Patents by Inventor David Hanes
David Hanes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11929984Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.Type: GrantFiled: May 5, 2021Date of Patent: March 12, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: David Hanes, Gonzalo Salgueiro, Sebastian Jeuk, Robert Edgar Barton
-
Patent number: 11893849Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.Type: GrantFiled: September 13, 2021Date of Patent: February 6, 2024Assignee: Cisco Technology, Inc.Inventors: Thomas Szigeti, David Hanes, Gonzalo Salgueiro, Sebastian Jeuk
-
Patent number: 11829849Abstract: Techniques for orchestrating a machine learning (ML) system on a distributed network. Determined performance levels for a ML system, determined from performance data received from the distributed network, are compared to performance requirements from the ML system. An orchestration module for the ML system then determines adjustments for the ML system that will improve the performance of the ML system and executes the adjustments for the ML system.Type: GrantFiled: January 9, 2019Date of Patent: November 28, 2023Assignee: Cisco Technology, Inc.Inventors: Charles Calvin Byers, Joseph M. Clarke, Gonzalo A. Salgueiro, M. David Hanes
-
Publication number: 20230216860Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.Type: ApplicationFiled: March 14, 2023Publication date: July 6, 2023Inventors: Nikhil Sainath Kale, M. David Hanes, Ana Peric, Gonzalo Salgueiro
-
Patent number: 11658977Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.Type: GrantFiled: September 28, 2020Date of Patent: May 23, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Nikhil Sainath Kale, M. David Hanes, Ana Peric, Gonzalo Salgueiro
-
Publication number: 20230083426Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.Type: ApplicationFiled: September 13, 2021Publication date: March 16, 2023Inventors: Thomas Szigeti, David Hanes, Gonzalo Salgueiro, Sebastian Jeuk
-
Publication number: 20230042610Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.Type: ApplicationFiled: August 9, 2021Publication date: February 9, 2023Inventors: Robert Edgar Barton, David Hanes, Gonzalo Salgueiro, Sebastian Jeuk
-
Patent number: 11562176Abstract: Systems, methods, and computer-readable mediums for distributing machine learning model training to network edge devices, while centrally monitoring training of the models and controlling deployment of the models. A machine learning model architecture can be generated at a machine learning structure controller. The machine learning model architecture can be deployed to network edge devices in a network environment to instantiate and train a machine learning model at the network edge devices. Performance reports indicating performance of the machine learning model at the network edge devices can be received by the machine learning structure controller from the network edge devices.Type: GrantFiled: February 22, 2019Date of Patent: January 24, 2023Assignee: Cisco Technology, Inc.Inventors: Volodymyr Iashyn, Gonzalo Salgueiro, M. David Hanes
-
Patent number: 11558927Abstract: In one embodiment, a supervisory service for a wireless network obtains frequency-time Doppler profile information for an endpoint node attached to a first access point in the wireless network. The supervisory service uses the frequency-time Doppler profile information for the endpoint node as input to a machine learning model. The machine learning model is trained to output an action for the endpoint node with respect to the wireless network. The supervisory service causes the action for the endpoint node with respect to the wireless network to be performed.Type: GrantFiled: April 30, 2020Date of Patent: January 17, 2023Assignee: Cisco Technology, Inc.Inventors: Shankar Ramanathan, M. David Hanes, Muhilan Natarajan, Gonzalo Salgueiro, Robert Edgar Barton, Jerome Henry, Akram Ismail Sheriff
-
Patent number: 11546262Abstract: Systems and methods provide for Selective Tracking of Acknowledgments (STACKing) to improve buffer utilization and traffic shaping for one or more network devices. A network device can identify a first flow that corresponds to a predetermined traffic class and a predetermined congestion state. The device can determine a current window size and congestion threshold of the first flow. In response to a determination to selectively track a portion of acknowledgments of the first flow, the device can track, in main memory, information of a first portion of acknowledgments of the first flow. The device can exclude, from one or more buffers, a second portion of acknowledgments of the first flow. The device can re-generate and transmit segments corresponding to the second portion of acknowledgments at a target transmission rate based on traffic shaping policies for the predetermined traffic class and congestion state.Type: GrantFiled: January 20, 2021Date of Patent: January 3, 2023Assignee: Cisco Technology, Inc.Inventors: M. David Hanes, Santosh Ramrao Patil, Gonzalo Salgueiro, Akramsheriff Ismailsheriff
-
Patent number: 11516139Abstract: Systems and methods provide for generating traffic class-specific congestion signatures and other machine learning models for improving network performance. In some embodiments, a network controller can receive historical traffic data captured by a plurality of network devices within a first period of time that the network devices apply one or more traffic shaping policies for a predetermined traffic class and a predetermined congestion state. The controller can generate training data sets including flows of the historical traffic data labeled as corresponding to the predetermined traffic class and predetermined congestion state. The controller can generate, based on the training data sets, traffic class-specific congestion signatures that receive input traffic data determined to correspond to the predetermined traffic class and output an indication whether the input traffic data corresponds to the predetermined congestion state.Type: GrantFiled: December 2, 2020Date of Patent: November 29, 2022Assignee: Cisco Technology, Inc.Inventors: Akramsheriff Ismailsheriff, Santosh Ramrao Patil, Gonzalo Salgueiro, M. David Hanes
-
Publication number: 20220360562Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.Type: ApplicationFiled: May 5, 2021Publication date: November 10, 2022Inventors: David Hanes, Gonzalo Salgueiro, Sebastian Jeuk, Robert Edgar Barton
-
Publication number: 20220329488Abstract: Techniques described herein relate to automatically generating standard network device configurations. In one example, one or more groups of network device configuration blocks may be obtained. An analysis of the one or more groups of network device configuration blocks may be performed, including identifying respective frequencies associated with respective network device configuration blocks of the one or more groups of network device configuration blocks. Based on the respective frequencies, one or more network device configuration blocks of the one or more groups of network device configuration blocks may be automatically aggregated into a standard network device configuration.Type: ApplicationFiled: June 27, 2022Publication date: October 13, 2022Inventors: Derek William Engi, Gonzalo Salgueiro, M. David Hanes, Bradley Wise, Md Atiqur Rahman
-
Publication number: 20220321534Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Inventors: Sebastian Jeuk, David Hanes, Gonzalo Salgueiro
-
Patent number: 11438226Abstract: In one example, a logical representation of a first graph is generated. The first graph indicates a configuration of a network device in a network at a first time. The first graph includes a first node representative of a first configuration block of the network device, a second node representative of a second configuration block of the network device, and a first link that indicates, by connecting the first node and the second node, that the first configuration block is associated with the second configuration block. The logical representation of the first graph is compared to a logical representation of a second graph that indicates an actual or planned configuration of the network device at a second time subsequent to the first time. In response, one or more changes in the configuration of the network device from the first time to the second time are identified.Type: GrantFiled: February 2, 2021Date of Patent: September 6, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Derek William Engi, Gonzalo Salgueiro, M. David Hanes, Bradley Wise, Md Atiqur Rahman
-
Patent number: 11418397Abstract: Techniques described herein relate to automatically generating standard network device configurations. In one example, one or more groups of network device configuration blocks may be obtained. An analysis of the one or more groups of network device configuration blocks may be performed, including identifying respective frequencies associated with respective network device configuration blocks of the one or more groups of network device configuration blocks. Based on the respective frequencies, one or more network device configuration blocks of the one or more groups of network device configuration blocks may be automatically aggregated into a standard network device configuration.Type: GrantFiled: February 1, 2021Date of Patent: August 16, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Derek William Engi, Gonzalo Salgueiro, M. David Hanes, Bradley Wise, Md Atiqur Rahman
-
Patent number: 11418401Abstract: A method includes obtaining performance characterization values from endpoints managed by a first fog node at a first hierarchical level in a hierarchy of fog nodes. The method includes changing a first operating characteristic of the wireless network based on the performance characterization values. The first operating characteristic affects the operation of one or more of the endpoints. The method includes transmitting a portion of the performance characterization values to a second fog node at a second hierarchical level in the hierarchy of fog nodes. The method includes changing a second operating characteristic of the wireless network based on an instruction from the second fog node. The second operating characteristic affects the operation of the first fog node and/or other fog nodes at the first hierarchical level. Changing one or more of the first operating characteristic and the second operating characteristic satisfies an operating threshold for the wireless network.Type: GrantFiled: February 25, 2021Date of Patent: August 16, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: M. David Hanes, Charles Calvin Byers, Joseph Michael Clarke, Gonzalo Salgueiro, Jerome Henry, Robert Edgar Barton
-
Publication number: 20220247630Abstract: In one example, a logical representation of a first graph is generated. The first graph indicates a configuration of a network device in a network at a first time. The first graph includes a first node representative of a first configuration block of the network device, a second node representative of a second configuration block of the network device, and a first link that indicates, by connecting the first node and the second node, that the first configuration block is associated with the second configuration block. The logical representation of the first graph is compared to a logical representation of a second graph that indicates an actual or planned configuration of the network device at a second time subsequent to the first time. In response, one or more changes in the configuration of the network device from the first time to the second time are identified.Type: ApplicationFiled: February 2, 2021Publication date: August 4, 2022Inventors: Derek William Engi, Gonzalo Salgueiro, M. David Hanes, Bradley Wise, Md Atiqur Rahman
-
Publication number: 20220247638Abstract: Techniques described herein relate to automatically generating standard network device configurations. In one example, one or more groups of network device configuration blocks may be obtained. An analysis of the one or more groups of network device configuration blocks may be performed, including identifying respective frequencies associated with respective network device configuration blocks of the one or more groups of network device configuration blocks. Based on the respective frequencies, one or more network device configuration blocks of the one or more groups of network device configuration blocks may be automatically aggregated into a standard network device configuration.Type: ApplicationFiled: February 1, 2021Publication date: August 4, 2022Inventors: Derek William Engi, Gonzalo Salgueiro, M. David Hanes, Bradley Wise, Md Atiqur Rahman
-
Publication number: 20220231837Abstract: A packet capture operation is configured via a first computing device. The packet capture operation is configured to capture packets provided by a second computing device. The first computing device obtains an indication that a user is within a predetermined location proximity to the second computing device. The packet capture operation is initiated in response to obtaining the indication at the first computing device.Type: ApplicationFiled: January 20, 2021Publication date: July 21, 2022Inventors: Mateusz Olszowy, M. David Hanes, Oliver W. Fagan