公开(公告)号：US12126691B2

公开(公告)日：2024-10-22

申请号：US17747165

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  David John Zacks ,  Thomas Szigeti

IPC: H04L67/306 ,  H04L43/0876 ,  H04L67/141

CPC classification number: H04L67/306 ,  H04L43/0876 ,  H04L67/141

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

公开(公告)号：US20240297708A1

公开(公告)日：2024-09-05

申请号：US18116493

申请日：2023-03-02

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Jeff Apcar ,  Robert Edgar Barton

IPC: H04B7/185

CPC classification number: H04B7/18513

Abstract: Techniques for a low Earth orbit (LEO) satellite to route data through optimal satellite paths based on latency thresholds (and/or other QoS thresholds) for the application generating the data. The LEO satellite may identify the latency threshold from a data packet, where the latency threshold indicates an amount of time for the data packet to be relayed back down to a destination ground device. The LEO satellite determines available satellite paths through which data packets may be routed to destination ground stations. Further, the LEO satellite may determine latencies for transmitting traffic over the available satellite paths. The LEO satellite may compare the latency threshold for the data packet with the latencies of the available satellite paths, and select a satellite path that is optimal for transmitting the data packet. In this way, LEO satellites intelligently route data through satellite paths based on the type of traffic being transmitted.

公开(公告)号：US20240291816A1

公开(公告)日：2024-08-29

申请号：US18174177

申请日：2023-02-24

Applicant: Cisco Technology, Inc.

Inventor： Walter Hulick ,  David John Zacks ,  Thomas Szigeti ,  Nagendra Kumar Nainar

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/0245 ,  H04L63/20

Abstract: Provided herein are techniques to facilitate enhanced cloud access security broker (CASB) functionality via in-band application observability in which a CASB can be implemented in-line between the client device and an embedded application security service. In one instance, a method may include, obtaining, by a CASB from a client device, a first message for an application transaction involving an application operating via the client device. The first message can be augmented to include first security metadata and can be forwarded to trigger one or more actions by an embedded application security service associated with the application. The CASB may obtain a second message from the embedded application security service that includes second security metadata, and one or more actions can be triggered at the CASB based, at least in part, on the second security metadata included in the second message.

公开(公告)号：US11956637B2

公开(公告)日：2024-04-09

申请号：US18045273

申请日：2022-10-10

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Darryl E. Sladden ,  Thomas Szigeti

IPC: H04W4/02 ,  H04W4/029 ,  H04W12/12 ,  H04W12/79 ,  H04W24/10 ,  H04W48/16 ,  H04W48/20 ,  H04W76/16 ,  H04W88/04 ,  H04W88/08 ,  H04W88/12 ,  H04W92/10 ,  H04W92/12

CPC classification number: H04W12/12 ,  H04W4/023 ,  H04W4/029 ,  H04W12/79 ,  H04W24/10 ,  H04W48/16 ,  H04W48/20 ,  H04W76/16 ,  H04W88/04 ,  H04W88/08 ,  H04W88/12 ,  H04W92/10 ,  H04W92/12

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

公开(公告)号：US20240031349A1

公开(公告)日：2024-01-25

申请号：US18372028

申请日：2023-09-22

Applicant: Cisco Technology, Inc.

Inventor： David J. Zacks ,  Carlos M. Pignataro ,  Thomas Szigeti

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L63/107 ,  H04L63/102 ,  H04L63/0861 ,  G06F2221/2139 ,  H04L2463/082

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

公开(公告)号：US20230409662A1

公开(公告)日：2023-12-21

申请号：US17845116

申请日：2022-06-21

Applicant: Cisco Technology, Inc.

Inventor： Walter Theodore Hulick, JR. ,  David John Zacks ,  Thomas Szigeti

IPC: G06F16/958 ,  H04L67/02

CPC classification number: G06F16/972 ,  H04L67/02

Abstract: In one embodiment, an agent executed by a device intercepts webpage code for a website sent from an application server to a client of the website. The agent identifies a portion of the webpage code as being used for webpage analytics. The agent forms modified webpage code by disabling the portion of the webpage code, based on one or more performance metrics associated with the website. The agent sends the modified webpage code to the client of the website.

公开(公告)号：US20230379258A1

公开(公告)日：2023-11-23

申请号：US17747359

申请日：2022-05-18

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Jeff Apcar ,  Oliver Boehmer ,  Thomas Szigeti

IPC: H04L47/193 ,  H04B7/185 ,  H04L69/16

CPC classification number: H04L47/193 ,  H04B7/18502 ,  H04L69/16

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

公开(公告)号：US20230379213A1

公开(公告)日：2023-11-23

申请号：US17748930

申请日：2022-05-19

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Robert E. BARTON

IPC: H04L41/082 ,  H04L41/0631 ,  H04L41/0604

CPC classification number: H04L41/082 ,  H04L41/0645 ,  H04L41/0604

Abstract: According to one or more embodiments of the disclosure, intelligent closed-loop device profiling for proactive behavioral expectations is described herein. In particular, in one embodiment, a device controller determines a deliberate change to be made within a network, and generates a profile of a behavioral update that an analytics engine should expect to see based on the deliberate change. The device controller then transmits, to the analytics engine, the profile of the behavioral update to cause the analytics engine to proactively expect the behavioral update in response to the deliberate change.

公开(公告)号：US11824866B2

公开(公告)日：2023-11-21

申请号：US17168353

申请日：2021-02-05

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David John Zacks ,  Frank Michaud ,  Carlos M. Pignataro

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/107 ,  H04L2463/082 ,  H04L2463/121

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.

公开(公告)号：US20230344830A1

公开(公告)日：2023-10-26

申请号：US18344527

申请日：2023-06-29

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  Alan Robert Lynn ,  David John Zacks ,  Frank Michaud

IPC: H04L9/40 ,  H04L67/55

CPC classification number: H04L63/0861 ,  H04L63/107 ,  H04L63/20 ,  H04L67/55 ,  H04L2463/082

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.