公开(公告)号：US11539747B2

公开(公告)日：2022-12-27

申请号：US16780047

申请日：2020-02-03

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L9/40 ,  H04L9/08

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US20200007438A1

公开(公告)日：2020-01-02

申请号：US16558367

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K Tirumaleswar Reddy ,  Steven Richard Stites ,  James N. Guichard

IPC: H04L12/725 ,  H04L12/46

Abstract: A network node in a service function chain system receives a peer detection packet from a service function device in a service function path. The peer detection packet includes an inner packet with a header, such as a network service header. The network node detects a status indicator in the header that indicates a degradation in performing a service function at the service function device. The network node adjusts the service function path to compensate for the degradation in performing the service function at the service function device.

公开(公告)号：US20180316724A1

公开(公告)日：2018-11-01

申请号：US15582026

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/166 ,  H04L9/0822 ,  H04L9/0827 ,  H04L63/0435 ,  H04L2463/062

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US12028378B2

公开(公告)日：2024-07-02

申请号：US18068470

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/166 ,  H04L9/0822 ,  H04L9/0827 ,  H04L63/0435 ,  H04L2463/062

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US11343178B2

公开(公告)日：2022-05-24

申请号：US16558367

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  K Tirumaleswar Reddy ,  Steven Richard Stites ,  James N. Guichard

IPC: H04L45/64 ,  H04L45/302 ,  H04L12/46 ,  H04L47/31 ,  H04L47/11

Abstract: A network node in a service function chain system receives a peer detection packet from a service function device in a service function path. The peer detection packet includes an inner packet with a header, such as a network service header. The network node detects a status indicator in the header that indicates a degradation in performing a service function at the service function device. The network node adjusts the service function path to compensate for the degradation in performing the service function at the service function device.

公开(公告)号：US10523657B2

公开(公告)日：2019-12-31

申请号：US14942898

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Prashanth Patil ,  Sandeep Rao

IPC: H04L29/06 ,  H04L12/18

Abstract: In one embodiment, a first request may be received from a first endpoint to access a cloud-based conference platform. The first request can include a first access token. Based at least on the first request, a first certificate may be provided to the first endpoint, wherein the first certificate may not include an identity of the first endpoint. A second request may be received from a second endpoint to access the cloud-based conference platform. The second request can include a second access token. Based at least on the second request, a second certificate can be provided to the second endpoint, wherein the second certificate may not include an identity of the second endpoint. Data can be routed within the cloud-based conference platform between the first endpoint and second endpoint based at least upon the first certificate and the second certificate.

公开(公告)号：US20200177631A1

公开(公告)日：2020-06-04

申请号：US16780047

申请日：2020-02-03

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L9/08

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

公开(公告)号：US20190387020A1

公开(公告)日：2019-12-19

申请号：US16551280

申请日：2019-08-26

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L29/06 ,  H04L9/32

Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.

公开(公告)号：US10404481B2

公开(公告)日：2019-09-03

申请号：US15615270

申请日：2017-06-06

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Kaustubh Inamdar ,  Gonzalo Salgueiro

IPC: H04L12/18 ,  H04L29/06

Abstract: The disclosed technology addresses the need in the art for a detecting an unauthorized participant in a multiparty conferencing session. A system is configured to join a conferencing session, obtain a roster for the conferencing session via a Session Initiation Protocol (SIP) channel, and generate a roster hash value based on the roster. The system may further receive a reference hash value from a key management server and compare the reference hash value with the roster hash value. The system may determine that the roster is invalid when the reference hash value does not match the roster hash value.

公开(公告)号：US10397271B2

公开(公告)日：2019-08-27

申请号：US15646429

申请日：2017-07-11

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Prashanth Patil ,  Carlos M. Pignataro

IPC: H04L9/32 ,  H04L29/06

Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.