-
公开(公告)号:US10992654B2
公开(公告)日:2021-04-27
申请号:US16104456
申请日:2018-08-17
Applicant: Cisco Technology, Inc.
Inventor: Syed Khalid Raza , Mosaddaq Hussain Turabi , Fabio Rodolfo Maino , Vina Ermagan , Atri Indiresan
Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.
-
公开(公告)号:US10904201B1
公开(公告)日:2021-01-26
申请号:US14051704
申请日:2013-10-11
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Vina Ermagan , Fabio R. Maino
Abstract: Technologies are provided in example embodiments for associating a subscriber list to mapping data of a virtual machine, adding subscriber information of a network device to the subscriber list when a map request for the mapping data is received from the network device, and purging the subscriber information from the subscriber list when a preconfigured time period assigned to the subscriber information expires. In particular embodiments, the subscriber information includes an identification of the network device and the mapping data includes a virtual address of the virtual machine mapped to a physical address of the virtual machine. More specific embodiments include sending a notification signal with new mapping data of the virtual machine to each one of one or more network devices identified in corresponding subscriber information stored in the subscriber list. In further specific embodiments, the network device is either a map server or a map resolver.
-
公开(公告)号:US10560421B2
公开(公告)日:2020-02-11
申请号:US15607248
申请日:2017-05-26
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Jesus Arango , Vina Ermagan , Johnson Leong , Sanjay Kumar Hooda
Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; a subscription database; and an overlapping subscription publication engine (OSPE) to: receive a first mapping of a first subnetwork to a first routing locator (RLOC); add the first mapping to the mapping database; receive from a first ingress tunnel router (ITR) a subscription request for an endpoint identifier (EID) within the first subnetwork; add to a first subscription entry for the first subnetwork in the subscription database a subscription for the first ITR; receive a second mapping of a second subnetwork to a second RLOC, wherein the second subnetwork overlaps the first subnetwork; add the second mapping to the mapping database; and copy at least part of the first subscription entry to a second subscription entry for the second subnetwork.
-
4.发明申请SYSTEM AND METHOD FOR ENABLING SECURE TRANSACTIONS USING FLEXIBLE IDENTITY MANAGEMENT IN A VEHICULAR ENVIRONMENT 审中-公开使用灵活的身份管理在环境中实现安全交易的系统和方法公开(公告)号:US20140380442A1
公开(公告)日:2014-12-25
申请号:US14484664
申请日:2014-09-12
Applicant: Cisco Technology, Inc.
Inventor: Sateesh K. Addepalli , Fabio R. Maino , Flavio Bonomi , Lillian Lei Dai , Vina Ermagan , Alexander Loukissas , Erick D. Lee , Landon Curt Noll
CPC classification number: H04W4/40 , B60R16/023 , B60W50/10 , G06F3/017 , G06F3/167 , G06F9/542 , G06F21/45 , H04L1/008 , H04L29/06578 , H04L43/0811 , H04L43/0858 , H04L43/0876 , H04L45/12 , H04L51/02 , H04L61/2592 , H04L67/12 , H04L67/32 , H04L69/18 , H04Q9/00 , H04W4/00 , H04W4/10 , H04W8/06 , H04W8/08 , H04W8/26 , H04W12/001 , H04W28/0215 , H04W28/06 , H04W36/0009 , H04W36/08 , H04W40/02 , H04W40/20 , H04W48/02 , H04W48/06 , H04W48/16 , H04W48/18 , H04W52/12 , H04W52/143 , H04W52/225 , H04W52/241 , H04W52/346 , H04W72/0406 , H04W72/042 , H04W72/0493 , H04W76/45 , H04W80/02 , H04W84/005 , H04W84/12 , H04W92/18 , Y02A30/60
Abstract: A method in one embodiment includes authenticating a first agent to an on board unit (OBU) of a vehicle if the first agent validates a first set of one or more authentication requirements and identifying a first identity profile corresponding to the first agent. The method also includes determining a role of the first agent in the vehicle and configuring the vehicle with the first identity profile, where the vehicle is configured based, at least in part, on the role of the first agent. In this embodiment, the first identity profile is one of a plurality of identity profiles provisioned on the OBU. In specific embodiments, each one of a plurality of agents corresponds to a respective one of the plurality of identity profiles, and includes one or more of a human agent, a machine device, a software agent, an authorized entity, and a mobile device.
Abstract translation: 如果第一代理验证第一组一个或多个验证要求并且识别与第一代理相对应的第一身份简档,则一个实施例中的方法包括向车辆的车载单元(OBU)认证第一代理。 该方法还包括确定第一代理在车辆中的作用并且配置具有第一身份配置文件的车辆,其中车辆被配置为至少部分地基于第一代理人的角色。 在该实施例中,第一身份简档是在OBU上提供的多个身份配置文件之一。 在具体实施例中,多个代理中的每个代理对应于多个身份简档中的相应一个,并且包括人类代理,机器设备,软件代理,授权实体和移动设备中的一个或多个。
-
公开(公告)号:US11108690B2
公开(公告)日:2021-08-31
申请号:US16118709
申请日:2018-08-31
Applicant: Cisco Technology, Inc.
Inventor: Marc Portoles Comeras , Alberto Rodriguez Natal , Vina Ermagan , Reshad Rahman , Johnson Leong
IPC: H04L12/715 , H04L12/46 , H04L12/707 , H04L12/743 , H04L12/747
Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.
-
Patent Agency Ranking
公开(公告)号:US10999239B2
公开(公告)日:2021-05-04
申请号:US16715382
申请日:2019-12-16
Applicant: Cisco Technology, Inc.
Inventor: Jesus Arango , Vina Ermagan , Johnson Leong , Sanjay Kumar Hooda
IPC: H04L12/28 , H04L29/12 , H04L12/713 , H04L12/26
Abstract: A Location/Identifier Separation Protocol (LISP) mapping server, including: a network interface for communicating with a LISP-enabled network; a mapping database; a subscription database; and an overlapping subscription publication engine (OSPE) to: receive a first mapping of a first subnetwork to a first routing locator (RLOC); add the first mapping to the mapping database; receive from a first ingress tunnel router (ITR) a subscription request for an endpoint identifier (EID) within the first subnetwork; add to a first subscription entry for the first subnetwork in the subscription database a subscription for the first ITR; receive a second mapping of a second subnetwork to a second RLOC, wherein the second subnetwork overlaps the first subnetwork; add the second mapping to the mapping database; and copy at least part of the first subscription entry to a second subscription entry for the second subnetwork.
-
7.发明授权公开(公告)号:US10783153B2
公开(公告)日:2020-09-22
申请号:US15661109
申请日:2017-07-27
Applicant: Cisco Technology, Inc.
Inventor: Alberto Rodriguez Natal , Vina Ermagan , Fabio Maino
IPC: G06F16/24 , G06F16/2457 , H04L12/745 , G06F16/22 , G06F16/903
Abstract: Systems and methods for automatically executing an efficient longest internet protocol prefix match on non-relational and/or No-SQL databases, such as Cassandra. Clustering prefixes around common and/or standard prefix lengths ensures efficient use of Cassandra's underlying mechanisms and minimizes costly scan operations.
-
公开(公告)号:US20190020985A1
公开(公告)日:2019-01-17
申请号:US16128027
申请日:2018-09-11
Applicant: Cisco Technology, Inc.
Inventor: Lillian Lei Dai , Sateesh K. Addepalli , Xiaoqing Zhu , Preethi Natarajan , Rong Pan , Fabio R. Maino , Flavio Bonomi , Alexander Loukissas , Vina Ermagan , Pere Monclus
IPC: H04W4/40 , H04W8/08 , H04W76/45 , B60R16/023 , B60W50/10 , G06F3/01 , G06F3/16 , G06F9/54 , G06F21/45 , H04L1/00 , H04L29/06 , H04L12/26 , H04W80/02 , H04W72/04 , H04W52/12 , H04W48/18 , H04W48/06 , H04W48/02 , H04W40/20 , H04W40/02 , H04W28/06 , H04W28/02 , H04W12/08 , H04W12/06 , H04W12/04 , H04W12/02 , H04W8/26 , H04W8/06 , H04W4/10 , H04W4/00 , H04Q9/00 , H04L29/08 , H04L29/12 , H04L12/58 , H04L12/721 , H04W36/08 , H04W52/14 , H04W52/22 , H04W52/24 , H04W52/34 , H04W92/18 , H04W48/16 , H04W36/00 , H04W84/00 , H04W84/12
Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.
-
公开(公告)号:US09699082B2
公开(公告)日:2017-07-04
申请号:US14010707
申请日:2013-08-27
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Victor Moreno , Fabio Maino , Vina Ermagan
IPC: H04L12/741 , H04L12/715 , H04L12/749
CPC classification number: H04L45/745 , H04L45/04 , H04L45/741
Abstract: In one embodiment, a method includes receiving a packet at a tunnel end point in a multi-tenant network, the packet comprising a destination, performing a lookup for the destination in a database comprising a mapping of global identifiers to local tenant identifiers for different hosting locations, each of the global identifiers uniquely identifying a tenant across all of the hosting locations, identifying a destination tunnel end point and a local tenant identifier for the destination, and inserting the destination tunnel end point and the local tenant identifier into the packet and forwarding the packet. An apparatus and logic are also disclosed herein.
-
公开(公告)号:US11533669B2
公开(公告)日:2022-12-20
申请号:US16395817
申请日:2019-04-26
Applicant: Cisco Technology, Inc.
Inventor: Fabio R. Maino , Vina Ermagan , Marc Portoles Comeras , John Martin Graybeal , Alberto Rodriguez Natal
IPC: H04W76/12 , H04W28/02 , H04W40/02 , H04L43/028
Abstract: In one illustrative example, network fabric policy data associated with an application, subscriber, and/or device may be received. Mobile network policy data that corresponds to the received network fabric policy data may be selected, based on stored policy mappings between a set of network fabric policy profiles of a fabric network and a set of mobile network policy profiles of a mobile network. A bearer or Quality of Service (QoS) flow of the mobile network may be established in satisfaction of the selected mobile network policy data. In addition, a packet filter of a traffic flow template (TFT) or a packet detection rule (PDR) may be generated and applied in order to direct IP traffic flows associated with the application to the established bearer or QoS flow for communication in the mobile network.
-
-
-
-
-
-
-
-
-
Search Results
31
records
(took 0.018 seconds)
