-
公开(公告)号:US10231120B2
公开(公告)日:2019-03-12
申请号:US13652825
申请日:2012-10-16
Applicant: Cisco Technology, Inc.
Inventor: Ramesh Nethi , Tirumaleswar Reddy , Srinivas Chivukula , Prashanth Patil
Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.
-
公开(公告)号:US20190014146A1
公开(公告)日:2019-01-10
申请号:US16110102
申请日:2018-08-23
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Daniel Wing , Prashanth Patil
Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.
-
公开(公告)号:US09912480B2
公开(公告)日:2018-03-06
申请号:US15442722
申请日:2017-02-27
Applicant: Cisco Technology, Inc.
Inventor: Paul Quinn , Scott Fluhrer , Jim Guichard , Tirumaleswar Reddy , Prashanth Patil , David Ward
CPC classification number: H04L9/3213 , H04L9/0861 , H04L9/3242 , H04L63/0428 , H04L63/06 , H04L63/062 , H04L2463/062
Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.
-
公开(公告)号:US09621520B2
公开(公告)日:2017-04-11
申请号:US14726534
申请日:2015-05-31
Applicant: Cisco Technology, Inc.
Inventor: Paul Quinn , Scott Fluhrer , Jim Guichard , Tirumaleswar Reddy , Prashanth Patil , David Ward
IPC: H04L9/08 , H04L29/06 , H04L9/32 , H04L12/953
CPC classification number: H04L9/3213 , H04L9/0861 , H04L9/3242 , H04L63/0428 , H04L63/06 , H04L63/062 , H04L2463/062
Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.
-
公开(公告)号:US09413560B2
公开(公告)日:2016-08-09
申请号:US14278598
申请日:2014-05-15
Applicant: Cisco Technology, Inc.
Inventor: Prashanth Patil , Tirumaleswar Reddy , Daniel Wing , William Ver Steeg
IPC: H04L12/851 , H04L12/24 , H04L29/06 , H04L12/64 , H04L29/08
CPC classification number: H04L12/6418 , H04L29/06 , H04L41/5019 , H04L41/5038 , H04L47/2441 , H04L63/145 , H04L67/02 , H04L67/06
Abstract: Various embodiments are disclosed for prioritizing network flows and providing differentiated quality of service in a telecommunications network. In some embodiments, a SecaaS can be utilized to signal flow characteristics of one or more network flows to a connector in a network so that the network can install differentiated quality of service against the one or more network flows based upon the received flow characteristics. Some embodiments enable a connector in a network to act as a PCP client to signal received flow characteristics to an upstream PCP server hosted by an adjacent access network.
Abstract translation: 公开了各种实施例用于优先化网络流并在电信网络中提供差异化的服务质量。 在一些实施例中,可以使用SecaaS来向网络中的连接器发送一个或多个网络流的流特性,使得网络可以基于所接收的流特性来针对所述一个或多个网络流安装差异化服务质量。 一些实施例使得网络中的连接器能够充当PCP客户端,以将接收到的流量特性信号发送到由相邻接入网络托管的上游PCP服务器。
-
Patent Agency Ranking
公开(公告)号:US09154484B2
公开(公告)日:2015-10-06
申请号:US13773157
申请日:2013-02-21
Applicant: Cisco Technology, Inc.
Inventor: Daniel G. Wing , Srinivas Chivukula , Tirumaleswar Reddy , Prashanth Patil
CPC classification number: H04L63/08 , H04L61/2514 , H04L63/20 , H04L67/02 , H04L67/146 , H04L69/161 , H04L69/22
Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.
Abstract translation: 在一个实现中,基于身份的安全特征和策略被应用于中间设备(例如网络地址转换设备)之后的端点设备。 接入网络交换机根据用户身份和证书认证端点。 生成或修改超文本传输协议(HTTP)包以将用户身份包括在内联头部中。 包括用户身份的HTTP分组被发送到策略执行设备以查找端点的一个或多个策略。 接入交换机从根据用户身份过滤的策略执行设备接收流量。 后续TCP连接还可以包括同步分组中的TCP USER_HINT选项内的身份信息,从而允许其他应用和协议的身份传播。
-
公开(公告)号:US10798067B2
公开(公告)日:2020-10-06
申请号:US14643802
申请日:2015-03-10
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Daniel G. Wing , Prashanth Patil , Ram Mohan R.
Abstract: In one implementation, a media stream is recorded using one or more keys. The one or more keys are also encrypted. The one or more encrypted keys may be stored with the encrypted media session at a cloud storage service. A network device receives a request to record a media stream and accesses at least one stream key for the media stream. The stream key is for encrypting the media stream. The network device encrypts the stream key with a master key. The encrypted stream key is stored in association with the encrypted media stream.
-
公开(公告)号:US10104119B2
公开(公告)日:2018-10-16
申请号:US15151709
申请日:2016-05-11
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Daniel Wing , Prashanth Patil
Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.
-
公开(公告)号:US09705907B2
公开(公告)日:2017-07-11
申请号:US14613558
申请日:2015-02-04
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Daniel Wing , Prashanth Patil , William Ver Steeg
CPC classification number: H04L63/1425 , G06F21/554 , H04L61/2514 , H04L61/2575 , H04L61/2589 , H04L63/0245 , H04L63/145 , H04L67/104 , H04L67/1063
Abstract: In one embodiment, A tracker computer receives from a first device in a peer-to-peer network that the first device has content for serving. A content request for the content is received from a second device in the peer-to-peer network. The tracker computer routes the content from the first device to the second device through a server. The content routed through the server is inspected for malicious code.
-
公开(公告)号:US09571390B2
公开(公告)日:2017-02-14
申请号:US14089193
申请日:2013-11-25
Applicant: Cisco Technology, Inc.
Inventor: Tirumaleswar Reddy , Prashanth Patil , William Ver Steeg , Daniel Wing
IPC: H04L29/06 , H04L12/721
CPC classification number: H04L45/72 , H04L63/0245 , H04L63/1408 , H04L63/20
Abstract: In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.
Abstract translation: 在一个实现中,使用安全即服务(SecaaS)系统下载流内容更为有效,因为部分流媒体内容可能不被SecaaS检查。 接收到从内容提供商下载内容的第一请求,并且与安全提供者发起连接,安全提供者检查内容的第一块,并且基于第一内容块的检查来生成路由指令。 基于路由指令和对第一块的检查,流式传输内容的第二块的请求被寻址到内容提供商。 流媒体内容的第二大部分规避了SecaaS系统。
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.019 seconds)
