Patents by Inventor Carlos M. Pignataro
Carlos M. Pignataro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12052562Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.Type: GrantFiled: September 13, 2021Date of Patent: July 30, 2024Assignee: Cisco Technology, Inc.Inventors: David J. Zacks, Thomas Szigeti, Carlos M. Pignataro, Jerome Henry
-
Patent number: 12052176Abstract: Techniques for policy-based failure handling of data that is received for processing by failed edge services are described herein. The techniques may include receiving, at an edge node of a network, a data handling policy for a service hosted on the edge node. The service may be configured to process traffic on behalf of an application hosted by a cloud-based platform. In some examples, the data handling policy may be stored in a memory that is accessible to the edge node. The techniques may also include receiving traffic at the edge node that is to be processed at least partially by the service. At least partially responsive to detecting an error associated with the service, the edge node may cause the traffic to be handled according to the data handling policy while the service is experiencing the error.Type: GrantFiled: October 6, 2021Date of Patent: July 30, 2024Assignee: Cisco Technology, Inc.Inventors: Rajesh Indira Viswambharan, Nagendra Kumar Nainar, Akram Sheriff, Vinay Saini, David J. Zacks, Carlos M. Pignataro
-
Publication number: 20240250946Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.Type: ApplicationFiled: April 1, 2024Publication date: July 25, 2024Inventors: Carlos M. PIGNATARO, Nagendra Kumar NAINAR, Jerome HENRY, Robert E. BARTON, Bart A. BRINCKMAN
-
Patent number: 12039276Abstract: A method includes associating anomalous first text, from a first unstructured data set, with a first classification; processing the first unstructured data set using at least one of ML or AI to identify a second text that is in close context to the first text, and adding the second text to a text list associated with the first classification; enriching the text list by processing the second text to generate a third text, and adding the third text to the text list to produce an enriched text list and such that the third text is also associated with the first classification; matching the text in the enriched text list to text in a second unstructured data set; and classifying the text in the second unstructured data set as having the first classification when the text in the second unstructured data set matches text in the enriched text list.Type: GrantFiled: June 29, 2020Date of Patent: July 16, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Dmitri Goloubev, Nassim Benoussaid, Volodymyr Iashyn, Borys Viacheslavovych Berlog, Carlos M. Pignataro
-
Patent number: 12028378Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.Type: GrantFiled: December 19, 2022Date of Patent: July 2, 2024Assignee: Cisco Technology, Inc.Inventors: K Tirumaleswar Reddy, Prashanth Patil, Carlos M. Pignataro
-
Publication number: 20240205186Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.Type: ApplicationFiled: February 29, 2024Publication date: June 20, 2024Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Robert E. Barton, Jerome Henry
-
Publication number: 20240195751Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.Type: ApplicationFiled: February 27, 2024Publication date: June 13, 2024Inventors: Shankar Ramanathan, Nagendra Kumar Nainar, Carlos M. Pignataro
-
Publication number: 20240195678Abstract: A method is performed by a network controller that is configured to control routers configured to forward a multicast flow downstream from a first hop router that is a root of a multicast tree formed by the routers to last hop routers that terminate branches of the multicast tree, respectively. The method includes collecting operational configuration information from the routers and constructing a topological view of the multicast tree based on the operational configuration information; causing the routers to forward multicast probes downstream from the first hop router along all of the branches toward the last hop routers to trace the multicast tree; receiving, from particular ones of the last hop routers that received the multicast probes, indications that the multicast probes were received; and detecting failures in the multicast tree based on the indications and the topological view.Type: ApplicationFiled: December 13, 2022Publication date: June 13, 2024Inventors: Mankamana Prasad Mishra, Nitin Kumar, Frank Brockners, Carlos M. Pignataro, Rakesh Gandhi
-
Publication number: 20240171616Abstract: Differentiated service in a federation-based access network is provided by receiving a set of credentials from a User Equipment (UE) for a wireless network offering a plurality of service levels. In response to determining that the set of credentials indicate a realm associated with a given service level, network access is provided to the UE according to the given service level. In response to determining that the given service level is not a highest service level in the wireless network, a list of one or more preferred realms is transmitted to the UE, where each realm of the list of one or more preferred realms is associated with one or more higher service levels than the given service level.Type: ApplicationFiled: January 25, 2024Publication date: May 23, 2024Inventors: Jerome HENRY, Robert E. BARTON, Carlos M. PIGNATARO, Nagendra Kumar NAINAR, Malcolm M. SMITH, Mark GRAYSON, Bart A. BRINCKMAN
-
Patent number: 11991090Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.Type: GrantFiled: October 19, 2022Date of Patent: May 21, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Shankar Ramanathan, Nagendra Kumar Nainar, Carlos M. Pignataro
-
Publication number: 20240154947Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.Type: ApplicationFiled: January 16, 2024Publication date: May 9, 2024Inventors: Nagendra Kumar NAINAR, Robert E. BARTON, Carlos M. PIGNATARO, Jerome HENRY, Bart A. BRINCKMAN
-
Patent number: 11979403Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.Type: GrantFiled: May 27, 2021Date of Patent: May 7, 2024Assignee: Cisco Technology, Inc.Inventors: Carlos M. Pignataro, Nagendra Kumar Nainar, Jerome Henry, Robert E. Barton, Bart A. Brinckman
-
Patent number: 11979744Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.Type: GrantFiled: July 23, 2021Date of Patent: May 7, 2024Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Louis G. Samuel, Mark Grayson, Bart A. Brinckman, Robert E. Barton, Carlos M. Pignataro, Nagendra Kumar Nainar, Matthew MacPherson
-
Publication number: 20240144269Abstract: In one embodiment, a device obtains transaction data regarding a user account of an application performing a transaction within the application to access a particular document. The transaction data is captured by instrumentation code inserted into the application at runtime. The device identifies, based on the transaction data, a data mining policy for the transaction. The device generates, based on the data mining policy, identification information associated with the user account and the particular document. The device inserts, via the instrumentation code, tracing data into the particular document that causes a client that opens the particular document to send a web request for a uniform resource locator (URL) associated with the identification information.Type: ApplicationFiled: October 26, 2022Publication date: May 2, 2024Inventors: Thomas Szigeti, David John ZACKS, Walter Theodore HULICK, Nagendra Kumar NAINAR, Carlos M. PIGNATARO
-
Patent number: 11973843Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.Type: GrantFiled: June 22, 2022Date of Patent: April 30, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Walter T. Hulick, Jr., Carlos M. Pignataro, David John Zacks, Thomas Szigeti
-
Patent number: 11968172Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.Type: GrantFiled: February 22, 2022Date of Patent: April 23, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Robert E. Barton, Jerome Henry
-
Patent number: 11968242Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.Type: GrantFiled: July 1, 2021Date of Patent: April 23, 2024Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Robert E. Barton, Carlos M. Pignataro, Nagendra Kumar Nainar, Malcolm M. Smith, Mark Grayson, Bart A. Brinckman
-
Patent number: 11966413Abstract: In one embodiment, a first deep fusion reasoning engine (DFRE) agent in a network receives first sensor data from a first set of one or more sensors in the network. The first DFRE agent translates the first sensor data into symbolic data. The first DFRE agent applies, using a symbolic knowledge base maintained by the first DFRE agent, symbolic reasoning to the symbolic data to make an inference regarding the first sensor data. The first DFRE agent updates, based on the inference regarding the first sensor data, the knowledge base. The first DFRE agent propagates the inference to one or more other DFRE agents in the network.Type: GrantFiled: March 6, 2020Date of Patent: April 23, 2024Assignee: Cisco Technology, Inc.Inventors: Hugo Latapie, Enzo Fenoglio, Carlos M. Pignataro, Nagendra Kumar Nainar, David Delano Ward
-
Publication number: 20240113962Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.Type: ApplicationFiled: December 5, 2023Publication date: April 4, 2024Inventors: Clarence FILSFILS, Zafar ALI, Syed Kamran RAZA, Ahmed Refaat BASHANDY, Nagendra Kumar NAINAR, Carlos M. PIGNATARO, Jaganbabu RAJAMANICKAM, Rakesh GANDHI, Bhupendra YADAV, Faisal IQBAL
-
Publication number: 20240089737Abstract: Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to a node of a wireless network of a federated service, an attach request for the wireless network that includes authentication credentials for an independent identity provider in an identity federation, wherein the independent identity provider is external and independent from the wireless network and used to authenticate the UE to the wireless network; forwarding, from the node to the independent identity provider, the authentication credentials; transmitting, from the independent identity provider to the node, an authentication success message; receiving, at the UE via the node, the authentication success message; transmitting, from the UE to the node, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the node, a MEC response that identifies MEC resources that are available to the UE.Type: ApplicationFiled: November 15, 2023Publication date: March 14, 2024Inventors: Nagendra Kumar NAINAR, Robert E. BARTON, Carlos M. PIGNATARO, Jerome HENRY