公开(公告)号：US20190236493A1

公开(公告)日：2019-08-01

申请号：US16135756

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Nancy Cam-Winget ,  Subharthi Paul ,  Blake Anderson ,  Saman Taghavi Zargar ,  Oleg Bessonov ,  Robert Frederick Albach ,  Sanjay Kumar Agarwal ,  Mark Steven Knellinger

IPC: G06N99/00 ,  G06K9/62 ,  H04L29/06

CPC classification number: G06N20/00 ,  G06K9/6257 ,  G06K9/6267 ,  G06N5/045 ,  G06N7/005 ,  G06N20/10 ,  G06N20/20 ,  H04L63/1416 ,  H04L67/12 ,  H04L67/34

Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.

公开(公告)号：US20190171823A1

公开(公告)日：2019-06-06

申请号：US15949560

申请日：2018-04-10

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Raghuram S. Sudhaakar ,  Nancy Cam-Winget

IPC: G06F21/57

Abstract: In one example embodiment, a network-connected device provides or obtains one or more computer network communications protected by a key. The network-connected device determines a count of the one or more computer network communications according to one or more properties of the one or more computer network communications. Based on the count of the one or more computer network communications, the network-connected device computes an information entropy of the key. Based on the information entropy of the key, the network-connected device dynamically generates a predicted threat level of the key.

公开(公告)号：US20170223021A1

公开(公告)日：2017-08-03

申请号：US15010939

申请日：2016-01-29

Applicant: Cisco Technology, Inc.

Inventor： Xuechen Yang ,  Nancy Cam-Winget

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06Q10/08 ,  G06Q50/04 ,  H04L63/08

Abstract: In one embodiment, a system and method are disclosed for receiving a request for authorization to commission a target device based, at least in part, on a plurality of requested commissioning actions; determining whether each of the requested commissioning actions is authorized; sending a commissioning authorization, which includes information identifying the one or more authorized commissioning actions; receiving a commissioning complete confirmation message, which includes information identifying one or more completed commissioning actions; validating the commissioning complete confirmation message, in order to ensure that each of the completed actions had been previously authorized; and if all of the completed commissioning actions were previously authorized, sending an acknowledgement message.

公开(公告)号：US09208295B2

公开(公告)日：2015-12-08

申请号：US13913621

申请日：2013-06-10

Applicant: Cisco Technology, Inc.

Inventor： Nancy Cam-Winget ,  Allan Thomson ,  Pok Wong ,  Vanaja Ravi

IPC: H04L29/00 ,  G06F21/30 ,  G06F21/62 ,  G06F9/54 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F9/542 ,  G06F21/30 ,  G06F21/6218 ,  H04L63/08 ,  H04L63/105 ,  H04L63/107

Abstract: Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities.

Abstract translation: 这里提出的技术是将安全控制层添加到支持发布订阅（pub-sub）和直接查询（同步）通信的分布式通信结构中。 安全控制层被配置为执行基于策略的认证技术以安全地管理通信结构内的数据/信息的交换并且启用新功能的注册/发现。

公开(公告)号：US20150106617A1

公开(公告)日：2015-04-16

申请号：US14572075

申请日：2014-12-16

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey ,  Nancy Cam-Winget ,  Susan E. Thomson ,  David Jones ,  Morteza Ansari ,  Klaas Wierenga ,  Joseph Salowey

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/08

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract translation: 提供了用于验证客户端设备的主体以访问软件即服务（SaaS）服务器的技术。 网络接入设备从客户端设备接收建立网络会话的请求，并将主体，客户端设备和网络会话的身份信息传送到会话目录数据库。 发送请求以访问SaaS服务器上的应用程序。 如果它不包含识别主题的身份断言，则将请求重定向到身份提供者设备，以向主题提供身份声明服务。 网络会话标识符被网络接入设备插入到请求中，该请求被转发给身份提供者设备。 身份提供者设备使用网络会话标识符来查询会话目录数据库，以获得要用于SaaS服务器的对象的安全断言的身份信息。

公开(公告)号：US12262450B2

公开(公告)日：2025-03-25

申请号：US18476737

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W8/24 ,  H04L61/5053 ,  H04L101/622 ,  H04W28/02 ,  H04W28/086

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US11849344B2

公开(公告)日：2023-12-19

申请号：US17236659

申请日：2021-04-21

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W28/02 ,  H04W8/24 ,  H04W28/086

CPC classification number: H04W28/0205 ,  H04W8/245 ,  H04W28/0215 ,  H04W28/086

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US20230379350A1

公开(公告)日：2023-11-23

申请号：US17750132

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Nancy Cam-Winget ,  Thomas Szigeti ,  Jerome Henry ,  Flemming Stig Andreasen

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425 ,  H04L63/1416 ,  H04L63/102

Abstract: In one embodiment, an illustrative method herein may comprise: determining, by a device, a profile of an asset in a network, the profile identifying a type of the asset and a particular activity of the asset; determining, by the device, a specific context of the asset within the network; assigning, by the device, a risk score for the profile based on one or more risk factors associated with the profile and a comparison of the profile to an expected behavior of the type of the asset within the specific context; and performing, by the device, one or more mitigation actions based on the risk score.

公开(公告)号：US11240246B2

公开(公告)日：2022-02-01

申请号：US16572995

申请日：2019-09-17

Applicant: Cisco Technology, Inc.

Inventor： Xuechen Yang ,  Nancy Cam-Winget

IPC: H04L29/06 ,  G06Q50/04 ,  G06Q10/08

Abstract: In one embodiment, functionality is disclosed for commissioning a target device based, at least in part, on providing identifying information that identifies a target device, where that identifying information is configured to be included in a request for authorization to commission the target device, and that request for authorization to commission the target device comprises one or more requested commissioning actions; receiving a commissioning authorization, where the commissioning authorization comprises information regarding one or more authorized commissioning actions for which a license is available, where the one or more authorized commissioning actions were selected from among the one or more requested commissioning actions; and performing the one or more authorized commissioning actions.

公开(公告)号：US20210119974A1

公开(公告)日：2021-04-22

申请号：US17116111

申请日：2020-12-09

Applicant: Cisco Technology, Inc.

Inventor： Jianxin Wang ,  Prashanth Patil ,  Flemming Andreasen ,  Nancy Cam-Winget ,  Hari Shankar

IPC: H04L29/06

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.