公开(公告)号：US20210234899A1

公开(公告)日：2021-07-29

申请号：US16774950

申请日：2020-01-28

Applicant: Cisco Technology, Inc.

Inventor： Antonio TRIFILO ,  Maria CARPEN AMARIE ,  Thomas VEGAS ,  Anirban KARMAKAR ,  Shree N. MURTHY

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/911

Abstract: The use of device context in applying security policies is provided by receiving a Domain Name Service (DNS) query for a network resource from a user device (UD) at a DNS analysis server, the DNS query including a functional label describing a context of the UD; analyzing the DNS query to determine whether the UD is permitted to access the network resource based on the functional label; and in response to the functional label indicating that the UD is not permitted to access the network resource, transmitting a block page to the UD. The functional label can be added to the DNS query by a Mobile Device Management application on the UD, a router associated with the UD, or an enterprise server. Contexts for previously blocked DNS queries can be aggregated to identify UDs sharing at least one value with the previously blocked DNS queries as security compromised devices.

公开(公告)号：US20250080988A1

公开(公告)日：2025-03-06

申请号：US18457085

申请日：2023-08-28

Applicant: Cisco Technology, Inc.

Inventor： Domenico FICARA ,  Amine CHOUKIR ,  Pascal THUBERT ,  Jerome HENRY ,  Shree N. MURTHY

IPC: H04W12/128

Abstract: Techniques for detecting and/or confirming a Man-in-The-Middle (MiTM) attack using Fine Timing Measurement (FTM) are provided. In one aspect, a FTM exchange is initiated between a second station and a first station to detect or confirm a MiTM attack in a network in which a MiTM is positioned between the first station and a third station. The MiTM attack is detected or confirmed, or both, based at least in part on FTM information determined during the FTM exchange.

公开(公告)号：US20210282056A1

公开(公告)日：2021-09-09

申请号：US16809408

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Malcolm M. SMITH ,  Jerome HENRY ,  Sudhir K. JAIN ,  Srinath GUNDAVELLI ,  Shree N. MURTHY

IPC: H04W28/24 ,  H04W12/08 ,  H04W88/08 ,  H04W28/02 ,  H04W16/18

Abstract: Dynamic policy mapping is provided via mapping, by an Access Point (AP), a plurality of applications to a set of privilege groups for Quality of Service (QoS) levels in a network; transmitting the mapping of the privilege groups to a client device; receiving packets from the client device including QoS markers; and in response to determining that the QoS markers received from the client device do not match the privilege groups for the packets, performing a corrective action on the client device, wherein the corrective action includes one or more of: disassociating the client device from the network; and retransmitting the set of privilege groups to the client device. In some embodiments, the privilege groups are transmitted before the client device is associated with the AP, enabling the client device to select what AP to associate with based on the privilege groups.

公开(公告)号：US20250016147A1

公开(公告)日：2025-01-09

申请号：US18803058

申请日：2024-08-13

Applicant: Cisco Technology, Inc.

Inventor： Domenico FICARA ,  Roberto MUCCIFORA ,  Amine CHOUKIR ,  Shree N. MURTHY ,  Bart A. BRINCKMAN ,  Mirko RACA

IPC: H04L9/40

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a first client device, an authentication request to join an access provider network. The authentication request includes a unique identifier of the first client device. The method also includes transmitting the unique identifier to a UDN cloud and receiving a first list from the UDN cloud. The first list indicates that the UDN is associated with the unique identifier. The method further includes joining the first client device with a second client device present on the access provider network based on a second list from the UDN cloud. The second list indicates that the UDN is associated with the second device.

公开(公告)号：US20230036506A1

公开(公告)日：2023-02-02

申请号：US17444021

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto MUCCIFORA ,  Amine CHOUKIR ,  Shree N. MURTHY ,  Bart A. BRINCKMAN ,  Mirko RACA

IPC: H04L29/06

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a client device an authentication request to join an access provider network. The authentication request includes a unique identifier of the client device for a federation-based network. The method further includes transmitting the unique identifier to a UDN cloud, transmitting the authentication request to an identity provider, and receiving, responsive to the identity provider authenticating the authentication request, a list of one or more UDNs from the UDN cloud that are associated with the unique identifier. The method further includes joining the client device with one or more other client devices present on the access provider network listing a same UDN.

公开(公告)号：US20220103424A1

公开(公告)日：2022-03-31

申请号：US16948627

申请日：2020-09-25

Applicant: Cisco Technology, Inc.

Inventor： Shyamsundar N. MANIYAR ,  Sanjay Kumar HOODA ,  Shree N. MURTHY ,  Sonal Prem Kumar CHHABRIA ,  Akshay DORWAT

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/08

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.