公开(公告)号：US11765050B1

公开(公告)日：2023-09-19

申请号：US17695085

申请日：2022-03-15

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Paul Brian Giralt ,  Gonzalo Salgueiro ,  David John Zacks

IPC: H04L41/5009 ,  H04L41/5041

CPC classification number: H04L41/5009 ,  H04L41/5045

Abstract: A device associated with an enterprise receives, from a user device, a message indicating that a user of the user device has requested a service level for accessing a service while performing teleworking activities for the enterprise. The user device accesses the service via a network that includes a portion controlled by an Internet Service Provider (ISP). The enterprise has established an agreement with the ISP indicating that the ISP is to provide service levels for users who are performing teleworking activities for the enterprise via the ISP. The ISP associated with the user device is identified based on the message. A request is transmitted to the ISP to provide the service level for the portion of the network that is controlled by the ISP and the ISP provides the service level for accessing the service based on the request.

公开(公告)号：US20230261928A1

公开(公告)日：2023-08-17

申请号：US17674686

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Jaganbabu Rajamanickam ,  David John Zacks ,  Carlos M. Pignataro ,  Madhan Sankaranarayanan ,  Cesar Obediente ,  Craig Thomas Hill

IPC: H04L41/0604 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/133 ,  H04L61/103 ,  H04L9/40

CPC classification number: H04L41/0627 ,  H04L41/0654 ,  H04L41/0631 ,  H04L67/40 ,  H04L61/103 ,  H04L63/101

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

公开(公告)号：US11706214B2

公开(公告)日：2023-07-18

申请号：US17225824

申请日：2021-04-08

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Alan Robert Lynn ,  David John Zacks ,  Frank Michaud

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/55

CPC classification number: H04L63/0861 ,  H04L63/107 ,  H04L63/20 ,  H04L67/55 ,  H04L2463/082

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

公开(公告)号：US20230198946A1

公开(公告)日：2023-06-22

申请号：US17557865

申请日：2021-12-21

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Dmitry Goloubev ,  Zizhen Gao ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L47/2441 ,  H04L47/2483

CPC classification number: H04L63/0236 ,  H04L63/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L63/0245

Abstract: Methods are provided for predictive policy enforcement using encapsulated metadata. The methods involve obtaining a packet of an encapsulated traffic flow that is transported in a software-defined wide area network (SD-WAN) or in a cloud network. The packet includes a network virtualization tunneling header with an appended service plane protocol header and a payload. The methods further involve extracting, from the appended service plane protocol header, without performing deep packet inspection, enriched metadata that includes fields for one or more attributes related to a source of the packet or a destination of the packet, determining at least one network policy based on the enriched metadata, and applying, to the packet, the at least one network policy that relates to gathering analytics and/or transporting the encapsulated traffic flow to the destination.

公开(公告)号：US20230188496A1

公开(公告)日：2023-06-15

申请号：US18163979

申请日：2023-02-03

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Akram Ismail Sheriff ,  Guy Keinan ,  Walter T. Hulick, JR.

IPC: H04L61/4511

CPC classification number: H04L61/4511

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

公开(公告)号：US20230169500A1

公开(公告)日：2023-06-01

申请号：US17535957

申请日：2021-11-26

Applicant: Cisco Technology, Inc.

Inventor： Walter Theodore Hulick, JR. ,  David John Zacks ,  Thomas Szigeti ,  Renato Scaglioni Quedas

IPC: G06Q20/40

CPC classification number: G06Q20/401

Abstract: In one embodiment, a microservice, that provides one or more services for one or more distributed business transactions offered by an application, obtains a service request for a particular business transaction involving a particular user device executing the application. The microservice determines whether the service request includes an indication of authentication results for the particular business transaction that satisfy one or more authentication requirements of the microservice. The microservice sends, based on the indication of authentication results for the particular business transaction not satisfying the one or more authentication requirements of the microservice, a request for the particular user device to perform authentication for the particular business transaction to satisfy the one or more authentication requirements. The microservice completes, based on the indication of authentication results for the particular business transaction satisfying the one or more authentication requirements of the microservice, a particular service as per the service request.

公开(公告)号：US20230100471A1

公开(公告)日：2023-03-30

申请号：US17488403

申请日：2021-09-29

Applicant: Cisco Technology, Inc.

Inventor： Madhuvanthi Cheyyar Rajasekaran ,  Walter Theodore Hulick, JR. ,  David John Zacks ,  Anusha Maltesh ,  Krishma Harendra Kapadia

IPC: H04L12/26 ,  H04L12/24

Abstract: In one embodiment, an agent process performs performance monitoring according to either a network performance monitoring platform or an application performance monitoring platform. The agent process exchanges a request message with a remote agent process (performing performance monitoring according to the opposing platform), where the request message comprises a transaction identifier and a requested action. The agent process also exchanges, in response to the request message, a response message with the remote agent process, wherein the response message comprises an acknowledgment of the transaction identifier and the requested action. The agent process shares first performance monitoring platform information along with the transaction identifier, where the remote agent process shares second performance monitoring platform information along with the transaction identifier, such that the sharing causes explicit correlation of the first information and the second information based on the transaction identifier.

公开(公告)号：US20230098281A1

公开(公告)日：2023-03-30

申请号：US17490004

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L29/06 ,  G06K9/00

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

公开(公告)号：US20220329588A1

公开(公告)日：2022-10-13

申请号：US17225824

申请日：2021-04-08

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Alan Robert Lynn ,  David John Zacks ,  Frank Michaud

IPC: H04L29/06 ,  H04L29/08

Abstract: The present technology pertains to increasing security of devices that leverages an integration of an authentication system with at least one corporate service. The present technology includes receiving a request from a user device to authenticate a person as a particular user by the authentication system. The present technology also includes capturing a photo of the person attempting to be authenticated as the particular user. The present technology also includes mapping nodal points to the captured photo of the person attempting to be authenticated as the particular user to a device or service. The present technology also includes comparing the nodal points from the photo against a reference model for facial recognition of the particular user. The present technology also includes determining that the nodal points do not sufficiently match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

公开(公告)号：US20220321602A1

公开(公告)日：2022-10-06

申请号：US17216845

申请日：2021-03-30

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Walter T. Hulick, JR. ,  Tal Maoz

IPC: H04L29/06 ,  G06F9/54 ,  G06F9/455

Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.