公开(公告)号：US09210223B2

公开(公告)日：2015-12-08

申请号：US14466972

申请日：2014-08-23

Applicant: Cisco Technology, Inc.

Inventor： Mohamed Khalid ,  Sunil Cherukuri ,  Haseeb Sarwar Niazi ,  Muhammad Afaq Khan

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L67/141 ,  H04L12/4641 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/20

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract translation: 在一个实施例中，第一网络设备从第二网络设备接收优先级消息，其中优先级消息符合连接建立协议并且指示与第二网络设备相关联的优先级。 第一网络设备从优先级消息获取优先级并存储优先级。 第一网络设备根据优先级向第二网络设备分配至少一个控制或数据平面处理的资源。

公开(公告)号：US20140328341A1

公开(公告)日：2014-11-06

申请号：US14335427

申请日：2014-07-18

Applicant: Cisco Technology, Inc.

Inventor： Mohamed Khalid ,  Aamer Saeed Akhter ,  Kenneth Alan Durazzo

IPC: H04L12/721 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L45/70 ,  H04L43/0829 ,  H04L45/00 ,  H04L45/121 ,  H04L45/122 ,  H04L67/06 ,  H04L2212/00

Abstract: In an example embodiment, a method for selecting a communication path is provided. The method may comprise receiving data encapsulated in a transport protocol. In addition, a classification type and exit path information associated with the classification type may be received. The data is associated with the classification type and then is encapsulated in Stream Control Transmission Protocol (SCTP) based on the exit path information. This exit path information is associated with the classification type that is associated with the data.

Abstract translation: 在一个示例性实施例中，提供了一种用于选择通信路径的方法。 该方法可以包括接收封装在传输协议中的数据。 此外，可以接收与分类类型相关联的分类类型和出口路径信息。 数据与分类类型相关联，然后基于出口路径信息封装在流控制传输协议（SCTP）中。 该出口路径信息与与数据相关联的分类类型相关联。

公开(公告)号：US09544282B2

公开(公告)日：2017-01-10

申请号：US14983001

申请日：2015-12-29

Applicant: Cisco Technology, Inc.

Inventor： Aamer S. Akhter ,  Rajiv Asati ,  Brian Weis ,  Mohamed Khalid

IPC: H04L29/06 ,  G06F15/16 ,  H04L9/08 ,  H04L29/12

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/0891 ,  H04L61/2076 ,  H04L63/0272 ,  H04L63/0428

Abstract: In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group.

Abstract translation: 在一个实施例中，一种方法包括获得已经与第一网络地址相关联并提供第一密钥信息的计算机节点处的第二网络地址; 向密钥服务器计算机发送包括所述第一网络地址和所述第二网络地址的更新消息; 使用第一密钥信息将计算机节点从第二网络地址发送的消息加密到组的一个或多个其他成员。

公开(公告)号：US09253172B2

公开(公告)日：2016-02-02

申请号：US14681602

申请日：2015-04-08

Applicant: Cisco Technology, Inc.

Inventor： Aamer S. Akhter ,  Rajiv Asati ,  Brian Weis ,  Mohamed Khalid

IPC: H04L29/06 ,  G06F15/16 ,  H04L9/08 ,  H04L29/12

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/0891 ,  H04L61/2076 ,  H04L63/0272 ,  H04L63/0428

Abstract: In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group.

公开(公告)号：US20140372761A1

公开(公告)日：2014-12-18

申请号：US14470497

申请日：2014-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Mohamed Khalid ,  Brian Cinque

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/0272 ,  H04L9/0838 ,  H04L41/0803 ,  H04L67/1002

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract translation: 示例性方法包括在与订户和云之间的虚拟专用网（VPN）隧道相关联的因特网密钥交换协商期间接收对云能力集的请求，其中所述云能力集合包括一个或多个云能力，映射请求 到一个或多个可以支持云能力集合的加密模块，以及将VPN隧道卸载到一个或多个加密模块。 该请求可以是列出私有有效载荷中的一个或多个云能力的因特网安全关联和密钥管理协议（ISAKMP）分组。 该方法还可以包括在加密模块之间分割VPN隧道，如果没有单个密码模块可以支持云能力集中的实质上所有的云能力。 在一些实施例中，该请求与包括授权云能力的服务目录进行比较。

公开(公告)号：US09444789B2

公开(公告)日：2016-09-13

申请号：US14470497

申请日：2014-08-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sunil Cherukuri ,  Mohamed Khalid ,  Brian Cinque

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L9/08

CPC classification number: H04L63/0272 ,  H04L9/0838 ,  H04L41/0803 ,  H04L67/1002

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract translation: 示例性方法包括在与订户和云之间的虚拟专用网（VPN）隧道相关联的因特网密钥交换协商期间接收对云能力集的请求，其中所述云能力集合包括一个或多个云能力，映射请求 到一个或多个可以支持云能力集合的加密模块，以及将VPN隧道卸载到一个或多个加密模块。 该请求可以是列出私有有效载荷中的一个或多个云能力的因特网安全关联和密钥管理协议（ISAKMP）分组。 该方法还可以包括在加密模块之间分割VPN隧道，如果没有单个密码模块可以支持云能力集中的实质上所有的云能力。 在一些实施例中，该请求与包括授权云能力的服务目录进行比较。

公开(公告)号：US09027114B2

公开(公告)日：2015-05-05

申请号：US13797595

申请日：2013-03-12

Applicant: Cisco Technology, Inc.

Inventor： Aamer S. Akhter ,  Rajiv Asati ,  Brian Weis ,  Mohamed Khalid

IPC: H04L29/06 ,  G06F15/16 ,  H04L9/08 ,  H04L29/12

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/0891 ,  H04L61/2076 ,  H04L63/0272 ,  H04L63/0428

Abstract: In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group.

Abstract translation: 在一个实施例中，一种方法包括获得已经与第一网络地址相关联并提供第一密钥信息的计算机节点处的第二网络地址; 向密钥服务器计算机发送包括所述第一网络地址和所述第二网络地址的更新消息; 使用第一密钥信息将计算机节点从第二网络地址发送的消息加密到组的一个或多个其他成员。

公开(公告)号：US09185033B2

公开(公告)日：2015-11-10

申请号：US14335427

申请日：2014-07-18

Applicant: Cisco Technology, Inc.

Inventor： Mohamed Khalid ,  Aamer Saeed Akhter ,  Kenneth Alan Durazzo

IPC: H04L12/28 ,  H04L12/721 ,  H04L12/701 ,  H04L12/727 ,  H04L12/733 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L45/70 ,  H04L43/0829 ,  H04L45/00 ,  H04L45/121 ,  H04L45/122 ,  H04L67/06 ,  H04L2212/00

Abstract: In an example embodiment, a method for selecting a communication path is provided. The method may comprise receiving data encapsulated in a transport protocol. In addition, a classification type and exit path information associated with the classification type may be received. The data is associated with the classification type and then is encapsulated in Stream Control Transmission Protocol (SCTP) based on the exit path information. This exit path information is associated with the classification type that is associated with the data.

Abstract translation: 在一个示例性实施例中，提供了一种用于选择通信路径的方法。 该方法可以包括接收封装在传输协议中的数据。 此外，可以接收与分类类型相关联的分类类型和出口路径信息。 数据与分类类型相关联，然后基于出口路径信息封装在流控制传输协议（SCTP）中。 该出口路径信息与与数据相关联的分类类型相关联。

公开(公告)号：US09112816B2

公开(公告)日：2015-08-18

申请号：US13899610

申请日：2013-05-22

Applicant: Cisco Technology, Inc.

Inventor： Rajiv Asati ,  John Chapman ,  Mohamed Khalid

IPC: H04W4/00 ,  H04L12/28 ,  H04L12/66 ,  H04N7/167 ,  H04L12/741 ,  H04L12/46 ,  H04L12/751 ,  H04N7/173 ,  H04N21/426 ,  H04N21/61

CPC classification number: H04L45/745 ,  H04L12/2801 ,  H04L12/4633 ,  H04L45/02 ,  H04L45/026 ,  H04N7/173 ,  H04N21/42676 ,  H04N21/6118 ,  H04N21/6168

Abstract: In one example, an Edge Quadrature Amplitude Modulation (EQAM) communicates EQAM information to a Modular Cable Modem Termination System (M-CMTS) core using a routing protocol that is configured on a packet switched network coupling the EQAM to the M-CMTS core. The EQAM generates a routing message according to the routing protocol and inserts EQAM information, such as a description of a modulated channel extending from the EQAM, the service-group information, etc., into the routing message. The EQAM then floods the EQAM information over at least portions of a routing domain by transmitting the routing message to an adjacent intermediary device.

Abstract translation: 在一个示例中，边缘正交幅度调制（EQAM）使用配置在将EQAM耦合到M-CMTS核心的分组交换网络上的路由协议将EQAM信息传送到模块化电缆调制解调器终端系统（M-CMTS）核心。 EQAM根据路由协议生成路由消息，并将EQAM信息（例如从EQAM扩展的调制信道的描述，业务组信息等）插入到路由消息中。 然后，EQAM通过将路由消息发送到相邻的中间设备来在路由域的至少部分上泛洪EQAM信息。