公开(公告)号：US12212434B2

公开(公告)日：2025-01-28

申请号：US18536082

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  William Mark Townsley ,  Yoann Desmouceaux ,  David Delano Ward

IPC: H04L12/46 ,  G06F16/95

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

公开(公告)号：US11924108B2

公开(公告)日：2024-03-05

申请号：US18360342

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Neale David Raymond Ranns ,  David Delano Ward ,  David Richard Barach

IPC: H04L12/26 ,  H04L45/50 ,  H04L47/125 ,  H04L47/17 ,  H04L47/70

CPC classification number: H04L47/125 ,  H04L45/507 ,  H04L47/17 ,  H04L47/825

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

公开(公告)号：US20230370382A1

公开(公告)日：2023-11-16

申请号：US18360342

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Neale David Raymond Ranns ,  David Delano Ward ,  David Richard Barach

IPC: H04L47/125 ,  H04L45/50 ,  H04L47/17 ,  H04L47/70

CPC classification number: H04L47/125 ,  H04L45/507 ,  H04L47/17 ,  H04L47/825

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

公开(公告)号：US11575540B2

公开(公告)日：2023-02-07

申请号：US17671265

申请日：2022-02-14

Applicant: Cisco Technology, Inc.

Inventor： Pierre Pfister ,  William Mark Townsley ,  Yoann Desmouceaux ,  David Delano Ward

IPC: H04L12/46 ,  G06F16/95

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

公开(公告)号：US20210306256A1

公开(公告)日：2021-09-30

申请号：US16833197

申请日：2020-03-27

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Jakob Heitz ,  William Michael Hudson, JR. ,  Eric Voit

IPC: H04L12/725 ,  H04L12/715 ,  H04L9/32 ,  H04L9/06 ,  H04L29/12

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20210279619A1

公开(公告)日：2021-09-09

申请号：US16811806

申请日：2020-03-06

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David Delano Ward

IPC: G06N5/04 ,  G06F16/27

Abstract: In one embodiment, a first deep fusion reasoning engine (DFRE) agent in a network receives first sensor data from a first set of one or more sensors in the network. The first DFRE agent translates the first sensor data into symbolic data. The first DFRE agent applies, using a symbolic knowledge base maintained by the first DFRE agent, symbolic reasoning to the symbolic data to make an inference regarding the first sensor data. The first DFRE agent updates, based on the inference regarding the first sensor data, the knowledge base. The first DFRE agent propagates the inference to one or more other DFRE agents in the network.

公开(公告)号：US20210194912A1

公开(公告)日：2021-06-24

申请号：US16721513

申请日：2019-12-19

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Nancy Cam-Winget ,  Eric Voit ,  Jesse Daniel Backman

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.

公开(公告)号：US11038881B2

公开(公告)日：2021-06-15

申请号：US16178239

申请日：2018-11-01

Applicant: Cisco Technology, Inc.

Inventor： Bart Brinckman ,  Jerome Henry ,  Malcolm Muir Smith ,  Mark Grayson ,  David Delano Ward

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  H04W84/12

Abstract: Various embodiments disclosed herein include apparatuses, systems, devices, and methods for anonymously generating an encrypted session for a client device in a wireless network. The method comprises, in response to providing, to the client device in the wireless network, a request for credentials associated with the client device, obtaining, from the client device, a response including proposed credentials associated with the client device. The method further comprises determining whether or not the format of the response matches a response template. The method further comprises, in response to determining that the format of the response matches the response template, generating an encrypted wireless session for the client device independent of the proposed credentials associated with the client device.

公开(公告)号：US10965516B2

公开(公告)日：2021-03-30

申请号：US16429177

申请日：2019-06-03

Applicant: Cisco Technology, Inc.

Inventor： Enzo Fenoglio ,  Hugo Latapie ,  David Delano Ward ,  Sawsen Rezig ,  Raphaël Wouters ,  Didier Colens ,  Donald Mark Allen ,  Dmitri Goloubev

IPC: H04L12/24 ,  G06N20/00 ,  G06N5/04 ,  H04L12/26

Abstract: In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

公开(公告)号：US10944757B2

公开(公告)日：2021-03-09

申请号：US16135915

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Bart Brinckman ,  Jerome Henry ,  Robert Edgar Barton ,  David Delano Ward

IPC: H04L29/06 ,  H04L12/46 ,  H04W12/06 ,  H04W12/08

Abstract: A method comprises obtaining, from a client device, a first set of application authentication credentials formatted in accordance with a first authentication protocol. The first set of application authentication credentials corresponds to a first user profile. The method includes translating the first set of application authentication credentials to a second set of application authentication credentials. The second set of application authentication credentials is formatted in accordance with a second authentication protocol different from the first authentication protocol and corresponds to the first user profile. The method includes providing the second set of application authentication credentials to an application authentication system. The method includes, in response to providing the second set of application authentication credentials to the application authentication system, obtaining, from the application authentication system, an application authentication indicator. In response to determining that the application authentication indicator indicates a successful authentication, granting the client device network access.