公开(公告)号：US09185562B2

公开(公告)日：2015-11-10

申请号：US13944607

申请日：2013-07-17

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel Wing

IPC: H04L29/06 ,  H04W12/08 ,  G06F15/16

CPC classification number: H04W12/08 ,  G06F15/16 ,  H04L29/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract translation: 在一个实现中，移动网络中的流量被定向到单个云服务器或安全服务器（例如，作为服务的安全性）的多个路径。 移动设备通过基于通过移动设备的第一接口的附件或连接的主连接来检测云连接器。 移动设备向云连接器发送请求以识别与云连接器相关联的云安全服务器。 在接收到云安全服务器的标识之后，移动设备将用于移动设备的第二接口或另一接口的一个或多个后续数据流或子流引导到云服务器或安全服务器。 第二数据流和第二接口与企业网络外部的另一网络和可信网络连接相关联，或者与企业网络和可信网络连接不相关联。

公开(公告)号：US20150149657A1

公开(公告)日：2015-05-28

申请号：US14089193

申请日：2013-11-25

Applicant: Cisco Technology, Inc.

Inventor： Tirumaleswar Reddy ,  Prashanth Patil ,  William Ver Steeg ,  Daniel Wing

IPC: H04L12/721

CPC classification number: H04L45/72 ,  H04L63/0245 ,  H04L63/1408 ,  H04L63/20

Abstract: In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.

Abstract translation: 在一个实现中，使用安全即服务（SecaaS）系统下载流内容更为有效，因为部分流媒体内容可能不被SecaaS检查。 接收到从内容提供商下载内容的第一请求，并且与安全提供者发起连接，安全提供者检查内容的第一块，并且基于第一内容块的检查来生成路由指令。 基于路由指令和对第一块的检查，流式传输内容的第二块的请求被寻址到内容提供商。 流媒体内容的第二大部分规避了SecaaS系统。

公开(公告)号：US20150113588A1

公开(公告)日：2015-04-23

申请号：US14059853

申请日：2013-10-22

Applicant: Cisco Technology, Inc.

Inventor： Daniel Wing ,  Tirumaleswar Reddy

IPC: H04L29/06

CPC classification number: H04L63/0227

Abstract: A PCP-aware firewall or other firewall validating a media session using third-party authorization receives more information than just the results of cryptographic token validation. The intent for each media stream of a media session is received from the Authorization Server. The intent may be used to compare to the received traffic of the media session. If the traffic is different than the intended traffic, then the exception to permit the firewall may be closed.

Abstract translation: 使用第三方授权验证媒体会话的PCP感知防火墙或其他防火墙接收的信息不仅仅是加密令牌验证的结果。 从授权服务器接收媒体会话的每个媒体流的意图。 该意图可以用于与媒体会话的接收流量进行比较。 如果流量与预期流量不同，则允许防火墙的异常可能会被关闭。

公开(公告)号：US20140105103A1

公开(公告)日：2014-04-17

申请号：US13652825

申请日：2012-10-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ramesh Nethi ,  Tirumaleswar Reddy ,  Srinivas Chivukula ,  Prashanth Patil

IPC: H04W28/08

CPC classification number: H04W12/02 ,  H04L63/1408 ,  H04W4/06

Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.

Abstract translation: 在一个实现中，移动网络中的流量被卸载到作为服务服务器或云服务器的安全。 移动网络中的移动接入网关（MAG）识别配置用于移动网络上的通信的一个或多个移动节点。 MAG接收到包括移动节点的地址的消息，并且基于该消息将请求作为服务服务器发送到作为安全的请求。 根据该消息，MAG将流量作为服务服务器转发到安全服务器，该消息被配置为根据用户简档来检测业务流中的恶意软件的指示和/或过滤内容。