公开(公告)号：US11528273B2

公开(公告)日：2022-12-13

申请号：US17153080

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Sourav Chakraborty ,  Madhusudan Nanjanagud

IPC: H04L9/40

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

公开(公告)号：US11411958B2

公开(公告)日：2022-08-09

申请号：US16251654

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Bart Brinckman ,  Madhusudan Nanjanagud

IPC: H04L9/40 ,  H04L43/062 ,  G06N20/00

Abstract: In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic.

公开(公告)号：US10785195B2

公开(公告)日：2020-09-22

申请号：US15854181

申请日：2017-12-26

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Madhusudan Nanjanagud

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/08 ,  H04W12/00 ,  H04W12/02 ,  H04W84/12

Abstract: In various implementations, a method includes receiving a request to establish an end-to-end encrypted session between a device in an enterprise network and an external entity that is outside the enterprise network. In some implementations, the end-to-end encrypted session allows encrypted packets to be transmitted between the device and the external entity. In various implementations, the method includes determining whether the request satisfies an enterprise security criterion for establishing the end-to-end encryption session. In various implementations, the method includes in response to determining that the request satisfies the enterprise security criterion, triggering the establishment of the end-to-end encrypted session between the device in the enterprise network and the external entity that is outside the enterprise entity.

公开(公告)号：US20190245868A1

公开(公告)日：2019-08-08

申请号：US15891708

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  David McGrew ,  Blake Harrell Anderson ,  Madhusudan Nanjanagud

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L69/16

Abstract: Methods and systems to estimate encrypted multi-path TCP (MPTCP) network traffic include restricting traffic in a first direction (e.g., uplink) to a single path, and estimating traffic of multiple subflows of a second direction (e.g., downlink) based on traffic over the single path of the first direction. The estimating may be based on, without limitation, acknowledgment information of the single path, a sequence of acknowledgment numbers of the single path, an unencrypted initial packet sent over the single path as part of a secure tunnel setup procedure, TCP header information of the unencrypted initial packet (e.g., sequence number, acknowledgment packet, and/or acknowledgment packet length), and/or metadata of packets of the single path (e.g., regarding cryptographic algorithms, Diffie-Helman groups, and/or certificate related data).

公开(公告)号：US20150341899A1

公开(公告)日：2015-11-26

申请号：US14285456

申请日：2014-05-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Srinivasa Reddy Irigi ,  RaghavendarRao Kota ,  Swaminathan A. Anantha ,  Koh Yamashita ,  Madhusudan Nanjanagud

IPC: H04W68/02 ,  H04W64/00

CPC classification number: H04W68/02 ,  H04W64/006 ,  H04W68/04 ,  H04W84/045

Abstract: A method is provided in one example embodiment and includes querying by a first communications network a database maintained by a second communications network for location data comprising a path typically taken by a mobile device; using the location data to identify network elements of the first communications network located proximate the path; and sending a page request for the mobile device only to the identified network elements. The method may further include mapping a first identifier for the mobile device to the second identifier for the mobile device; and using the second identifier to perform the querying. In certain embodiments, the mapping is initiated responsive to a call received for the mobile device.

Abstract translation: 在一个示例实施例中提供了一种方法，并且包括由第一通信网络查询由第二通信网络维护的数据库，用于包括通常由移动设备采用的路径的位置数据; 使用所述位置数据来识别位于所述路径附近的所述第一通信网络的网络元件; 并且仅向所识别的网络元件发送针对移动设备的寻呼请求。 该方法还可以包括将移动设备的第一标识符映射到移动设备的第二标识符; 并使用第二标识符来执行查询。 在某些实施例中，响应于针对移动设备接收到的呼叫来启动映射。

公开(公告)号：US10924480B2

公开(公告)日：2021-02-16

申请号：US15907297

申请日：2018-02-28

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  Sourav Chakraborty ,  Madhusudan Nanjanagud

IPC: H04L29/06

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

公开(公告)号：US20190036888A1

公开(公告)日：2019-01-31

申请号：US15854181

申请日：2017-12-26

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Mark Grayson ,  Madhusudan Nanjanagud

IPC: H04L29/06 ,  H04W12/04

Abstract: In various implementations, a method includes receiving a request to establish an end-to-end encrypted session between a device in an enterprise network and an external entity that is outside the enterprise network. In some implementations, the end-to-end encrypted session allows encrypted packets to be transmitted between the device and the external entity. In various implementations, the method includes determining whether the request satisfies an enterprise security criterion for establishing the end-to-end encryption session. In various implementations, the method includes in response to determining that the request satisfies the enterprise security criterion, triggering the establishment of the end-to-end encrypted session between the device in the enterprise network and the external entity that is outside the enterprise entity.

公开(公告)号：US08937927B1

公开(公告)日：2015-01-20

申请号：US14045013

申请日：2013-10-03

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Madhusudan Nanjanagud

IPC: H04W4/00 ,  H04W36/18 ,  H04W36/36

CPC classification number: H04W36/0016

Abstract: Seamless mobility between public and private WLANs may be provided. First a Mobile Node (MN) may be registered for privileged network access via a first access point (AP). Then, a privileged access channel for the MN via a first Mobility Access Gateway (MAG) may be established. Next, a switch by the MN from the first AP to a second AP may be detected. A determination may be made as to whether the second AP is associated with one of the following: the first MAG and a second MAG. Then, when the second AP is associated with the first MAG, the second AP may be established as a new termination point for the privileged access channel. When the second AP is associated with the second MAG, a new privileged access channel may be established through the second MAG.

Abstract translation: 可以提供公共和私有WLAN之间的无缝移动性。 首先，移动节点（MN）可以被注册用于经由第一接入点（AP）的特权网络接入。 然后，可以建立经由第一移动接入网关（MAG）的MN的特权接入信道。 接下来，可以检测MN从第一AP到第二AP的切换。 可以确定第二AP是否与以下之一相关联：第一MAG和第二MAG。 然后，当第二AP与第一MAG相关联时，第二AP可被建立为特权接入信道的新终止点。 当第二AP与第二MAG相关联时，可以通过第二MAG建立新的特权接入信道。

公开(公告)号：US11388175B2

公开(公告)日：2022-07-12

申请号：US16562017

申请日：2019-09-05

Applicant: Cisco Technology, Inc.

Inventor： Gangadharan Byju Pularikkal ,  Santosh Ramrao Patil ,  Paul Wayne Bigbee ,  Darrin Joseph Miller ,  Madhusudan Nanjanagud

IPC: H04L9/40 ,  G06N20/00 ,  G06K9/62 ,  H04L45/00

Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.

公开(公告)号：US11316871B2

公开(公告)日：2022-04-26

申请号：US15891708

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Gangadharan Byju Pularikkal ,  David McGrew ,  Blake Harrell Anderson ,  Madhusudan Nanjanagud

IPC: H04W28/00 ,  H04L29/06 ,  H04L43/04 ,  H04L69/16 ,  H04W24/00 ,  H04W24/08

Abstract: Methods and systems to estimate encrypted multi-path TCP (MPTCP) network traffic include restricting traffic in a first direction (e.g., uplink) to a single path, and estimating traffic of multiple subflows of a second direction (e.g., downlink) based on traffic over the single path of the first direction. The estimating may be based on, without limitation, acknowledgment information of the single path, a sequence of acknowledgment numbers of the single path, an unencrypted initial packet sent over the single path as part of a secure tunnel setup procedure, TCP header information of the unencrypted initial packet (e.g., sequence number, acknowledgment packet, and/or acknowledgment packet length), and/or metadata of packets of the single path (e.g., regarding cryptographic algorithms, Diffie-Helman groups, and/or certificate related data).