Patents by Inventor Darrin Joseph Miller
Darrin Joseph Miller has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11985110Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: GrantFiled: September 14, 2022Date of Patent: May 14, 2024Assignee: Cisco Technology, Inc.Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Patent number: 11909771Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.Type: GrantFiled: June 1, 2020Date of Patent: February 20, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Darrin Joseph Miller, Kevin Patrick Regan, Einar Nilsen-Nygaard
-
Publication number: 20240022945Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.Type: ApplicationFiled: September 28, 2023Publication date: January 18, 2024Inventors: Jerome Henry, Nancy Cam-Winget, Simone Arena, Darrin Joseph Miller, Sudhir Kumar Jain, Einar Nilsen-Nygaard
-
Patent number: 11849344Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.Type: GrantFiled: April 21, 2021Date of Patent: December 19, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Nancy Cam-Winget, Simone Arena, Darrin Joseph Miller, Sudhir Kumar Jain, Einar Nilsen-Nygaard
-
Publication number: 20230291687Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.Type: ApplicationFiled: May 16, 2023Publication date: September 14, 2023Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Darrin Joseph Miller, Ashwin Kumar
-
Patent number: 11716284Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.Type: GrantFiled: May 5, 2021Date of Patent: August 1, 2023Assignee: Cisco Technology, Inc.Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Darrin Joseph Miller, Ashwin Kumar
-
Publication number: 20230014351Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: ApplicationFiled: September 14, 2022Publication date: January 19, 2023Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Publication number: 20220360528Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.Type: ApplicationFiled: May 5, 2021Publication date: November 10, 2022Inventors: Prakash C. Jain, Sanjay Kumar Hooda, Darrin Joseph Miller, Ashwin Kumar
-
Patent number: 11483290Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: GrantFiled: August 5, 2020Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Patent number: 11388175Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.Type: GrantFiled: September 5, 2019Date of Patent: July 12, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Gangadharan Byju Pularikkal, Santosh Ramrao Patil, Paul Wayne Bigbee, Darrin Joseph Miller, Madhusudan Nanjanagud
-
Publication number: 20210377314Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.Type: ApplicationFiled: June 1, 2020Publication date: December 2, 2021Inventors: Darrin Joseph Miller, Kevin Patrick Regan, Einar Nilsen-Nygaard
-
Publication number: 20210360465Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.Type: ApplicationFiled: April 21, 2021Publication date: November 18, 2021Inventors: Jerome Henry, Nancy Cam-Winget, Simone Arena, Darrin Joseph Miller, Sudhir Kumar Jain, Einar Nilsen-Nygaard
-
Patent number: 11108763Abstract: In one embodiment, a method by a first network apparatus includes receiving a request to access a resource from a client device associated with a user, determining that the request does not comprise a session cookie, sending an authorization request to a second network apparatus, receiving an authorization response including a resource authorization token from the second network apparatus, determining that the user is authorized to access the resource using the client device based on the received resource authorization token, establishing a first communication session with the client device by sending a message to the client device, and establishing a second communication session with a resource server that provides the resource, where the first network apparatus relays traffic between the client device and the resource server.Type: GrantFiled: January 9, 2020Date of Patent: August 31, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Balaji Sundararajan, Vivek Agarwal, Darrin Joseph Miller, Anand Oswal, Chandramouli Balasubramanian
-
Publication number: 20210218726Abstract: In one embodiment, a method by a first network apparatus includes receiving a request to access a resource from a client device associated with a user, determining that the request does not comprise a session cookie, sending an authorization request to a second network apparatus, receiving an authorization response including a resource authorization token from the second network apparatus, determining that the user is authorized to access the resource using the client device based on the received resource authorization token, establishing a first communication session with the client device by sending a message to the client device, and establishing a second communication session with a resource server that provides the resource, where the first network apparatus relays traffic between the client device and the resource server.Type: ApplicationFiled: January 9, 2020Publication date: July 15, 2021Inventors: Balaji Sundararajan, Vivek Agarwal, Darrin Joseph Miller, Anand Oswal, Chandramouli Balasubramanian
-
Publication number: 20210119971Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.Type: ApplicationFiled: August 5, 2020Publication date: April 22, 2021Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
-
Publication number: 20210119859Abstract: Systems and methods are provided for receiving service instructions from a client regarding a network function at a network element, the service instructions including a table of network policies and rules, receiving data from a first edge node of a network fabric, processing the data received from the first edge node according to the service instructions regarding the network function, and providing the processed data to a second edge node of the network fabric based on the service instructions.Type: ApplicationFiled: August 12, 2020Publication date: April 22, 2021Inventors: Saravanan Radhakrishnan, Anand Oswal, Paul Wayne Bigbee, Darrin Joseph Miller, Thomas Leslie Peter Wood
-
Publication number: 20210075799Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.Type: ApplicationFiled: September 5, 2019Publication date: March 11, 2021Inventors: Gangadharan Byju Pularikkal, Santosh Ramrao Patil, Paul Wayne Bigbee, Darrin Joseph Miller, Madhusudan Nanjanagud
-
Patent number: 10855705Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.Type: GrantFiled: September 29, 2017Date of Patent: December 1, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Matthew Scott Robertson, Darrin Joseph Miller, Sunil Navinchandra Amin, Paul Wayne Bigbee
-
Publication number: 20200296033Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.Type: ApplicationFiled: June 1, 2020Publication date: September 17, 2020Inventors: Craig Thomas Hill, James Guichard, Darrin Joseph Miller, Carlos M. Pignataro
-
Patent number: 10728142Abstract: In a first enclave of a label switching network (LSN), a protocol data unit (PDU) of the LSN is formatted to include a network service field specifying a service to be applied to the PDU. The service field can be positioned between PDU data link layer and network layer fields. The PDU specifies PDU routing/forwarding information for a path in the LSN ending in an LSN second enclave, and routing/forwarding for a destination between path segments in a non-LSN. The PDU is communicated from the first enclave, via the non-LSN, to the second enclave in accordance with the routing/forwarding information for the destination between path segments in the non-LSN. In the second enclave, each network service specified for the PDU is determined and then applied to the PDU. The second enclave transmits the network serviced PDU from the second enclave in accordance with the routing/forwarding information of the PDU in the label switching network.Type: GrantFiled: November 29, 2018Date of Patent: July 28, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Craig Thomas Hill, James Guichard, Darrin Joseph Miller, Carlos M. Pignataro