公开(公告)号：US20240107307A1

公开(公告)日：2024-03-28

申请号：US17934422

申请日：2022-09-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sri Gundavelli ,  Timothy P. Stammers ,  Ravi Kiran Guntupalli ,  Vimal Srivastava

IPC: H04W12/06 ,  H04L9/40

CPC classification number: H04W12/068 ,  H04L63/0846 ,  H04L63/20

Abstract: Disclosed herein are systems, methods, and computer-readable media for authentication in a multi-cloud cellular service. In one aspect, a method includes receiving, at a controller of a local site within the multi-cloud cellular service, a network connection request from a device, the cloud-based authentication component being a central network component configured to store device credentials and network policies for authenticating devices connecting to the multi-cloud cellular service across all sites associated with the multi-cloud cellular service. In one aspect, the method also includes locally authenticating, by the controller, the device using stored credential information obtained from the cloud-based authentication component prior to losing the connectivity to the cloud-based authentication component.

公开(公告)号：US20230247429A1

公开(公告)日：2023-08-03

申请号：US17846582

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Timothy P. Stammers ,  Desmond Joseph O'Connor

IPC: H04W12/088 ,  H04W8/06 ,  H04W8/18 ,  H04L9/40

CPC classification number: H04W12/088 ,  H04W8/06 ,  H04W8/18 ,  H04L63/0281 ,  H04W80/00

Abstract: Systems, methods, and computer-readable media are disclosed for facilitating bi-directional edge proxy-to-edge proxy communications across an enterprise firewall in 5G service-based architecture. In one aspect, a method includes receiving a subscription request from a user device to operate on a visited private network; determining that the user device is associated with a home network; and establishing a communication protocol between a security edge protection proxy of the visited private network and a security edge protection proxy of the home network, wherein the communication protocol enables bi-directional exchange of roaming signals between the visited private network and the home network while user device is operating on the visited private network.

公开(公告)号：US20230217297A1

公开(公告)日：2023-07-06

申请号：US17566267

申请日：2021-12-30

Applicant: Cisco Technology, Inc.

Inventor： Humberto Jose La Roche ,  Vimal Srivastava ,  Sri Gundavelli ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04W72/08

CPC classification number: H04W28/0268 ,  H04W72/087

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QoS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

公开(公告)号：US10764376B2

公开(公告)日：2020-09-01

申请号：US15296885

申请日：2016-10-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Timothy P. Stammers ,  Suraj Sharad Mody ,  Robert Glenn Smith

IPC: H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  H04W48/18 ,  H04L12/46 ,  H04L12/14 ,  H04L12/803 ,  H04W28/08 ,  H04W88/16 ,  H04L12/917

Abstract: In one embodiment, a method comprises obtaining, by a first network element comprising processing logic, notification of a plurality of events associated with a plurality of communication sessions, wherein the events include at least one of a mid-session event or an end-session event, wherein the plurality of events are communicated to a routing agent using a first communication protocol by a plurality of second network elements; receiving, by the first network element, a request via a second communication protocol for a first communication session to be established for a client computing device; selecting, by the first network element, one or more network elements from the second network elements for the communication session based on the at least one of a mid-session or an end-session event; and communicating, by the first network element, identification information of the one or more network elements selected for use in the first communication session.

公开(公告)号：US10110433B2

公开(公告)日：2018-10-23

申请号：US14633572

申请日：2015-02-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Gary B. Mahaffey ,  Jayaraman R. Iyer ,  Michel Khouderchah ,  Kent K. Leung ,  Robert A. Mackie ,  Timothy P. Stammers ,  Hy Quoc Pham

IPC: H04L12/24 ,  H04L29/08 ,  H04W48/16 ,  H04W76/10

Abstract: A method is provided in one example embodiment and includes communicating a message from a network element to a remote data plane element in order to request a data plane resource for hosting a session for a particular subscriber. The remote data plane element is designated to host a data plane function for a particular mobile network subscriber and the data plane resource comprises at least one of memory space and processor allocation. The method further includes discovering nodes capable of supporting the control plane functions; discovering nodes capable of supporting the data plane functions for the session; and performing a system-specific internal configuration to support separation of the data plane functions and the control plane functions.

公开(公告)号：US10064058B2

公开(公告)日：2018-08-28

申请号：US15346548

申请日：2016-11-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Timothy P. Stammers ,  Robert Glenn Smith

IPC: H04W12/00 ,  H04W12/06 ,  H04W48/20 ,  H04W12/08 ,  H04W48/00 ,  H04W84/12 ,  H04W88/16 ,  H04L29/06 ,  H04W48/02

CPC classification number: H04W12/06 ,  H04L63/164 ,  H04W12/08 ,  H04W48/02 ,  H04W48/17 ,  H04W48/20 ,  H04W84/12 ,  H04W88/16

Abstract: An embodiment includes receiving at a network node associated with a mobile core network an authorization request from a network device, wherein the authorization request is received via an untrusted network; subsequent to the receiving, performing at the network node authorization of the network device; subsequent to the receiving, determining a preferred network access node for the network device, wherein the determining comprises accessing a node selection information repository containing static and dynamic information related to network access nodes and network access node groupings and wherein the static and dynamic information comprises at least one of resource usage, location, availability of mobility anchors, proximity of mobility anchors, handover opportunities, resiliency class, and time of day; and providing to the network device an initial authorization response comprising a response to the received authorization request, wherein the initial authorization response identifies the determined preferred network access node.

公开(公告)号：US20150215810A1

公开(公告)日：2015-07-30

申请号：US14683228

申请日：2015-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04W48/16 ,  H04L12/721 ,  H04L12/46 ,  H04L12/707

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04L29/12367 ,  H04L45/22 ,  H04L45/26 ,  H04L61/2514 ,  H04W40/24 ,  H04W48/16

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括接收在第一网络元件处的回程链路上传送的数据分组; 解封装数据包; 识别数据分组是否是上行数据分组; 识别数据分组是否与互联网协议（IP）访问控制列表（ACL）或隧道端点标识符匹配; 并从回程链路卸载数据包。 在更具体的实施例中，该方法可以包括识别数据分组与IP ACL或隧道端点标识符不匹配; 以及将所述数据分组传送到第二网络单元。 在其他示例中，该方法可以包括识别数据分组是下游数据分组; 识别对于在第一网络元件不能执行的数据分组执行的服务; 以及将所述数据分组传送到第二网络单元。

公开(公告)号：US20240196267A1

公开(公告)日：2024-06-13

申请号：US18583330

申请日：2024-02-21

Applicant: Cisco Technology, Inc.

Inventor： Humberto Jose La Roche ,  Vimal Srivastava ,  Sri Gundavelli ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04W72/543

CPC classification number: H04W28/0268 ,  H04W72/543

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QOS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

公开(公告)号：US20230397096A1

公开(公告)日：2023-12-07

申请号：US17830757

申请日：2022-06-02

Applicant: Cisco Technology, Inc.

Inventor： Charles Carlton Wolfinger ,  Timothy P. Stammers

IPC: H04W48/18 ,  H04W12/06 ,  H04W76/15

CPC classification number: H04W48/18 ,  H04W12/06 ,  H04W76/15 ,  H04W88/182

Abstract: An enterprise device identity proxy between an SMF and an Enterprise's device profile store supports N7 protocol for enterprise policy delivery between a central management service (CMS) and an enterprise policy service. In particular, when a user equipment (UE) requests a data service, the enterprise device identity proxy receives AAA transactions from the SMF running the enterprise policy service over a secondary authentication interface, stores the results in a data store, and uses business rules set forth by the CMS to transform Remote Authentication Dial-In User Service (RADIUS) Attribute Value Pairs (AVPs) into a valid N7 response to the SMF. The enterprise device identity proxy enables an enterprise to treat a device with cellular connectivity using the same rules that would apply to other access/connection types without the complexity and cost of deploying a 3GPP policy service to support N7 protocol for policy delivery.

公开(公告)号：US10588044B2

公开(公告)日：2020-03-10

申请号：US15978694

申请日：2018-05-14

Applicant: Cisco Technology, Inc.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04L12/707 ,  H04L12/46 ,  H04L12/721 ,  H04W48/16 ,  H04L29/12 ,  H04W40/24

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.