公开(公告)号：US20240406144A1

公开(公告)日：2024-12-05

申请号：US18205464

申请日：2023-06-02

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L9/40 ,  H04L61/4511

Abstract: Techniques for using Locator ID Separation Protocol (LISP), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to obfuscate server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns an endpoint identifiers (EID) that is mapped to the client device and at least one routing locator (RLOC) of the endpoint device. In this way, IP addresses of servers are obfuscated by a network mapping of EIDs and RLOCs. The client device may then communicate data packets to the server using the EIDs as the destination address, and a virtual network service that works in conjunction with DNS can encapsulate the data packet with the RLOC using LISP and forward the data packet onto the server.

公开(公告)号：US11960607B2

公开(公告)日：2024-04-16

申请号：US17547084

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US20240031808A1

公开(公告)日：2024-01-25

申请号：US17871737

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Stephen Orr ,  Shree Murthy ,  Pradeep Kumar Kathail

IPC: H04W12/06 ,  H04W12/08 ,  H04W12/76

CPC classification number: H04W12/068 ,  H04W12/08 ,  H04W12/76

Abstract: This disclosure describes techniques and mechanisms for performing user defined network (UDN) service authorization based on secondary identity credentials within a wireless network. For instance, the techniques may include receiving, from a user device, a first request to access a wireless network (e.g., such as a WLAN), where the first request may include primary access credentials for accessing the WLAN. Once primary access authentication of the user device is complete, the techniques may include receiving a second request from the user device to access a UDN group within the wireless network. The second request can include secondary credentials for accessing the UDN group. In response to the second request, a secondary EAP dialogue may be established to authenticate the user device using the secondary credentials. Once the secondary credentials are authenticated, the techniques may include granting the user device access to the UDN group.

公开(公告)号：US11800422B2

公开(公告)日：2023-10-24

申请号：US17390445

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Arman Rezaee ,  Ali Sajassi ,  Alessandro Erta ,  Elango Ganesan ,  Pradeep Kumar Kathail

IPC: H04B7/185 ,  H04W36/30 ,  H04L45/50

CPC classification number: H04W36/30 ,  H04B7/18521 ,  H04B7/18541 ,  H04L45/50

Abstract: In one embodiment, an earthbound transceiver in a low earth orbit (LEO) satellite network establishes a connection with a first LEO satellite from a first set of LEO satellites. The first set of LEO satellites are distributed across a first plurality of orbits including first neighboring LEO satellites of the first LEO satellite, and the first neighboring LEO satellites have a fixed or semi-fixed position relative to the first LEO satellite. The earthbound transceiver determines first signal strength values associated with the first set of LEO satellites and second signal strength values associated with a second set of LEO satellites. The earthbound transceiver then periodically compares the first signal strength values to the second signal strength values. At an optimal handoff time, the earthbound transceiver initiates the handoff operation from the first LEO satellite to a second LEO satellite from the second set of LEO satellites.

公开(公告)号：US20230300059A1

公开(公告)日：2023-09-21

申请号：US17890756

申请日：2022-08-18

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Saswat Praharaj ,  Lorand Jakab ,  Fabio R. Maino ,  Pradeep Kumar Kathail

IPC: H04L45/121 ,  H04L45/745 ,  H04L45/00

CPC classification number: H04L45/121 ,  H04L45/745 ,  H04L45/566

Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.

公开(公告)号：US20230275868A1

公开(公告)日：2023-08-31

申请号：US18195136

申请日：2023-05-09

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  David A. Maluf

IPC: H04L61/2503 ,  H04L61/4511

CPC classification number: H04L61/2503 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

公开(公告)号：US11621957B2

公开(公告)日：2023-04-04

申请号：US17218602

申请日：2021-03-31

Applicant: Cisco Technology, Inc.

Inventor： Indermeet Gandhi ,  Srinath Gundavelli ,  Pradeep Kumar Kathail

IPC: G06F21/00 ,  H04L9/40 ,  H04W12/06 ,  H04L9/30 ,  H04W12/08 ,  G06F21/60

Abstract: This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.

公开(公告)号：US20220321605A1

公开(公告)日：2022-10-06

申请号：US17583284

申请日：2022-01-25

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pradeep Kumar Kathail ,  Avinash Kalyanaraman

IPC: H04L9/40

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after identifying the related node, requesting a security information of the related node, generating a composite security information from the security information of the service node and the security information of the related node, and sending the composite security information to the client device. The composite security information provides security claims for a service implemented by a heterogenous devices that have different trusted execution environments.

公开(公告)号：US20220225201A1

公开(公告)日：2022-07-14

申请号：US17390445

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Arman Rezaee ,  Ali Sajassi ,  Alessandro Erta ,  Elango Ganesan ,  Pradeep Kumar Kathail

IPC: H04W36/30 ,  H04B7/185

Abstract: In one embodiment, an earthbound transceiver in a low earth orbit (LEO) satellite network establishes a connection with a first LEO satellite from a first set of LEO satellites. The first set of LEO satellites are distributed across a first plurality of orbits including first neighboring LEO satellites of the first LEO satellite, and the first neighboring LEO satellites have a fixed or semi-fixed position relative to the first LEO satellite. The earthbound transceiver determines first signal strength values associated with the first set of LEO satellites and second signal strength values associated with a second set of LEO satellites. The earthbound transceiver then periodically compares the first signal strength values to the second signal strength values. At an optimal handoff time, the earthbound transceiver initiates the handoff operation from the first LEO satellite to a second LEO satellite from the second set of LEO satellites.

公开(公告)号：US11050746B2

公开(公告)日：2021-06-29

申请号：US16260455

申请日：2019-01-29

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Shree N. Murthy ,  Pradeep Kumar Kathail ,  Brian Weis

IPC: H04L29/06 ,  H04L12/851 ,  H04W80/02

Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.