公开(公告)号：US20160344713A1

公开(公告)日：2016-11-24

申请号：US15230924

申请日：2016-08-08

Applicant: Cisco Technology, Inc.

Inventor： Lewis Chen ,  Scott Fluhrer ,  Warren Scott Wainner ,  Brian Weis

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/104

Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.

Abstract translation: 呈现技术来优化网络中的安全通信。 如本文所公开的，密钥服务器被配置为提供作为虚拟专用网络的一部分的多个路由器。 密钥服务器选择作为安全关联的一部分的计数器值，并计算密钥值。 密钥服务器将密钥值与安全关联一起发送到作为虚拟专用网络的一部分的多个路由器，以使得它们能够使用密钥值和安全关联在虚拟专用网络中彼此交换加密的分组 。 然后，密钥服务器将计数器值递增到能够被接收到密钥值的多个路由器预测的计数器值的范围内的值。

公开(公告)号：US20150295899A1

公开(公告)日：2015-10-15

申请号：US14248399

申请日：2014-04-09

Applicant: Cisco Technology, Inc.

Inventor： Lewis Chen ,  Scott Fluhrer ,  Warren Scott Wainner ,  Brian Weis

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/104

Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.

Abstract translation: 呈现技术来优化网络中的安全通信。 第一路由器从第二路由器接收具有未知安全关联的加密分组。 第一个路由器检查数据包，以确定计数器值是否在预测的计数器值的范围内。 另外，密钥服务器被配置为配置作为虚拟专用网络一部分的路由器。 密钥服务器选择作为安全关联的一部分的计数器值，并计算密钥值。 密钥服务器将密钥值与安全关联一起发送，以使路由器能够使用密钥值和安全关联在虚拟专用网络中彼此交换加密的数据包。 密钥服务器将计数器值递增到可由路由器预测的计数器值范围内的值。

公开(公告)号：US10158487B2

公开(公告)日：2018-12-18

申请号：US14800813

申请日：2015-07-16

Applicant: Cisco Technology, Inc.

Inventor： James Anil Pramod Kotwal ,  Christopher Blayne Dreier ,  David Aaron Wyde ,  Kellen Mac Arb ,  David McGrew ,  Scott Fluhrer

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.

公开(公告)号：US11716151B2

公开(公告)日：2023-08-01

申请号：US17382975

申请日：2021-07-22

Applicant: Cisco Technology, Inc.

Inventor： Luca Della Chiesa ,  Louis Gwyn Samuel ,  Paul Polakos ,  Scott Fluhrer ,  Santanu Ganguly

IPC: H04B10/27 ,  H04B10/70

CPC classification number: H04B10/70 ,  H04B10/27

Abstract: A method for routing in a quantum network is provided. The method may include receiving parameters including a fidelity with coherence decay time and an entanglement generation rate for each quantum node in a mesh quantum network by a controller, the controller being configured to communicate with each quantum node of a plurality of quantum nodes in the mesh quantum network. Each quantum node includes a quantum memory and a processor. The method may also include analyzing the fidelity with coherence decay time and the entanglement generation rate to yield a determination of a path fidelity with a path coherence decay time and a path entanglement generation rate between at least one pair of quantum nodes. The method may further include, based on the determination, selecting a quantum communication path from a source node to a destination node.

公开(公告)号：US20170019423A1

公开(公告)日：2017-01-19

申请号：US14800813

申请日：2015-07-16

Applicant: Cisco Technology, Inc.

Inventor： James Anil Pramod Kotwal ,  Christopher Blayne Dreier ,  David Aaron Wyde ,  Kellen Mac Arb ,  David McGrew ,  Scott Fluhrer

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/32 ,  H04L9/0819 ,  H04L9/0869 ,  H04L9/3226 ,  H04L63/06 ,  H04L63/1441 ,  H04L63/168 ,  H04L2463/082

Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.

Abstract translation: 服务器向客户端发送信息，允许客户端在客户端建立第一个密钥。 然后，服务器接收使用第一个密钥加密的会话ID。 然后在服务器上建立第一个密钥，然后可以使用第一个密钥解密会话ID。 在服务器验证会话ID后，它确定与第一个密钥不同的第二个密钥。 然后，服务器接收用第二密钥加密的会话ID，并解密用第二密钥加密的会话ID。

公开(公告)号：US20160380894A1

公开(公告)日：2016-12-29

申请号：US15258444

申请日：2016-09-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/46 ,  H04W28/02

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US09461914B2

公开(公告)日：2016-10-04

申请号：US14246351

申请日：2014-04-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805 ,  H04L29/06

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US20150288603A1

公开(公告)日：2015-10-08

申请号：US14246351

申请日：2014-04-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805

CPC classification number: H04L45/74 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/36 ,  H04L63/0272 ,  H04W28/0257

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.

Abstract translation: 这里描述了用于优化网络中的通信的技术。 在虚拟专用网络中的路由器处，从由路由器保护的子网络中的设备接收分组。 路由器检查数据包以确定标识设备的源地址和标识数据包的目标网络设备的目标地址。 路由器还分析数据包以确定数据包的大小，并确定数据包的大小是否大于最大传输单元大小。 如果分组的大小大于最大传输单元大小，路由器将包含目标地址的报头和标识路由器的新源地址封装在一起。

公开(公告)号：US20230028556A1

公开(公告)日：2023-01-26

申请号：US17382975

申请日：2021-07-22

Applicant: Cisco Technology, Inc.

Inventor： Luca Della Chiesa ,  Louis Gwyn Samuel ,  Paul Polakos ,  Scott Fluhrer ,  Santanu Ganguly

IPC: H04B10/70 ,  H04B10/27

Abstract: A method for routing in a quantum network is provided. The method may include receiving parameters including a fidelity with coherence decay time and an entanglement generation rate for each quantum node in a mesh quantum network by a controller, the controller being configured to communicate with each quantum node of a plurality of quantum nodes in the mesh quantum network. Each quantum node includes a quantum memory and a processor. The method may also include analyzing the fidelity with coherence decay time and the entanglement generation rate to yield a determination of a path fidelity with a path coherence decay time and a path entanglement generation rate between at least one pair of quantum nodes. The method may further include, based on the determination, selecting a quantum communication path from a source node to a destination node.

公开(公告)号：US10404588B2

公开(公告)日：2019-09-03

申请号：US15258444

申请日：2016-09-07

Applicant: Cisco Technology, Inc.

Inventor： Thamilarasu Kandasamy ,  Scott Fluhrer ,  Lewis Chen ,  Brian Weis

IPC: H04L12/741 ,  H04L12/805 ,  H04L29/06 ,  H04L12/46 ,  H04W28/02

Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.