公开(公告)号：US20240265113A1

公开(公告)日：2024-08-08

申请号：US18330255

申请日：2023-06-06

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey M. Napper ,  Hendrikus G. P. Bosch ,  Jean Diaconu ,  Marcelo Yannuzzi ,  Alessandro Duminuco

IPC: G06F21/57 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06F2221/033

Abstract: A system and a method to determine attack paths to application assets may include storing in a memory asset inventory indicating multiple application assets, multiple attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information configured to associate each of the application assets to one or more of the application layers. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may determine feasibility parameters that indicate a likelihood of the attack path to occur in the system, generate a visual interface showing the vulnerable assets, determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers in the visual interface based at least in part upon the feasibility parameters.

公开(公告)号：US11902168B2

公开(公告)日：2024-02-13

申请号：US17357461

申请日：2021-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Oleg Bessonov ,  Hendrikus G. P. Bosch

IPC: H04L47/24

CPC classification number: H04L47/24

Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.

公开(公告)号：US11899780B2

公开(公告)日：2024-02-13

申请号：US17226304

申请日：2021-04-09

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Jaffar Alaoui

IPC: G06F21/57 ,  G06F21/52 ,  G06F9/54

CPC classification number: G06F21/52 ,  G06F9/544 ,  G06F2221/031

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.

公开(公告)号：US11509591B2

公开(公告)日：2022-11-22

申请号：US17334335

申请日：2021-05-28

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Sape Jurriën Mullender ,  Surendra M. Kumar ,  Louis Gwyn Samuel ,  Bart A. Brinckman ,  Aeneas Sean Dodd-Noble ,  Luca Martini

IPC: H04L12/825 ,  H04L12/801 ,  H04L12/715 ,  H04L47/25 ,  H04L47/10 ,  H04L45/64 ,  H04L41/0896

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (data-plane), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more data-plane services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more data-plane services.

公开(公告)号：US11457008B2

公开(公告)日：2022-09-27

申请号：US17069540

申请日：2020-10-13

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Julien Barbot ,  Jeffrey Michael Napper ,  Sape Jurrien Mullender

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/40

Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.

公开(公告)号：US11044203B2

公开(公告)日：2021-06-22

申请号：US15171892

申请日：2016-06-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Sape Jurriën Mullender ,  Surendra M. Kumar ,  Louis Gwyn Samuel ,  Bart A. Brinckman ,  Aeneas Sean Dodd-Noble ,  Luca Martini

IPC: H04L12/26 ,  H04L12/801 ,  H04L12/825 ,  H04L12/715 ,  H04L12/24

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (Gi-LAN), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more Gi-LAN services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more Gi-LAN services.

公开(公告)号：US10361969B2

公开(公告)日：2019-07-23

申请号：US15252028

申请日：2016-08-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Surendra M. Kumar ,  Alessandro Duminuco ,  Sape Jurriën Mullender ,  Humberto J. La Roche ,  Louis Gwyn Samuel ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/917 ,  H04L12/911 ,  H04L12/725 ,  H04L12/841

Abstract: An example method is provided in one example embodiment and may include configuring a measurement indication for a packet; forwarding the packet through a service chain comprising one or more service functions; recording measurement information for the packet as it is forwarded through the service chain; and managing capacity for the service chain based, at least in part, on the measurement information. In some cases, the method can include determining end-to-end measurement information for the service chain using the recorded measurement information. In some cases, managing capacity for the service chain can further include identifying a particular service function as a bottleneck service function for the service chain; and increasing capacity for the bottleneck service. In various instances, increasing capacity for the bottleneck service can include at least one of: instantiating additional instances of the bottleneck service; and instantiating additional instances of the service chain.

公开(公告)号：US10284390B2

公开(公告)日：2019-05-07

申请号：US15177021

申请日：2016-06-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Alessandro Duminuco ,  Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Jeffrey Napper ,  Burjiz Pithawala

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/70 ,  H04L29/12 ,  H04L12/725 ,  H04L12/715

Abstract: A method is provided in one example embodiment and includes receiving at a network element an encapsulated packet including an encapsulation header, in which the encapsulation header includes an Analytics Proxy Function (“APF”) flag; determining whether the APF flag is set to a first value; if the APF flag is set to the first value, forwarding the encapsulated packet to a local APF instance associated with the network element, in which the encapsulated packet is processed by the local APF instance to replicate at least a portion of the encapsulated packet, construct a record of the encapsulated packet, or both; and if the APF flag is not set to the first value, omitting forwarding the encapsulated packet to the local APF instance associated with the network element. The local APF instance is implemented as a service function anchored at the forwarding element.

公开(公告)号：US10178646B2

公开(公告)日：2019-01-08

申请号：US15486143

申请日：2017-04-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Humberto J. La Roche ,  Aeneas Sean Dodd-Noble ,  Sape Jurri{hacek over (e)}n Mullender ,  Timothy P. Stammers ,  Konstantin Livanos

IPC: H04W68/02 ,  H04W8/08 ,  H04L29/06 ,  H04W88/02

Abstract: A method is provided in one example embodiment and may include receiving, by a mobility management frontend, an attach request for a user equipment (UE) to attach the UE to a core network slice type for a mobile core Software Defined Network (SDN) infrastructure, wherein a plurality of core network slice types are available for the mobile core SDN infrastructure to receive traffic from a plurality of UEs; determining a particular core network slice type within the mobile core SDN infrastructure to serve the UE based on subscriber information associated with the UE; selecting a particular slice instance of the particular core network slice type to receive traffic for the UE; and forwarding traffic for the UE between a Radio Access Network (RAN) and the particular slice instance by the mobility management frontend.

公开(公告)号：US10079767B2

公开(公告)日：2018-09-18

申请号：US15181159

申请日：2016-06-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey Napper ,  Alessandro Duminuco ,  Humberto J. La Roche ,  Surendra M. Kumar ,  Aeneas Sean Dodd-Noble ,  Anil Kumar Chandrupatla

IPC: H04L12/851 ,  H04L12/801 ,  H04L12/803 ,  H04L29/08 ,  H04L12/713

CPC classification number: H04L47/2441 ,  H04L45/586 ,  H04L45/64 ,  H04L47/125 ,  H04L47/14 ,  H04L67/1076 ,  H04L67/2842

Abstract: A method is provided in one example embodiment and includes receiving at a network element a packet associated with a flow and determining whether a flow cache of the network element includes an entry for the flow indicating a classification for the flow. The method further includes, if the network element flow cache does not include an entry for the flow, punting the packet over a default path to a classifying service function, in which the classifying service function classifies the flow and determines a control plane service function for handling the flow, and receiving from the classifying service function a service path identifier (“SPI”) of a service path leading to the determined control plane service function. The flow is subsequently offloaded from the classifying service function to the network element.