公开(公告)号：US20230083426A1

公开(公告)日：2023-03-16

申请号：US17474002

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: G07C9/28 ,  G07C9/22 ,  G07C9/00 ,  H04L29/06

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

公开(公告)号：US20230042610A1

公开(公告)日：2023-02-09

申请号：US17397230

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L29/06

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

公开(公告)号：US20230030403A1

公开(公告)日：2023-02-02

申请号：US17389708

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk

IPC: H04L29/06 ,  H04L29/08

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

公开(公告)号：US11469965B2

公开(公告)日：2022-10-11

申请号：US17217532

申请日：2021-03-30

Applicant: Cisco Technology, Inc.

Inventor： Sridar Kandaswamy ,  Sebastian Jeuk

IPC: H04L41/12 ,  H04L41/5051 ,  H04L41/0813 ,  H04L41/142 ,  H04L41/0823 ,  H04L41/08 ,  H04L41/0895 ,  H04L41/122 ,  H04L41/0897 ,  H04L67/10

Abstract: Techniques for deploying, monitoring, and modifying network topologies operating across multi-domain environments using formal models and weighting factors assigned to computing elements in the network topologies. The weighting factors restrict or allow the movement of various computing elements and/or element groupings to prevent undesirable disruptions or outages in the network topologies. Generally, the weighting factors may be determined based on an amount of disruption experienced in the network topologies if the corresponding computing element or grouping was migrated. As the amount of disruption caused by modifying a particular computing element increases, the weighting factor represents a greater measure of resistivity for migrating the computing element. In this way, topology deployment systems may allow, or disallow, the modification of particular computing elements based on weighting factors. Thus, the amount of disruption in the functioning of network topologies may be considered when optimizing the allocation of computing elements across multi-domain environments.

公开(公告)号：US11082542B2

公开(公告)日：2021-08-03

申请号：US16451723

申请日：2019-06-25

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/721 ,  H04L12/715

Abstract: A packet is received at a device configured to provide a service function within a network service chain. A network overlay and/or segmentation identifier is extracted from a header of the packet. The service function is applied to the packet according to policies specific to a network overlay and/or segmentation identified in the network overlay and/or segmentation identifier.

公开(公告)号：US10979347B2

公开(公告)日：2021-04-13

申请号：US16172765

申请日：2018-10-27

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo A. Salgueiro

IPC: H04L12/24 ,  H04L12/725 ,  H04L12/851 ,  H04L12/46 ,  H04L29/06

Abstract: Certain aspects of the present disclosure are generally directed to version-aware service function chaining. One example method generally includes determining version information corresponding to one or more of a plurality of network functions to be performed for a packet for a service function chain (SFC) and encapsulating a service header in the packet for the SFC, the service header indicating the plurality of network functions to be performed for the packet and the version information corresponding to the one or more network functions. In certain aspects, the method also includes sending the packet to one or more service nodes for performing the plurality of network functions in accordance with the service header.

公开(公告)号：US10893108B2

公开(公告)日：2021-01-12

申请号：US16352474

申请日：2019-03-13

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro ,  M. David Hanes

IPC: G06F15/16 ,  H04L29/08 ,  H04W88/08

Abstract: In one embodiment, a method comprises detecting, by an apparatus, establishment of a stateful application session between a mobile endpoint device and a stateful virtualized application executed by a first virtualization host in a data network, the mobile endpoint device establishing a network connection with the stateful virtualized application via a first wireless connection with a first network access point; generating, by the apparatus, a connection container comprising a connection identifier uniquely identifying the network connection, connection metadata describing the network connection, and application state metadata describing execution of the stateful virtualized application for the mobile endpoint device; and outputting, by the apparatus, the application state metadata for continuous execution of the stateful virtualized application by a second virtualization host associated with a second network access point, based on determining the mobile endpoint device connecting with the second network access point and disconnecting from the first network access point.

公开(公告)号：US20200259833A1

公开(公告)日：2020-08-13

申请号：US16863321

申请日：2020-04-30

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/06 ,  H04L9/06

Abstract: In an embodiment, a computer implemented method comprises receiving, at a first computing device associated with a managing entity, a request to perform an operation of a managed service; publishing to a first block of a distributed ledger system, by the first computing device associated with the managing entity, identification information of the managing entity; identifying, by a second computing device associated with the managed service, the identification information published to the first block of the distributed ledger system; publishing to a second block of the distributed ledger system, by the second computing device associated with the managed service, acknowledgement information comprising an indication that the identification information of the managing entity published to the first block was received and verified; publishing to a third block of the distributed ledger system, by the second computing device associated with the managed service, management request information comprising an operation request for the managing entity; identifying, by the first computing device associated with the managing entity, the management request information published to the third block of the distributed ledger system; publishing to a fourth block of the distributed ledger system, by the first computing device associated with the managing entity, management request acknowledgment information comprising an indication that the management request information of the third block was received; and in response to a performance of an operation included in the management request information published to the third block, publishing to a fifth block of the distributed ledger system, by the first computing device associated with the managing entity, management operation record information including a history of operations performed by the managing entity.

公开(公告)号：US10681049B2

公开(公告)日：2020-06-09

申请号：US16036805

申请日：2018-07-16

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  Gonzalo Salgueiro

IPC: H04L29/06 ,  H04L9/06

Abstract: In an embodiment, a computer implemented method comprises receiving, at a first computing device associated with a managing entity, a request to perform an operation of a managed service; publishing to a first block of a distributed ledger system, by the first computing device associated with the managing entity, identification information of the managing entity; identifying, by a second computing device associated with the managed service, the identification information published to the first block of the distributed ledger system; publishing to a second block of the distributed ledger system, by the second computing device associated with the managed service, acknowledgement information comprising an indication that the identification information of the managing entity published to the first block was received and verified; publishing to a third block of the distributed ledger system, by the second computing device associated with the managed service, management request information comprising an operation request for the managing entity; identifying, by the first computing device associated with the managing entity, the management request information published to the third block of the distributed ledger system; publishing to a fourth block of the distributed ledger system, by the first computing device associated with the managing entity, management request acknowledgment information comprising an indication that the management request information of the third block was received; and in response to a performance of an operation included in the management request information published to the third block, publishing to a fifth block of the distributed ledger system, by the first computing device associated with the managing entity, management operation record information including a history of operations performed by the managing entity.

公开(公告)号：US20200112487A1

公开(公告)日：2020-04-09

申请号：US16153417

申请日：2018-10-05

Applicant: Cisco Technology, Inc.

Inventor： Kaustubh Inamdar ,  Ram Mohan Ravindranath ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: Systems and methods provide for validating a canary release of containers in a containerized production environment. A first container of the containerized production environment can receive network traffic. The first container can transmit the network traffic to a first version of a second container of the containerized production environment and to a traffic analysis engine. First metrics relating to processing by the first version of the second container can be captured. The traffic analysis engine can determine one or more traffic patterns included in the network traffic. The traffic analysis engine can cause simulated network traffic corresponding to the one or more traffic patterns to be transmitted to a second version (e.g., a canary release) of the containerized production environment. Second metrics relating to processing by the second version of the second container can be captured. A comparison between the first metrics and the second metrics can be presented.