公开(公告)号：US20220272004A1

公开(公告)日：2022-08-25

申请号：US17181243

申请日：2021-02-22

Applicant: Cisco Technology, Inc.

Inventor： Frank Brockners ,  Shwetha Subray Bhandari ,  Pallavi Kalapatapu ,  Enzo Fenoglio ,  Wenqin Shao

IPC: H04L12/24 ,  G06F9/451

Abstract: Techniques for utilizing a communication system that provides access to a representation of a virtual environment to participants. The communication system may establish connections between personal communication bridge(s) associated with participant(s) interacting within a virtual proximity radius of one another's virtual indicator in the virtual environment. The communication system may cause conversation data to be sent each personal communication bridge associated with a participant that is within the virtual proximity radius of the sender, and cause conversation data to be received via the personal communication bridge of a participant that is within the virtual proximity radius of the sender. The communication system may also analyze data associated with the participant profile(s) and transcribed conversation data from the communication bridges(s) to recommend potential conversations of interest to participant(s).

公开(公告)号：US20220164918A1

公开(公告)日：2022-05-26

申请号：US17669647

申请日：2022-02-11

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Frank Brockners ,  Russell Paul Gyurek ,  Jerome Henry

IPC: G06T1/20 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  G06F15/80

Abstract: A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.

公开(公告)号：US11343261B2

公开(公告)日：2022-05-24

申请号：US16555869

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L29/06 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US20210409423A1

公开(公告)日：2021-12-30

申请号：US16916368

申请日：2020-06-30

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L29/06 ,  H04L12/721 ,  H04L9/08 ,  H04L9/32

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US11165861B2

公开(公告)日：2021-11-02

申请号：US16783942

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  H04W24/10 ,  H04L29/12 ,  H04L9/32

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US10904164B2

公开(公告)日：2021-01-26

申请号：US16503558

申请日：2019-07-04

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Frank Brockners ,  David Delano Ward

IPC: H04L12/935 ,  H04L12/715 ,  H04L29/08 ,  H04L29/06 ,  H04L12/721 ,  H04L12/713

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

公开(公告)号：US10887209B2

公开(公告)日：2021-01-05

申请号：US15996796

申请日：2018-06-04

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L12/26 ,  H04L12/761 ,  H04L12/753 ,  H04L29/06

Abstract: A method is provided that is performed by a network element in a network. The network element receives a packet. The network element inserts into a header of the packet, packet replication information indicating whether and to which egress interface the network element performs a replication operation on the packet, wherein the header is an In-Situ Operations, Administration and Management (IOAM) header. The network element sends the packet, with the packet replication information included in the IOAM header, in the network.

公开(公告)号：US10833975B2

公开(公告)日：2020-11-10

申请号：US16230933

申请日：2018-12-21

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. Pignataro ,  Frank Brockners ,  Shwetha Subray Bhandari ,  Nagendra Kumar Nainar

IPC: G06F15/173 ,  H04L12/761 ,  H04L12/749 ,  H04L12/723 ,  H04L12/715

Abstract: In one embodiment, improved operations processing of multiple-protocol packets is performed by a node connected to a network. Received is a multiple-protocol (MP) packet that has multiple protocol headers, each having an operations data field. The operations data field of a first protocol header includes first protocol ordered operations data. Operations data is cohered from the operations data field of each of multiple protocol headers into the operations data field of a second protocol header resulting in the operations data field of the second protocol header including ordered MP operations data evidencing operations data of each of the multiple network nodes in a node traversal order taken by the MP packet among multiple network nodes. The ordered MP operations data includes said first protocol ordered operations data cohered from the operations data field of the first protocol header.

公开(公告)号：US20200322353A1

公开(公告)日：2020-10-08

申请号：US16555869

申请日：2019-08-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L29/06

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US20200322334A1

公开(公告)日：2020-10-08

申请号：US16782903

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for authenticating extensible authentication protocol (EAP) messages include receiving, at a first node, EAP messages from a second node. The first node and the second node including network devices and the EAP messages can be based on Diameter protocol or other. The first node can obtain attestation information from one or more EAP messages to determine whether the second node is authentic and trustworthy based on the attestation information. The EAP messages can include a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) whose fields or combination of fields can include the attestation information. The EAP messages can also include a Trust Information Request (TIR) or a Trust Information Answer (TIA) which include the authentication information. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.