Patents by Inventor Carlos M. Pignataro
Carlos M. Pignataro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11895504Abstract: Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to an Access Point (AP) of a wireless network, an attach request for the wireless network that includes authentication credentials for an identity provider independent from the wireless network to authenticate the UE to the wireless network; receiving, at the UE via the AP, an authentication success message for the wireless network from the independent identity provider; transmitting, from the UE to the AP, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the AP, a MEC response that identifies MEC resources that are available to the UE based on an identity for the UE confirmed by the identity provider to the wireless network.Type: GrantFiled: September 3, 2021Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Nagendra Kumar Nainar, Robert E. Barton, Carlos M. Pignataro, Jerome Henry
-
Dynamic skill handling mechanism for bot participation in secure multi-user collaboration workspaces
Patent number: 11888790Abstract: A system and method for creating a context-aware, conversational chat bot or agent in multi-party conversations where participants have different levels of security access to information and the bot operates in one or more modes depending on the business context of the multi-user collaboration virtual workspace. The methods include adding a bot, as a participant, to a virtual workspace that is a multi-user collaboration workspace, obtaining, at a bot application server, context of the virtual workspace, setting, by the bot application server, a skill set for the bot from among a plurality of skill sets. The skill set varies based on the context of the virtual workspace. The methods further include configuring, by the bot application server, the bot to perform at least one task in the virtual workspace based on the skill set.Type: GrantFiled: September 28, 2020Date of Patent: January 30, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Chidambaram Arunachalam, Gonzalo Salgueiro, David deMilo, Kevin Elrod, Felipe De Mello, Carlos M. Pignataro -
Publication number: 20240031349Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.Type: ApplicationFiled: September 22, 2023Publication date: January 25, 2024Applicant: Cisco Technology, Inc.Inventors: David J. Zacks, Carlos M. Pignataro, Thomas Szigeti
-
Patent number: 11882012Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.Type: GrantFiled: May 13, 2022Date of Patent: January 23, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Hans F. Ashlock, Cameron Esdaile, Walter T Hulick, Jr., Carlos M. Pignataro, Renato Quedas
-
Patent number: 11882020Abstract: Techniques are presented for evaluating Equal Cost Multi-Path (ECMP) performance in a network that includes a plurality of nodes. According to an example embodiment, a method is provided that includes obtaining information indicating equal cost multi-path (ECMP) paths in the network and a branch node in the network. For the branch node in the network, the method includes instantiating a virtual network function that simulates an ECMP hashing algorithm employed by the branch node to select one of multiple egress interface of the branch node; providing to the virtual network function for the branch node, a query containing entropy information as input to the ECMP hashing algorithm that returns interface selection results; and obtaining from the virtual network function a reply that includes the interface selection results. The method further includes evaluating ECMP performance in the network based on the interface selection results obtained for the branch node.Type: GrantFiled: November 17, 2022Date of Patent: January 23, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Jaganbabu Rajamanickam, Madhan Sankaranarayanan
-
Publication number: 20240014923Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.Type: ApplicationFiled: May 23, 2023Publication date: January 11, 2024Inventors: Mankamana Prasad Mishra, Nagendra Kumar Nainar, Carlos M. Pignataro, IJsbrand Wijnands
-
Patent number: 11863435Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.Type: GrantFiled: July 8, 2022Date of Patent: January 2, 2024Assignee: Cisco Technology, Inc.Inventors: Clarence Filsfils, Zafar Ali, Syed Kamran Raza, Ahmed Refaat Bashandy, Nagendra Kumar Nainar, Carlos M. Pignataro, Jaganbabu Rajamanickam, Rakesh Gandhi, Bhupendra Yadav, Faisal Iqbal
-
Patent number: 11863549Abstract: This disclosure describes techniques for setting and/or adjusting a security policy associated with a device based on the physical locations of endpoint devices exchanging data with the device. An example method includes performing, at a first time, a first authentication of a first device connecting to a service; determining addresses of second devices exchanging data with the first device; determining physical locations of the second devices based on the addresses; and defining a reauthentication interval based on the physical locations of the second devices. At a second time that is after the first time by the reauthentication interval, the example method further includes disconnecting the first device from the service; and based on disconnecting the first device from the service, triggering a second authentication of the first device.Type: GrantFiled: February 17, 2021Date of Patent: January 2, 2024Assignee: Cisco Technology, Inc.Inventors: David J Zacks, Carlos M. Pignataro, Thomas Szigeti
-
Publication number: 20230421651Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.Type: ApplicationFiled: June 22, 2022Publication date: December 28, 2023Inventors: Walter T. Hulick, JR., Carlos M. Pignataro, David John Zacks, Thomas Szigeti
-
Patent number: 11855708Abstract: Techniques and apparatus for determining quality of experience (QoE) for wireless communications are described. One technique involves transmitting a QoE support message to an access point (AP) within an access network. The QoE support message queries whether the AP supports providing key performance indicators (KPI(s)) indicative of QoE provided by the access network. An indication of whether the AP supports providing the KPI(s) is received in response to the QoE support message. The KPI(s) are received when the AP supports providing the KPI(s). A determination is made whether to communicate with the AP based at least in part on the KPI(s). Communications are then performed in accordance with the determination.Type: GrantFiled: December 14, 2022Date of Patent: December 26, 2023Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Robert E. Barton, Nagendra Kumar Nainar, Carlos M. Pignataro, Bart A. Brinckman
-
Publication number: 20230394370Abstract: Systems, methods, and computer-readable for cognitive sensor fusion management include obtaining one or more data streams from one or more sensors. Learning algorithms are used for determining whether a combination of the one or more data streams includes sufficient information for achieving a desired outcome, based on context, business verticals, or other considerations. One or more modifications are determined to at least the one or more data streams or one or more sensors based on whether the combination of the one or more data streams includes sufficient information for achieving the desired outcome. In a closed-loop system, feedback from implementing the one or more modifications can be used to update the desired outcome.Type: ApplicationFiled: August 22, 2023Publication date: December 7, 2023Inventors: Marcelo Yannuzzi Sanchez, Carlos M. Pignataro, Simon Dyke, David Delano Ward
-
Publication number: 20230376879Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.Type: ApplicationFiled: May 18, 2022Publication date: November 23, 2023Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, David John Zacks, Thomas Szigeti
-
Publication number: 20230376632Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application to access confidential information within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device permits, based on a policy, the transaction to complete within the online application. The device determines, based on the policy, a set of one or more client-side functions to disable during the transaction. The device instructs an agent executed by the client to disable the set of one or more client-side functions during the transaction.Type: ApplicationFiled: May 17, 2022Publication date: November 23, 2023Inventors: Thomas Szigeti, David John ZACKS, Walter Theodore HULICK, JR., Nagendra Kumar NAINAR, Carlos M. PIGNATARO
-
Patent number: 11824866Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.Type: GrantFiled: February 5, 2021Date of Patent: November 21, 2023Assignee: Cisco Technology, Inc.Inventors: Thomas Szigeti, David John Zacks, Frank Michaud, Carlos M. Pignataro
-
Publication number: 20230370370Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.Type: ApplicationFiled: July 19, 2023Publication date: November 16, 2023Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Zafar Ali
-
Publication number: 20230370349Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.Type: ApplicationFiled: May 13, 2022Publication date: November 16, 2023Inventors: Hans F. Ashlock, Cameron Esdaile, Walter T. Hulick, JR., Carlos M. Pignataro, Renato Quedas
-
Patent number: 11818137Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.Type: GrantFiled: September 30, 2021Date of Patent: November 14, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, David John Zacks, Thomas Szigeti
-
Patent number: 11818038Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.Type: GrantFiled: February 3, 2022Date of Patent: November 14, 2023Assignee: Cisco Technology, Inc.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Zafar Ali
-
Patent number: 11818142Abstract: An electronic device of a content producer generates a chunk of data, associates a location-independent name with the chunk of data, generates a signature for the chunk of data, attaches the signature to the chunk of data, and transmits the chunk of data, with the signature attached, to one or more user devices in response to respective requests. The signature is generated based on the data in the chunk, using a private key of the electronic device. The electronic device also stores information, including a specification of a public key associated with the private key, in a first ledger entry of a blockchain, to provide the one or more user devices with access to the public key. A user device may obtain the public key and use it to verify the chunk of data.Type: GrantFiled: August 24, 2021Date of Patent: November 14, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Luca Muscariello, Alberto Compagno, Giovanna Carofiglio
-
Patent number: 11811784Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.Type: GrantFiled: June 3, 2022Date of Patent: November 7, 2023Assignee: Cisco Technology, Inc.Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Akram Ismail Sheriff