公开(公告)号：US09161259B2

公开(公告)日：2015-10-13

申请号：US13847904

申请日：2013-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Shwetha Subray Bhandari ,  Samer Salam ,  Kannan Jayaraman ,  Arvind Saproo

IPC: H04W28/02 ,  H04W24/02

CPC classification number: H04W28/0236 ,  H04L45/02 ,  H04W24/02 ,  H04W40/12

Abstract: A method is provided in one example and includes receiving a current bandwidth characteristic for a link, where the current bandwidth characteristic is determined under fading conditions associated with signal propagation on the link. The method can also include calculating a new cost for the link that is different from a nominal cost associated with a nominal bandwidth of the link without the fading conditions. The method could also include routing at least a portion of a plurality of flows that are to traverse the link away from the link based, at least in part, on the new cost. Another example method includes receiving the current bandwidth characteristic for the link, comparing the current bandwidth characteristic with a preconfigured low watermark corresponding to a class-specific MTR topology associated with a class of traffic traversing the link, and removing the link from the MTR topology based on the current bandwidth characteristic.

Abstract translation: 在一个示例中提供了一种方法，并且包括接收用于链路的当前带宽特性，其中在与链路上的信号传播相关联的衰落条件下确定当前带宽特性。 该方法还可以包括计算不同于没有衰落条件的与链路的标称带宽相关联的名义成本的链路的新成本。 该方法还可以包括至少部分地基于新成本路由将要从链路横越链路的多个流的至少一部分路由。 另一示例性方法包括：接收当前带宽特性，将当前带宽特性与对应于与通过链路的一类流量相关联的类特定MTR拓扑相对应的预配置低水印，以及从基于MTR拓扑的链路中移除链路 关于当前的带宽特性。

公开(公告)号：US11956273B2

公开(公告)日：2024-04-09

申请号：US17818147

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/40

CPC classification number: H04L63/162 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/126 ,  H04L63/1433

Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US11924043B2

公开(公告)日：2024-03-05

申请号：US17517622

申请日：2021-11-02

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L41/12 ,  H04L45/00 ,  H04L45/02 ,  H04W40/24 ,  H04W84/18

CPC classification number: H04L41/12 ,  H04L45/02 ,  H04L45/26 ,  H04W40/246 ,  H04W84/18

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US11818044B2

公开(公告)日：2023-11-14

申请号：US17377047

申请日：2021-07-15

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04W72/04 ,  H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

CPC classification number: H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first value. The method further includes generating a second value by inputting the first value and one or more node details into a hash function. The method includes replacing the first value with the second value in the packet. The packet including the second value is forwarded by the node.

公开(公告)号：US20230275904A1

公开(公告)日：2023-08-31

申请号：US18195081

申请日：2023-05-09

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L9/40 ,  H04L45/00 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/123 ,  H04L45/72 ,  H04L9/321 ,  H04L63/0435 ,  H04L9/0869 ,  H04L63/0428

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US11601292B2

公开(公告)日：2023-03-07

申请号：US17542142

申请日：2021-12-03

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Jesse Daniel Backman ,  Robert Stephen Rodgers ,  Joseph Eryx Malcolm

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/72 ,  G06F21/57 ,  H04L9/40 ,  H04L9/08

Abstract: A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

公开(公告)号：US11444955B2

公开(公告)日：2022-09-13

申请号：US16916368

申请日：2020-06-30

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L29/06 ,  H04L9/40 ,  H04L45/00 ,  H04L9/32 ,  H04L9/08

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US20220272004A1

公开(公告)日：2022-08-25

申请号：US17181243

申请日：2021-02-22

Applicant: Cisco Technology, Inc.

Inventor： Frank Brockners ,  Shwetha Subray Bhandari ,  Pallavi Kalapatapu ,  Enzo Fenoglio ,  Wenqin Shao

IPC: H04L12/24 ,  G06F9/451

Abstract: Techniques for utilizing a communication system that provides access to a representation of a virtual environment to participants. The communication system may establish connections between personal communication bridge(s) associated with participant(s) interacting within a virtual proximity radius of one another's virtual indicator in the virtual environment. The communication system may cause conversation data to be sent each personal communication bridge associated with a participant that is within the virtual proximity radius of the sender, and cause conversation data to be received via the personal communication bridge of a participant that is within the virtual proximity radius of the sender. The communication system may also analyze data associated with the participant profile(s) and transcribed conversation data from the communication bridges(s) to recommend potential conversations of interest to participant(s).

公开(公告)号：US11343261B2

公开(公告)日：2022-05-24

申请号：US16555869

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L29/06 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US20210409423A1

公开(公告)日：2021-12-30

申请号：US16916368

申请日：2020-06-30

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L29/06 ,  H04L12/721 ,  H04L9/08 ,  H04L9/32

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.