公开(公告)号：US20180205734A1

公开(公告)日：2018-07-19

申请号：US15408616

申请日：2017-01-18

Applicant: Cisco Technology, Inc.

Inventor： Daniel G. Wing ,  K. Tirumaleswar Reddy ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/0236 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/42 ,  H04L2463/121

Abstract: In one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a Uniform Resource Locator (URL) associated with the web server. In response, the browser sends, to a Domain Name System (DNS) server, a request for an Internet Protocol (IP) address correlated with the domain hosting the URL, and receives, from the DNS server, a response that comprises a block policy IP address and an appropriate error code. Based on this IP address and the error code indicated in the response, the browser renders an access denied page indicating that access to the web server associated with the URL is not permitted, wherein at least a portion of the access denied page is stored in memory accessible to the browser prior to sending the request for the IP address correlated with the domain that is hosting the URL.

公开(公告)号：US09985906B2

公开(公告)日：2018-05-29

申请号：US15283554

申请日：2016-10-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L12/927 ,  H04W72/04 ,  H04W24/08 ,  H04W72/08 ,  H04W84/12 ,  H04W84/04

CPC classification number: H04W24/08 ,  H04W28/26 ,  H04W72/1226 ,  H04W84/042 ,  H04W84/12

Abstract: In one embodiment, a device in an access network receives network condition data regarding the access network and requested flow characteristic data. The requested flow characteristic data is indicative of one or more flow characteristics requested by one or more subscribers for different periods of time. The device trains a machine learning-based classifier using the network condition data and the request flow characteristic data and receives a particular flow characteristic request from a particular subscriber node. The particular request indicates one or more requested flow characteristics for a specified time period. The device determines a probability of the access network being able to accommodate the particular flow characteristic request by classifying the particular flow characteristic request using the trained classifier. The device sends a flow characteristic response to the node of the particular subscriber node based on the determined probability.

公开(公告)号：US20180097740A1

公开(公告)日：2018-04-05

申请号：US15283554

申请日：2016-10-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L12/927 ,  H04W72/04 ,  H04W24/08 ,  H04W72/08

CPC classification number: H04W24/08 ,  H04W28/26 ,  H04W72/1226 ,  H04W84/042 ,  H04W84/12

Abstract: In one embodiment, a device in an access network receives network condition data regarding the access network and requested flow characteristic data. The requested flow characteristic data is indicative of one or more flow characteristics requested by one or more subscribers for different periods of time. The device trains a machine learning-based classifier using the network condition data and the request flow characteristic data and receives a particular flow characteristic request from a particular subscriber node. The particular request indicates one or more requested flow characteristics for a specified time period. The device determines a probability of the access network being able to accommodate the particular flow characteristic request by classifying the particular flow characteristic request using the trained classifier. The device sends a flow characteristic response to the node of the particular subscriber node based on the determined probability.

公开(公告)号：US20180007084A1

公开(公告)日：2018-01-04

申请号：US15245886

申请日：2016-08-24

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L29/06 ,  G06N99/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1425 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US20170374090A1

公开(公告)日：2017-12-28

申请号：US15191152

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L12/833 ,  H04L12/851 ,  H04L12/46 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/4641 ,  H04L41/16 ,  H04L43/026 ,  H04L43/04 ,  H04L47/2483 ,  H04L47/31 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

公开(公告)号：US20170289225A1

公开(公告)日：2017-10-05

申请号：US15090729

申请日：2016-04-05

Applicant: Cisco Technology, Inc.

Inventor： Jon M. Snyder ,  Pål-Erik Martinsen ,  Dan Tan ,  Herbert Wildfeuer ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L12/801 ,  H04L29/12

CPC classification number: H04L65/601 ,  H04L47/12 ,  H04L61/2514 ,  H04L61/2575 ,  H04L65/403 ,  H04L65/4069 ,  H04L65/602

Abstract: In one embodiment, a first device in a network sends a Session Traversal Utilities for Network Address Translation (STUN) binding request towards an endpoint device of a media session between the first and endpoint devices. The binding request includes one or more network attribute fields. The first device receives a binding response from an intermediate node between the first and endpoint devices in the network, in response to sending the binding request towards the endpoint device. The intermediate node inserted the one or more network attribute fields into the binding response. The received binding response includes one or more metrics for the media session in the one or more network attribute fields. The first device adjusts one or more bitrates of the media session based on the one or more metrics for the media session in the received binding response.

公开(公告)号：US20170155566A1

公开(公告)日：2017-06-01

申请号：US14953861

申请日：2015-11-30

Applicant: Cisco Technology, Inc.

Inventor： Pål-Erik Martinsen ,  Daniel G. Wing

IPC: H04L12/26

CPC classification number: H04L43/0864 ,  H04L41/12 ,  H04L41/142 ,  H04L41/16 ,  H04L43/10

Abstract: In one embodiment, a device in a network receives privatized network trace data that comprises round trip time information for hops along a communication path. The device groups the trace data into a plurality of network segments based on the round trip time information. The device calculates a segment trip time metric for one or more of the network segments based on the round trip time information associated with the one or more network segments.

公开(公告)号：US20170126406A1

公开(公告)日：2017-05-04

申请号：US14925033

申请日：2015-10-28

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing

IPC: H04L9/30 ,  H04W12/04

CPC classification number: H04L9/3066 ,  H04L9/30 ,  H04L9/3213 ,  H04L9/3247 ,  H04L12/1822 ,  H04L63/06 ,  H04L63/068 ,  H04L63/126 ,  H04L65/403 ,  H04L65/608 ,  H04W12/04

Abstract: In one embodiment, a device in a network establishes a trust relationship between the device and a key management service. The device receives keying information from the key management service based on the established trust relationship. The device applies a digital signature to media data for a conference using the keying information, whereby the device is designated as a speaker of the conference. The device provides the signed media data to one or more conference participant devices. The one or more conference participant devices use the signed media data to validate that the media data was signed by the designated speaker of the conference.

公开(公告)号：US09154484B2

公开(公告)日：2015-10-06

申请号：US13773157

申请日：2013-02-21

Applicant: Cisco Technology, Inc.

Inventor： Daniel G. Wing ,  Srinivas Chivukula ,  Tirumaleswar Reddy ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/08 ,  H04L61/2514 ,  H04L63/20 ,  H04L67/02 ,  H04L67/146 ,  H04L69/161 ,  H04L69/22

Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Abstract translation: 在一个实现中，基于身份的安全特征和策略被应用于中间设备（例如网络地址转换设备）之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输​​协议（HTTP）包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息，从而允许其他应用和协议的身份传播。

公开(公告)号：US20150249668A1

公开(公告)日：2015-09-03

申请号：US14255701

申请日：2014-04-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L47/10 ,  H04L47/2441 ,  H04L47/70 ,  H04L63/0263 ,  H04L63/10 ,  H04L65/60 ,  H04L65/80 ,  H04L67/10

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.