公开(公告)号：US20240147226A1

公开(公告)日：2024-05-02

申请号：US17979415

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Flemming Stig Andreasen ,  Robert Edgar Barton

IPC: H04W12/033 ,  H04W12/08 ,  H04W12/64

CPC classification number: H04W12/033 ,  H04W12/08 ,  H04W12/64

Abstract: In one illustrative example, a controller may operate to send a request message towards a user equipment (UE) which operates to communicate traffic in a session in a mobile network. In response, the controller may receive, from a user plane function which anchors the session of the UE, a response message which includes an identifier of the user plane function. The controller may verify whether a zone or security level value that is assigned to the user plane function matches a zone or security level value that is assigned to the UE. If the controller identifies a discrepancy between the zone or security level values, the controller may provide a notification indication to indicate the discrepancy. The UE may be an industrial Internet of Things (IIoT) device and the zone or security level values may be based on International Electrotechnical Commission (IEC) 62443.

公开(公告)号：US20230379350A1

公开(公告)日：2023-11-23

申请号：US17750132

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Nancy Cam-Winget ,  Thomas Szigeti ,  Jerome Henry ,  Flemming Stig Andreasen

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425 ,  H04L63/1416 ,  H04L63/102

Abstract: In one embodiment, an illustrative method herein may comprise: determining, by a device, a profile of an asset in a network, the profile identifying a type of the asset and a particular activity of the asset; determining, by the device, a specific context of the asset within the network; assigning, by the device, a risk score for the profile based on one or more risk factors associated with the profile and a comparison of the profile to an expected behavior of the type of the asset within the specific context; and performing, by the device, one or more mitigation actions based on the risk score.

公开(公告)号：US20240284317A1

公开(公告)日：2024-08-22

申请号：US18172612

申请日：2023-02-22

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Flemming Stig Andreasen

IPC: H04W48/18 ,  H04W16/02

CPC classification number: H04W48/18 ,  H04W16/02

Abstract: Provided herein are techniques to facilitate slice assignment for a wireless device based on Manufacturer Usage Description (MUD) parameters associated with the wireless device. In one instance, a method may include obtaining, by a provisioning server of a mobile network, a usage description object for a wireless device that has a session via an onboarding network slice of the mobile network in which the usage description object comprises usage parameters associated with the wireless device. The method may further include identifying, based on the usage parameters associated with the wireless device, a particular network slice that is to host the session for the wireless device and causing the session of the wireless device to be moved from the onboarding network slice to the particular network slice.

公开(公告)号：US10305931B2

公开(公告)日：2019-05-28

申请号：US15297241

申请日：2016-10-19

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Flemming Stig Andreasen ,  Michael David Geller

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/55 ,  H04W12/12 ,  H04W4/70

Abstract: In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack.

公开(公告)号：US20240214386A1

公开(公告)日：2024-06-27

申请号：US18087094

申请日：2022-12-22

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Flemming Stig Andreasen ,  Jerome Henry ,  Elango Ganesan

IPC: H04L9/40

CPC classification number: H04L63/107 ,  H04L63/0281

Abstract: In one embodiment, a device determines a hierarchy of layers of a network comprising a plurality of networking devices. The device configures, in response to a request by a client to access remotely a particular endpoint in the network, a proxy chain of remote access agents executed by a plurality of networking devices in the network to allow the client to access remotely the particular endpoint. Each of those networking devices proxies traffic between different layers of the hierarchy. The device determines an access policy for the particular endpoint indicative of which commands may be sent to the particular endpoint by the client, based in part on where the particular endpoint is in the hierarchy. The device controls, based on the access policy, whether a command sent by the client is transmitted via the proxy chain to the particular endpoint.

公开(公告)号：US20240155474A1

公开(公告)日：2024-05-09

申请号：US17983928

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Flemming Stig Andreasen ,  Robert Edgar Barton ,  Timothy Peter Stammers

IPC: H04W48/18 ,  H04W28/24

CPC classification number: H04W48/18 ,  H04W28/24

Abstract: In one illustrative example, a controller for use in a private mobile network may determine network service requirements for an industrial device. The controller may select, from a set of network slices, a subset of network slices having network service requirement configurations that most closely support the network service requirements. Each network slice of the set may be associated with an affinity ranking value that is indicative of a service performance of the network slice for industrial device operation in a cell or a zone associated with a zone or security level value assigned to the industrial device. The controller may identify, from the subset of network slices, a selected network slice associated with a best affinity ranking value for the zone or security level value assigned to the industrial device. The controller may assign the selected network slice and associated service parameters for the communications of the industrial device.

公开(公告)号：US20230403609A1

公开(公告)日：2023-12-14

申请号：US17837219

申请日：2022-06-10

Applicant: Cisco Technology, Inc.

Inventor： Timothy P. Stammers ,  Dusko Zgonjanin ,  Flemming Stig Andreasen

IPC: H04W28/24 ,  H04W28/02 ,  H04W24/10

CPC classification number: H04W28/24 ,  H04W28/0268 ,  H04W24/10 ,  H04W84/042

Abstract: A system and method of performing multi-layer client assurance in a private cellular network includes a plurality of assurance points within the network. The method includes receiving, by a network entity, a plurality of parameter sets from the plurality of assurance points. Each of the plurality of assurance points can be configured to obtain measurements from a portion of the private cellular network corresponding to a client assurance layer in a client assurance stack. The method can include combining a first parameter set from the plurality of parameter sets with a second parameter set from the plurality of parameter sets. The first parameter set can be associated with a first client assurance layer and the second parameter set is associated with a second client assurance layer. The method can include determining, based on the combined parameter set, a network service level corresponding to the client device.

公开(公告)号：US20180109555A1

公开(公告)日：2018-04-19

申请号：US15297241

申请日：2016-10-19

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Flemming Stig Andreasen ,  Michael David Geller

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  G06F21/554 ,  G06F2221/2111 ,  H04W4/70 ,  H04W12/12

Abstract: In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack.

公开(公告)号：US20240396829A1

公开(公告)日：2024-11-28

申请号：US18323134

申请日：2023-05-24

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Flemming Stig Andreasen ,  Robert Edgar Barton ,  Timothy Peter Stammers

IPC: H04L45/00 ,  H04L43/10

Abstract: Provided herein are techniques to facilitate multi-level performance tracing for a mobile network environment. In one instance, a method may include obtaining, by a mobile network, a trigger from an enterprise to initiate an underlay-level trace for a wireless device of the enterprise, wherein the trigger includes a correlation identifier that correlates the underlay-level trace with an enterprise-level trace for the wireless device and providing the underlay-level trace for a session of the wireless device by including a first trace flag for IP packets for the session and including a second trace flag for encapsulations of the IP packets for the session in which the first and second trace flag are unique to the session of the wireless device and enable elements of the mobile network to provide underlay trace information for the underlay-level trace for the session of the wireless device to a trace.

公开(公告)号：US11909739B2

公开(公告)日：2024-02-20

申请号：US17395766

申请日：2021-08-06

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Elango Ganesan ,  Flemming Stig Andreasen

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/1425 ,  H04L63/20

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.