公开(公告)号：US11949593B2

公开(公告)日：2024-04-02

申请号：US17740903

申请日：2022-05-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf

IPC: G06F15/173 ,  G06F15/16 ,  H04L45/42 ,  H04L45/741 ,  H04L45/748 ,  H04L61/251

CPC classification number: H04L45/741 ,  H04L45/42 ,  H04L45/748 ,  H04L61/251

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

公开(公告)号：US20230370373A1

公开(公告)日：2023-11-16

申请号：US17740903

申请日：2022-05-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf

IPC: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

CPC classification number: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

公开(公告)号：US11683286B2

公开(公告)日：2023-06-20

申请号：US17530244

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: G06F15/173 ,  H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20190308589A1

公开(公告)日：2019-10-10

申请号：US15948134

申请日：2018-04-09

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Nancy Cam-Winget ,  Andrew Michael McPhee

IPC: B60R25/34 ,  G06N5/04 ,  G06F17/50 ,  B60R25/10 ,  B60R25/104

Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.

公开(公告)号：US20190266499A1

公开(公告)日：2019-08-29

申请号：US15907634

申请日：2018-02-28

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Shesha Bhushan Sreenivasamurthy

IPC: G06N5/04 ,  G06N99/00 ,  G06F17/16 ,  G06F17/50

Abstract: In one embodiment, a processor of a vehicle maintains a machine learning-based behavioral model for the vehicle that is configured to predict a current state of the vehicle based on a plurality of state variables that are available from a plurality of sub-systems of the vehicle and are indicative of physical characteristics of the vehicle. The processor receives, from a first one of the sub-systems, a particular subset of the state variables associated with the first sub-system. The processor performs an index lookup of the state variables in the particular subset within an index of the state variables on which the behavioral model is based. The processor updates a portion of the machine learning-based behavioral model using the received subset of state variables and based on the index lookup.

公开(公告)号：US20190266498A1

公开(公告)日：2019-08-29

申请号：US15907584

申请日：2018-02-28

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Shesha Bhushan Sreenivasamurthy

IPC: G06N5/04 ,  G06N99/00 ,  G07C5/00

Abstract: In one embodiment, a processor of a vehicle receives a plurality of variables indicative of physical characteristics of the vehicle. The processor uses a machine learning-based model to predict physical states of the vehicle from the plurality of variables indicative of physical characteristics of the vehicle. The model predicts a current physical state of the vehicle from at least two or more prior physical states of the vehicle, and is based on a physical relationship between the physical characteristics. The processor sends synthetic data indicative of the predicted current physical state of the vehicle for use by a receiver application. The processor provides an update to the receiver based on a comparison between the predicted current physical state of the vehicle and the plurality of received variables.

公开(公告)号：US20250031133A1

公开(公告)日：2025-01-23

申请号：US18223255

申请日：2023-07-18

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf ,  Ali Sajassi

IPC: H04W48/12 ,  H04W12/02 ,  H04W12/08

Abstract: Techniques for establishing connections between user devices and access points to connect to networks. Access points may indicate privacy-support capabilities, enabling a user device to discover privacy-capable access networks, and use this capability for network selection. Furthermore, the techniques enable the user device to request to enable and/or disable privacy support on an on-demand basis. The techniques described herein include the use of an access point that indicates the network's privacy capability to an endpoint device (e.g., source device, user device, etc.) over one or more link-layer messages, IP address configuration mechanisms, and over authentication protocols.

公开(公告)号：US20240406144A1

公开(公告)日：2024-12-05

申请号：US18205464

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L9/40 ,  H04L61/4511

Abstract: Techniques for using Locator ID Separation Protocol (LISP), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to obfuscate server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns an endpoint identifiers (EID) that is mapped to the client device and at least one routing locator (RLOC) of the endpoint device. In this way, IP addresses of servers are obfuscated by a network mapping of EIDs and RLOCs. The client device may then communicate data packets to the server using the EIDs as the destination address, and a virtual network service that works in conjunction with DNS can encapsulate the data packet with the RLOC using LISP and forward the data packet onto the server.

公开(公告)号：US20230362875A1

公开(公告)日：2023-11-09

申请号：US17735694

申请日：2022-05-03

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Huy Phuong Tran ,  Avinash Kalyanaraman ,  Paul Anthony Polakos

IPC: H04W64/00 ,  G01S13/76

CPC classification number: H04W64/003 ,  G01S13/76

Abstract: Correcting for antennae spatial distortions in Radio Frequency (RF) localization may be provided. A plurality of actual locations associated with a plurality of Access Point (APs) may be received. Then a plurality of signal strengths associated with the plurality of APs may be received. Based on the plurality of signal strengths, a model may be created that models a plurality of inference errors respectively corresponding to the plurality of APs between a plurality of inferred locations respectively corresponding to the plurality of APs and the plurality of actual locations. The model may then be used in determining a location of a device.

公开(公告)号：US20230275868A1

公开(公告)日：2023-08-31

申请号：US18195136

申请日：2023-05-09

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.