公开(公告)号：US20250141730A1

公开(公告)日：2025-05-01

申请号：US19008305

申请日：2025-01-02

Applicant: Cisco Technology, Inc.

Inventor： Swapna Anandan ,  Elango Ganesan ,  Flemming S Andreasen

IPC: H04L41/06 ,  H04L67/12

Abstract: Embodiments relate to a method for enhancing and prioritizing operation technology (OT) control systems in a safety instrumented system (SIS) environment by incorporating safety levels. The method includes receiving network packets associated with OT systems by network interface. From network packets, OT systems associated with safety integrity level (SIL) values are identified. In response to identifying OT control systems associated with SIL values, determining priority levels from SIL values of OT systems. The method includes identifying, among OT control systems, network packets associated with a critical OT system associated with a SIL value having a higher priority level. The critical OT system may be prioritized that comprises encoding the network packets of the critical OT system, with corresponding SIL value. The prioritized critical OT system may be prioritized based on SIL value and classified into a network group associated with a network tag to deliver traffic with higher priority.

公开(公告)号：US20240048384A1

公开(公告)日：2024-02-08

申请号：US17817422

申请日：2022-08-04

Applicant: Cisco Technology, Inc.

Inventor： Michael Freed ,  Elango Ganesan ,  Swapna Anandan

IPC: H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3213 ,  H04L9/3273 ,  H04L63/123

Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.

公开(公告)号：US20240031017A1

公开(公告)日：2024-01-25

申请号：US17869006

申请日：2022-07-20

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Francesco Basile ,  Michael Freed ,  Yen Chih Lee ,  Elango Ganesan

IPC: H04B7/185 ,  H04L5/00

CPC classification number: H04B7/18584 ,  H04B7/18589 ,  H04L5/0073

Abstract: According to one or more embodiments of the disclosure, a device associated with a first cluster of data sources may identify an amount of data from the first cluster of data sources to be sent by the device to a satellite. The device may send, to the satellite, a request for a transmission window that indicates the amount of data to be sent by the device to the satellite. The device may receive, from the satellite, an indication of an assigned transmission window during which the device may transmit data to the satellite. The satellite may compute the assigned transmission window based on the amount of data and such that the assigned transmission window does not overlap an assigned transmission window of a neighboring device associated with a second cluster of data sources. The device may send, during the assigned transmission window, the data towards the satellite.

公开(公告)号：US12143492B2

公开(公告)日：2024-11-12

申请号：US17817422

申请日：2022-08-04

Applicant: Cisco Technology, Inc.

Inventor： Michael Freed ,  Elango Ganesan ,  Swapna Anandan

IPC: H04L9/32 ,  H04L9/40

Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.

公开(公告)号：US11909739B2

公开(公告)日：2024-02-20

申请号：US17395766

申请日：2021-08-06

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Elango Ganesan ,  Flemming Stig Andreasen

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/1425 ,  H04L63/20

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

公开(公告)号：US20230040607A1

公开(公告)日：2023-02-09

申请号：US17395766

申请日：2021-08-06

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Elango Ganesan ,  Flemming Stig Andreasen

IPC: H04L29/06

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

公开(公告)号：US09912494B2

公开(公告)日：2018-03-06

申请号：US14824271

申请日：2015-08-12

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nethi ,  Elango Ganesan ,  Anand Oswal ,  Rajesh Tarakkad Venkateswaran

IPC: G06F15/16 ,  H04L12/28 ,  H04L29/08

CPC classification number: H04L12/2836 ,  H04L67/2823 ,  H04L67/2838

Abstract: In one embodiment, a device in a network receives data from one or more other devices in the network via one or more protocol adaptors. The device transforms the received data into a common data model. The device executes a containerized application. The device exposes the transformed data to the application.

公开(公告)号：US11582601B2

公开(公告)日：2023-02-14

申请号：US16868097

申请日：2020-05-06

Applicant: Cisco Technology, Inc.

Inventor： Elango Ganesan ,  Michael Freed ,  Scott Taft Potter

IPC: H04W72/04 ,  H04W12/04 ,  H04L12/46 ,  H04W8/18 ,  H04W64/00 ,  H04W12/06 ,  H04W60/00 ,  H04W12/088 ,  H04L61/5007

Abstract: In one embodiment, a service receives a device registration request sent by an endpoint device, wherein the endpoint device executes an onboarding agent that causes the endpoint device to send the device registration request via a cellular connection to a private access point name (APN) associated with the service. The service verifies that a network address of the endpoint device from which the device registration request was sent is associated with an integrated circuit card identifier (ICCID) or international mobile equipment identity (IMEI) indicated by the device registration request. The service identifies a tenant identifier associated with the ICCID or IMEI. The service sends, based on the tenant identifier, a device registration response to the endpoint device via the private APN.

公开(公告)号：US11523332B2

公开(公告)日：2022-12-06

申请号：US17136773

申请日：2020-12-29

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Robert Edgar Barton ,  Elango Ganesan ,  Swapna Anandan ,  Jerome Henry

IPC: H04W48/16 ,  H04W48/18 ,  H04W84/12 ,  H04W8/18 ,  H04W12/06 ,  H04W36/14

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

公开(公告)号：US20180041406A1

公开(公告)日：2018-02-08

申请号：US15786471

申请日：2017-10-17

Applicant: Cisco Technology, Inc.

Inventor： Laurent Plumelle ,  Lawrence Rolfe Kreeger ,  Michael Freed ,  Rituraj Kirti ,  Joe Joseph Karimundackal ,  Elango Ganesan ,  Brian Yoshiaki Uchino ,  Siva M. Vaddepuri ,  Shubhashree Venkatesh

IPC: H04L12/24

CPC classification number: H04L41/5054 ,  G06F9/50 ,  G06F9/5061

Abstract: In one embodiment, the system may identify a virtual network, the virtual network including a plurality of virtual entities and connections among the plurality of virtual entities. The system may automatically map each of the plurality of virtual entities to one or more resources or resource pools such that the virtual network is mapped to a physical network, wherein mapping includes allocating one or more resources or resource pools to a corresponding one of the plurality of virtual entities.