公开(公告)号：US11750610B2

公开(公告)日：2023-09-05

申请号：US17136426

申请日：2020-12-29

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Mark Grayson ,  Santosh Ramrao Patil ,  Jerome Henry ,  Bart Brinckman ,  Mark Allen Webb

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/08 ,  H04W88/10 ,  H04W88/06 ,  H04W76/10 ,  H04W36/14

CPC classification number: H04L63/10 ,  H04L63/083 ,  H04W12/06 ,  H04W12/08 ,  H04W76/10 ,  H04L2463/082 ,  H04W36/14 ,  H04W88/06 ,  H04W88/10

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network. In some implementations, accessing the second network via the authentication criterion satisfies an operating threshold associated with the mobile device.

公开(公告)号：US20230262525A1

公开(公告)日：2023-08-17

申请号：US17882859

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Einar Nilsen-Nygaard ,  Vivek Agarwal ,  Ajeet Pal Singh Gill ,  Ravi Sankar Mantha ,  Saravanan Radhakrishnan

IPC: H04W28/12 ,  H04L41/40 ,  H04W40/24

CPC classification number: H04W28/12 ,  H04L41/40 ,  H04W40/24

Abstract: In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.

公开(公告)号：US11696319B2

公开(公告)日：2023-07-04

申请号：US17379035

申请日：2021-07-19

Applicant: Cisco Technology, Inc.

Inventor： Akram Sheriff ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Mark Grayson

IPC: H04W72/541 ,  H04W76/10 ,  H04W8/08 ,  H04W24/10 ,  H04W72/542 ,  H04W84/18 ,  H04W92/20

CPC classification number: H04W72/541 ,  H04W8/08 ,  H04W24/10 ,  H04W72/542 ,  H04W76/10 ,  H04W84/18 ,  H04W92/20

Abstract: Systems, methods, and computer-readable media for radio resource management in a Citizens Broadband Radio Service (CBRS) network include one or more CBRS devices (CBSDs) which can obtain a group type associated with the CBSDs and their associated Radio Environment Map (REM) reports of one or more frequency channels of the CBRS network. The group type and the REM reports may be provided to a Self-Organizing Network (SON) manager of the CBRS network, where the SON manager may determine and provide to the CBSDs, one or more of a channel utilization information, transmission power, or mobility load management information for the CBSD, based on the group type and the REM reports.

公开(公告)号：US11388175B2

公开(公告)日：2022-07-12

申请号：US16562017

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Paul Wayne Bigbee ,  Darrin Joseph Miller ,  Madhusudan Nanjanagud

IPC: H04L9/40 ,  G06N20/00 ,  G06K9/62 ,  H04L45/00

Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.

公开(公告)号：US11316871B2

公开(公告)日：2022-04-26

申请号：US15891708

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  David McGrew ,  Blake Harrell Anderson ,  Madhusudan Nanjanagud

IPC: H04W28/00 ,  H04L29/06 ,  H04L43/04 ,  H04L69/16 ,  H04W24/00 ,  H04W24/08

Abstract: Methods and systems to estimate encrypted multi-path TCP (MPTCP) network traffic include restricting traffic in a first direction (e.g., uplink) to a single path, and estimating traffic of multiple subflows of a second direction (e.g., downlink) based on traffic over the single path of the first direction. The estimating may be based on, without limitation, acknowledgment information of the single path, a sequence of acknowledgment numbers of the single path, an unencrypted initial packet sent over the single path as part of a secure tunnel setup procedure, TCP header information of the unencrypted initial packet (e.g., sequence number, acknowledgment packet, and/or acknowledgment packet length), and/or metadata of packets of the single path (e.g., regarding cryptographic algorithms, Diffie-Helman groups, and/or certificate related data).

公开(公告)号：US20210126965A1

公开(公告)日：2021-04-29

申请号：US17143836

申请日：2021-01-07

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Swaminathan Anantha ,  Sourav Chakraborty ,  Shyam Sundar Vaidyanathan ,  Gangadharan Byju Pularikkal

IPC: H04L29/08 ,  H04L12/26 ,  H04L12/66

Abstract: The disclosed technology relates to systems and methods for automatically scaling down network resources, such as servers or gateway instances, based on predetermined thresholds. A system is configured to detect a reduction in one or more network metrics related to a first server, and instruct the first server to issue a rekey request to a plurality of devices connected to the first server. The system is further configured to instruct a load balancer to route to at least one other server responses from the plurality of devices to the rekey request, and determine a number of connections remaining between the first server and the plurality of devices. The system may be further configured to instruct the load balancer to terminate the first server based on the detected number of connections remaining between the first server and the plurality of devices.

公开(公告)号：US10911475B2

公开(公告)日：2021-02-02

申请号：US16434564

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal

IPC: H04W24/00 ,  H04L29/06 ,  H04W12/12 ,  H04W24/04 ,  H04W76/27 ,  H04W24/08

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

公开(公告)号：US10341300B2

公开(公告)日：2019-07-02

申请号：US15044957

申请日：2016-02-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Mark Grayson ,  Gangadharan Byju Pularikkal ,  Mickael James Graham ,  Santosh Ramrao Patil ,  Peter Gaspar

IPC: H04L29/06 ,  H04W76/12 ,  H04W12/12 ,  H04W84/12 ,  H04W88/16

Abstract: Embodiments include receiving one or more packets of a Wi-Fi calling session via a secure tunnel from a user device, where the user device is connected to a source network via a Wi-Fi access point. Embodiments also include determining whether the Wi-Fi calling session is a threat based, at least in part, on identifying an anomaly of at least one packet of the one or more packets. An action can be taken if the Wi-Fi calling communication is determined to be a threat. More specific embodiments include determining the at least one packet is associated with the Wi-Fi calling session by correlating information in the packet with control plane data of the Wi-Fi calling session. Further embodiments can include intercepting the one or more packets in a second secure tunnel established between an evolved packet data gateway and a service provider network associated with the user device.

公开(公告)号：US11658912B2

公开(公告)日：2023-05-23

申请号：US17324910

申请日：2021-05-19

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Swaminathan Anantha ,  Sourav Chakraborty

IPC: H04L69/22 ,  H04L43/0852 ,  H04L43/0888 ,  H04L43/0894 ,  H04L47/2491 ,  H04L45/302 ,  H04L47/80

CPC classification number: H04L47/2491 ,  H04L45/306 ,  H04L47/805 ,  H04L69/22 ,  H04L43/0852 ,  H04L43/0888 ,  H04L43/0894

Abstract: Systems, methods, and devices are disclosed for providing a quality of service between nodes. A service provider can receive, from a first node of a customer network to an ingress node of a service provider network, packets bound for a second node on the customer network that is remote from the first node. The packets are mapped to a network segment according to a traffic type based on an identifier associated with the packets that identifies the traffic type of the packets. The packets are sent via their mapped network segment to an egress node with connectivity to the second node of the customer network according to a quality of service associated with the traffic type identified by the identifier.

公开(公告)号：US20210120000A1

公开(公告)日：2021-04-22

申请号：US17136426

申请日：2020-12-29

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Mark Grayson ,  Santosh Ramrao Patil ,  Jerome Henry ,  Bart Brinckman ,  Mark Allen Webb

IPC: H04L29/06 ,  H04W76/10 ,  H04W12/06 ,  H04W12/08

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network. In some implementations, accessing the second network via the authentication criterion satisfies an operating threshold associated with the mobile device.