公开(公告)号：US12184648B2

公开(公告)日：2024-12-31

申请号：US18167593

申请日：2023-02-10

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L9/40 ,  H04L47/2441 ,  H04L65/1073 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US20240422140A1

公开(公告)日：2024-12-19

申请号：US18817596

申请日：2024-08-28

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Pradeep Kumar Kathail ,  Samir Thoria

IPC: H04L9/40 ,  H04L45/00

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

公开(公告)号：US12081529B2

公开(公告)日：2024-09-03

申请号：US17812901

申请日：2022-07-15

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Pradeep Kumar Kathail ,  Samir Thoria

IPC: H04L29/06 ,  H04L9/40 ,  H04L45/00

CPC classification number: H04L63/0435 ,  H04L45/22 ,  H04L63/029

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

公开(公告)号：US12034707B2

公开(公告)日：2024-07-09

申请号：US18104603

申请日：2023-02-01

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Srinath Gundavelli ,  Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  Eric Voit ,  Ali Sajassi

IPC: H04L9/40 ,  H04L61/2521 ,  H04L61/2539 ,  H04L61/4511

CPC classification number: H04L63/0421 ,  H04L61/2525 ,  H04L61/2539 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20240214319A1

公开(公告)日：2024-06-27

申请号：US18201998

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  John A. Joyce ,  Saswat Praharaj ,  Timothy James Swanson ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L47/2475 ,  H04L67/564

CPC classification number: H04L47/2475 ,  H04L67/564

Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.

公开(公告)号：US20240106745A1

公开(公告)日：2024-03-28

申请号：US17935159

申请日：2022-09-26

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pascal Thubert ,  Pradeep Kumar Kathail

IPC: H04L45/00 ,  H04L45/745 ,  H04W12/71

CPC classification number: H04L45/54 ,  H04L45/745 ,  H04W12/71

Abstract: Personal network Software Defined-Wide Area Networks (SD-WANs) with attested permissions may be provided. A first one of a plurality Personal Area Network (PAN) devices in a PAN may seed a routing table entry for at least one application that the first one of the plurality PAN devices supports. The routing table entry may include at least one characteristic associated with an egress link between the first one of the plurality PAN devices and a device outside of the PAN. The routing table entry may be exchanged among the plurality of PAN devices in the PAN. Then data may be routed, based on the exchanged routing table entry, in the PAN through the first one of the plurality PAN devices through the egress link to the device outside of the PAN.

公开(公告)号：US20230247484A1

公开(公告)日：2023-08-03

申请号：US17591026

申请日：2022-02-02

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Arman Rezaee ,  Pradeep Kumar Kathail

IPC: H04W28/08 ,  H04B7/185 ,  H04W24/10

CPC classification number: H04W28/0967 ,  H04B7/18521 ,  H04W24/10 ,  H04W84/06

Abstract: According to an embodiment, a node comprises one or more processors operable to execute instructions to cause the node to perform operations. The operations comprise determining a link quality associated with each satellite link of a plurality of satellite links and applying load balancing to the plurality of satellite links. The load balancing is based at least in part on the respective link quality associated with each satellite link. The load balancing comprises determining which of the satellite links to include in an active set selected to communicate data to or from the node and, for each satellite link in the active set, determining a portion of the data to communicate via the respective satellite link. The operations further comprise transmitting or receiving the data via the satellite links in the active set. Each satellite link in the active set communicates its respective portion of the data.

公开(公告)号：US20230155978A1

公开(公告)日：2023-05-18

申请号：US17530244

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L29/12

CPC classification number: H04L61/2507 ,  H04L61/1511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20220321556A1

公开(公告)日：2022-10-06

申请号：US17218602

申请日：2021-03-31

Applicant: Cisco Technology, Inc.

Inventor： Indermeet Gandhi ,  Srinath Gundavelli ,  Pradeep Kumar Kathail

IPC: H04L29/06 ,  H04W12/06 ,  H04L9/30 ,  G06F21/60 ,  H04W12/08

Abstract: This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.

公开(公告)号：US20220014900A1

公开(公告)日：2022-01-13

申请号：US16925746

申请日：2020-07-10

Applicant: Cisco Technology, Inc.

Inventor： Indermeet Singh Gandhi ,  Srinath Gundavelli ,  Timothy Peter Stammers ,  Pradeep Kumar Kathail

IPC: H04W8/20 ,  H04W8/22 ,  H04W12/06

Abstract: Presented herein are techniques to facilitate electronic profile management by an enterprise entity in which the enterprise entity can utilize an enterprise infrastructure to provision one or more electronic profiles for one or more enterprise device(s). In one example, a method is provided that may include determining, by a management node of an enterprise network, whether a user equipment (UE) supports an electronic profile capability and a wireless wide area access network connectivity capability; and based on determining that the UE supports the electronic profile capability and the wireless wide area access network connectivity capability, providing, by the management node, at least one electronic profile to the UE via a wireless local area access network of the enterprise network, wherein the at least one electronic profile enables the UE to connect to at least one wireless wide area access network of the enterprise network.