公开(公告)号：WO2017027438A1

公开(公告)日：2017-02-16

申请号：PCT/US2016/045962

申请日：2016-08-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BIGGS, Andrew ,  COOLEY, Shaun ,  MILLER, Matt ,  WHITSELL, Sean

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract translation: 根据表示组织成员资格更新的防篡改时间表的数据块的有序列表，在机密组通信中实现授权的系统和方法。 这种方法允许临时和分散的组定义，动态和分散的成员资格更新，公开分享，篡改阻力和跟踪成员资格历史。 这些技术有很多应用。 一种这样的应用是实现即时消息，内容共享和流媒体的端到端加密。

公开(公告)号：WO2016172035A1

公开(公告)日：2016-10-27

申请号：PCT/US2016/028083

申请日：2016-04-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： LU, Chengning ,  BENNUN, Eitan ,  JAYADEV KUMAR, Maypalli ,  RAJGURU, Nikhil, Ravindra ,  JOSHUA, Shamira ,  LIN, Richard ,  CAREDIO, Elisa

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0464 ,  H04L63/166 ,  H04L65/1069 ,  H04L67/14 ,  H04L67/28 ,  H04L67/42

Abstract: An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the network device and the endpoint client. The network device receives a first session ticket from the endpoint server. A session state of a proxy client in the first session, including the first session ticket, is determined. The network device also determines a session state of a proxy server in the second session. The combination of the session state of the proxy client, including the first session ticket, and the session state of the proxy server are encapsulated as part of a second session ticket.

Abstract translation: 中间网络设备通过网络设备接收端点服务器和端点客户端之间的安全通信会话的请求。 端点服务器和端点客户端之间的安全会话分为第一会话和第二会话。 第一个会话在端点服务器和网络设备之间。 第二个会话在网络设备和端点客户端之间。 网络设备从端点服务器接收第一个会话凭证。 确定第一会话中的代理客户端的会话状态，包括第一个会话凭证。 网络设备还确定第二会话中的代理服务器的会话状态。 代理客户端的会话状态（包括第一会话票据）和代理服务器的会话状态的组合被封装为第二会话票证的一部分。

公开(公告)号：WO2016065098A1

公开(公告)日：2016-04-28

申请号：PCT/US2015/056817

申请日：2015-10-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BORIKAR, Sagar

IPC: G06F13/38

CPC classification number: G06F13/4022 ,  G06F13/385 ,  G06F13/4081

Abstract: Systems and methods for connecting a device to one of a plurality of processing hosts. A virtual interface card (VIC) adapter learns the number and location of the hosts and an identification of the device; receives a mapping of the device to a selected host where in the host is selected from the plurality of hosts; and dynamically builds an interface that connects the device to the selected host.

Abstract translation: 用于将设备连接到多个处理主机之一的系统和方法。 虚拟接口卡（VIC）适配器了解主机的数量和位置以及设备的标识; 从所述多个主机接收从所述主机中选择的所述主机的设备的映射; 并动态构建将设备连接到所选主机的接口。

公开(公告)号：WO2015157201A1

公开(公告)日：2015-10-15

申请号：PCT/US2015/024599

申请日：2015-04-07

Applicant: CISCO TECHNOLOGY, INC.

Inventor： AARRESTAD, Glenn Robert, Grimsrud ,  AAS, Rune, Øistein ,  TANGELAND, Kristian

IPC: H04N7/15 ,  H04N5/232

CPC classification number: H04N7/147 ,  G06K9/00255 ,  H04N5/23219 ,  H04N7/15

Abstract: A video conference endpoint detects faces at associated face positions in video frames capturing a scene. The endpoint frames the video frames to a view of the scene encompassing all of the detected faces. The endpoint detects that a previously detected face is no longer detected. In response, a timeout period is started and independently of detecting faces, motion is detected across the view. It is determined if any detected motion (i) coincides with the face position of the previously detected face that is no longer detected, and (ii) occurs before the timeout period expires. If conditions (i) and (ii) are met, the endpoint restarts the timeout period and repeats the independently detecting motion and the determining. Otherwise, the endpoint reframes the view to encompass the remaining detected faces.

Abstract translation: 视频会议终端检测拍摄场景的视频帧中相关联的脸部位置处的脸部。 端点将视频帧框架到包含所有检测到的面部的场景视图。 端点检测到先前检测到的脸部不再被检测到。 作为响应，开始超时时段并且独立于检测面，在整个视图中检测到运动。 确定任何检测到的运动（i）是否与不再检测到的先前检测到的面部的面部位置一致，并且（ii）在超时时段到期之前发生。 如果满足条件（i）和（ii），端点重新启动超时时间段，并重复独立检测运动和确定。 否则，端点重新构造视图以包含剩余的检测到的面。

公开(公告)号：WO2015138400A1

公开(公告)日：2015-09-17

申请号：PCT/US2015/019623

申请日：2015-03-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： TRIKHA, Nitesh ,  DRY, William, N. ,  PIGNATARO, Carlos, M. ,  SRIVASTAVA, Pankaj ,  RADJA, Coumara

IPC: G06F17/30

CPC classification number: G06F17/30896 ,  G06F17/3089 ,  H04L67/025

Abstract: A web browser executes on a device that has controllable operational features, such as sensor, actuator, and process-related features, and that is connected to other devices via a network. The web browser receives a HyperText Markup Language (HTML) document including HTML device tags. Each of the HTML device tags includes a command configured to control a corresponding one of the operational features of the device. The web browser determines, based on each HTML device tag, the command therein to control the corresponding operational feature. The web browser issues the determined command to the corresponding operational feature so as to control the operational feature.

Abstract translation: 网络浏览器在具有可控操作特征的设备上执行，例如传感器，致动器和过程相关特征，并且经由网络连接到其他设备。 Web浏览器接收包含HTML设备标签的超文本标记语言（HTML）文档。 每个HTML设备标签包括被配置为控制设备的相应的一个操作特征的命令。 Web浏览器基于每个HTML设备标签来确定其中的命令以控制相应的操作特征。 Web浏览器将确定的命令发布到相应的操作功能，以控制操作功能。

公开(公告)号：WO2015108718A1

公开(公告)日：2015-07-23

申请号：PCT/US2015/010213

申请日：2015-01-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PARLA, Vincent E. ,  MCGREW, David ,  KIELBASINSKI, Andrzej

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0884

Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.

Abstract translation: 当客户机设备的用户尝试发起与由服务提供商管理的应用的用户会话时，生成认证请求。 基于从用户接收的凭证生成认证响应。 认证响应包括代表用户的断言。 用于断言的传送资源定位符被重写到代理的资源定位符，以便将断言重定向到代理。 认证响应与代理的资源定位器一起被发送到客户机设备，以便使客户端设备将该断言发送到对重写的资源定位符进行解码的代理，并将该断言发送给服务提供商。

公开(公告)号：WO2015088851A1

公开(公告)日：2015-06-18

申请号：PCT/US2014/068316

申请日：2014-12-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： THUBERT, Pascal ,  BELLAGAMBA, Patrice ,  ANTEUNIS, Dirk ,  LEVY-ABEGNOLI, Eric

IPC: H04L12/703 ,  H04L12/753

CPC classification number: H04L45/28 ,  H04L41/0668 ,  H04L45/18 ,  H04L45/48 ,  H04L49/557

Abstract: A network includes multiple routing arcs for routing network traffic to a destination. Each arc comprising nodes connected in sequence by reversible links oriented away from a node initially holding a cursor toward one of first and second edge nodes through which the network traffic exits the arc. Each node includes a network device. The nodes in the arc detect a first failure in the arc. Responsive to the detecting the first failure, the nodes exchange first management frames over a data plane within the arc in order to transfer the cursor from the node initially holding the cursor to a first node proximate the first failure and reverse links in the arc as appropriate so that the network traffic in the arc is directed away from the first failure toward the first edge node of the arc through which the network traffic is able to exit the arc.

Abstract translation: 网络包括用于将网络流量路由到目的地的多个路由弧。 每个弧包括通过可逆的链接依次连接的节点，所述可逆链接朝向远离最初保持光标的节点朝向第一和第二边缘节点之一，网络业务通过该节点离开该弧。 每个节点包括网络设备。 弧中的节点检测到弧中的第一个故障。 响应于检测到第一故障，节点通过弧内的数据平面交换第一管理帧，以将光标从最初保持光标的节点传送到靠近第一故障的第一节点，并且适当地在弧中反向链接 使得电弧中的网络流量被引导离开第一故障朝向电弧的第一边缘节点，网络业务通过该第一边缘节点能够离开电弧。

公开(公告)号：WO2015047760A1

公开(公告)日：2015-04-02

申请号：PCT/US2014/055549

申请日：2014-09-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GRISERI, Enrico ,  SELF, Enrico ,  BRUNELLA, Mauro

IPC: H04B10/291 ,  H01S3/30 ,  H04B10/293

CPC classification number: H01S3/302 ,  H01S3/06754 ,  H01S3/094003 ,  H01S3/094096 ,  H01S3/10069 ,  H01S2301/02 ,  H04B10/07955 ,  H04B10/2916 ,  H04B10/2933 ,  H04J14/0221

Abstract: Techniques are presented herein to set power levels for multiple Raman pump wavelengths in a distributed Raman amplification configuration. A first receive power measurement is obtained at a second node with a controlled optical source at a first node turned on and with a plurality of Raman pump lasers at different wavelengths at the second node turned off. A second receive power measurement is obtained at the second node with the controlled optical source at the first node turned on and the plurality of Raman pump lasers turned on to respective reference power levels to inject optical Raman pump power at a corresponding plurality of wavelengths into the optical fiber span. Based on a target Raman gain and a target Raman gain tilt, respective ratios of a total power are obtained, each ratio to be used for a corresponding one of the plurality of Raman pump lasers.

Abstract translation: 本文提出了技术来设置分布式拉曼放大配置中多个拉曼泵浦波长的功率水平。 第一接收功率测量在第二节点处获得，其中第一节点处于受控光源并且第二节点处的多个拉曼泵浦激光器处于不同波长处。 在第二节点处获得第二接收功率测量，其中第一节点处的受控光源被接通，并且多个拉曼泵激光器接通到相应的参考功率电平，以将相应多个波长的光拉曼泵功率注入到 光纤跨度 基于目标拉曼增益和目标拉曼增益倾斜，获得总功率的各自的比率，用于多个拉曼泵浦激光器中的相应一个的每个比率。

公开(公告)号：WO2014189670A1

公开(公告)日：2014-11-27

申请号：PCT/US2014/036907

申请日：2014-05-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus, G.P. ,  GUICHARD, James ,  BARACH, Dave ,  DUMINUCO, Alessandro ,  FANG, Luyuan ,  QUINN, Paul ,  FERNANDO, Rex ,  WARD, David

IPC: H04L12/715

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/04

Abstract: Presented herein are techniques for use in a network environment that includes one or more service zones, each service zone including at least one instance of an in-line application service to be applied to network traffic and one or more routers to direct network traffic to the at least one service, and a route target being assigned to a unique service zone to serve as a community value for route import and export between routers of other service zones, destination networks or source networks via a control protocol. An edge router in each service zone or destination network advertises routes by its destination network prefix tagged with its route target. A service chain is created by importing and exporting of destination network prefixes by way of route targets at edge routers of the service zones or source networks.

Abstract translation: 这里提出的是在包括一个或多个服务区域的网络环境中使用的技术，每个服务区域包括要应用于网络业务的在线应用服务的至少一个实例以及一个或多个路由器以将网络流量引导到 至少一个服务，以及被分配给唯一服务区的路由目标，以用作通过控制协议在其他服务区域，目的地网络或源网络的路由器之间路由导入和导出的社区值。 每个服务区域或目标网络中的边缘路由器通过其路由目标标记的目标网络前缀来通告路由。 通过在服务区域或源网络的边缘路由器上的路由目标导入和导出目标网络前缀来创建服务链。

公开(公告)号：WO2013002926A1

公开(公告)日：2013-01-03

申请号：PCT/US2012/039530

申请日：2012-05-25

Applicant: CISCO TECHNOLOGY, INC. ,  MOTWANI, Dhananjay, C. ,  JAIN, Sudhir ,  JAIN, Jyoti ,  KUMAR, Vikram, P. ,  SUNDARESWARAN, Nitya

Inventor： MOTWANI, Dhananjay, C. ,  JAIN, Sudhir ,  JAIN, Jyoti ,  KUMAR, Vikram, P. ,  SUNDARESWARAN, Nitya

IPC: H04W28/08 ,  H04W36/12 ,  H04W36/22 ,  H04W84/12

CPC classification number: H04W28/08 ,  H04W36/12 ,  H04W36/22 ,  H04W84/12

Abstract: Techniques are provided to load balance point of presence traffic for a group of network devices, such as switches (3,4-1), that are configured to support network connectivity in a wired network for client devices (2) that roam between wireless access points (11 -x, 12 - 1, 12 -y) served by the respective switches (3,4-1). The point of presence traffic may tend to be allocated to a particular switch (1-2) due to network topology, whereby the switch may be located at a building entrance and therefore receive the majority of new association requests for mobile devices entering the building. Load is monitored by each switch (3,4-1) and load information is exchanged (15,16) between the switches (3,4-1). Requests and responses are exchanged between the switches such that point of presence responsibility may be transferred to switches with a lighter load.

Abstract translation: 提供技术来为一组诸如交换机（3,4-1）的网络设备的负载平衡点存在流量，所述网络设备被配置为支持在用于在无线接入之间漫游的客户端设备（2）的有线网络中的网络连接 由各个开关（3,4-1）提供的点（11-x，12 - 1，12 -y）。 由于网络拓扑，存在流量点可能倾向于被分配给特定的交换机（1-2），由此交换机可以位于建筑物入口处，并且因此接收进入建筑物的移动设备的大部分新的关联请求。 每个开关（3,4-1）监控负载，并在开关（3,4-1）之间交换负载信息（15,16）。 在交换机之间交换请求和响应，使得存在责任点可以转移到负载较轻的交换机。