公开(公告)号：US20230084085A1

公开(公告)日：2023-03-16

申请号：US17474033

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Thomas Szigeti ,  Carlos M. Pignataro ,  Jerome Henry

IPC: H04W12/033 ,  H04L9/32 ,  H04L9/30 ,  H04W48/10

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

公开(公告)号：US11483206B2

公开(公告)日：2022-10-25

申请号：US16989684

申请日：2020-08-10

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David J. Zacks

IPC: H04L41/0893 ,  H04L41/0816 ,  H04L47/20 ,  H04L49/9047 ,  H04L49/901 ,  H04L41/084 ,  H04L47/50

Abstract: Techniques for non-disruptive configuration changes are provided. A packet is received at a network device, and the packet is buffered in a common pool shared by a first processing pipeline and a second processing pipeline, where the first processing pipeline corresponds to a first policy and the second processing pipeline corresponds to a second policy. A first copy of a packet descriptor for the packet is queued in a first scheduler based on processing the first copy of the packet descriptor with the first processing pipeline. A second copy of the packet descriptor is queued in a second scheduler associated based on processing the second copy of the packet descriptor with the second processing pipeline. Upon determining that the first policy is currently active on the network device, the first copy of the packet descriptor is dequeued from the first scheduler.

公开(公告)号：US12052176B2

公开(公告)日：2024-07-30

申请号：US17495479

申请日：2021-10-06

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Nagendra Kumar Nainar ,  Akram Sheriff ,  Vinay Saini ,  David J. Zacks ,  Carlos M. Pignataro

IPC: H04L12/24 ,  H04L1/00 ,  H04L47/20 ,  H04L47/32

CPC classification number: H04L47/20 ,  H04L1/0078 ,  H04L47/32

Abstract: Techniques for policy-based failure handling of data that is received for processing by failed edge services are described herein. The techniques may include receiving, at an edge node of a network, a data handling policy for a service hosted on the edge node. The service may be configured to process traffic on behalf of an application hosted by a cloud-based platform. In some examples, the data handling policy may be stored in a memory that is accessible to the edge node. The techniques may also include receiving traffic at the edge node that is to be processed at least partially by the service. At least partially responsive to detecting an error associated with the service, the edge node may cause the traffic to be handled according to the data handling policy while the service is experiencing the error.

公开(公告)号：US20240031349A1

公开(公告)日：2024-01-25

申请号：US18372028

申请日：2023-09-22

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L63/107 ,  H04L63/102 ,  H04L63/0861 ,  G06F2221/2139 ,  H04L2463/082

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

公开(公告)号：US11792230B2

公开(公告)日：2023-10-17

申请号：US17473306

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David J. Zacks ,  Walter Hulick ,  Shannon McFarland

IPC: G06F21/62 ,  H04L9/40 ,  G06F21/51 ,  G06F21/78

CPC classification number: H04L63/20 ,  H04L63/0876 ,  H04L63/101

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise. After the access policies have been de-conflicted, the IBN architecture and Cloud-Native architecture may then apply consistent access policies for traffic and communications in their respective network architectures.

公开(公告)号：US20220255913A1

公开(公告)日：2022-08-11

申请号：US17178234

申请日：2021-02-17

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L29/06 ,  G06F21/31

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

公开(公告)号：US20160164825A1

公开(公告)日：2016-06-09

申请号：US14725371

申请日：2015-05-29

Applicant: Cisco Technology, Inc.

Inventor： Wolfgang Arno Riedel ,  Mark Montanez ,  Saravanan Radhakrishnan ,  Ralph Edward Droms ,  David J. Zacks ,  Rohit Kumar Suri

IPC: H04L29/12 ,  G06F17/30

CPC classification number: H04L61/1511 ,  H04L43/026 ,  H04L43/0876

Abstract: Methods and systems for implementing network traffic policies. A domain name system (DNS) infrastructure is accessed to obtain metadata associated with a destination address of a traffic flow; the traffic flow is classified by the destination address and the metadata; and a policy is applied to the traffic flow, wherein the policy is determined on the basis of the classification of the traffic flow.

Abstract translation: 实现网络流量策略的方法和系统。 访问域名系统（DNS）基础设施以获得与流量的目的地地址相关联的元数据; 流量按目的地址和元数据分类; 并且将策略应用于业务流，其中，基于业务流的分类来确定策略。

公开(公告)号：US20240349041A1

公开(公告)日：2024-10-17

申请号：US18755137

申请日：2024-06-26

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Thomas Szigeti ,  Carlos M. Pignataro ,  Jerome Henry

IPC: H04W12/033 ,  H04L9/30 ,  H04L9/32 ,  H04W48/10

CPC classification number: H04W12/033 ,  H04L9/30 ,  H04L9/3247 ,  H04W48/10 ,  H04L2209/80

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

公开(公告)号：US12052562B2

公开(公告)日：2024-07-30

申请号：US17474033

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Thomas Szigeti ,  Carlos M. Pignataro ,  Jerome Henry

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/32 ,  H04W12/033 ,  H04W48/10 ,  H04L12/28 ,  H04L29/08

CPC classification number: H04W12/033 ,  H04L9/30 ,  H04L9/3247 ,  H04W48/10 ,  H04L2209/80

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

公开(公告)号：US20230081708A1

公开(公告)日：2023-03-16

申请号：US17473306

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David J. Zacks ,  Walter Hulick ,  Shannon McFarland

IPC: H04L29/06

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise. After the access policies have been de-conflicted, the IBN architecture and Cloud-Native architecture may then apply consistent access policies for traffic and communications in their respective network architectures.