公开(公告)号：US20180103037A1

公开(公告)日：2018-04-12

申请号：US15287454

申请日：2016-10-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Louis Gwyn Samuel

IPC: H04L29/06 ,  H04L12/927 ,  H04L12/911 ,  H04L29/08 ,  G06F9/455 ,  H04L9/32

CPC classification number: H04L63/101 ,  G06F9/45558 ,  G06F21/604 ,  G06F2009/45587 ,  H04L9/3265 ,  H04L63/0428 ,  H04L63/0823

Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products embodied at a server managing a resource for providing access to a resource in a distributed network. Embodiments include receiving a request from a client for access to a resource, the request comprising a named capability identifying the resource and identifying a server managing the resource; determining, from the named capability, whether the client is authorized to access the resource identified by the named capability; and granting access to the resource named by the named capability based on the named capability received with the request.

公开(公告)号：US20230004651A1

公开(公告)日：2023-01-05

申请号：US17662477

申请日：2022-05-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender

IPC: G06F21/57 ,  G06F9/54

Abstract: According to some embodiments, a method comprises: obtaining an application programming interface (API) specification for an API service; performing one or more tests on the API service to determine an amount of deviation between the API service and the API specification; and determining a deviation score based on the amount of deviation between the API service and the API specification. The method may include transmitting the deviation score to a scoring agent.

公开(公告)号：US20210273913A1

公开(公告)日：2021-09-02

申请号：US16855809

申请日：2020-04-22

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jeffrey Michael Napper

IPC: H04L29/06 ,  H04L12/46

Abstract: An identity provider (IdP) service interoperates with a Virtual Private Network (VPN) client. The IdP service receives a login request originating from the VPN client to establish a VPN tunnel between the VPN client and a VPN host, the login request indicating a user of the VPN client. The IdP service provides a response to the login request. The response includes at least both first information including an indication that the user of the VPN client is an authorized user and second information including an indication of a VPN policy for the VPN tunnel, the VPN policy including a VPN client policy to be utilized during the VPN tunnel by the VPN client and a VPN host policy to be utilized during the VPN tunnel by the VPN host.

公开(公告)号：US11012251B2

公开(公告)日：2021-05-18

申请号：US16149756

申请日：2018-10-02

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Ijsbrand Wijnands ,  Alessandro Duminuco ,  Jeffrey Michael Napper ,  Subhasri Dhesikan

IPC: H04L12/18 ,  H04L12/801 ,  H04L12/863 ,  H04L12/931 ,  H04L12/937

Abstract: In one example embodiment, a server generates a candidate instantiation of virtual applications among a plurality of hosts in a data center to support a multicast stream. The server provides, to a first set of agents corresponding to a first set of the plurality of hosts, a command to initiate a test multicast stream. The server provides, to a second set of agents corresponding to a second set of the plurality of hosts, a command to join the test multicast stream. The server obtains, from the second set of agents, a message indicating whether the second set of agents received the test multicast stream. If the message indicates that the second set of agents received the test multicast stream, the server causes the virtual applications to be instantiated in accordance with the candidate instantiation of the virtual applications.

公开(公告)号：US20210044623A1

公开(公告)日：2021-02-11

申请号：US16867642

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. Bosch ,  Sape Jurriën Mullender ,  Jeffrey Michael Napper ,  Alessandro Duminuco ,  Shivani Raghav

IPC: H04L29/06 ,  G06F21/57 ,  G06F9/54

Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.

公开(公告)号：US10798187B2

公开(公告)日：2020-10-06

申请号：US15627084

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper

IPC: H04L29/08 ,  H04L29/06

Abstract: In one embodiment, secure service chaining can be implemented efficiently for content delivery systems. An orchestrator can determine a service chain for processing a request from a client for content. The orchestrator can determine a capability identifying nodes of the service chain. The orchestrator can then transmit, to the client, a redirect message having the capability, wherein the redirect message redirects the request to a first node of the service chain. The nodes of the service chain can verify the capability and carry out the service chain. Service functions can be applied to the traffic flow associated with delivering the content to the user.

公开(公告)号：US20190356590A1

公开(公告)日：2019-11-21

申请号：US16531549

申请日：2019-08-05

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L29/08 ,  H04L12/761 ,  H04L29/06 ,  H04L12/717

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US10469379B2

公开(公告)日：2019-11-05

申请号：US15436540

申请日：2017-02-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Keith Burns ,  Jeffrey Napper ,  William Mark Townsley ,  Alessandro Duminuco ,  Andre Surcouf ,  Ijsbrand Wijnands ,  Humberto J. La Roche

IPC: H04L12/749 ,  H04L12/717 ,  H04L29/06 ,  H04L12/761 ,  H04L29/08 ,  H04L29/12

Abstract: A method is provided in one example embodiment and may include determining at a parent content node that a plurality of recipient content nodes are to receive a same content; generating, based on a determination that the same content is available at the parent content node, a multi-delivery header comprising a plurality of identifiers, wherein each identifier of the plurality of identifiers indicates each recipient content node that is to receive the same content; appending the multi-delivery header to one or more packets of an Internet Protocol (IP) flow associated with the same content; and transmitting packets for the IP flow to each of the plurality of the recipient content nodes.

公开(公告)号：US20180367621A1

公开(公告)日：2018-12-20

申请号：US15627084

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sape Jurriën Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Napper

IPC: H04L29/08

Abstract: In one embodiment, secure service chaining can be implemented efficiently for content delivery systems. An orchestrator can determine a service chain for processing a request from a client for content. The orchestrator can determine a capability identifying nodes of the service chain. The orchestrator can then transmit, to the client, a redirect message having the capability, wherein the redirect message redirects the request to a first node of the service chain. The nodes of the service chain can verify the capability and carry out the service chain. Service functions can be applied to the traffic flow associated with delivering the content to the user.

公开(公告)号：US20180302877A1

公开(公告)日：2018-10-18

申请号：US15486143

申请日：2017-04-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Aeneas Sean Dodd-Noble ,  Sape Jurriën Mullender ,  Timothy P. Stammers ,  Konstantin Livanos

IPC: H04W68/02 ,  H04W8/08 ,  H04L29/06

CPC classification number: H04W68/02 ,  H04L63/0281 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/123 ,  H04W8/08 ,  H04W76/10 ,  H04W84/00 ,  H04W88/02

Abstract: A method is provided in one example embodiment and may include receiving, by a mobility management frontend, an attach request for a user equipment (UE) to attach the UE to a core network slice type for a mobile core Software Defined Network (SDN) infrastructure, wherein a plurality of core network slice types are available for the mobile core SDN infrastructure to receive traffic from a plurality of UEs; determining a particular core network slice type within the mobile core SDN infrastructure to serve the UE based on subscriber information associated with the UE; selecting a particular slice instance of the particular core network slice type to receive traffic for the UE; and forwarding traffic for the UE between a Radio Access Network (RAN) and the particular slice instance by the mobility management frontend.