知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

17 records (took 0.039 seconds)

    Upstream approach for secure cryptography key distribution and management for multi-site data centers
    2.
    发明授权
    Upstream approach for secure cryptography key distribution and management for multi-site data centers 有权

    公开(公告)号:US10778662B2

    公开(公告)日:2020-09-15

    申请号:US16166973

    申请日:2018-10-22

    Applicant: Cisco Technology, Inc.

    Inventor: Govind Prasad Sharma Javed Asghar Prabhu Balakannan Sridhar Vallepalli

    IPC: H01L29/06 H04L29/06 H04L9/08 H04L12/46

    Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

    DISTRIBUTING NETWORK PATH INFORMATION IN A NETWORK ENVIRONMENT
    5.
    发明申请
    DISTRIBUTING NETWORK PATH INFORMATION IN A NETWORK ENVIRONMENT 审中-公开

    公开(公告)号:US20180212861A1

    公开(公告)日:2018-07-26

    申请号:US15413131

    申请日:2017-01-23

    Applicant: CISCO TECHNOLOGY, INC.

    Inventor: Heidi Ou Sridhar Vallepalli

    IPC: H04L12/751 H04L12/761

    CPC classification number: H04L45/02 H04L12/1877 H04L45/16

    Abstract: Methods for distributing multicast network path information to various network nodes in a network environment are disclosed. An exemplary method includes a downstream node transmitting a first message including a network path indicating a specific desired route that is to be used when delivering multicast traffic from a given multicast source to a given host, as well as an identifier assigned to the network path in order to uniquely identify that network path in the network. The method also includes the downstream node transmitting a second message for announcing that the multicast source is to be reached via the network path announced in the first message. The second message identifies the network path to be used by including the identifier of the path announced in the first message, but not the network path itself.

    Tenant-specific encryption of packets carried in multi-cloud networks
    7.
    发明授权
    Tenant-specific encryption of packets carried in multi-cloud networks 有权

    公开(公告)号:US11201859B2

    公开(公告)日:2021-12-14

    申请号:US16163453

    申请日:2018-10-17

    Applicant: Cisco Technology, Inc.

    Inventor: Javed Asghar Sridhar Vallepalli Govind Prasad Sharma Eshwar Rao Yedavalli

    IPC: H04L29/06 H04L9/08 H04L9/14

    Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet. Upon receipt, the destination port header is used by the receiving site to determine that the packet is encrypted.

    Multisite interconnect and policy with switching fabrics
    8.
    发明授权
    Multisite interconnect and policy with switching fabrics 有权

    公开(公告)号:US11178071B2

    公开(公告)日:2021-11-16

    申请号:US16164607

    申请日:2018-10-18

    Applicant: Cisco Technology, Inc.

    Inventor: Sridhar Vallepalli Javed Asghar Umamaheswararao Karyampudi Saad Malik Amitkumar V. Patel

    IPC: H04L12/933 H04L12/715 H04L12/707 H04L12/721 H04L12/741 H04L12/813 H04L29/08 H04L12/66

    Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

Patent Agency Ranking