公开(公告)号：US20240248992A1

公开(公告)日：2024-07-25

申请号：US18601777

申请日：2024-03-11

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US20240022945A1

公开(公告)日：2024-01-18

申请号：US18476737

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W28/02 ,  H04W8/24 ,  H04W28/086

CPC classification number: H04W28/0205 ,  H04W28/0215 ,  H04W8/245 ,  H04W28/086

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US11909771B2

公开(公告)日：2024-02-20

申请号：US16889102

申请日：2020-06-01

Applicant: Cisco Technology, Inc.

Inventor： Darrin Joseph Miller ,  Kevin Patrick Regan ,  Einar Nilsen-Nygaard

IPC: H04L29/06 ,  H04L9/40 ,  H04L61/4511 ,  H04L61/5007

CPC classification number: H04L63/205 ,  H04L61/4511 ,  H04L61/5007 ,  H04L63/102

Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.

公开(公告)号：US11888898B2

公开(公告)日：2024-01-30

申请号：US17463751

申请日：2021-09-01

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Einar Nilsen-Nygaard

IPC: H04L9/40 ,  H04L61/5014

CPC classification number: H04L63/166 ,  H04L61/5014 ,  H04L63/0869 ,  H04L63/0884

Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.

公开(公告)号：US20210377314A1

公开(公告)日：2021-12-02

申请号：US16889102

申请日：2020-06-01

Applicant: Cisco Technology, Inc.

Inventor： Darrin Joseph Miller ,  Kevin Patrick Regan ,  Einar Nilsen-Nygaard

IPC: H04L29/06 ,  H04L29/12

Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.

公开(公告)号：US20210360465A1

公开(公告)日：2021-11-18

申请号：US17236659

申请日：2021-04-21

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Nancy Cam-Winget ,  Simone Arena ,  Darrin Joseph Miller ,  Sudhir Kumar Jain ,  Einar Nilsen-Nygaard

IPC: H04W28/02 ,  H04W8/24 ,  H04W28/08

Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

公开(公告)号：US20240340283A1

公开(公告)日：2024-10-10

申请号：US18746555

申请日：2024-06-18

Applicant: Cisco Technology, Inc.

Inventor： Roberto Mitsuo Kobo ,  Zheng Li ,  Gopala Krishna Andagunda ,  Einar Nilsen-Nygaard ,  Shree Murthy ,  Parthiv Shah

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  G06F9/45558 ,  H04L61/5014 ,  H04L63/101 ,  H04L63/20 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for authenticating and enforcing differentiated policies for a virtual machine (VM) executing in bridge mode on a host device are described. In an example method a fabric edge device determines a MAC address of the VM executing on the host device. The fabric edge device transmits an access request to create a session for the VM to an authentication server. The fabric edge device receives an indication that the VM is authenticated and a session for the VM has been created from the authentication server. The authentication server determines a policy to apply to packets communicated from the VM and assigns an IP address to the VM to create a MAC-IP binding for the VM. The fabric edge device applies the policy for the VM to packets with a source IP address corresponding to an IP address assigned to the VM.

公开(公告)号：US20230262525A1

公开(公告)日：2023-08-17

申请号：US17882859

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Einar Nilsen-Nygaard ,  Vivek Agarwal ,  Ajeet Pal Singh Gill ,  Ravi Sankar Mantha ,  Saravanan Radhakrishnan

IPC: H04W28/12 ,  H04L41/40 ,  H04W40/24

CPC classification number: H04W28/12 ,  H04L41/40 ,  H04W40/24

Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.

公开(公告)号：US20230185918A1

公开(公告)日：2023-06-15

申请号：US17547084

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US20220210192A1

公开(公告)日：2022-06-30

申请号：US17463751

申请日：2021-09-01

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Einar Nilsen-Nygaard

IPC: H04L29/06 ,  H04L29/12

Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.