公开(公告)号：US09374619B2

公开(公告)日：2016-06-21

申请号：US14166202

申请日：2014-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Gil C. Cruz ,  Nick George Pope

IPC: G06F15/16 ,  G09B21/00 ,  H04N5/44 ,  H04L9/32 ,  H04N21/4627 ,  H04L29/06 ,  H04N21/2665 ,  H04N21/41 ,  H04N21/462 ,  H04N21/61 ,  H04N21/4227 ,  H04N21/643 ,  G06F15/173 ,  H04N7/00 ,  H04N7/173 ,  H04N7/16 ,  G06F7/04 ,  H04L12/24

CPC classification number: H04L12/2816 ,  H04L41/00 ,  H04L63/0815 ,  H04L2012/2849 ,  H04N21/2665 ,  H04N21/4104 ,  H04N21/4227 ,  H04N21/4622 ,  H04N21/4627 ,  H04N21/6125 ,  H04N21/64322

Abstract: A method is provided in one example embodiment and includes establishing a connection between a first client and a messaging fabric of a conductor element associated with a video system; receiving a request to perform a companion service with a second client; authenticating the first client via a client directory based on an identifier associated with the first client; receiving a pair message from the first client for the second client; and verifying whether the two clients can be paired in order to perform the companion service. Companion service commands can be authorized/policy checked and resulting commands on the second client may appear as-if they had been triggered locally.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括建立与视频系统相关联的导体元件的第一客户端和消息传送结构之间的连接; 接收与第二客户端执行伴随服务的请求; 基于与第一客户端相关联的标识符，经由客户端目录认证第一客户端; 从第一客户端接收对于第二客户端的对消息; 并且验证两个客户端是否可以配对以执行伴随服务。 配套服务命令可以被授权/策略检查，并且第二个客户端上生成的命令可能会被显示为 - 如果它们已被本地触发。

公开(公告)号：US20140165090A1

公开(公告)日：2014-06-12

申请号：US14166202

申请日：2014-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Gil C. Cruz ,  Nick George Pope

IPC: H04N21/4627 ,  H04N21/41 ,  H04N21/61 ,  H04N21/2665 ,  H04N21/462

CPC classification number: H04L12/2816 ,  H04L41/00 ,  H04L63/0815 ,  H04L2012/2849 ,  H04N21/2665 ,  H04N21/4104 ,  H04N21/4227 ,  H04N21/4622 ,  H04N21/4627 ,  H04N21/6125 ,  H04N21/64322

Abstract: A method is provided in one example embodiment and includes establishing a connection between a first client and a messaging fabric of a conductor element associated with a video system; receiving a request to perform a companion service with a second client; authenticating the first client via a client directory based on an identifier associated with the first client; receiving a pair message from the first client for the second client; and verifying whether the two clients can be paired in order to perform the companion service. Companion service commands can be authorized/policy checked and resulting commands on the second client may appear as-if they had been triggered locally.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括建立与视频系统相关联的导体元件的第一客户端和消息传送结构之间的连接; 接收与第二客户端执行伴随服务的请求; 基于与第一客户端相关联的标识符，经由客户端目录认证第一客户端; 从第一客户端接收对于第二客户端的对消息; 并且验证两个客户端是否可以配对以执行伴随服务。 配套服务命令可以被授权/策略检查，并且第二个客户端上生成的命令可能会被显示为 - 如果它们已被本地触发。

公开(公告)号：US10588044B2

公开(公告)日：2020-03-10

申请号：US15978694

申请日：2018-05-14

Applicant: Cisco Technology, Inc.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04L12/707 ,  H04L12/46 ,  H04L12/721 ,  H04W48/16 ,  H04L29/12 ,  H04W40/24

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

公开(公告)号：US20170034175A1

公开(公告)日：2017-02-02

申请号：US15228558

申请日：2016-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kent K. Leung ,  Jayaraman R. Iyer ,  Bruce A. Thompson ,  Flemming S. Andreasen

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/10 ,  H04L41/0896 ,  H04L63/0807 ,  H04L63/0876

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract translation: 提供了一种方法，并且可以包括从接入设备接收对网络内容传送服务的请求; 将访问设备引导到网络服务提供商以进行网络内容传递服务的认证; 从所述接入设备接收网络授权令牌，其中所述网络授权令牌与所述接入设备相关联; 从网络服务提供商获取网络访问令牌; 并将网络访问令牌绑定到内容访问令牌。

公开(公告)号：US20140169374A1

公开(公告)日：2014-06-19

申请号：US14180379

申请日：2014-02-14

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Srinath Gundavelli ,  Frank Brockners ,  Mark Grayson ,  Kent K. Leung ,  Flemming S. Andreasen

IPC: H04L12/56 ,  H04L29/06

CPC classification number: H04L45/741 ,  H04L12/4633 ,  H04L29/12367 ,  H04L29/12377 ,  H04L61/106 ,  H04L61/2514 ,  H04L61/2517 ,  H04L69/22

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract translation: 提供了示例性方法，并且包括接收与流相关联的分组，确定流的隧道标识符，以及确定流的流标识符。 该方法包括将流标识符和隧道标识符与因特网协议（IP）地址相关联，以生成用于网络地址和端口转换（NAPT）的绑定。 在其他实施例中，基于标识符和IP地址之间的绑定来执行路由决定。 流标识符可以是上下文标识符（CID），隧道标识符可以是软线隧道ID。 在其他实施例中，分组可以被标记为封装操作的一部分，其包括提供关于将要执行网络地址和端口转换的网络位置的信息。

公开(公告)号：US09973961B2

公开(公告)日：2018-05-15

申请号：US14683228

申请日：2015-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04L12/46 ,  H04L12/707 ,  H04L12/721 ,  H04W48/16 ,  H04L29/12 ,  H04W40/24

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04L29/12367 ,  H04L45/22 ,  H04L45/26 ,  H04L61/2514 ,  H04W40/24 ,  H04W48/16

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

公开(公告)号：US20240388595A1

公开(公告)日：2024-11-21

申请号：US18318198

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Robert Edgar Barton ,  Edward Albert Warnicke ,  Flemming S. Andreasen

IPC: H04L9/40

Abstract: Techniques are described herein for determining and mitigating a risk to an organization associated with a security threat. In embodiments, such techniques may be performed by an access control device and may comprise receiving information about a security threat, identifying one or more components that are susceptible to the security threat, determining, based on a software bill of materials, a number of software applications associated with the one or more components, determining, based on usage metrics stored in relation to the number of software applications in relation to an organization, a risk value associated with the organization, and providing the risk value to at least one second electronic device.

公开(公告)号：US20150215810A1

公开(公告)日：2015-07-30

申请号：US14683228

申请日：2015-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Flemming S. Andreasen ,  Kent K. Leung ,  Michel Khouderchah ,  Jayaraman R. Iyer ,  Timothy P. Stammers

IPC: H04W28/02 ,  H04W48/16 ,  H04L12/721 ,  H04L12/46 ,  H04L12/707

CPC classification number: H04W28/0226 ,  H04L12/4633 ,  H04L29/12367 ,  H04L45/22 ,  H04L45/26 ,  H04L61/2514 ,  H04W40/24 ,  H04W48/16

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract translation: 在一个示例性实施例中提供了一种方法，并且包括接收在第一网络元件处的回程链路上传送的数据分组; 解封装数据包; 识别数据分组是否是上行数据分组; 识别数据分组是否与互联网协议（IP）访问控制列表（ACL）或隧道端点标识符匹配; 并从回程链路卸载数据包。 在更具体的实施例中，该方法可以包括识别数据分组与IP ACL或隧道端点标识符不匹配; 以及将所述数据分组传送到第二网络单元。 在其他示例中，该方法可以包括识别数据分组是下游数据分组; 识别对于在第一网络元件不能执行的数据分组执行的服务; 以及将所述数据分组传送到第二网络单元。

公开(公告)号：US20140282986A1

公开(公告)日：2014-09-18

申请号：US13842426

申请日：2013-03-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Kent K. Leung ,  Jayaraman R. Iyer ,  Bruce A. Thompson ,  Flemming S. Andreasen

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L41/0896 ,  H04L63/0807 ,  H04L63/0876

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract translation: 提供了一种方法，并且可以包括从接入设备接收对网络内容传送服务的请求; 将访问设备引导到网络服务提供商以进行网络内容传递服务的认证; 从所述接入设备接收网络授权令牌，其中所述网络授权令牌与所述接入设备相关联; 从网络服务提供商获取网络访问令牌; 并将网络访问令牌绑定到内容访问令牌。

公开(公告)号：US20240364687A1

公开(公告)日：2024-10-31

申请号：US18306700

申请日：2023-04-25

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David John Zacks ,  Thomas Szigeti ,  Flemming S. Andreasen

IPC: H04L9/40

CPC classification number: H04L63/0876

Abstract: This disclosure describes techniques for validating a network device based on an operational context of the network device. The techniques may include receiving, via an intercepting node, a DNS query from a querying device. The techniques may include extracting the metadata from the DNS query. Based at least in part on verifying a signature of the metadata, the techniques may include extracting a location code from the metadata. Based at least in part on comparing the location code to an expected location of the intercepting node, the techniques may include sending a response to the querying device indicating a contextual validation of the querying device.