公开(公告)号：US10230694B2

公开(公告)日：2019-03-12

申请号：US15211259

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  Ram Mohan Ravindranath

IPC: H04L29/06 ,  H04N21/2347 ,  H04N21/266 ,  H04N21/643 ,  H04N21/4405 ,  H04N7/14 ,  H04N7/15

Abstract: A media distribution network device connects to an online collaborative session between a first participant network device, a second participant network device, and a security participant network device. The security participant network device is configured to decrypt packets of the online collaborative session to apply security polices to the packets. An encrypted packet is received at the media distribution network device. The encrypted packet is received from the first participant network device containing data to be distributed as part of the online collaborative session. The encrypted packet is distributed to the security participant network device prior to distributing the encrypted packet to the second participant network device.

公开(公告)号：US10135826B2

公开(公告)日：2018-11-20

申请号：US14845505

申请日：2015-09-04

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: G06F21/56 ,  H04L29/06 ,  H04L29/08

Abstract: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.

公开(公告)号：US20180041524A1

公开(公告)日：2018-02-08

申请号：US15226758

申请日：2016-08-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Carlos M. Pignataro ,  James Guichard ,  Daniel G. Wing ,  Michael D. Geller

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/53 ,  H04L45/306 ,  H04L63/1458 ,  H04L67/2804 ,  H04L69/22

Abstract: Aspects of the embodiments are directed to a service classifier configured for steering cloned traffic through a service function chain. The service classifier is configured to create a cloned data packet by creating a copy of a data packet; activate a mirror bit in a network service header (NSH) of the cloned data packet, the mirror bit identifying the cloned packet to a service function forwarder network element as a cloned packet; and transmit the cloned packet to the service function forwarder network element.

公开(公告)号：US09843505B2

公开(公告)日：2017-12-12

申请号：US14724635

申请日：2015-05-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  Ram Mohan Ravindranath ,  William C. VerSteeg ,  Charles U. Eckel

IPC: H04L12/721 ,  H04L12/851 ,  H04L12/46 ,  H04L29/06 ,  H04L12/725

CPC classification number: H04L45/38 ,  H04L12/4633 ,  H04L45/302

Abstract: A computer-implemented method includes sending a first request message to a first server associated with a first access network indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic, receiving a first response message from the first server indicative of whether the first server is configured to support prioritization of tunneled traffic, establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller. The first network controller is configured to apply a quality of service policy within the first access network for each tunnel in accordance with the flow characteristics.

公开(公告)号：US20170346855A1

公开(公告)日：2017-11-30

申请号：US15165032

申请日：2016-05-26

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/20 ,  H04L61/1511 ,  H04L61/6009 ,  H04L63/104 ,  H04L67/2842

Abstract: A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).

公开(公告)号：US20170339130A1

公开(公告)日：2017-11-23

申请号：US15157588

申请日：2016-05-18

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/30 ,  H04L9/32 ,  H04L29/08

CPC classification number: H04L63/0823 ,  H04L9/30 ,  H04L9/3263 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/0428 ,  H04L63/1466 ,  H04L63/166 ,  H04L67/2847 ,  H04L69/326

Abstract: In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.

公开(公告)号：US09819512B2

公开(公告)日：2017-11-14

申请号：US14989132

申请日：2016-01-06

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Prashanth Patil ,  K. Tirumaleswar Reddy ,  Carlos M. Pignataro

IPC: H04L12/28 ,  H04L12/46 ,  H04L12/751 ,  H04L12/741 ,  H04L29/08

CPC classification number: H04L12/4633 ,  H04L45/02 ,  H04L45/74 ,  H04L67/146 ,  H04L67/16

Abstract: A classifier node in a service function chaining system receives a media stream from an endpoint device. The media stream is associated with a media session between the endpoint and at least one other endpoint. The classifier node determines a service function path for the media stream. The service function path includes an ordered list of service functions to process the media stream. The classifier node determines a session identifier for the media stream and encapsulates the media stream with a Network Service Header. The Network Service Header includes an indication of the service function path and a metadata header with the session identifier.

公开(公告)号：US20170264537A1

公开(公告)日：2017-09-14

申请号：US15066467

申请日：2016-03-10

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K. Tirumaleswar Reddy ,  Gonzalo Salgueiro ,  James N. Guichard ,  Carlos M. Pignataro

IPC: H04L12/721

CPC classification number: H04L45/566 ,  H04L45/302

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

公开(公告)号：US20170222917A1

公开(公告)日：2017-08-03

申请号：US15013027

申请日：2016-02-02

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing ,  James Neil Guichard

IPC: H04L12/707 ,  H04L12/851 ,  H04L12/741

CPC classification number: H04L45/24 ,  H04L45/74 ,  H04L47/193 ,  H04L47/2441

Abstract: A service classifier network device receives a subflow and identifies that the subflow is one of at least two subflows in a multipath data flow. Related data packets are sent from a source node to a destination node in the multipath data flow. The service classifier generates a multipath flow identifier and encapsulates the subflow with a header to produce an encapsulated first subflow. The header identifies a service function path and includes metadata with the multipath flow identifier.