公开(公告)号：US11316736B2

公开(公告)日：2022-04-26

申请号：US16865864

申请日：2020-05-04

Applicant: Cisco Technology, Inc.

Inventor： Maik Guenter Seewald ,  Robert Edgar Barton ,  Jerome Henry

IPC: H04L12/24 ,  G05B19/05 ,  H04L29/08 ,  H04L12/851 ,  H04L41/0816 ,  H04L41/08 ,  H04L41/5003 ,  H04L41/5041 ,  H04L69/324 ,  H04L47/2425

Abstract: A network controller automatically adjusts a computer network based on the operational information of an industrial device. The network controller receives a notification from a network element in the computer network that the industrial device attached to the network element has an administrative shell. The administrative shell includes operational information describing the operation of the industrial device. The network controller retrieves the administrative shell from the industrial device. The network controller parses the operational information in the administrative shell to determine an intent for the industrial device, and adjusts the computer network based on the intent of the industrial device.

公开(公告)号：US11284297B2

公开(公告)日：2022-03-22

申请号：US16841526

申请日：2020-04-06

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Russell Paul Gyurek ,  Jerome Henry

IPC: H04L12/723 ,  H04W28/06 ,  H04L45/50 ,  H04W40/02

Abstract: Systems, methods, and computer-readable media for the secure creation of application containers for 5G slices. A MEC application in a MEC layer of a 5G network can be associated with a specific network slice of the 5G network. A backhaul routing policy for the MEC application can be defined based on the association of the MEC application with the specific network slice of the 5G network. Further, a SID for the MEC application that associates the MEC application with a segment routing tunnel through a backhaul of the 5G network can be generated. A MEC layer access policy for the MEC application can be defined based on the SID for the MEC application. As follows, access to the MEC application through the 5G network can be controlled based on both the backhaul routing policy for the MEC application and the MEC layer access policy for the application.

公开(公告)号：US20210194851A1

公开(公告)日：2021-06-24

申请号：US16838822

申请日：2020-04-02

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Thomas Szigeti ,  Jerome Henry ,  Ruben Gerald Lobo ,  Laurent Jean Charles Hausermann ,  Maik Guenter Seewald ,  Daniel R. Behrens

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/823 ,  G05B19/05

Abstract: According to one or more embodiments of the disclosure, a device in a network identifies a packet sent via the network towards an endpoint as being a control packet for the endpoint. The device extracts one or more control parameter values from the control packet. The device compares the one or more control parameter values to a policy associated with the endpoint. The device initiates a corrective measure, based on a determination that the one or more control parameter values violate the policy associated with the endpoint.

公开(公告)号：US20210120088A1

公开(公告)日：2021-04-22

申请号：US16655316

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Chui-Tin Yen ,  Aamer Saeed Akhter

IPC: H04L29/08 ,  H04L29/12 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

Abstract: In one embodiment, a master on-boarding agent establishes a virtual private network (VPN) connection with a local on-boarding agent executed by a gateway of a vehicle. The master on-boarding agent receives, via the VPN connection, vehicle data obtained by the local on-boarding agent from a co-pilot system of the vehicle. The master on-boarding agent configures, based on the received vehicle data, the gateway of the vehicle with a network configuration, wherein the network configuration includes an Internet Protocol (IP) address for the gateway. The master on-boarding agent coordinates, based on the network configuration, application of a security policy to the gateway.

公开(公告)号：US10979918B2

公开(公告)日：2021-04-13

申请号：US16195987

申请日：2018-11-20

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Xiaoguang Jason Chen ,  Rupak Chandra ,  Ibrahim Mortada

IPC: H04W24/04 ,  H04W84/18

Abstract: In one embodiment, a method comprises identifying, by an apparatus, a mesh instability source device that adds a substantial instability influence that substantially degrades network communications in a mesh network, including: determining, for each mesh network device in the mesh network, a corresponding node stability contribution that identifies a long-term capability of the corresponding mesh network device to provide reliable communications for other mesh network devices in the mesh network, and determining a corresponding influence of the node stability contribution on child mesh network devices relying on the corresponding mesh network device for connectivity in the mesh network, and identifying the mesh instability source device as having a corresponding worst influence of the node stability contribution in the mesh network; and eliminating the substantial instability influence based on determining a remediation solution, and causing the remediation solution to be implemented for the mesh instability source device.

公开(公告)号：US10944757B2

公开(公告)日：2021-03-09

申请号：US16135915

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Bart Brinckman ,  Jerome Henry ,  Robert Edgar Barton ,  David Delano Ward

IPC: H04L29/06 ,  H04L12/46 ,  H04W12/06 ,  H04W12/08

Abstract: A method comprises obtaining, from a client device, a first set of application authentication credentials formatted in accordance with a first authentication protocol. The first set of application authentication credentials corresponds to a first user profile. The method includes translating the first set of application authentication credentials to a second set of application authentication credentials. The second set of application authentication credentials is formatted in accordance with a second authentication protocol different from the first authentication protocol and corresponds to the first user profile. The method includes providing the second set of application authentication credentials to an application authentication system. The method includes, in response to providing the second set of application authentication credentials to the application authentication system, obtaining, from the application authentication system, an application authentication indicator. In response to determining that the application authentication indicator indicates a successful authentication, granting the client device network access.

公开(公告)号：US10904805B1

公开(公告)日：2021-01-26

申请号：US16659630

申请日：2019-10-22

Applicant: Cisco Technology, Inc.

Inventor： Akram Ismail Sheriff ,  Xiaoguang Jason Chen ,  Jun Liu ,  Robert Edgar Barton ,  Jerome Henry

IPC: H04W24/02 ,  H04W36/00 ,  H04W36/32 ,  H04W36/38 ,  H04W4/40

Abstract: In one embodiment, a device in a wireless network receives telemetry data from a plurality of autonomous vehicles. The telemetry data is indicative of radio signal quality metrics experienced by the vehicles at a particular location over time. The device forms an array of wireless roaming thresholds by applying regression to the telemetry data. The device computes an optimum roaming threshold from the array of wireless roaming thresholds to be used by the vehicles when approaching the location. The device triggers, based on the computed optimum threshold, one or more of the autonomous vehicles to initiate access point roaming when approaching the particular location.

公开(公告)号：US20200351249A1

公开(公告)日：2020-11-05

申请号：US16402568

申请日：2019-05-03

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Maik Guenter Seewald ,  Jerome Henry

IPC: H04L29/06

Abstract: In one embodiment, a network policy engine obtains a substation configuration description for a substation, indicative of intelligent electronic devices (IEDs), associated network communication devices, and related communication configuration information. The network policy engine then creates a mapping of the IEDs and the associated network communication devices based on the substation configuration description, associating each of the IEDs to a corresponding network port of the associated network communication devices. The network policy engine may then further create network control parameters based on the substation configuration description, which comprise defined communication flows for the IEDs and associated security group tags (SGTs) for the defined communication flows. The techniques herein may then cause the SGTs to be imposed at mapped network ports of the network communication devices for the IEDs according to security group access (SGA)-based network control to thereby establish secure network communication for the IEDs within the particular substation.

公开(公告)号：US20200293925A1

公开(公告)日：2020-09-17

申请号：US16298465

申请日：2019-03-11

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Abhishek Kumar

IPC: G06N5/04 ,  G06N20/00 ,  G06F9/50 ,  G06F11/30

Abstract: The disclosed technology relates to a process for metered training of fog nodes within the fog layer. The metered training allows the fog nodes to be continually trained within the fog layer without the need for the cloud. Furthermore, the metered training allows the fog node to operate normally as the training is performed only when spare resources are available at the fog node. The disclosed technology also relates to a process of sharing better trained machine learning models of a fog node with other similar fog nodes thereby speeding up the training process for other fog nodes within the fog layer.

公开(公告)号：US20200153856A1

公开(公告)日：2020-05-14

申请号：US16185168

申请日：2018-11-09

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Robert Edgar Barton ,  Jerome Henry ,  Muthurajah Sivabalan

IPC: H04L29/06 ,  H04L12/803

Abstract: First data indicative of information that a packet is part of a DDoS attack is received at a management network device. A DDoS remediation network device to be used for remediation of packets associated with the DDoS attack is determined from the first data. Second data, indicative of the DDoS attack and indicative of the DDoS remediation network device, is transmitted from the management network device to an edge network device. The second data is configured to cause the edge network device to route packets associated with the DDoS attack to the DDoS remediation network device.