公开(公告)号：US11652824B2

公开(公告)日：2023-05-16

申请号：US17669123

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0803

CPC classification number: H04L63/108 ,  H04L41/0803 ,  H04L63/0876 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US20220166779A1

公开(公告)日：2022-05-26

申请号：US17669123

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L9/40 ,  H04L41/0803

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US11303558B2

公开(公告)日：2022-04-12

申请号：US16737199

申请日：2020-01-08

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Pradeep Kumar Kathail ,  Sangram Kishore Lakkaraju

IPC: H04L12/761 ,  H04W76/15 ,  H04L29/12 ,  H04L45/16 ,  H04L61/255 ,  H04L61/5084 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12

Abstract: Low latency wireless communications may be provided. A client device may be authorized for a first association in response to the client device making a first concurrent association request that may include a first Media Access Control (MAC) address. In response to authorizing the client device for the first association, an Endpoint Identifier (EID) associated with the client device may be registered with a first Routing Locator (RLOC) in a map server, the first RLOC being associated with the first MAC address. The client device may then be authorized for a second association in response to the client device making a second concurrent association request that includes a second MAC address. In response to authorizing the client device for the second association, the EID associated with the client device may be registered with a second RLOC in the map server, the second RLOC being associated with the second MAC address.

公开(公告)号：US20200322348A1

公开(公告)日：2020-10-08

申请号：US16715271

申请日：2019-12-16

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US12184648B2

公开(公告)日：2024-12-31

申请号：US18167593

申请日：2023-02-10

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L9/40 ,  H04L47/2441 ,  H04L65/1073 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US20240422140A1

公开(公告)日：2024-12-19

申请号：US18817596

申请日：2024-08-28

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Pradeep Kumar Kathail ,  Samir Thoria

IPC: H04L9/40 ,  H04L45/00

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

公开(公告)号：US12081529B2

公开(公告)日：2024-09-03

申请号：US17812901

申请日：2022-07-15

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Pradeep Kumar Kathail ,  Samir Thoria

IPC: H04L29/06 ,  H04L9/40 ,  H04L45/00

CPC classification number: H04L63/0435 ,  H04L45/22 ,  H04L63/029

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

公开(公告)号：US12034707B2

公开(公告)日：2024-07-09

申请号：US18104603

申请日：2023-02-01

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Srinath Gundavelli ,  Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  Eric Voit ,  Ali Sajassi

IPC: H04L9/40 ,  H04L61/2521 ,  H04L61/2539 ,  H04L61/4511

CPC classification number: H04L63/0421 ,  H04L61/2525 ,  H04L61/2539 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20240214319A1

公开(公告)日：2024-06-27

申请号：US18201998

申请日：2023-05-25

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  John A. Joyce ,  Saswat Praharaj ,  Timothy James Swanson ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L47/2475 ,  H04L67/564

CPC classification number: H04L47/2475 ,  H04L67/564

Abstract: Techniques for signaling, to a network controller, a connection state of a proxy for use by the network controller to correlate proxied-connections with application pairs for traffic optimization. In some examples, the techniques may include receiving, at a controller of a network, control plane information associated with a proxy that manages a proxied flow through the network. Based on the control plane information, the controller may determine that application traffic is flowing across the proxied flow between a first application and a second application. In this way, based at least in part on a policy associated with at least one of the first application or the second application, the controller may reconfigure a network element of the network for optimizing the application traffic flowing across the proxied flow.

公开(公告)号：US20240106745A1

公开(公告)日：2024-03-28

申请号：US17935159

申请日：2022-09-26

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pascal Thubert ,  Pradeep Kumar Kathail

IPC: H04L45/00 ,  H04L45/745 ,  H04W12/71

CPC classification number: H04L45/54 ,  H04L45/745 ,  H04W12/71

Abstract: Personal network Software Defined-Wide Area Networks (SD-WANs) with attested permissions may be provided. A first one of a plurality Personal Area Network (PAN) devices in a PAN may seed a routing table entry for at least one application that the first one of the plurality PAN devices supports. The routing table entry may include at least one characteristic associated with an egress link between the first one of the plurality PAN devices and a device outside of the PAN. The routing table entry may be exchanged among the plurality of PAN devices in the PAN. Then data may be routed, based on the exchanged routing table entry, in the PAN through the first one of the plurality PAN devices through the egress link to the device outside of the PAN.