公开(公告)号：US20240259340A1

公开(公告)日：2024-08-01

申请号：US18591198

申请日：2024-02-29

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Stephen Michael Orr ,  Malcolm Muir Smith

IPC: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

CPC classification number: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.

公开(公告)号：US20240256908A1

公开(公告)日：2024-08-01

申请号：US18103028

申请日：2023-01-30

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grègory Mermoud ,  Pierre-André Savalle ,  Eduard Schornig

IPC: G06N5/022

CPC classification number: G06N5/022

Abstract: In one embodiment, a device obtains a plurality of characteristics of different portions of a network for which a predictive networking engine is available. The device provides the plurality of characteristics of the different portions of a network to a user interface. The device receives, via the user interface, a set of one or more constraints to limit recommendations by the predictive networking engine for a selected portion of the network from among the different portions of the network. The device configures the predictive networking engine to prevent it from generating recommendations for the selected portion of the network according to the set of one or more constraints.

公开(公告)号：US20240256512A1

公开(公告)日：2024-08-01

申请号：US18162160

申请日：2023-01-31

Applicant: Cisco Technology, Inc.

Inventor： D. Brice Achkir ,  Kaushal Sanjay Mhalgi ,  Gautam Khandelwal

IPC: G06F16/22 ,  G06F16/28

CPC classification number: G06F16/2272 ,  G06F16/284

Abstract: Methods that provide accelerated data operations by splitting data records into sub-records and by using in-memory storage. In these methods, a computing device obtains a complex data record that includes at least one unique identifier, primary information about the complex data record, and a plurality of data values that change over time. The computing device generates a plurality of data sub-records by splitting, based on a set of rules, the complex data record into a plurality of parts in which at least a portion of the primary information is separated from the plurality of data values and added to a respective data sub-record of the plurality of data sub-records, generating a unique binding identifier, and adding the unique binding identifier to each of the plurality of data sub-records to link the plurality of data sub-records to each other. The data sub-records are stored, using an in-memory database, into a blockchain.

公开(公告)号：US12052532B2

公开(公告)日：2024-07-30

申请号：US17871093

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Luca Della Chiesa ,  Christian Schmutzer

IPC: G01H9/00 ,  H04B10/07 ,  H04B10/073 ,  H04B10/61 ,  H04Q11/00

CPC classification number: H04Q11/0062 ,  G01H9/004 ,  H04B10/07 ,  H04B10/073 ,  H04B10/615 ,  H04Q2011/0073 ,  H04Q2011/0083

Abstract: Presented herein are techniques to manage optical network infrastructure. A method includes inducing a predetermined vibration on a fiber optic cable, the predetermined vibration being sufficient to cause a change to at least one of a state of polarization and a phase of optical signals being carried by respective optical fibers in the fiber optic cable, detecting, at a first endpoint, using a first coherent optical receiver, and at a second endpoint, using a second coherent optical receiver, the change to the at least one of the state of polarization and the phase of the optical signals, and based on the detecting, determining that the first endpoint and the second endpoint are connected to, or in communication with, one another via at least one finer in the fiber optic cable.

公开(公告)号：US12052332B2

公开(公告)日：2024-07-30

申请号：US17162098

申请日：2021-01-29

Applicant: Cisco Technology, Inc.

Inventor： Mohammed Hawari ,  Andre Surcouf

IPC: H04L69/28 ,  H03M13/09 ,  H04J3/06 ,  H04L49/90

CPC classification number: H04L69/28 ,  H03M13/09 ,  H04J3/0644 ,  H04J3/065 ,  H04L49/9078

Abstract: Establishing an expected transmit time at which a network interface controller (NIC) is expected to transmit a next packet. Enqueuing, with the NIC and before the expected transmit time, a packet P1 to be transmitted at the expected transmit time. Upon enqueuing P1, incrementing the expected transmit time by an expected transmit duration of P1. Transmitting at the NIC's line rate and timestamping enqueued P1 with its actual transmit time. Adjusting the expected transmit time by a difference between P1's actual transmit and P1's expected transmit time. Requesting, before completion of transmitting P1, to transmit a P2 at time t(P2). Enqueuing, in sequence, zero or more P0, such that the current expected transmit time plus the duration of the transmission of the P0s at the line rate equals t(P2). Transmitting at the line rate each enqueued P0. Upon enqueuing each P0, incrementing, for each P0, the expected transmit time by the expected transmit duration of the P0. Enqueuing P2 for transmission directly following enqueuing the final P0. Transmitting, by the NIC, enqueued P2 at t(P2).

公开(公告)号：US12052235B2

公开(公告)日：2024-07-30

申请号：US17866871

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Naveen Gujje ,  Sujith RS ,  Pranav Balakumar

IPC: H04L9/40 ,  H04L9/08 ,  H04L67/141

CPC classification number: H04L63/0823 ,  H04L63/0281 ,  H04L67/141

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

公开(公告)号：US12052148B2

公开(公告)日：2024-07-30

申请号：US18225428

申请日：2023-07-24

Applicant: Cisco Technology, Inc.

Inventor： Viktoria Fordos ,  Claes Daniel Nasten

IPC: H04L41/5054 ,  H04L41/0873 ,  H04L41/0893

CPC classification number: H04L41/5054 ,  H04L41/0873 ,  H04L41/0893

Abstract: Techniques and mechanisms for managing a set of data network nodes in a Network Management System (NMS). In some examples, a network orchestrator receives a first service request to trigger a first service transaction to re-configure the set of data nodes in the data network, and trigger, the first service transaction to re-configure the set of data nodes. In some examples, the network orchestrator receives a second service request to trigger a second service transaction to re-configure the set of data nodes. The orchestrator determines whether the second service transaction conflicts with the first service transaction that is currently running. If the second service transaction does not conflict with the first service, it triggers processing the second service. If the second service transaction does conflict with the first service transaction, it delays from processing the second service transaction.

公开(公告)号：US20240250942A1

公开(公告)日：2024-07-25

申请号：US18156974

申请日：2023-01-19

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Joshua Terry ,  Richard Harang ,  Kevin Tyler Burchfield ,  Gillian Gacusan ,  Patrick McMahon ,  Robert Small ,  Jake Ingman

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/1433

Abstract: The present technology provides for altering an authentication technique in response to a detection of a possible attack to which the authentication technique is vulnerable. An authentication provider can receive an authentication request to authenticate to a first resource, where the authentication to the first resource is permitted using a particular authentication technique, includes contextual information associated with the first access device and information identifying the first resource. Based on the contextual information, the authentication provider can determine that the authentication request is subject to an ongoing attack, and determine, an alternative authentication technique that is less vulnerable to the ongoing attack than the particular authentication technique. The authentication provider can require the first user account to authenticate with the first resource using the alternative authentication technique that is less vulnerable to the ongoing attack than the particular authentication technique.

公开(公告)号：US20240250812A1

公开(公告)日：2024-07-25

申请号：US18156993

申请日：2023-01-19

Applicant: Cisco Technology, Inc.

Inventor： Shayne Miel ,  Brian Lindauer ,  Glenn J. Stempeck ,  David William Matteson ,  Ian Edward Beals ,  Josh Matz ,  Edgar Calderon ,  Laura Cole

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0863 ,  H04L9/3234

Abstract: The present disclosure provides protection to communications after establishing a secured connection to a secured website or application. An authentication service, after establishing a secured session, can calculate a trust score for a user. Based on the trust score, the security agent can encrypt access tokens used to authenticate a secure connection. The system can interrupt the secure connection based on the trust score of the user or the user device. The interruption takes place by ignoring requests to decrypt the access token. Without the decrypted access token, the browser is unable to authenticate the session, preventing further communications. After the user improves the security posture of the device or user, the security agent can recalculate the trust score. When the trust score is above a threshold, the security agent can being decrypting the access token, thereby authenticating communications from the browser.

公开(公告)号：US12047420B2

公开(公告)日：2024-07-23

申请号：US17487260

申请日：2021-09-28

Applicant: Cisco Technology, Inc.

Inventor： Sachin Dinkar Wakudkar ,  Roberto Muccifora ,  Fnu Sandesh ,  Shiva Prasad Maheshuni

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Techniques and architecture are described for determining an identity of a client device and utilizing security policies associated with the client device provided by a device identity entity. For example, a tag associated with security policies is created for use in enforcing the security policies by a security policy enforcement entity associated with a cloud network. The techniques and architecture also allow for identification of a particular user on a client device that may be shared by multiple users based at least in part on the user accessing an application. Also, the techniques and architecture described herein provide a generic and agnostic approach to enforcing security policies for users and/or client devices.