公开(公告)号：US12105840B2

公开(公告)日：2024-10-01

申请号：US17991286

申请日：2022-11-21

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: G06F21/62 ,  H04L61/4511

CPC classification number: G06F21/6245 ,  H04L61/4511

Abstract: Techniques for leveraging a distributed Domain Name System (DNS) infrastructure for preserving Personally Identifiable Information (PII) data for distributed resolvers using a hash to policy pair (HPP) database are described. A DNS security service receives metadata including PII associated with a client. A cryptographic hash function is applied to the metadata including PII associated with the client to generate a client hash value. A client HPP is created by mapping the client hash value to a set of DNS policy instructions associated with the client. The client HPP is stored in a HPP database. A distributed resolver is authorized to provide DNS services to the client. Finally, the HPP database is published to the distributed resolver.

公开(公告)号：US20240419841A1

公开(公告)日：2024-12-19

申请号：US18817965

申请日：2024-08-28

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: G06F21/62 ,  H04L61/4511

Abstract: Techniques for leveraging a distributed Domain Name System (DNS) infrastructure for preserving Personally Identifiable Information (PII) data by creating a hash to policy pair (HPP) database on premises at an enterprise organization. A policy engine hosted on premises at an enterprise organization applies a cryptographic hash function to metadata including PII associated with a client of the enterprise organization to generate a client hash value. The HPP is created by mapping the client hash value to a set of DNS policy instructions associated with the client and stored in the HPP database. The HPP database in published to a DNS security service, such that the DNS security service can resolve a DNS query for the client of the enterprise organization absent knowledge of the PII associated with the client by mapping the client hash value included in the DNS query to the client HPP in the HPP database.

公开(公告)号：US20240414045A1

公开(公告)日：2024-12-12

申请号：US18208659

申请日：2023-06-12

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Thomas Szigeti ,  Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L41/0631 ,  H04L41/0604 ,  H04L41/16

Abstract: Techniques for mitigating network failures (e.g., SLA violations, service degradations, network outages, etc.) based on output(s) from a predictive network system. The techniques may include determining that a failure is predicted to occur in a network and determining a correlation between the failure and a previous failure that occurred in the network. In examples, the correlation may be determined using a machine-learned model. The techniques may also include determining, based at least in part on the correlation, a condition contributing to the failure. In this way, prior to occurrence of the failure, a parameter associated with the network may be altered based at least in part on the condition to mitigate or otherwise prevent the failure.

公开(公告)号：US12255868B2

公开(公告)日：2025-03-18

申请号：US17862019

申请日：2022-07-11

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L61/4511 ,  H04L9/32 ,  H04L61/2514

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.

公开(公告)号：US20250055829A1

公开(公告)日：2025-02-13

申请号：US18928456

申请日：2024-10-28

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L61/4511 ,  H04L9/32 ,  H04L61/2514

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service receives metadata associated with a client device on an encrypted channel. The DNS service applies a cryptographic hash function to the metadata to determine a first hash value and stores the first hash value in a metadata registry record with the corresponding client device metadata. The DNS service receives a DNS query containing a second hash value in an additional records section and determines that the second hash value corresponds to the first hash value. Based at least in part on the second hash value corresponding to the first hash value and the metadata associated with the client device, the DNS service resolves the DNS query and transmits a DNS response including the second hash value.

公开(公告)号：US20240015132A1

公开(公告)日：2024-01-11

申请号：US17862019

申请日：2022-07-11

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L61/4511 ,  H04L61/2514 ,  H04L9/32

CPC classification number: H04L61/4511 ,  H04L61/2514 ,  H04L9/3236

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.

公开(公告)号：US20250036559A1

公开(公告)日：2025-01-30

申请号：US18225861

申请日：2023-07-25

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Barry Qi Yuan ,  Robert E. Barton

IPC: G06F11/36 ,  G06F9/54

Abstract: In one embodiment, a device identifies an application programming interface call within new code for an application. The device conducts testing of a plurality of endpoints associated with the application programming interface call. The device selects, based on results of the testing, a particular endpoint from among the plurality of endpoints. The device steers the application programming interface call made by the application towards the particular endpoint.

公开(公告)号：US20240414083A1

公开(公告)日：2024-12-12

申请号：US18206775

申请日：2023-06-07

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Thomas Szigeti ,  Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L45/00 ,  H04L45/74

Abstract: Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.

公开(公告)号：US20240169089A1

公开(公告)日：2024-05-23

申请号：US17991286

申请日：2022-11-21

Applicant: Cisco Technology, Inc.

Inventor： Barry Qi Yuan ,  Robert Edgar Barton

IPC: G06F21/62

CPC classification number: G06F21/6245

Abstract: Techniques for leveraging a distributed Domain Name System (DNS) infrastructure for preserving Personally Identifiable Information (PII) data for distributed resolvers using a hash to policy pair (HPP) database are described. A DNS security service receives metadata including PII associated with a client. A cryptographic hash function is applied to the metadata including PII associated with the client to generate a client hash value. A client HPP is created by mapping the client hash value to a set of DNS policy instructions associated with the client. The client HPP is stored in a HPP database. A distributed resolver is authorized to provide DNS services to the client. Finally, the HPP database is published to the distributed resolver.