is designated for execution of the encapsulated command. When the modified counter value exceeds the predetermined limit, the control message is forwarded to a subsequent node.

公开(公告)号：US09705907B2

公开(公告)日：2017-07-11

申请号：US14613558

申请日：2015-02-04

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil ,  William Ver Steeg

IPC: G06F11/00 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/1425 ,  G06F21/554 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/145 ,  H04L67/104 ,  H04L67/1063

Abstract: In one embodiment, A tracker computer receives from a first device in a peer-to-peer network that the first device has content for serving. A content request for the content is received from a second device in the peer-to-peer network. The tracker computer routes the content from the first device to the second device through a server. The content routed through the server is inspected for malicious code.

公开(公告)号：US09571390B2

公开(公告)日：2017-02-14

申请号：US14089193

申请日：2013-11-25

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  William Ver Steeg ,  Daniel Wing

IPC: H04L29/06 ,  H04L12/721

CPC classification number: H04L45/72 ,  H04L63/0245 ,  H04L63/1408 ,  H04L63/20

Abstract: In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.

Abstract translation: 在一个实现中，使用安全即服务（SecaaS）系统下载流内容更为有效，因为部分流媒体内容可能不被SecaaS检查。 接收到从内容提供商下载内容的第一请求，并且与安全提供者发起连接，安全提供者检查内容的第一块，并且基于第一内容块的检查来生成路由指令。 基于路由指令和对第一块的检查，流式传输内容的第二块的请求被寻址到内容提供商。 流媒体内容的第二大部分规避了SecaaS系统。

公开(公告)号：US20160226899A1

公开(公告)日：2016-08-04

申请号：US14613558

申请日：2015-02-04

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil ,  Bill Ver Steeg

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1425 ,  G06F21/554 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/145 ,  H04L67/104 ,  H04L67/1063

Abstract: In one embodiment, A tracker computer receives from a first device in a peer-to-peer network that the first device has content for serving. A content request for the content is received from a second device in the peer-to-peer network. The tracker computer routes the content from the first device to the second device through a server. The content routed through the server is inspected for malicious code.

Abstract translation: 在一个实施例中，跟踪计算机从对等网络中的第一设备接收第一设备具有用于服务的内容。 从对等网络中的第二设备接收到针对内容的内容请求。 跟踪计算机通过服务器将内容从第一设备路由到第二设备。 通过服务器路由的内容将被检查恶意代码。

公开(公告)号：US20160182357A1

公开(公告)日：2016-06-23

申请号：US14573830

申请日：2014-12-17

Applicant: Cisco Technology, Inc.

Inventor： Paal-Erik Martinsen ,  Daniel Wing

IPC: H04L12/761 ,  H04L12/56 ,  H04L12/801 ,  H04L12/721

CPC classification number: H04L45/16 ,  H04L45/44 ,  H04L45/741 ,  H04L47/17 ,  H04L47/2458 ,  H04L47/286

Abstract: In one implementation, an endpoint or client device sends a control message into a network to control how a subsequent flow from the endpoint is handled by one or more nodes in the network. A node in the network receives the control message including an encapsulated command and a counter value and modifies the counter value. The node compares the modified counter value to a predetermined limit. When the modified counter value is equal to the predetermined limit, the control message is designated for execution of the encapsulated command. When the modified counter value exceeds the predetermined limit, the control message is forwarded to a subsequent node.

Abstract translation: 在一个实现中，端点或客户端设备将控制消息发送到网络中以控制来自端点的后续流如何由网络中的一个或多个节点处理。 网络中的节点接收包括封装命令和计数器值的控制消息，并修改计数器值。 节点将修改的计数器值与预定限制进行比较。 当修改的计数器值等于预定极限时，控制消息被指定用于执行封装命令。 当修改的计数器值超过预定限制时，控制消息被转发到后续节点。

公开(公告)号：US09369491B2

公开(公告)日：2016-06-14

申请号：US14537336

申请日：2014-11-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1408 ,  H04L63/166 ,  H04L63/30 ,  H04L67/02

Abstract: In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices.

Abstract translation: 在一个实现中，两个或多个端点或客户端设备通信使用基于浏览器的基于对等的实时通信协议。 这种协议的一个例子是Web实时通信（WebRTC）。 中间设备使用基于浏览器的实时通信从第一端点接收与第二端点通信的请求。 中间设备基于通信请求识别控制协议，并从第一端点接收一个或多个写入密钥。 中间设备使用一个或多个写入密钥监视第一端点和第二端点之间的通信。 中间设备的示例包括服务器，防火墙和其他网络设备。

公开(公告)号：US20160134659A1

公开(公告)日：2016-05-12

申请号：US14537336

申请日：2014-11-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1408 ,  H04L63/166 ,  H04L63/30 ,  H04L67/02

Abstract: In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices.

Abstract translation: 在一个实现中，两个或多个端点或客户端设备通信使用基于浏览器的基于对等的实时通信协议。 这种协议的一个例子是Web实时通信（WebRTC）。 中间设备使用基于浏览器的实时通信从第一端点接收与第二端点通信的请求。 中间设备基于通信请求识别控制协议，并从第一端点接收一个或多个写入密钥。 中间设备使用一个或多个写入密钥监视第一端点和第二端点之间的通信。 中间设备的示例包括服务器，防火墙和其他网络设备。

公开(公告)号：US20150026756A1

公开(公告)日：2015-01-22

申请号：US13944607

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06

CPC classification number: H04W12/08 ,  G06F15/16 ,  H04L29/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract translation: 在一个实现中，移动网络中的流量被定向到单个云服务器或安全服务器（例如，作为服务的安全性）的多个路径。 移动设备通过基于通过移动设备的第一接口的附件或连接的主连接来检测云连接器。 移动设备向云连接器发送请求以识别与云连接器相关联的云安全服务器。 在接收到云安全服务器的标识之后，移动设备将用于移动设备的第二接口或另一接口的一个或多个后续数据流或子流引导到云服务器或安全服务器。 第二数据流和第二接口与企业网络外部的另一网络和可信网络连接相关联，或者与企业网络和可信网络连接不相关联。