公开(公告)号：US11972007B2

公开(公告)日：2024-04-30

申请号：US17546991

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Eric Voit

IPC: G06F21/62 ,  G06F16/14 ,  G06F21/12 ,  G06F21/57 ,  H04L9/40 ,  H04L67/56

CPC classification number: G06F21/6218 ,  G06F16/144 ,  G06F21/123 ,  G06F21/57

Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving a request from a user device; generating, based on the request, a query for data associated with fulfilling the request; transmitting, to a data controller, the query; transmitting, to the data controller, an indication of a geographic region in which at least one device implementing the entity is located; and receiving, from the data controller, a portion of the data associated with fulfilling the request.

公开(公告)号：US20240265126A1

公开(公告)日：2024-08-08

申请号：US18621076

申请日：2024-03-28

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Eric Voit

IPC: G06F21/62 ,  G06F16/14 ,  G06F21/12 ,  G06F21/57

CPC classification number: G06F21/6218 ,  G06F16/144 ,  G06F21/123 ,  G06F21/57

Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving, from a first subsystem, a query for data; receiving, from the first subsystem, an aggregate passport indicating at least one geographic region in which the first subsystem and at least one second subsystem connected to the first subsystem operates; and determining that the at least one geographic region complies with at least one data privacy rule that applies to the entity. Based on determining that the at least one geographic region complies with the at least one data privacy rule that applies to the entity, the example method further includes transmitting, to the first subsystem, at least a portion of the data; and storing an indication that the at least the portion of the data has been shared.

公开(公告)号：US20230198738A1

公开(公告)日：2023-06-22

申请号：US17558313

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： Sreejith Avikkal ,  Nancy Patricia Cam-Winget ,  Lizbeth Berenice Guerra Martinez ,  Natasha Wong ,  Jessica Lynne Poole

IPC: H04L7/10

CPC classification number: H04L7/10 ,  H04L63/0876

Abstract: In one embodiment, methods for monitoring devices within a network by a controller are described. The method may include receiving a first request from a first device to authenticate a role of the first device as a grandmaster in a precision time protocol (PTP). Additionally, the method may include granting the first request designating the role of the first device as the grandmaster. The method may further include receiving a second request from a second device to authenticate that a clock announce message is from an authorized grandmaster. Additionally, the method may include determining whether the first device is authorized to send the clock announce message to the second device and, based on the determining, sending a message granting or denying permission for the first device to sync with the second device.

公开(公告)号：US20240236210A9

公开(公告)日：2024-07-11

申请号：US17973115

申请日：2022-10-25

Applicant: Cisco Technology, Inc.

Inventor： Rajvardhan Somraj Deshmukh ,  Nancy Patricia Cam-Winget ,  James W. Kasper

IPC: H04L69/16 ,  H04L9/40 ,  H04L45/02

CPC classification number: H04L69/16 ,  H04L45/02 ,  H04L63/0236

Abstract: Techniques are described for managing QUIC connections. The techniques include identifying a first QUIC connection between a first and second device. Determining, from the connection, a first IP address and port number of the first device, a second IP address and port number of the second device, and a first CID. Storing an association between the first and second IP addresses, port numbers and first CID. Identifying a second QUIC connection between the first device and another device. Identifying, from the second connection, the first IP address and port number, a second CID, and a third IP address and port number. Determining if two of the following are met: the second IP address corresponds to the third IP address, the second port number corresponds to the third port number, the second CID corresponds to the first CID, if two are met, the first and second QUIC connections are the same.

公开(公告)号：US20240089254A1

公开(公告)日：2024-03-14

申请号：US17940299

申请日：2022-09-08

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Nancy Patricia Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/20

Abstract: Techniques for using device proximity of a primary device and a secondary device to allow or deny connections to network resource(s), as well as terminate existing connections to the network resource(s). The techniques may include monitoring a proximity-based direct networking connection between a primary device and a secondary device, the proximity-based direct networking connection established in association with authenticating the primary device to access a resource. The techniques may also include determining, based at least in part on the monitoring, that a network proximity between the primary device and the secondary device exceeds a threshold proximity. Based at least in part on determining that the network proximity exceeds the threshold proximity, the techniques may include causing termination of the access to the resource for the primary device.

公开(公告)号：US20240388595A1

公开(公告)日：2024-11-21

申请号：US18318198

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Robert Edgar Barton ,  Edward Albert Warnicke ,  Flemming S. Andreasen

IPC: H04L9/40

Abstract: Techniques are described herein for determining and mitigating a risk to an organization associated with a security threat. In embodiments, such techniques may be performed by an access control device and may comprise receiving information about a security threat, identifying one or more components that are susceptible to the security threat, determining, based on a software bill of materials, a number of software applications associated with the one or more components, determining, based on usage metrics stored in relation to the number of software applications in relation to an organization, a risk value associated with the organization, and providing the risk value to at least one second electronic device.

公开(公告)号：US20230185939A1

公开(公告)日：2023-06-15

申请号：US17546991

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Eric Voit

IPC: G06F21/62 ,  G06F21/57 ,  G06F21/12 ,  G06F16/14

CPC classification number: G06F21/6218 ,  G06F21/57 ,  G06F21/123 ,  G06F16/144

Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving a request from a user device; generating, based on the request, a query for data associated with fulfilling the request; transmitting, to a data controller, the query; transmitting, to the data controller, an indication of a geographic region in which at least one device implementing the entity is located; and receiving, from the data controller, a portion of the data associated with fulfilling the request.

公开(公告)号：US20230083582A1

公开(公告)日：2023-03-16

申请号：US17719867

申请日：2022-04-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery ,  Rajvardhan Somraj Deshmukh ,  Nancy Patricia Cam-Winget

IPC: H04L67/561 ,  H04L67/101 ,  H04L67/1012 ,  H04L9/40 ,  H04L12/46

Abstract: Techniques for encoding metadata representing a policy into a QUIC connection ID are described herein. A metadata-aware network including one or more enforcement nodes, a policy engine, and/or a connection datastore may be utilized to enforce a policy and route communications on a QUIC connection. The policy engine may be configured to encode metadata representing one or more network policies into a QUIC source connection ID (SCID) and/or may store a mapping between the SCID and a corresponding destination connection ID (DCID) in the connection datastore. The policy engine may communicate with a QUIC application server and/or one or more QUIC proxy nodes to encode the SCID into a QUIC packet. The enforcement nodes may access the metadata and enforce the policies via a connection ID included in a QUIC header of a QUIC packet or by performing a lookup in the connection datastore using the connection ID.

公开(公告)号：US20250088346A1

公开(公告)日：2025-03-13

申请号：US18958309

申请日：2024-11-25

Applicant: Cisco Technology, Inc.

Inventor： Sreejith Avikkal ,  Nancy Patricia Cam-Winget ,  Lizbeth Berenice Guerra Martinez ,  Natasha Wong ,  Jessica Lynne Poole

IPC: H04L7/10 ,  H04L9/32 ,  H04L9/40

Abstract: In one embodiment, methods for monitoring devices within a network by a controller are described. The method may include receiving a first request from a first device to authenticate a role of the first device as a grandmaster in a precision time protocol (PTP). Additionally, the method may include granting the first request designating the role of the first device as the grandmaster. The method may further include receiving a second request from a second device to authenticate that a clock announce message is from an authorized grandmaster. Additionally, the method may include determining whether the first device is authorized to send the clock announce message to the second device and, based on the determining, sending a message granting or denying permission for the first device to sync with the second device.

公开(公告)号：US12192316B2

公开(公告)日：2025-01-07

申请号：US17558313

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： Sreejith Avikkal ,  Nancy Patricia Cam-Winget ,  Lizbeth Berenice Guerra Martinez ,  Natasha Wong ,  Jessica Lynne Poole

IPC: H04L9/40 ,  H04L7/10 ,  H04L9/32

Abstract: In one embodiment, methods for monitoring devices within a network by a controller are described. The method may include receiving a first request from a first device to authenticate a role of the first device as a grandmaster in a precision time protocol (PTP). Additionally, the method may include granting the first request designating the role of the first device as the grandmaster. The method may further include receiving a second request from a second device to authenticate that a clock announce message is from an authorized grandmaster. Additionally, the method may include determining whether the first device is authorized to send the clock announce message to the second device and, based on the determining, sending a message granting or denying permission for the first device to sync with the second device.