公开(公告)号：US20200057863A1

公开(公告)日：2020-02-20

申请号：US16105898

申请日：2018-08-20

Applicant: Cisco Technology, Inc.

Inventor： Maik Guenter Seewald ,  Robert Edgar Barton ,  Jerome Henry

IPC: G06F21/62 ,  H04L29/06 ,  G06F9/445 ,  H04L9/08

Abstract: The disclosed technology provides solutions that enable scalable and secure data retrieval between microservices by using microservice attributes to encrypt container based data stores. A process of the technology can include steps for: instantiating a first microservice and a second microservice in a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label, generating a first key based on the first attribute label and a second key based on the second attribute label, associating a first data store with the first microservice, wherein the first data store is encrypted using the first key, and associating a second data store with the second microservice, wherein the second data store is encrypted using the second key. Systems and machine readable media are also provided.

公开(公告)号：US20180242169A1

公开(公告)日：2018-08-23

申请号：US15581213

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Michael Alan Kowal ,  Stephen Michael Orr ,  Robert Edgar Barton ,  Jerome Henry ,  Malcolm Muir Smith

IPC: H04W24/02

CPC classification number: H04W24/02 ,  H04W28/0247 ,  H04W28/08 ,  H04W88/08

Abstract: Presented herein are techniques for optimizing spectral efficiency in a network. One or more metrics of one or more wireless access points that enable one or more wireless client devices to connect to a wireless network are monitored. The one or more metrics reflect a level of client device activity. Based on the one or more metrics, the level of client device activity is determined to require a change in a number of the one or more wireless access points that are active to serve the one or more wireless client devices. The one or more wireless access points are activated or deactivated to improve a spectral efficiency of the wireless network.

公开(公告)号：US20250097774A1

公开(公告)日：2025-03-20

申请号：US18470106

申请日：2023-09-19

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Akram Sheriff ,  Robert Edgar Barton

IPC: H04W28/16 ,  H04L5/00 ,  H04W24/10 ,  H04W28/08

Abstract: A system and method are provided for timing measurement in a wireless network to determine a location of a station (STA). A channel stability is determined for a channel between an initiating station (ISTA) and a first responding station (RSTA). A request for a first timing-measurement exchange is sent from the ISTA and the first RSTA. Parameters are negotiated for the first timing-measurement exchange based on the determined channel stability, and then the timing-measurement exchange is performed to generate a first set of times. This process is then repeated for another timing-measurement exchange between the ISTA and a second RSTA to generate a second set of times. A location of the ISTA is determined based on the first and the second sets of times.

公开(公告)号：US12255868B2

公开(公告)日：2025-03-18

申请号：US17862019

申请日：2022-07-11

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L61/4511 ,  H04L9/32 ,  H04L61/2514

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.

公开(公告)号：US20250080564A1

公开(公告)日：2025-03-06

申请号：US18460786

申请日：2023-09-05

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Bhavik Pradeep Shah ,  Indermeet Singh Gandhi ,  Jerome Henry

IPC: H04L9/40

Abstract: Provided herein are techniques to facilitate vulnerability management for one or more endpoint devices of a network based on network infrastructure security context. In one example, a computer-implemented method may include determining a base vulnerability score for a particular vulnerability that is detected for an endpoint device of an enterprise network; determining topology information for the endpoint device within the enterprise network; translating the particular vulnerability to triggering information; performing a comparison between the security policies for the one or more network security mechanisms of network security infrastructure and the triggering information to determine whether the endpoint device is protected from the particular vulnerability being triggered for the endpoint device; and generating an updated vulnerability score for the particular vulnerability by adjusting the base vulnerability score based on whether the endpoint device is protected from the particular vulnerability being triggered for the endpoint device.

公开(公告)号：US20250055829A1

公开(公告)日：2025-02-13

申请号：US18928456

申请日：2024-10-28

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L61/4511 ,  H04L9/32 ,  H04L61/2514

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service receives metadata associated with a client device on an encrypted channel. The DNS service applies a cryptographic hash function to the metadata to determine a first hash value and stores the first hash value in a metadata registry record with the corresponding client device metadata. The DNS service receives a DNS query containing a second hash value in an additional records section and determines that the second hash value corresponds to the first hash value. Based at least in part on the second hash value corresponding to the first hash value and the metadata associated with the client device, the DNS service resolves the DNS query and transmits a DNS response including the second hash value.

公开(公告)号：US20240381173A1

公开(公告)日：2024-11-14

申请号：US18467011

申请日：2023-09-14

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Vinay Saini ,  Robert Edgar Barton

IPC: H04W28/06 ,  H04L1/1607

Abstract: In one aspect, a method includes associating an MLO device with 2 transmission radios to yield a first communication link between the device and a first MLO access point and a second communication link between the device and a second MLO access point, wherein the device is configured to label the first communication link as a primary link and the second communication link as a secondary link; generating a sequence number to be assigned to a frame to be transmitted on the primary link and to a duplicate copy of the frame to be transmitted on the secondary link; associating a flag with the duplicate copy of the frame on the secondary link; and sending, from the device to the first and the second MLO access points, the frame and the duplicate copy on the primary link and the secondary link, respectively.

公开(公告)号：US20240364687A1

公开(公告)日：2024-10-31

申请号：US18306700

申请日：2023-04-25

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David John Zacks ,  Thomas Szigeti ,  Flemming S. Andreasen

IPC: H04L9/40

CPC classification number: H04L63/0876

Abstract: This disclosure describes techniques for validating a network device based on an operational context of the network device. The techniques may include receiving, via an intercepting node, a DNS query from a querying device. The techniques may include extracting the metadata from the DNS query. Based at least in part on verifying a signature of the metadata, the techniques may include extracting a location code from the metadata. Based at least in part on comparing the location code to an expected location of the intercepting node, the techniques may include sending a response to the querying device indicating a contextual validation of the querying device.

公开(公告)号：US12075342B2

公开(公告)日：2024-08-27

申请号：US18057810

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Robert Edgar Barton ,  Elango Ganesan ,  Swapna Anandan ,  Jerome Henry

IPC: H04W48/16 ,  H04W8/18 ,  H04W12/06 ,  H04W36/14 ,  H04W48/18 ,  H04W84/12

CPC classification number: H04W48/16 ,  H04W8/183 ,  H04W12/06 ,  H04W36/14 ,  H04W48/18 ,  H04W84/12

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

公开(公告)号：US20240259875A1

公开(公告)日：2024-08-01

申请号：US18104081

申请日：2023-01-31

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Jeff Apcar ,  Robert Edgar Barton

IPC: H04W28/08 ,  H04W16/22 ,  H04W76/18

CPC classification number: H04W28/0942 ,  H04W16/22 ,  H04W76/18

Abstract: This disclosure describes techniques for predicting and accommodating for outages in a satellite network using crowdsourced data. An example method includes receiving outage data indicating first outages experienced by first endpoints in a first geographical region. The first outages, for instance, include interruptions in communication between first satellites and the first endpoints. The example method further includes predicting, based on the outage data, a second outage comprising an interruption in communication between at least one second satellite and a second endpoint in a second geographical region. Further, the example method includes causing the second endpoint to transmit user data over a secondary network in advance of the second outage.