公开(公告)号：US11902161B1

公开(公告)日：2024-02-13

申请号：US17820448

申请日：2022-08-17

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Voit ,  Pradeep Kumar Kathail

IPC: G06F15/16 ,  H04L45/745 ,  H04L41/12 ,  H04L45/44

CPC classification number: H04L45/745 ,  H04L41/12 ,  H04L45/44

Abstract: A device for a virtual phone in a virtual network may be provided. A data packet may be received by the device, the device being in a personal-area-network (PAN) with a peer, the data packet containing information defining a characteristic of a software application. The data packet may be profiled, the data packet comprising information about the software application. An SLA table stored on the device may be seeded with the information in the data packet. A routing table may be populated with an address for forwarding the information to the peer.

公开(公告)号：US20240022548A1

公开(公告)日：2024-01-18

申请号：US17812901

申请日：2022-07-15

Applicant: Cisco Technology, Inc.

Inventor： Ali Sajassi ,  Pradeep Kumar Kathail ,  Samir Thoria

IPC: H04L9/40 ,  H04L45/00

CPC classification number: H04L63/0435 ,  H04L63/029 ,  H04L45/22

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

公开(公告)号：US20230370373A1

公开(公告)日：2023-11-16

申请号：US17740903

申请日：2022-05-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf

IPC: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

CPC classification number: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

公开(公告)号：US11683286B2

公开(公告)日：2023-06-20

申请号：US17530244

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: G06F15/173 ,  H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US20230188523A1

公开(公告)日：2023-06-15

申请号：US18167593

申请日：2023-02-10

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L9/40 ,  H04L47/2441 ,  H04W80/02 ,  H04L65/1073

CPC classification number: H04L63/0876 ,  H04L47/2441 ,  H04L63/0892 ,  H04L63/1475 ,  H04L65/1073 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

公开(公告)号：US11652824B2

公开(公告)日：2023-05-16

申请号：US17669123

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0803

CPC classification number: H04L63/108 ,  H04L41/0803 ,  H04L63/0876 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US20220166779A1

公开(公告)日：2022-05-26

申请号：US17669123

申请日：2022-02-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L9/40 ,  H04L41/0803

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US11303558B2

公开(公告)日：2022-04-12

申请号：US16737199

申请日：2020-01-08

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Alberto Rodriguez Natal ,  Fabio R. Maino ,  Pradeep Kumar Kathail ,  Sangram Kishore Lakkaraju

IPC: H04L12/761 ,  H04W76/15 ,  H04L29/12 ,  H04L45/16 ,  H04L61/255 ,  H04L61/5084 ,  H04W84/12 ,  H04W88/08 ,  H04W88/12

Abstract: Low latency wireless communications may be provided. A client device may be authorized for a first association in response to the client device making a first concurrent association request that may include a first Media Access Control (MAC) address. In response to authorizing the client device for the first association, an Endpoint Identifier (EID) associated with the client device may be registered with a first Routing Locator (RLOC) in a map server, the first RLOC being associated with the first MAC address. The client device may then be authorized for a second association in response to the client device making a second concurrent association request that includes a second MAC address. In response to authorizing the client device for the second association, the EID associated with the client device may be registered with a second RLOC in the map server, the second RLOC being associated with the second MAC address.

公开(公告)号：US20200322348A1

公开(公告)日：2020-10-08

申请号：US16715271

申请日：2019-12-16

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US20250031133A1

公开(公告)日：2025-01-23

申请号：US18223255

申请日：2023-07-18

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf ,  Ali Sajassi

IPC: H04W48/12 ,  H04W12/02 ,  H04W12/08

Abstract: Techniques for establishing connections between user devices and access points to connect to networks. Access points may indicate privacy-support capabilities, enabling a user device to discover privacy-capable access networks, and use this capability for network selection. Furthermore, the techniques enable the user device to request to enable and/or disable privacy support on an on-demand basis. The techniques described herein include the use of an access point that indicates the network's privacy capability to an endpoint device (e.g., source device, user device, etc.) over one or more link-layer messages, IP address configuration mechanisms, and over authentication protocols.