公开(公告)号：US20210185529A1

公开(公告)日：2021-06-17

申请号：US16716786

申请日：2019-12-17

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Ram Mohan Ravindranath ,  Rajesh Indira Viswambharan

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/04 ,  H04W12/00 ,  H04L29/06 ,  H04L9/08 ,  H04W8/04 ,  H04L12/28

Abstract: In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

公开(公告)号：US10999312B2

公开(公告)日：2021-05-04

申请号：US16406585

申请日：2019-05-08

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Prashanth Patil ,  Ram Mohan Ravindranath

IPC: H04L29/06 ,  G06F9/50 ,  H04L29/08

Abstract: Systems and method handling software vulnerabilities in service meshes can include receiving information on software vulnerabilities from external feeds. From a services catalog which maintains data associated with service instances supported by a service mesh, one or more vulnerable service instances supported by the service mesh are identified. Notifications are provided to sidecar proxies associated with vulnerable service instances. The notifications include criteria such as criticality levels and categories associated with the software vulnerabilities. Based on destination policies for the vulnerable service instances, instructions are provided to the sidecar proxies to trip circuit breakers associated with the vulnerable service instances and thus prevent further access and cascading impact of the software vulnerabilities. The software vulnerabilities are reported to an orchestration system for the service mesh and a fix or different version of the vulnerable service instance is installed where possible.

公开(公告)号：US10949557B2

公开(公告)日：2021-03-16

申请号：US16105910

申请日：2018-08-20

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Ram Mohan Ravindranath ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: G06F21/62 ,  H04W84/04 ,  G06Q20/40 ,  H04L29/06 ,  G06F21/60

Abstract: Disclosed herein is a distributed ledger method for a fifth-generation (5G) network. A network slice is created in the 5G network and a root block is generated in response, containing parameters of the network slice and contracts between participants in the network slice. A blockID of the root block is transmitted to identified participants in the network slice, who sequentially commit a plurality of new blocks to a blockchain beginning from the root block. The plurality of new blocks comprises auditing information of the network slice, wherein the information is collected by the participants in the network slice. The blockchain is stored in a blockchain network of a plurality of disparate blockchains. Desired auditing information for the network slice is retrieved by using the blockID of the root block to traverse the blockchain beginning at the root block until all blocks with the desired auditing information have been read.

公开(公告)号：US20200287919A1

公开(公告)日：2020-09-10

申请号：US16293937

申请日：2019-03-06

Applicant: Cisco Technology, Inc.

Inventor： Ram Mohan Ravindranath ,  Prashanth Patil ,  Rajesh Indira Viswambharan

IPC: H04L29/06 ,  G06N20/00 ,  G06F16/28 ,  H04L12/741

Abstract: Systems, methods, computer-readable media, and devices are disclosed for verifying traffic classification. At a first node, a classification to a received packet is designated according to a local model. The classification of the packet by the first node is verified by sending packet information describing the packet to a distributed network comprising multiple nodes, where the packet information includes attributes of the packet. The classification of the packet is verified from receiving results from a second node that, based on the attributes, independently classifies the packet. Based on the verified classification, decentralized information for classifying packets is updated.

公开(公告)号：US20200112487A1

公开(公告)日：2020-04-09

申请号：US16153417

申请日：2018-10-05

Applicant: Cisco Technology, Inc.

Inventor： Kaustubh Inamdar ,  Ram Mohan Ravindranath ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: Systems and methods provide for validating a canary release of containers in a containerized production environment. A first container of the containerized production environment can receive network traffic. The first container can transmit the network traffic to a first version of a second container of the containerized production environment and to a traffic analysis engine. First metrics relating to processing by the first version of the second container can be captured. The traffic analysis engine can determine one or more traffic patterns included in the network traffic. The traffic analysis engine can cause simulated network traffic corresponding to the one or more traffic patterns to be transmitted to a second version (e.g., a canary release) of the containerized production environment. Second metrics relating to processing by the second version of the second container can be captured. A comparison between the first metrics and the second metrics can be presented.

公开(公告)号：US20200057860A1

公开(公告)日：2020-02-20

申请号：US16105910

申请日：2018-08-20

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Ram Mohan Ravindranath ,  Nagendra Kumar Nainar ,  Carlos M. Pignataro

IPC: G06F21/62

Abstract: Disclosed herein is a distributed ledger method for a fifth-generation (5G) network. A network slice is created in the 5G network and a root block is generated in response, containing parameters of the network slice and contracts between participants in the network slice. A blockID of the root block is transmitted to identified participants in the network slice, who sequentially commit a plurality of new blocks to a blockchain beginning from the root block. The plurality of new blocks comprises auditing information of the network slice, wherein the information is collected by the participants in the network slice. The blockchain is stored in a blockchain network of a plurality of disparate blockchains. Desired auditing information for the network slice is retrieved by using the blockID of the root block to traverse the blockchain beginning at the root block until all blocks with the desired auditing information have been read.

公开(公告)号：US20190288945A1

公开(公告)日：2019-09-19

申请号：US16434523

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851 ,  H04L12/911

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US10326817B2

公开(公告)日：2019-06-18

申请号：US15385461

申请日：2016-12-20

Applicant: Cisco Technology, Inc.

Inventor： Chidambaram Arunachalam ,  Gonzalo Salgueiro ,  Ram Mohan Ravindranath ,  Nagendra Kumar Nainar

IPC: G06F9/38 ,  H04L29/06 ,  H04L12/26 ,  H04L12/851 ,  H04L29/08 ,  H04L12/931 ,  H04L12/853 ,  H04M3/51 ,  H04M3/42

Abstract: An example method includes establishing a communication session between a first participant and a second participant, programming, via a control plane, a stream classifier which is to process packets associated with the communication session with classification logic. The method includes receiving a first packet at the stream classifier and, when the communication session requires recording, applying the classification logic at the stream classifier to route the first packet into a chosen service function path that includes a recording service function which reports media quality data to the control plane. Based on the media quality data, the classification logic is updated to cause a migration of the communication session to a new chosen service function path.

公开(公告)号：US10305782B2

公开(公告)日：2019-05-28

申请号：US15429284

申请日：2017-02-10

Applicant: Cisco Technology, Inc.

Inventor： Kaustubh Inamdar ,  Ram Mohan Ravindranath ,  Gonzalo Salgueiro

IPC: H04L12/721 ,  H04L12/707 ,  H04L12/803 ,  H04L29/12

Abstract: A communication session is established between at least a first endpoint and a second endpoint, either or both of which is behind at least one network device in a network that performs network address translation. Candidate path information is obtained that indicates candidate paths in the network through which the communication session can traverse, taking into account, network address translation occurring in the network. The candidate path information is analyzed against training data and data about conditions observed on one or more candidate paths for the communication session with a machine learning-based interface selection process to produce path recommendation information indicating whether one or more candidate paths should or should not be used for the communication session between the first endpoint and the second endpoint. The path recommendation information is supplied to an endpoint in the communication session.

公开(公告)号：US10187429B2

公开(公告)日：2019-01-22

申请号：US15004103

申请日：2016-01-22

Applicant: Cisco Technology, Inc.

Inventor： Kaustubh Inamdar ,  Ram Mohan Ravindranath ,  Vinay Kumar Dharmaraj ,  Gonzalo Salgueiro

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/801 ,  H04L12/40

Abstract: In one embodiment, a device in a network maintains a plurality of network paths for a media session. The device identifies a subset of data for the media session as requiring redundancy. The device sends a packet in the identified subset of data for the media session as redundant packets via two or more of the plurality of network paths for the media session. The device sends a particular packet outside of the identified subset of data for the media session non-redundantly via one of the plurality of network paths for the media session.