Patents by Inventor Donovan O'Hara
Donovan O'Hara has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11700275Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: June 28, 2021Date of Patent: July 11, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Patent number: 11570213Abstract: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.Type: GrantFiled: February 12, 2020Date of Patent: January 31, 2023Assignee: Cisco Technology, Inc.Inventors: Jianxin Wang, Nancy Cam-Winget, Donovan O'Hara, Richard Lee Barnes, II
-
Patent number: 11412000Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: GrantFiled: January 14, 2020Date of Patent: August 9, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Publication number: 20210360004Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: June 28, 2021Publication date: November 18, 2021Inventors: David McGrew, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING
-
Publication number: 20210218771Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: ApplicationFiled: January 14, 2020Publication date: July 15, 2021Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Patent number: 11057420Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: March 29, 2019Date of Patent: July 6, 2021Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Publication number: 20200322382Abstract: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.Type: ApplicationFiled: February 12, 2020Publication date: October 8, 2020Inventors: Jianxin Wang, Nancy Cam-Winget, Donovan O'Hara, Richard Lee Barnes, II
-
Publication number: 20190230095Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: DAVID MCGREW, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING
-
Patent number: 10305928Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: August 6, 2015Date of Patent: May 28, 2019Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Patent number: 10187414Abstract: A method is disclosed in which a system compares a first set of reports characterizing network traffic flows originating from an endpoint device with a second set of reports characterizing network traffic flows originating from the endpoint device and stored at an external network device to determine whether the first set and second set of reports characterizing network traffic flows originating from an endpoint device are different. In response to determining that the first and second reports characterizing network traffic flows are different, the system identifies the network traffic flows originating from the endpoint device and reported by an external network device, but not reported by the endpoint device, as possibly indicative of malware and forwards the network traffic flows originating from the endpoint device to an analyzer for further processing.Type: GrantFiled: July 20, 2016Date of Patent: January 22, 2019Assignee: Cisco Technology, Inc.Inventors: Vincent E. Parla, Andrey Zawadowskiy, Donovan O'Hara
-
Publication number: 20180026993Abstract: A method is disclosed in which a system compares a first set of reports characterizing network traffic flows originating from an endpoint device with a second set of reports characterizing network traffic flows originating from the endpoint device and stored at an external network device to determine whether the first set and second set of reports characterizing network traffic flows originating from an endpoint device are different. In response to determining that the first and second reports characterizing network traffic flows are different, the system identifies the network traffic flows originating from the endpoint device and reported by an external network device, but not reported by the endpoint device, as possibly indicative of malware and forwards the network traffic flows originating from the endpoint device to an analyzer for further processing.Type: ApplicationFiled: July 20, 2016Publication date: January 25, 2018Inventors: Vincent E. Parla, Andrey Zawadowskiy, Donovan O'Hara
-
Patent number: 9660833Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.Type: GrantFiled: May 9, 2014Date of Patent: May 23, 2017Assignee: Cisco Technology, Inc.Inventors: Andrew Zawadowskiy, Vincent E. Parla, Donovan O'Hara
-
Publication number: 20160352761Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: August 6, 2015Publication date: December 1, 2016Inventors: DAVID MCGREW, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING
-
Publication number: 20150326486Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.Type: ApplicationFiled: May 9, 2014Publication date: November 12, 2015Applicant: Cisco Technology, Inc.Inventors: Andrew Zawadowskiy, Vincent E. Parla, Donovan O'Hara