Patents by Inventor Craig Thomas Hill
Craig Thomas Hill has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146643Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.Type: ApplicationFiled: November 2, 2022Publication date: May 2, 2024Inventors: David John Zacks, Nagendra Kumar Nainar, Madhan Sankaranarayanan, Jaganbabu Rajamanickam, Craig Thomas Hill, Cesar Obediente
-
Publication number: 20240048436Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.Type: ApplicationFiled: October 16, 2023Publication date: February 8, 2024Inventors: Nagendra Kumar Nainar, Jaganbabu Rajamanickam, David John Zacks, Carlos M. Pignataro, Madhan Sankaranarayanan, Cesar Obediente, Craig Thomas Hill
-
Patent number: 11870762Abstract: The present disclosure is directed to systems and methods for transparent Provider Backbone Bridge forwarding of MACsec key exchanges over public Ethernet provider backbones. The method includes the steps of receiving, at a first PBB device, an Ethernet frame from a first edge router for transmission to a second edge router via a MACsec connection, the Ethernet frame comprising a plurality of fields; performing a lookup of one or more fields of the plurality of fields to determine a match with one or more pre-defined values; determining that the one or more fields of the Ethernet frame match the one or more pre-defined values; rewriting the one or more fields of the Ethernet frame to one or more open values operable to allow the Ethernet frame to be transmitted to a next hop device; and transmitting the Ethernet frame to the next hop device.Type: GrantFiled: July 7, 2021Date of Patent: January 9, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Aaron Christopher Warner, Michael William Bessette, Chennakesava Reddy Gaddam
-
Patent number: 11863450Abstract: A method comprises: at a network device configured to be connected to a network and having control and data planes, and interfaces configured for network operations in the network: upon receiving, from a controller, instructions to form a local twin of the network device that is a virtual replica of the network device to be used for test purposes, creating the local twin and configuring the local twin to include virtual control and data planes, and virtual interfaces, which are virtual replicas of, and operate independently from, the control and data planes, and the interfaces, of the network device, respectively; and hosting the local twin on physical resources of the network device such that the local twin is configured for virtual network operations on the network device that replicate, but are independent from, the network operations.Type: GrantFiled: December 8, 2022Date of Patent: January 2, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Cesar Obediente, Craig Thomas Hill, Nagendra Kumar Nainar, David John Zacks, Jaganbabu Rajamanickam, Madhan Sankaranarayanan
-
Patent number: 11818141Abstract: According to an embodiment, a node comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the node to perform operations. The operations comprise determining security validation information that the node associates with a packet, inserting into the packet an identifier associated with the node and the security validation information that the node associates with the packet, and transmitting the packet comprising the identifier associated with the node and the security validation information that the node associates with the packet. The security validation information comprises one or more proof of security attributes and/or one or more proof of security level attributes.Type: GrantFiled: December 9, 2021Date of Patent: November 14, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Sujal Sheth, Frank Brockners, Cesar Obediente
-
Patent number: 11792065Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.Type: GrantFiled: February 17, 2022Date of Patent: October 17, 2023Assignee: Cisco Technology, Inc.Inventors: Nagendra Kumar Nainar, Jaganbabu Rajamanickam, David John Zacks, Carlos M. Pignataro, Madhan Sankaranarayanan, Cesar Obediente, Craig Thomas Hill
-
Publication number: 20230261928Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.Type: ApplicationFiled: February 17, 2022Publication date: August 17, 2023Inventors: Nagendra Kumar Nainar, Jaganbabu Rajamanickam, David John Zacks, Carlos M. Pignataro, Madhan Sankaranarayanan, Cesar Obediente, Craig Thomas Hill
-
Publication number: 20230188534Abstract: According to an embodiment, a node comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the node to perform operations. The operations comprise determining security validation information that the node associates with a packet, inserting into the packet an identifier associated with the node and the security validation information that the node associates with the packet, and transmitting the packet comprising the identifier associated with the node and the security validation information that the node associates with the packet. The security validation information comprises one or more proof of security attributes and/or one or more proof of security level attributes.Type: ApplicationFiled: December 9, 2021Publication date: June 15, 2023Inventors: Craig Thomas Hill, Sujal Sheth, Frank Brockners, Cesar Obediente
-
Publication number: 20230008699Abstract: The present disclosure is directed to systems and methods for transparent Provider Backbone Bridge forwarding of MACsec key exchanges over public Ethernet provider backbones. The method includes the steps of receiving, at a first PBB device, an Ethernet frame from a first edge router for transmission to a second edge router via a MACsec connection, the Ethernet frame comprising a plurality of fields; performing a lookup of one or more fields of the plurality of fields to determine a match with one or more pre-defined values; determining that the one or more fields of the Ethernet frame match the one or more pre-defined values; rewriting the one or more fields of the Ethernet frame to one or more open values operable to allow the Ethernet frame to be transmitted to a next hop device; and transmitting the Ethernet frame to the next hop device.Type: ApplicationFiled: July 7, 2021Publication date: January 12, 2023Inventors: Craig Thomas Hill, Aaron Christopher Warner, Michael William Bessette, Chennakesava Reddy Gaddam
-
Publication number: 20220353143Abstract: A network controller is configured to control a plurality of network devices in a network. The network controller generates one or more commands that are configured to inject a failure to propagate through two or more network devices in the network. The network controller provides the one or more commands to at least one of the two or more network devices to initiate the failure. The one or more commands cause the failure cause the two or more network devices to collect and propagate telemetry data, on a hop-by-hop basis. The network controller obtains the telemetry data collected from the two or more network devices, and analyzes the telemetry data to determine an impact in the network of the failure propagated through the two or more network devices.Type: ApplicationFiled: April 29, 2021Publication date: November 3, 2022Inventors: Craig Thomas Hill, Cesar Obediente
-
Patent number: 11411915Abstract: A network device configured to communicate with a network executes a security protocol. The security protocol establishes a secure session with a security peer network device, exchanges security protected traffic with the security peer network device over a secure link, detects whether there is a security failure in the secure session, and upon detecting a security failure, signals there is a security failure. The network device also executes a routing protocol. The routing protocol maintains a routing table that includes a route to the security peer over the secure link, routes the security protected traffic along the route, and, upon receiving from the security protocol the signal that there is a security failure, removes the route from the routing table to stop the routing.Type: GrantFiled: January 9, 2019Date of Patent: August 9, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Stephen Michael Orr
-
Patent number: 11316869Abstract: Disclosed is a method of establishing secure communications. The method includes receiving an attestation parameter associated with a first peer in a potential peer-to-peer communication, adding the attestation parameter to an MACsec Key Agreement (MKA) protocol key exchange, transmitting the key exchange from the first peer to a second peer in the potential peer-to-peer communication and upon a validation of the attestation parameter by the second peer, enabling secure communication between the first peer and the second peer.Type: GrantFiled: December 10, 2019Date of Patent: April 26, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Frank Brockners, Shwetha Subray Bhandari, Chennakesava Reddy Gaddam
-
Patent number: 11212265Abstract: A non-transitory computer readable medium including instructions stored thereon, when executed, the instructions being effective to cause at least one processor of a first network device to: derive a private key encryption key based on a public key, a first private key of the first network device, a second private key of a live peer device, and a Connectivity Association Key (CAK); transmit a secret key encrypted by the private key encryption key to the live peer device; and receive a communication from the live peer device, the communication being encrypted by the secret key.Type: GrantFiled: January 9, 2020Date of Patent: December 28, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Chennakesava Reddy Gaddam, Annu Singh, Gaurav Kumar
-
Patent number: 11128663Abstract: A first network element, such as a router, in a computer network may have established a communication link with a second network element in the computer network. A secure session associated with the communication link between the first and second network elements may then be established. The secure session may use a secure communication function on each of the first network element and the second network element. The first network element may then detect that the first network element cannot communicate with the second network element over the communication link. When the first network element cannot communicate with the second network element, the first network element may terminate the communication link and the secure session associated with the communication link.Type: GrantFiled: October 16, 2018Date of Patent: September 21, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, Stephen Michael Orr
-
Publication number: 20210218717Abstract: A non-transitory computer readable medium including instructions stored thereon, when executed, the instructions being effective to cause at least one processor of a first network device to: derive a private key encryption key based on a public key, a first private key of the first network device, a second private key of a live peer device, and a Connectivity Association Key (CAK); transmit a secret key encrypted by the private key encryption key to the live peer device; and receive a communication from the live peer device, the communication being encrypted by the secret key.Type: ApplicationFiled: January 9, 2020Publication date: July 15, 2021Inventors: Craig Thomas Hill, Chennakesava Reddy Gaddam, Annu Singh, Gaurav Kumar
-
Publication number: 20210176255Abstract: Disclosed is a method of establishing secure communications. The method includes receiving an attestation parameter associated with a first peer in a potential peer-to-peer communication, adding the attestation parameter to an MACsec Key Agreement (MKA) protocol key exchange, transmitting the key exchange from the first peer to a second peer in the potential peer-to-peer communication and upon a validation of the attestation parameter by the second peer, enabling secure communication between the first peer and the second peer.Type: ApplicationFiled: December 10, 2019Publication date: June 10, 2021Inventors: Craig Thomas Hill, Frank Brockners, Shwetha Subray Bhandari, Chennakesava Reddy Gaddam
-
Publication number: 20200296033Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.Type: ApplicationFiled: June 1, 2020Publication date: September 17, 2020Inventors: Craig Thomas Hill, James Guichard, Darrin Joseph Miller, Carlos M. Pignataro
-
Patent number: 10728142Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.Type: GrantFiled: November 29, 2018Date of Patent: July 28, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, James Guichard, Darrin Joseph Miller, Carlos M. Pignataro
-
Publication number: 20200220843Abstract: A network device configured to communicate with a network executes a security protocol. The security protocol establishes a secure session with a security peer network device, exchanges security protected traffic with the security peer network device over a secure link, detects whether there is a security failure in the secure session, and upon detecting a security failure, signals there is a security failure. The network device also executes a routing protocol. The routing protocol maintains a routing table that includes a route to the security peer over the secure link, routes the security protected traffic along the route, and, upon receiving from the security protocol the signal that there is a security failure, removes the route from the routing table to stop the routing.Type: ApplicationFiled: January 9, 2019Publication date: July 9, 2020Inventors: Craig Thomas Hill, Stephen Michael Orr
-
Publication number: 20200120134Abstract: A first network element, such as a router, in a computer network may have established a communication link with a second network element in the computer network. A secure session associated with the communication link between the first and second network elements may then be established. The secure session may use a secure communication function on each of the first network element and the second network element. The first network element may then detect that the first network element cannot communicate with the second network element over the communication link. When the first network element cannot communicate with the second network element, the first network element may terminate the communication link and the secure session associated with the communication link.Type: ApplicationFiled: October 16, 2018Publication date: April 16, 2020Inventors: Craig Thomas Hill, Stephen Michael Orr