公开(公告)号：US20160277188A1

公开(公告)日：2016-09-22

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: In one embodiment, a network service packet header security method includes receiving a network service packet, analyzing the network service packet in order to identify a plurality of service functions and an associated service function path for the service functions, identifying which security function or functions may be performed by each of the service functions on a network service packet header to be generated for the network service packet, requesting at least one key for securing at least part of the network service packet header, receiving the at least one key, securing the network service packet header based on the at least one key, and sending the network service packet with the network service packet header to one of the service functions. Related apparatus and methods are also described.

Abstract translation: 在一个实施例中，网络服务分组报头安全方法包括接收网络服务分组，分析网络服务分组以识别服务功能的多个服务功能和相关联的服务功能路径，识别哪些安全功能或功能可以 由网络服务分组头部上的每个服务功能执行，为网络服务分组生成，请求至少一个密钥用于保护网络服务分组报头的至少一部分，接收至少一个密钥，保护网络 基于所述至少一个密钥的服务分组报头，并且将具有所述网络服务分组报头的所述网络服务分组发送到所述服务功能之一。 还描述了相关装置和方法。

公开(公告)号：US20200120555A1

公开(公告)日：2020-04-16

申请号：US16161951

申请日：2018-10-16

Applicant: Cisco Technology, Inc.

Inventor： Prashanth PATIL ,  Ram Mohan RAVINDRANATH

IPC: H04W36/00 ,  H04L29/06 ,  H04L12/707 ,  H04W12/06 ,  H04W76/22 ,  H04W76/11 ,  H04W12/08

Abstract: A disclosed method is performed at a server (e.g., a content delivery network (CDN) server). The server receives from a QUIC client a first token, where the first token includes a first connection identifier that identifies a first path connecting the QUIC client to the server. The server validates the first token, including validating path properties associated with the first path extracted from the first token. The server further generates a second token associated with a second connection identifier that identifies a second path connecting the QUIC client to the server in accordance with a successful validation of the first token. Additionally, the server transmits the second token to the QUIC client.

公开(公告)号：US20170237562A1

公开(公告)日：2017-08-17

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.