公开(公告)号：US20210120088A1

公开(公告)日：2021-04-22

申请号：US16655316

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Chui-Tin Yen ,  Aamer Saeed Akhter

IPC: H04L29/08 ,  H04L29/12 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

Abstract: In one embodiment, a master on-boarding agent establishes a virtual private network (VPN) connection with a local on-boarding agent executed by a gateway of a vehicle. The master on-boarding agent receives, via the VPN connection, vehicle data obtained by the local on-boarding agent from a co-pilot system of the vehicle. The master on-boarding agent configures, based on the received vehicle data, the gateway of the vehicle with a network configuration, wherein the network configuration includes an Internet Protocol (IP) address for the gateway. The master on-boarding agent coordinates, based on the network configuration, application of a security policy to the gateway.

公开(公告)号：US20200304506A1

公开(公告)日：2020-09-24

申请号：US16895548

申请日：2020-06-08

Applicant: Cisco Technology, Inc.

Inventor： Jazib Frahim ,  Haseeb Sarwar Niazi ,  Hazim Hashim Dahir ,  Aamer Saeed Akhter ,  Nancy Cam-Winget ,  Aun Raza

IPC: H04L29/06

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

公开(公告)号：US20140321315A1

公开(公告)日：2014-10-30

申请号：US13872980

申请日：2013-04-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Aamer Saeed Akhter ,  Plamen Nedeltchev Nedeltchev

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/142 ,  H04L12/4633 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/04 ,  H04L43/087 ,  H04L43/0894 ,  H04L43/10 ,  H04L43/106 ,  H04L63/0272 ,  H04L63/0407

Abstract: A method is provided in one example embodiment and includes generating at a first network device Virtual Private Network (“VPN”) encapsulated packets with anonymized headers; maintaining a table mapping the anonymized headers to original headers of the VPN encapsulated packets; receiving a trace request from an initiator; generating from the received trace request an out-of-tunnel trace request toward a second network device via at least one intermediate network device using the anonymized headers; and forwarding the received trace request as an in-tunnel trace request through a VPN tunnel.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括在具有匿名头部的第一网络设备虚拟专用网（“VPN”）生成封装分组的方法; 维护将匿名头部映射到VPN封装分组的原始头部的表; 从发起者接收跟踪请求; 从接收到的跟踪请求生成通过使用匿名头的至少一个中间网络设备向第二网络设备发送隧道外跟踪请求; 并通过VPN隧道将接收到的跟踪请求转发为隧道内跟踪请求。

公开(公告)号：US11064030B2

公开(公告)日：2021-07-13

申请号：US16655316

申请日：2019-10-17

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Chui-Tin Yen ,  Aamer Saeed Akhter

IPC: H04W4/00 ,  H04L29/08 ,  H04L29/12 ,  H04L12/24 ,  H04L29/06 ,  H04L12/46

Abstract: In one embodiment, a master on-boarding agent establishes a virtual private network (VPN) connection with a local on-boarding agent executed by a gateway of a vehicle. The master on-boarding agent receives, via the VPN connection, vehicle data obtained by the local on-boarding agent from a co-pilot system of the vehicle. The master on-boarding agent configures, based on the received vehicle data, the gateway of the vehicle with a network configuration, wherein the network configuration includes an Internet Protocol (IP) address for the gateway. The master on-boarding agent coordinates, based on the network configuration, application of a security policy to the gateway.

公开(公告)号：US09357410B2

公开(公告)日：2016-05-31

申请号：US14016463

申请日：2013-09-03

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev Nedeltchev ,  Aamer Saeed Akhter ,  Balachander Chandrasekaran ,  Eric Yu ,  Salman Asadullah ,  Michael P. O'Brien

IPC: H04W4/00 ,  H04W24/08 ,  H04W76/00

CPC classification number: H04W24/08 ,  H04W76/00

Abstract: Techniques are presented herein for enabling performance monitoring of flows within a management and provisioning tunnel used for communicating packets between a wireless controller and wireless access point devices. A wireless controller that is configured to communicate with at least one wireless access point obtains a packet to be sent to the wireless access point for wireless transmission in a wireless network by the wireless access point. The wireless controller identifies, based on the packet, traffic session flow information associated with the packet. The wireless controller encapsulates the packet with a tunneling header that comprises the traffic session flow information and sends the encapsulated packet to the wireless access point. The tunneling header may also comprise an application identifier (ID) associated with the packet.

Abstract translation: 本文介绍了技术，用于实现用于在无线控制器和无线接入点设备之间传送分组的管理和供应隧道内的流的性能监视。 被配置为与至少一个无线接入点通信的无线控制器获得要发送到无线接入点的分组，以通过无线接入点在无线网络中进行无线传输。 无线控制器基于分组识别与分组相关联的业务会话流信息。 无线控制器使用包括流量会话流信息的隧道报头封装分组，并将封装的分组发送到无线接入点。 隧道报头还可以包括与分组相关联的应用标识符（ID）。

公开(公告)号：US09185033B2

公开(公告)日：2015-11-10

申请号：US14335427

申请日：2014-07-18

Applicant: Cisco Technology, Inc.

Inventor： Mohamed Khalid ,  Aamer Saeed Akhter ,  Kenneth Alan Durazzo

IPC: H04L12/28 ,  H04L12/721 ,  H04L12/701 ,  H04L12/727 ,  H04L12/733 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L45/70 ,  H04L43/0829 ,  H04L45/00 ,  H04L45/121 ,  H04L45/122 ,  H04L67/06 ,  H04L2212/00

Abstract: In an example embodiment, a method for selecting a communication path is provided. The method may comprise receiving data encapsulated in a transport protocol. In addition, a classification type and exit path information associated with the classification type may be received. The data is associated with the classification type and then is encapsulated in Stream Control Transmission Protocol (SCTP) based on the exit path information. This exit path information is associated with the classification type that is associated with the data.

Abstract translation: 在一个示例性实施例中，提供了一种用于选择通信路径的方法。 该方法可以包括接收封装在传输协议中的数据。 此外，可以接收与分类类型相关联的分类类型和出口路径信息。 数据与分类类型相关联，然后基于出口路径信息封装在流控制传输协议（SCTP）中。 该出口路径信息与与数据相关联的分类类型相关联。

公开(公告)号：US09059926B2

公开(公告)日：2015-06-16

申请号：US13872980

申请日：2013-04-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Aamer Saeed Akhter ,  Plamen Nedeltchev Nedeltchev

IPC: H04L12/26 ,  H04L12/24 ,  H04L12/46

CPC classification number: H04L41/142 ,  H04L12/4633 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/04 ,  H04L43/087 ,  H04L43/0894 ,  H04L43/10 ,  H04L43/106 ,  H04L63/0272 ,  H04L63/0407

Abstract: A method is provided in one example embodiment and includes generating at a first network device Virtual Private Network (“VPN”) encapsulated packets with anonymized headers; maintaining a table mapping the anonymized headers to original headers of the VPN encapsulated packets; receiving a trace request from an initiator; generating from the received trace request an out-of-tunnel trace request toward a second network device via at least one intermediate network device using the anonymized headers; and forwarding the received trace request as an in-tunnel trace request through a VPN tunnel.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括在具有匿名头部的第一网络设备虚拟专用网（“VPN”）生成封装分组的方法; 维护将匿名头部映射到VPN封装分组的原始头部的表; 从发起者接收跟踪请求; 从接收到的跟踪请求生成通过使用匿名头的至少一个中间网络设备向第二网络设备发送隧道外跟踪请求; 并通过VPN隧道将接收到的跟踪请求转发为隧道内跟踪请求。

公开(公告)号：US10733575B2

公开(公告)日：2020-08-04

申请号：US15615176

申请日：2017-06-06

Applicant: Cisco Technology, Inc.

Inventor： Hazim Hashim Dahir ,  Aamer Saeed Akhter ,  Jazib Frahim ,  Haseeb Sarwar Niazi

IPC: G06Q10/10 ,  G06Q10/02 ,  G10L15/02 ,  G10L25/78 ,  G10L17/00

Abstract: In one embodiment, a supervisory device in a network, configured to interact with one or more sensors positioned in a given area and with a conference room scheduling service, obtains an acoustic feature of the area from one or more of the sensors. The supervisory device makes a determination that a conference room should be reserved based on the acoustic feature and selects a particular conference room based on the determination that a conference room should be reserved. The supervisory device instructs a conference room scheduling service to reserve the particular conference room.

公开(公告)号：US20160105346A1

公开(公告)日：2016-04-14

申请号：US14514209

申请日：2014-10-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Carlos M. Pignataro ,  Plamen Nedeltchev Nedeltchev ,  Aamer Saeed Akhter

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L63/0435 ,  H04L41/0893 ,  H04L41/28 ,  H04L43/08 ,  H04L43/0817 ,  H04L43/0829 ,  H04L43/0864 ,  H04L43/087 ,  H04L43/0876 ,  H04L63/065 ,  H04L63/104

Abstract: The present disclosure describes methods and systems for providing and enforcing scalable federated policies for network-provided flow-based performance metrics. Due to different security concerns related to different domains, varying group policies can be applied to different domains to ensure proper sharing and receipt of flow-based performance metrics. Some policies can limit the type of performance metric being shared among the nodes in the domain. Some policies allow less information to be exposed by specifying aggregated performance metrics to be shared among the nodes in the domain. A group key management infrastructure can be provided to enforce these group policies in the network in a scalable manner.

Abstract translation: 本公开描述了用于为网络提供的基于流的性能度量提供和实施可扩展联合策略的方法和系统。 由于与不同域名相关的不同安全性问题，不同的组策略可以应用于不同的域，以确保正确共享和接收基于流的性能指标。 一些策略可以限制在域中的节点之间共享的性能度量的类型。 一些策略允许通过指定要在域中的节点之间共享的聚合性能指标来公开较少的信息。 可以提供组密钥管理基础设施，以可扩展的方式在网络中强制实施这些组策略。

公开(公告)号：US11411957B2

公开(公告)日：2022-08-09

申请号：US16895548

申请日：2020-06-08

Applicant: Cisco Technology, Inc.

Inventor： Jazib Frahim ,  Haseeb Sarwar Niazi ,  Hazim Hashim Dahir ,  Aamer Saeed Akhter ,  Nancy Cam-Winget ,  Aun Raza

IPC: H04L9/40

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.