公开(公告)号：US09774588B2

公开(公告)日：2017-09-26

申请号：US14506867

申请日：2014-10-06

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nethi ,  Srinivas Chivukula

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08 ,  H04W4/00 ,  H04L9/08

CPC classification number: H04L63/0815 ,  H04L9/0891 ,  H04L67/10 ,  H04L67/142 ,  H04W4/60

Abstract: In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message.

公开(公告)号：US20140237539A1

公开(公告)日：2014-08-21

申请号：US13773157

申请日：2013-02-21

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Daniel G. Wing ,  Srinivas Chivukula ,  Tirumaleswar Reddy ,  Prashanth Patil

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L61/2514 ,  H04L63/20 ,  H04L67/02 ,  H04L67/146 ,  H04L69/161 ,  H04L69/22

Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Abstract translation: 在一个实现中，基于身份的安全特征和策略被应用于中间设备（例如网络地址转换设备）之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输​​协议（HTTP）包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息，从而允许其他应用和协议的身份传播。

公开(公告)号：US20140105103A1

公开(公告)日：2014-04-17

申请号：US13652825

申请日：2012-10-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ramesh Nethi ,  Tirumaleswar Reddy ,  Srinivas Chivukula ,  Prashanth Patil

IPC: H04W28/08

CPC classification number: H04W12/02 ,  H04L63/1408 ,  H04W4/06

Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.

Abstract translation: 在一个实现中，移动网络中的流量被卸载到作为服务服务器或云服务器的安全。 移动网络中的移动接入网关（MAG）识别配置用于移动网络上的通信的一个或多个移动节点。 MAG接收到包括移动节点的地址的消息，并且基于该消息将请求作为服务服务器发送到作为安全的请求。 根据该消息，MAG将流量作为服务服务器转发到安全服务器，该消息被配置为根据用户简档来检测业务流中的恶意软件的指示和/或过滤内容。

公开(公告)号：US10231120B2

公开(公告)日：2019-03-12

申请号：US13652825

申请日：2012-10-16

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nethi ,  Tirumaleswar Reddy ,  Srinivas Chivukula ,  Prashanth Patil

IPC: H04W28/08 ,  H04W12/02 ,  H04W4/06 ,  H04L29/06

Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.

公开(公告)号：US20180007115A1

公开(公告)日：2018-01-04

申请号：US15201238

申请日：2016-07-01

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  Srinivas Chivukula ,  Ramesh Nethi ,  Harish Kolar Vishwanath

IPC: H04L29/08

CPC classification number: H04L67/02 ,  H04L65/1026 ,  H04L65/4015 ,  H04L65/403 ,  H04L65/605 ,  H04L67/10 ,  H04L67/12 ,  H04L67/16

Abstract: Disclosed are systems, methods, and computer-readable storage media for fog enabled telemetry in real time multimedia applications. An edge computing device can receive first sensor data from at least a first sensor and a collaboration data stream from a first client device. The collaboration data stream can including at least one of chat, audio or video data. The edge computing device can convert the first sensor data into a collaboration data stream format, yielding a first converted sensor data, and then embed the first converted sensor data into the collaboration data stream, yielding an embedded collaboration data stream. The edge computing device can then transmit the embedded collaboration data stream to an intended recipient.

公开(公告)号：US20160099931A1

公开(公告)日：2016-04-07

申请号：US14506867

申请日：2014-10-06

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nethi ,  Srinivas Chivukula

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  H04L9/0891 ,  H04L67/10 ,  H04L67/142 ,  H04W4/60

Abstract: In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message.

Abstract translation: 在一个实现中，网络设备在软件中作为服务（SaaS）会话向一个或多个端点提供单个签发服务。 网络设备被配置为监视软件即服务（SaaS）提供商和端点设备之间的会话，并且识别与会话相关联的网络事件触发器。 响应于网络事件触发器，网络设备向SaaS提供商生成签发消息。 配置SaaS提供程序以响应于签发消息来清除会话。

公开(公告)号：US09154484B2

公开(公告)日：2015-10-06

申请号：US13773157

申请日：2013-02-21

Applicant: Cisco Technology, Inc.

Inventor： Daniel G. Wing ,  Srinivas Chivukula ,  Tirumaleswar Reddy ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/08 ,  H04L61/2514 ,  H04L63/20 ,  H04L67/02 ,  H04L67/146 ,  H04L69/161 ,  H04L69/22

Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Abstract translation: 在一个实现中，基于身份的安全特征和策略被应用于中间设备（例如网络地址转换设备）之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输​​协议（HTTP）包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息，从而允许其他应用和协议的身份传播。