公开(公告)号：WO2020096564A1

公开(公告)日：2020-05-14

申请号：PCT/US2018/059221

申请日：2018-11-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： ALI, Irfan ,  GUNTUPALLI, Ravi

IPC: H04W76/20 ,  H04W76/30 ,  H04W76/10

Abstract: A single user device (UE) can be attached to multiple fully separated network slices. Each network slice may include respective access functions. Idle to active status can be applied across the fully separated network slices by releasing each network slice through transmission over radio resource channel (RRC) before releasing the RRC channel. Active to idle status can be applied across the fully separated network slices by receiving a first paging message at a UE in order to initialize a RRC channel for connecting a first network slice, and by receiving a downlink information transfer message in order to connect a second network slice over the RRC channel. A handover between nodes can include transmitting handover requests to individual network slices and aggregating acknowledgements at a node before sending a handover command to the UE.

公开(公告)号：WO2020086276A1

公开(公告)日：2020-04-30

申请号：PCT/US2019/055433

申请日：2019-10-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus G.P. ,  DUMINUCO, Alessandro ,  NAPPER, Jeffrey ,  WARD, David Delano ,  RAZA, Syed Khalid ,  MULLENDER, Sape Jurrien

IPC: H04L12/725 ,  H04L29/06

Abstract: Disclosed are concepts for provided for managing application traffic. A method includes receiving a request to access a service from an application, confirming an entity of a user of the application and, based on the confirmation, generating, via an authentication service, a routing policy for data flows between the application and the service. The routing policy defines a mandated path between the application and the service. The method also can include storing proof-of-transit data in the traffic flow for tracking an actual path from the application to the service and determining whether the data path complies with the mandated path defined in the policy. When the determination indicates that the actual path followed the mandated path defined in the routing policy, the method includes granting access to the user for the service. When the actual path differs from the mandated path, the method includes denying access to the user.

公开(公告)号：WO2020076527A1

公开(公告)日：2020-04-16

申请号：PCT/US2019/053583

申请日：2019-09-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： NAINAR, Nagendra Kumar ,  PIGNATARO, Carlos M. ,  HENRY, Jerome ,  BARTON, Robert Edgar

IPC: H04L12/725 ,  H04L12/851 ,  H04L12/857 ,  H04L29/08 ,  G06F9/50

Abstract: Systems, methods, and computer-readable media for differentiating service within a service mesh. A translator service receives network traffic directed to a service mesh from a communications network. The translator service can determine a service characteristic for the network traffic and update rulesets within the service mesh based on the determined service characteristic. The updated rulesets enable the service mesh to differentiate services for the network traffic similarly to forwarding rules within the communications network.

公开(公告)号：WO2020072244A1

公开(公告)日：2020-04-09

申请号：PCT/US2019/052843

申请日：2019-09-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BOSCH, Hendrikus, G.P. ,  MULLENDER, Sape, Jurrien ,  WIJNANDS, Ijsbrand ,  DUMINUCO, Alessandro ,  NAPPER, Jeffrey, Michael ,  DHESIKAN, Subhasri

IPC: H04L12/18

Abstract: In one example embodiment, a server generates a candidate instantiation of virtual applications among a plurality of hosts in a data center to support a multicast stream. The server provides, to a first set of agents corresponding to a first set of the plurality of hosts, a command to initiate a test multicast stream. The server provides, to a second set of agents corresponding to a second set of the plurality of hosts, a command to join the test multicast stream. The server obtains, from the second set of agents, a message indicating whether the second set of agents received the test multicast stream. If the message indicates that the second set of agents received the test multicast stream, the server causes the virtual applications to be instantiated in accordance with the candidate instantiation of the virtual applications.

公开(公告)号：WO2020072222A1

公开(公告)日：2020-04-09

申请号：PCT/US2019/052450

申请日：2019-09-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WARNICKE, Ed ,  TOWNSLEY, William, Mark

IPC: G06F9/50

Abstract: In an embodiment, a method comprises, in response to receiving a packet that is associated with initiating a client-server session, transmitting a workload request to a workload orchestrator; the workload orchestrator selecting a selected server, from among a plurality of available geographically or logically distributed servers in network edge computing nodes, to process the client-server session; the workload orchestrator transmitting a request to the selected server to create a workload to process the client- server session; receiving, from the workload orchestrator, data identifying the selected server; forwarding one or more other packets associated with the same client-server session to the selected server; wherein the method is performed by one or more computing devices.

公开(公告)号：WO2020060818A1

公开(公告)日：2020-03-26

申请号：PCT/US2019/050559

申请日：2019-09-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BRINCKMAN, Bart ,  HENRY, Jerome ,  BARTON, Robert, Edgar ,  WARD, David, Delano

IPC: H04L29/06 ,  H04W12/08

Abstract: A method comprises obtaining, from a client device, a first set of application authentication credentials formatted in accordance with a first authentication protocol. The first set of application authentication credentials corresponds to a first user profile. The method includes translating the first set of application authentication credentials to a second set of application authentication credentials. The second set of application authentication credentials is formatted in accordance with a second authentication protocol different from the first authentication protocol and corresponds to the first user profile. The method includes providing the second set of application authentication credentials to an application authentication system. The method includes, in response to providing the second set of application authentication credentials to the application authentication system, obtaining, from the application authentication system, an application authentication indicator. In response to determining that the application authentication indicator indicates a successful authentication, granting the client device network access.

公开(公告)号：WO2020036756A1

公开(公告)日：2020-02-20

申请号：PCT/US2019/044969

申请日：2019-08-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： TRAN, Huy Phuong ,  MUKHERJI, Abhishek ,  PENG, Rong ,  CHAVEZ, Oscar Berjarano ,  PANDEY, Santosh Ghanshyam

IPC: G01S5/14 ,  G01S5/00

Abstract: An enterprise system configures access point devices at an enterprise location to communicate with a location determination system (140). The location determination system receives wireless signal attributes of user computing devices (110) broadcasting Wi-Fi signal data at the enterprise location from one or more access point devices (130). For a particular time window, the location determination system determines aggregated features of received wireless signal data across all access point devices, and classifies each of the user computing devices as moving or stationary by applying the wireless signal data to a model. For each of the user computing devices determined to be moving, the location determination system calculates a respective position of the user computing device based on the wireless signal data. For each of the user computing devices determined to be stationary, the location determination system does not calculate a respective position of the respective user computing device.

公开(公告)号：WO2020033102A1

公开(公告)日：2020-02-13

申请号：PCT/US2019/041372

申请日：2019-07-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： REHAK, Martin ,  MCGREW, David ,  ANDERSON, Blake, Harrell ,  DUNLOP, Scott, William

IPC: H04L29/06

Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.

公开(公告)号：WO2020032937A1

公开(公告)日：2020-02-13

申请号：PCT/US2018/045682

申请日：2018-08-07

Applicant: CISCO TECHNOLOGY, INC.

Inventor： ROBERTS, Christopher Shaun ,  KUNJAN, Solomon Ayyankulankara ,  NATARAJAN, Muhilan ,  O'BRIEN, Michael P.

IPC: G06F21/62 ,  H04L9/32 ,  G06F17/30 ,  H04L29/06

Abstract: Access to a data repository can be managed by an administration service linked to a blockchain network including at least one service node and a master node. The service node receives from an authorizing device a root block having a digital authorization for access data in the data repository. The master node transmits a consensus protocol to the service node. When an accessing device requests access to the data of the data repository, the service node verifies an access right of the accessing device according to the consensus protocol. A record of access to the data repository by the accessing device is generated and includes a reference to the root block. The record is then stored.

公开(公告)号：WO2020018335A1

公开(公告)日：2020-01-23

申请号：PCT/US2019/041294

申请日：2019-07-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAJAGOPALAN, Harikishnan ,  KAKKAR, Kanika

IPC: H04L12/931 ,  G06F9/50 ,  G06F11/30 ,  G06F15/16

Abstract: In a chassis including a plurality of nodes, a network switch, and a programmable device configured to manage a shared resource of the chassis, a method includes establishing, using the network switch, a dedicated network among baseboard management controllers of respective nodes in the plurality of nodes; and using the dedicated network, automatically selecting a given node from the plurality of nodes to function as a master node to program the programmable device on behalf of all nodes in the plurality of nodes to manage the shared resource of the chassis on behalf of all the nodes in the plurality of nodes.