公开(公告)号：US20160226899A1

公开(公告)日：2016-08-04

申请号：US14613558

申请日：2015-02-04

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil ,  Bill Ver Steeg

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1425 ,  G06F21/554 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/145 ,  H04L67/104 ,  H04L67/1063

Abstract: In one embodiment, A tracker computer receives from a first device in a peer-to-peer network that the first device has content for serving. A content request for the content is received from a second device in the peer-to-peer network. The tracker computer routes the content from the first device to the second device through a server. The content routed through the server is inspected for malicious code.

Abstract translation: 在一个实施例中，跟踪计算机从对等网络中的第一设备接收第一设备具有用于服务的内容。 从对等网络中的第二设备接收到针对内容的内容请求。 跟踪计算机通过服务器将内容从第一设备路由到第二设备。 通过服务器路由的内容将被检查恶意代码。

公开(公告)号：US09369491B2

公开(公告)日：2016-06-14

申请号：US14537336

申请日：2014-11-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1408 ,  H04L63/166 ,  H04L63/30 ,  H04L67/02

Abstract: In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices.

Abstract translation: 在一个实现中，两个或多个端点或客户端设备通信使用基于浏览器的基于对等的实时通信协议。 这种协议的一个例子是Web实时通信（WebRTC）。 中间设备使用基于浏览器的实时通信从第一端点接收与第二端点通信的请求。 中间设备基于通信请求识别控制协议，并从第一端点接收一个或多个写入密钥。 中间设备使用一个或多个写入密钥监视第一端点和第二端点之间的通信。 中间设备的示例包括服务器，防火墙和其他网络设备。

公开(公告)号：US20160134659A1

公开(公告)日：2016-05-12

申请号：US14537336

申请日：2014-11-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L61/2514 ,  H04L61/2575 ,  H04L61/2589 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1408 ,  H04L63/166 ,  H04L63/30 ,  H04L67/02

Abstract: In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices.

Abstract translation: 在一个实现中，两个或多个端点或客户端设备通信使用基于浏览器的基于对等的实时通信协议。 这种协议的一个例子是Web实时通信（WebRTC）。 中间设备使用基于浏览器的实时通信从第一端点接收与第二端点通信的请求。 中间设备基于通信请求识别控制协议，并从第一端点接收一个或多个写入密钥。 中间设备使用一个或多个写入密钥监视第一端点和第二端点之间的通信。 中间设备的示例包括服务器，防火墙和其他网络设备。

公开(公告)号：US20150026756A1

公开(公告)日：2015-01-22

申请号：US13944607

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06

CPC classification number: H04W12/08 ,  G06F15/16 ,  H04L29/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract translation: 在一个实现中，移动网络中的流量被定向到单个云服务器或安全服务器（例如，作为服务的安全性）的多个路径。 移动设备通过基于通过移动设备的第一接口的附件或连接的主连接来检测云连接器。 移动设备向云连接器发送请求以识别与云连接器相关联的云安全服务器。 在接收到云安全服务器的标识之后，移动设备将用于移动设备的第二接口或另一接口的一个或多个后续数据流或子流引导到云服务器或安全服务器。 第二数据流和第二接口与企业网络外部的另一网络和可信网络连接相关联，或者与企业网络和可信网络连接不相关联。

公开(公告)号：US10404781B2

公开(公告)日：2019-09-03

申请号：US14636208

申请日：2015-03-03

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Bill Ver Steeg

IPC: G06F15/16 ,  H04L29/08

Abstract: In one embodiment, there is provided a device implementing a leecher peer, the device including a processor to request a list of seeder peers from a tracker, receive the list, select a first seeder peer from the list from which to download at least part of a content item, start downloading the at least part of the content item from the first seeder peer, receive a message from the first seeder peer indicating a deterioration in an upload flow characteristic of the first seeder peer, in response to receiving the message, request an updated list of seeder peers, receive the updated list, select a second one of the seeder peers from the updated list from which to download another part of the content item, cease downloading the content item from the first seeder peer, and start downloading the other part of the content item from the second seeder peer.

公开(公告)号：US20170331854A1

公开(公告)日：2017-11-16

申请号：US15151709

申请日：2016-05-11

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

CPC classification number: H04L63/1458 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3263 ,  H04L63/0236 ,  H04L63/0823 ,  H04L63/1425 ,  H04L63/168 ,  H04L65/1006 ,  H04L67/02 ,  H04L67/10 ,  H04L69/329

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

公开(公告)号：US09648141B2

公开(公告)日：2017-05-09

申请号：US14674596

申请日：2015-03-31

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel Wing ,  Prashanth Patil

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L67/42 ,  H04L63/0807 ,  H04L67/06 ,  H04L67/20 ,  H04L67/289

Abstract: In one embodiment, first content is served by an application server to a client computer through an Internet service provider network. The first content includes a link to second content on a third-party server. A token request is sent from the third-party server to the application server in response to selection of the link by the client computer. A token is provided to the third-party server by the application server in response to the token request. The token is configured to authorize data flow at a bandwidth for the second content by the Internet service provider network to the client computer. The data flow is authorized based on an agreement for the bandwidth between an operator of the application server and an operator of the Internet service provider network.

公开(公告)号：US20160366191A1

公开(公告)日：2016-12-15

申请号：US14734164

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel G. Wing ,  James Guichard

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L63/0281 ,  H04L63/0471 ,  H04L63/166 ,  H04L67/141 ,  H04L67/28

Abstract: A first service node receives a message configured to set up a secure communication session between a client and a server, in which the first service node acts as a proxy. Data packets in the secure communication session are subject to multiple service functions that require decryption of the data packets. A service function chain assigns a service node to each of the service functions. A service header is generated including metadata instructing the service nodes other than the first service node not to act as proxies in the secure communication session. The message and the service header are transmitted to a second service node in the service function chain.

Abstract translation: 第一服务节点接收被配置为在客户机和服务器之间建立安全通信会话的消息，其中第一服务节点用作代理。 安全通信会话中的数据分组受到需要解密数据分组的多种服务功能。 服务功能链将服务节点分配给每个服务功能。 生成服务报头，包括指示不同于第一服务节点的服务节点的元数据不作为安全通信会话中的代理。 消息和服务头部被发送到服务功能链中的第二服务节点。

公开(公告)号：US20160269365A1

公开(公告)日：2016-09-15

申请号：US14643802

申请日：2015-03-10

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Daniel G. Wing ,  Prashanth Patil ,  Ram Mohan R.

IPC: H04L29/06 ,  H04L9/14

Abstract: In one implementation, a media stream is recorded using one or more keys. The one or more keys are also encrypted. The one or more encrypted keys may be stored with the encrypted media session at a cloud storage service. A network device receives a request to record a media stream and accesses at least one stream key for the media stream. The stream key is for encrypting the media stream. The network device encrypts the stream key with a master key. The encrypted stream key is stored in association with the encrypted media stream.

Abstract translation: 在一个实现中，使用一个或多个键来记录媒体流。 一个或多个键也被加密。 一个或多个加密密钥可以与云存储服务处的加密的媒体会话一起存储。 网络设备接收记录媒体流的请求，并访问媒体流的至少一个流密钥。 流密钥用于加密媒体流。 网络设备用主密钥加密流密钥。 加密的流密钥与加密的媒体流相关联地存储。

公开(公告)号：US20150334029A1

公开(公告)日：2015-11-19

申请号：US14278598

申请日：2014-05-15

Applicant: Cisco Technology, Inc.

Inventor： Prashanth Patil ,  Tirumaleswar Reddy ,  Daniel Wing ,  William Ver Steeg

IPC: H04L12/851 ,  H04L29/06 ,  H04L12/24

CPC classification number: H04L12/6418 ,  H04L29/06 ,  H04L41/5019 ,  H04L41/5038 ,  H04L47/2441 ,  H04L63/145 ,  H04L67/02 ,  H04L67/06

Abstract: Various embodiments are disclosed for prioritizing network flows and providing differentiated quality of service in a telecommunications network. In some embodiments, a SecaaS can be utilized to signal flow characteristics of one or more network flows to a connector in a network so that the network can install differentiated quality of service against the one or more network flows based upon the received flow characteristics. Some embodiments enable a connector in a network to act as a PCP client to signal received flow characteristics to an upstream PCP server hosted by an adjacent access network.

Abstract translation: 公开了各种实施例用于优先化网络流并在电信网络中提供差异化​​的服务质量。 在一些实施例中，可以使用SecaaS来向网络中的连接器发送一个或多个网络流的流特性，使得网络可以基于所接收的流特性来针对所述一个或多个网络流安装差异化服务质量。 一些实施例使得网络中的连接器能够充当PCP客户端，以将接收到的流量特性信号发送到由相邻接入网络托管的上游PCP服务器。