公开(公告)号：US12256006B1

公开(公告)日：2025-03-18

申请号：US17807287

申请日：2022-06-16

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Alessandro Duminuco

IPC: H04L9/32 ,  G06F9/54 ,  H04L9/00 ,  H04L67/133

Abstract: In one embodiment, a method by a first network apparatus includes receiving an authorization request from a user device redirected from a second network apparatus, generating an authorization response comprising a resource authorization token, and transmitting the resource authorization token to the user device and to a distributed ledger for storage, wherein the distributed ledger is a blockchain record.

公开(公告)号：US20250023887A1

公开(公告)日：2025-01-16

申请号：US18350105

申请日：2023-07-11

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Jeffrey M. Napper ,  Willem Jonker ,  Stefano Simonetto

IPC: H04L9/40

Abstract: In one embodiment, a method includes ingesting security tool findings associated with an application and identifying events associated with the application. The method also includes comparing the security tool findings and the events against known attack paths and determining partial attack path matches between the security tool findings and the events and the known attack paths. The method further includes performing a risk analysis of the partial attack path matches and prioritizing the partial attack path matches based on the risk analysis.

公开(公告)号：US20240098090A1

公开(公告)日：2024-03-21

申请号：US18056977

申请日：2022-11-18

Applicant: Cisco Technology, Inc.

Inventor： Rami Haddad ,  Rim El Malki ,  Daniel-Serban Cozma ,  Hendrikus G. P. Bosch

IPC: H04L9/40

CPC classification number: H04L63/101 ,  H04L63/102 ,  H04L63/105

Abstract: A system and method for an extended security scheme for reducing the prevalence of broken object level authorization. In one embodiment, a method includes receiving code associated with an application programming interface (API), wherein the code includes one of an API definition and an API server stub, and parsing the code for one or more keywords associated with an extended security scheme. If the code includes the API definition, the method further includes generating an associated API server stub based on at least one of the one or more keywords and the API definition. If the code includes the API server stub, the method further includes generating an associated API definition based on at least one of the one or more keywords and the API server stub.

公开(公告)号：US11743141B2

公开(公告)日：2023-08-29

申请号：US17538983

申请日：2021-11-30

Applicant: Cisco Technology, Inc.

Inventor： Alberto Rodriguez Natal ,  Hendrikus G. P. Bosch ,  Fabio Maino ,  Lars Olaf Stefan Olofsson ,  Jeffrey Napper ,  Anubhav Gupta

IPC: H04L41/5019 ,  H04L47/10

CPC classification number: H04L41/5019 ,  H04L47/10

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

公开(公告)号：US20220217132A1

公开(公告)日：2022-07-07

申请号：US17141007

申请日：2021-01-04

Applicant: Cisco Technology, Inc.

Inventor： Ahmed Bakry Helmy Ahmed ,  Sape Jurrien Mullender ,  Hendrikus G. P. Bosch ,  Alessandro Duminuco ,  Jeffrey Michael Napper

IPC: H04L29/06

Abstract: Operations include transmitting, on behalf of a first application, a first request to a first service provider, the first request requesting first services from the first service provider, intercepting, at a local agent, a first redirect message from the first service provider to an identity provider, receiving an identity provider cookie from the identity provider based on a validation of credentials during the authentication process, storing a copy of the identity provider cookie, transmitting, on behalf of a second application, a second request to a second service provider, the second request requesting second services from the second service provider, intercepting a second redirect message from the second service provider to the identity provider, adding the identity provider cookie to the second redirect message, and receiving validation to access the second service provider from the identity provider based on the identity provider cookie stored by the local agent.

公开(公告)号：US11277337B2

公开(公告)日：2022-03-15

申请号：US16750139

申请日：2020-01-23

Applicant: Cisco Technology Inc.

Inventor： Hendrikus G. P. Bosch ,  Stefan Olofsson ,  Ijsbrand Wijnands ,  Anubhav Gupta ,  Jeffrey Napper ,  Sape Jurriën Mullender

IPC: H04L12/723 ,  H04L12/755 ,  H04L12/717 ,  H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L12/741 ,  H04L12/725 ,  H04L45/50 ,  H04L45/021 ,  H04L67/63 ,  H04L61/4511 ,  H04L45/42

Abstract: In one embodiment, a method includes detecting a request to route traffic to a service associated with an application. The method also includes identifying an application identifier associated with the application and selecting, using the application identifier, a label from a plurality of labels included in a routing table. The label includes one or more routes. The method further includes routing the traffic to the service associated with the application using the label.

公开(公告)号：US11018886B1

公开(公告)日：2021-05-25

申请号：US16136636

申请日：2018-09-20

Applicant: Cisco Technology, Inc.

Inventor： Ijsbrand Wijnands ,  Hendrikus G. P. Bosch ,  Sape Jurriën Mullender ,  Subhasri Dhesikan

IPC: H04L12/18 ,  H04L29/06 ,  H04L12/935

Abstract: An IP multicast group may include a plurality of group members corresponding to a plurality of host receivers that are connected to router nodes of a multicast distribution tree and joined in the multicast group. At least some of the router nodes may store a plurality of group member indicator bits associated with the multicast group. Each group member indicator bit may be assigned to a respective one of the group members and indicate whether the respective group member is reachable downstream from the router node. During IP multicast, the router node may receive an IP multicast message having a destination address field, a source address field, and a payload field. The payload field may include one or more data items of a multicast data stream. The destination address field may include a multicast group address for addressing communications to the multicast group.

公开(公告)号：US10511640B2

公开(公告)日：2019-12-17

申请号：US15708042

申请日：2017-09-18

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Paul A. Polakos ,  Humberto J. La Roche ,  Mahavir Dagdulal Karnavat

IPC: H04L29/06

Abstract: A method is provided in one example embodiment and includes receiving a first request from a first user equipment by a first transport layer proxy located within an access network The first request includes a request to establish a user session between the first user equipment and a remote server. The method further includes establishing a first transport layer session between the first user equipment and the first transport layer proxy, establishing a second transport layer session between the first transport layer proxy and the remote server, and establishing a first control channel between the first transport layer proxy and a transport layer function manager within a core network. The method further includes sending session state parameters associated with the first transport layer session and the second transport layer session to the transport layer function manager using the first control channel.

公开(公告)号：US20190288873A1

公开(公告)日：2019-09-19

申请号：US15925731

申请日：2018-03-19

Applicant: Cisco Technology, Inc.

Inventor： Pablo Camarillo Garvia ,  Hendrikus G. P. Bosch ,  Clarence Filsfils

IPC: H04L12/46 ,  H04L12/741

Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).

公开(公告)号：US09992103B2

公开(公告)日：2018-06-05

申请号：US14162954

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G. P. Bosch ,  Peter Weinberger ,  Praveen Bhagwatula ,  Michael E. Lipman ,  Alessandro Duminuco ,  Louis Gwyn Samuel

IPC: H04L12/721 ,  H04W24/02

CPC classification number: H04L45/38 ,  H04W24/02

Abstract: Presented herein are techniques to reduce the number of redirected subscriber packet flows while performing sticky hierarchical load balancing. An Nth head end network element may be activated such that a plurality of N head end network elements are active and capable of receiving and processing one or more packet flows. A primary load balancer may then be directed to overwrite a portion of pointers of a hash table in an evenly distributed manner with pointers to the Nth head end network element such that packet flows are forwarded to the Nth head end network element, wherein the hash table retains a static number of entries as the number of head end network elements is modified.