公开(公告)号：US20200162357A1

公开(公告)日：2020-05-21

申请号：US16390695

申请日：2019-04-22

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Vikram Vikas Pendharkar ,  Peter Geoffrey Jones ,  Thomas Szigeti ,  Praveen T. Chandra

IPC: H04L12/26 ,  H04L12/801 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for monitoring traffic in a network include receiving, at an analytics platform connected to the network, one or more encapsulated packet headers from one or more network nodes of the network. From the one or more encapsulated packet headers, at least one or more source addresses of the one or more network nodes which transmitted the encapsulated packet headers, and one or more timestamps at which the one or more encapsulated packet headers were transmitted from the one or more network nodes may be determined. From at least the one or more source addresses and timestamps, network traffic information such as one or more of latency or jitter of data packets transiting through the one or more network nodes may be determined, wherein the one or more encapsulated packet headers may correspond to the data packets transiting through the one or more network nodes.

公开(公告)号：US20250063493A1

公开(公告)日：2025-02-20

申请号：US18450688

申请日：2023-08-16

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Indermeet Singh Gandhi ,  Jerome Henry ,  James F. Florwick

IPC: H04W52/02

Abstract: A method to manage access points in a wireless network to save power during off-peak hours. The method includes operating a wireless local area network including access points with the access points powered on, receiving information indicative of channel utilization levels for each of the access points over a predetermined period of time, receiving respective indications of occupancy levels of a space that is covered by the access points during the predetermined period of time, predicting a low occupancy period of the space based on the channel utilization levels and the respective indications of occupancy levels, and during the low occupancy period, causing a first group of the access points to be powered off, and causing a second group of the access points to remain powered on.

公开(公告)号：US12225057B2

公开(公告)日：2025-02-11

申请号：US18244048

申请日：2023-09-08

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Walter Hulick ,  Shannon McFarland

IPC: G06F21/62 ,  G06F21/71 ,  H04L9/40 ,  G06F21/78

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise. After the access policies have been de-conflicted, the IBN architecture and Cloud-Native architecture may then apply consistent access policies for traffic and communications in their respective network architectures.

公开(公告)号：US20250036559A1

公开(公告)日：2025-01-30

申请号：US18225861

申请日：2023-07-25

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Barry Qi Yuan ,  Robert E. Barton

IPC: G06F11/36 ,  G06F9/54

Abstract: In one embodiment, a device identifies an application programming interface call within new code for an application. The device conducts testing of a plurality of endpoints associated with the application programming interface call. The device selects, based on results of the testing, a particular endpoint from among the plurality of endpoints. The device steers the application programming interface call made by the application towards the particular endpoint.

公开(公告)号：US12192192B2

公开(公告)日：2025-01-07

申请号：US17749274

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Rajesh Indira Viswambharan ,  Nagendra Kumar Nainar ,  Akram Ismail Sheriff ,  David John Zacks

IPC: H04L9/40

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

公开(公告)号：US20240430257A1

公开(公告)日：2024-12-26

申请号：US18826359

申请日：2024-09-06

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Alan Robert Lynn ,  David John Zacks ,  Frank Michaud

IPC: H04L9/40 ,  H04L67/55

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

公开(公告)号：US20240414083A1

公开(公告)日：2024-12-12

申请号：US18206775

申请日：2023-06-07

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Thomas Szigeti ,  Barry Qi Yuan ,  Robert Edgar Barton

IPC: H04L45/00 ,  H04L45/74

Abstract: Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.

公开(公告)号：US20240386349A1

公开(公告)日：2024-11-21

申请号：US18318182

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Thomas Szigeti ,  David John Zacks

IPC: G06Q10/0635 ,  G06Q10/0875

Abstract: Techniques are described herein for managing access to remotely accessed software applications. In embodiments, such techniques may be performed by a service provider platform for software applications capable of being accessed by computing devices. The techniques may involve determining (e.g., based on a software bill of materials) components associated with the software applications, identifying a number of current security threats, and determining, based on the components and current security threats, a risk score associated with each of the software applications. The service provider platform may receive an indication of a level of risk for each of the computing devices in the organization, generate, based on the risk score associated with the software applications and the level of risk for each of the computing devices, policy data for each of the computing devices, and provide the policy data to at least one second computing device.

公开(公告)号：US12137125B2

公开(公告)日：2024-11-05

申请号：US17886030

申请日：2022-08-11

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Vinay Saini ,  Akram Sheriff ,  Rajesh Indira Viswambharan ,  David John Zacks

IPC: H04L9/40

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

公开(公告)号：US20240365118A1

公开(公告)日：2024-10-31

申请号：US18139244

申请日：2023-04-25

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  David John Zacks ,  Vinay Saini

IPC: H04W12/065 ,  H04L9/32 ,  H04M3/42

CPC classification number: H04W12/065 ,  H04L9/3213 ,  H04M3/42034

Abstract: Techniques are described for providing secure audio calls between a calling party and a receiving party. Upon receiving a call request from a call initiating party, a notification is sent to the intended call recipient. The call recipient can send a request for a secure call. Upon receiving the request for a secure call, a bi-directional multifactor authentication is performed to authenticate the identity of both the call initiating party and the call receiving party. In response to successfully authenticating both parties, a secure call between the parties is established. One or more secure key tokens or other metadata can be embedded in the call to ensure security of the call.