Patents by Inventor Carlos M. Pignataro

Carlos M. Pignataro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11863435
    Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.
    Type: Grant
    Filed: July 8, 2022
    Date of Patent: January 2, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Clarence Filsfils, Zafar Ali, Syed Kamran Raza, Ahmed Refaat Bashandy, Nagendra Kumar Nainar, Carlos M. Pignataro, Jaganbabu Rajamanickam, Rakesh Gandhi, Bhupendra Yadav, Faisal Iqbal
  • Publication number: 20230421651
    Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.
    Type: Application
    Filed: June 22, 2022
    Publication date: December 28, 2023
    Inventors: Walter T. Hulick, JR., Carlos M. Pignataro, David John Zacks, Thomas Szigeti
  • Patent number: 11855708
    Abstract: Techniques and apparatus for determining quality of experience (QoE) for wireless communications are described. One technique involves transmitting a QoE support message to an access point (AP) within an access network. The QoE support message queries whether the AP supports providing key performance indicators (KPI(s)) indicative of QoE provided by the access network. An indication of whether the AP supports providing the KPI(s) is received in response to the QoE support message. The KPI(s) are received when the AP supports providing the KPI(s). A determination is made whether to communicate with the AP based at least in part on the KPI(s). Communications are then performed in accordance with the determination.
    Type: Grant
    Filed: December 14, 2022
    Date of Patent: December 26, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Jerome Henry, Robert E. Barton, Nagendra Kumar Nainar, Carlos M. Pignataro, Bart A. Brinckman
  • Publication number: 20230394370
    Abstract: Systems, methods, and computer-readable for cognitive sensor fusion management include obtaining one or more data streams from one or more sensors. Learning algorithms are used for determining whether a combination of the one or more data streams includes sufficient information for achieving a desired outcome, based on context, business verticals, or other considerations. One or more modifications are determined to at least the one or more data streams or one or more sensors based on whether the combination of the one or more data streams includes sufficient information for achieving the desired outcome. In a closed-loop system, feedback from implementing the one or more modifications can be used to update the desired outcome.
    Type: Application
    Filed: August 22, 2023
    Publication date: December 7, 2023
    Inventors: Marcelo Yannuzzi Sanchez, Carlos M. Pignataro, Simon Dyke, David Delano Ward
  • Publication number: 20230376632
    Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application to access confidential information within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device permits, based on a policy, the transaction to complete within the online application. The device determines, based on the policy, a set of one or more client-side functions to disable during the transaction. The device instructs an agent executed by the client to disable the set of one or more client-side functions during the transaction.
    Type: Application
    Filed: May 17, 2022
    Publication date: November 23, 2023
    Inventors: Thomas Szigeti, David John ZACKS, Walter Theodore HULICK, JR., Nagendra Kumar NAINAR, Carlos M. PIGNATARO
  • Publication number: 20230376879
    Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.
    Type: Application
    Filed: May 18, 2022
    Publication date: November 23, 2023
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, David John Zacks, Thomas Szigeti
  • Patent number: 11824866
    Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.
    Type: Grant
    Filed: February 5, 2021
    Date of Patent: November 21, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Thomas Szigeti, David John Zacks, Frank Michaud, Carlos M. Pignataro
  • Publication number: 20230370370
    Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.
    Type: Application
    Filed: July 19, 2023
    Publication date: November 16, 2023
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Zafar Ali
  • Publication number: 20230370349
    Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.
    Type: Application
    Filed: May 13, 2022
    Publication date: November 16, 2023
    Inventors: Hans F. Ashlock, Cameron Esdaile, Walter T. Hulick, JR., Carlos M. Pignataro, Renato Quedas
  • Patent number: 11818137
    Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: November 14, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, David John Zacks, Thomas Szigeti
  • Patent number: 11818038
    Abstract: Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.
    Type: Grant
    Filed: February 3, 2022
    Date of Patent: November 14, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Zafar Ali
  • Patent number: 11818142
    Abstract: An electronic device of a content producer generates a chunk of data, associates a location-independent name with the chunk of data, generates a signature for the chunk of data, attaches the signature to the chunk of data, and transmits the chunk of data, with the signature attached, to one or more user devices in response to respective requests. The signature is generated based on the data in the chunk, using a private key of the electronic device. The electronic device also stores information, including a specification of a public key associated with the private key, in a first ledger entry of a blockchain, to provide the one or more user devices with access to the public key. A user device may obtain the public key and use it to verify the chunk of data.
    Type: Grant
    Filed: August 24, 2021
    Date of Patent: November 14, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Luca Muscariello, Alberto Compagno, Giovanna Carofiglio
  • Patent number: 11811784
    Abstract: Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod.
    Type: Grant
    Filed: June 3, 2022
    Date of Patent: November 7, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Akram Ismail Sheriff
  • Patent number: 11811622
    Abstract: Aggregation of cross domain service level indications provide an estimate of available end to end error budget within a service chain of a network system. In some embodiments, service level indications are obtained from a plurality of sub-domains, and aggregated to determine an end to end reliability score. The end to end reliability score is then distributed one or more of the sub-domains. The sub-domains then consider whether to implement a change based on local service level indications as well as the end to end reliability score. In other embodiments, a sub-domain requests approval to implement a change from an error manager. The error manager consults the end to end reliability score to determine whether adequate margin exists in the service chain to allow the change to occur, while still meeting service level objectives of the service chain. The error manager conditionally approves the request based on the determination.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: November 7, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, David John Zacks
  • Patent number: 11805029
    Abstract: A method is performed at one or more entities configured to configure and provide assurance for a service enabled on a network. The service is configured as a collection of subservices on network devices of the network. A definition of the service is decomposed into a subservice dependency graph that indicates the subservices and dependencies between the subservices that collectively implement the service. Based on the subservice dependency graph, the subservices are configured to record and report subservice metrics indicative of subservice health states of the subservices. The subservice metrics are obtained from the subservices, and the subservice health states of the subservices are determined based on the subservice metrics. A health state of the service is determined based on the subservice health states. One or more of the subservices are reconfigured based on the health state of the service.
    Type: Grant
    Filed: October 18, 2022
    Date of Patent: October 31, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Benoit Claise, Carlos M. Pignataro, Eric Vyncke, Joseph M. Clarke, Mioljub Jovanovic, Harjinder Singh
  • Patent number: 11805112
    Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.
    Type: Grant
    Filed: February 17, 2021
    Date of Patent: October 31, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: David J Zacks, Carlos M. Pignataro, Thomas Szigeti
  • Publication number: 20230334478
    Abstract: In one embodiment, a device obtains data regarding a transaction attempted by a user account within an online application that is captured by instrumentation code that is inserted into the online application at runtime, wherein the user account has sufficient privileges within the online application to perform the transaction. The device makes an inference about the data regarding the transaction using a behavioral model. The device determines, based on the inference, a mitigation action for performance within the online application according to an enforcement policy. The device enforces the mitigation action within the online application.
    Type: Application
    Filed: April 19, 2022
    Publication date: October 19, 2023
    Inventors: Thomas SZIGETI, David John ZACKS, Walter Theodore HULICK, JR., Nagendra Kumar NAINAR, Carlos M. PIGNATARO
  • Publication number: 20230336402
    Abstract: Data related to operational performance of a plurality of nodes in a system is obtained and a first metric anomaly associated with a node of the plurality of nodes in the system is identified. The first metric anomaly indicates that data associated with a first metric is outside a threshold range. Second metrics related to the first metric are identified and it is determined that one of the second metrics is an anomaly. Third metrics related to the second metric are identified and it is determined whether any third metric is an anomaly. The second metric is identified as a probable cause of the first metric anomaly when it is determined that no third metric is an anomaly. A report including information associated with the probable cause of the first metric anomaly is transmitted to a user device.
    Type: Application
    Filed: April 18, 2022
    Publication date: October 19, 2023
    Inventors: Walter Hulick, JR., Carlos M. Pignataro, David Zacks, Thomas Szigeti, Hans F. Ashlock
  • Patent number: 11792065
    Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.
    Type: Grant
    Filed: February 17, 2022
    Date of Patent: October 17, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Nagendra Kumar Nainar, Jaganbabu Rajamanickam, David John Zacks, Carlos M. Pignataro, Madhan Sankaranarayanan, Cesar Obediente, Craig Thomas Hill
  • Publication number: 20230328553
    Abstract: Failure prediction signaling and cognitive user migration may be provided. A client device may receive at least a portion of failure prediction data. The client device may then analyze the at least the portion of the failure prediction data. The client device may then roam from a first computing device to a second computing device in response to analyzing the at least the portion of the failure prediction data.
    Type: Application
    Filed: June 12, 2023
    Publication date: October 12, 2023
    Applicant: Cisco Technology, Inc.
    Inventors: Nagendra Kumar Nainar, Carlos M. Pignataro, Jerome Henry, Robert E. Barton