Patents by Inventor K. Tirumaleswar Reddy
K. Tirumaleswar Reddy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11843632Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: GrantFiled: January 12, 2023Date of Patent: December 12, 2023Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Patent number: 11711336Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.Type: GrantFiled: September 3, 2021Date of Patent: July 25, 2023Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, David McGrew, Blake Harrell Anderson, Daniel G. Wing
-
Patent number: 11665194Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: GrantFiled: August 5, 2021Date of Patent: May 30, 2023Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Publication number: 20230146962Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: ApplicationFiled: January 12, 2023Publication date: May 11, 2023Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Publication number: 20230118375Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.Type: ApplicationFiled: December 19, 2022Publication date: April 20, 2023Inventors: K Tirumaleswar Reddy, Prashanth Patil, Carlos M. Pignataro
-
Patent number: 11539747Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.Type: GrantFiled: February 3, 2020Date of Patent: December 27, 2022Assignee: Cisco Technology, Inc.Inventors: K Tirumaleswar Reddy, Prashanth Patil, Carlos M. Pignataro
-
Patent number: 11483243Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.Type: GrantFiled: June 7, 2019Date of Patent: October 25, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: K. Tirumaleswar Reddy, Ram Mohan Ravindranath, Muthu Arul Mozhi Perumal, Daniel G. Wing, William C. VerSteeg
-
Patent number: 11343178Abstract: A network node in a service function chain system receives a peer detection packet from a service function device in a service function path. The peer detection packet includes an inner packet with a header, such as a network service header. The network node detects a status indicator in the header that indicates a degradation in performing a service function at the service function device. The network node adjusts the service function path to compensate for the degradation in performing the service function at the service function device.Type: GrantFiled: September 3, 2019Date of Patent: May 24, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Prashanth Patil, K Tirumaleswar Reddy, Steven Richard Stites, James N. Guichard
-
Publication number: 20220038494Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: ApplicationFiled: August 5, 2021Publication date: February 3, 2022Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Publication number: 20210400011Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.Type: ApplicationFiled: September 3, 2021Publication date: December 23, 2021Inventors: K. Tirumaleswar Reddy, David McGrew, Blake Harrell Anderson, Daniel G. Wing
-
Patent number: 11165819Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: GrantFiled: June 19, 2020Date of Patent: November 2, 2021Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Patent number: 11140124Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.Type: GrantFiled: December 20, 2019Date of Patent: October 5, 2021Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, David McGrew, Blake Harrell Anderson, Daniel G. Wing
-
Patent number: 11108814Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.Type: GrantFiled: August 26, 2019Date of Patent: August 31, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: K Tirumaleswar Reddy, Ram Mohan Ravindranath, Prashanth Patil, Carlos M. Pignataro
-
Patent number: 10904149Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.Type: GrantFiled: August 29, 2019Date of Patent: January 26, 2021Assignee: Cisco Technology, Inc.Inventors: Carlos M. Pignataro, Nagendra Kumar Nainar, Rajiv Asati, K. Tirumaleswar Reddy
-
Patent number: 10873480Abstract: A network node in a service function chaining system receives multiple media streams of a media session between endpoints. Each media stream is encapsulated with a service header indicating a service function path and a session identifier. The network node determines that multiple service functions connected to the network node perform a particular service function in the service function path. The network node provides all of the media streams of the media session to a single service function instance to ensure that the media session is processed by the single service function.Type: GrantFiled: July 3, 2019Date of Patent: December 22, 2020Assignee: Cisco Technology, Inc.Inventors: Gonzalo Salgueiro, Prashanth Patil, K. Tirumaleswar Reddy, Carlos M. Pignataro
-
Publication number: 20200389489Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: ApplicationFiled: June 19, 2020Publication date: December 10, 2020Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Patent number: 10742612Abstract: In a network that includes a client, a server and one or more proxy entities that intercept network traffic between the client and the server, a computer-implemented method is provided including: establishing trust with a permissioned distributed database; computing hashes from packet payloads of network traffic originated, intercepted or received; storing the hashes to the permissioned distributed database so that the permissioned distributed database maintains hashes computed from packets of the network traffic originated, intercepted or received by the client, server and the one or more proxy entities; and validating the hashes by comparing, with each other, the hashes stored to the permissioned distributed database by the client, server and the one or more proxy entities to determine whether any packet payload of the network traffic was modified in transit.Type: GrantFiled: October 16, 2017Date of Patent: August 11, 2020Assignee: Cisco Technology, Inc.Inventors: Prashanth Patil, K. Tirumaleswar Reddy, Justin James Muller, Judith Ying Priest, Puneeth Rao Lokapalli
-
Patent number: 10735203Abstract: In an example embodiment, a validating peer of a plurality of validating peers in a blockchain network receives, from a non-validating peer, a request to create a root block of a blockchain. The root block includes information related to a potential computer security threat. The validating peer creates the root block with a root block pending validation status. The validating peer shares, with other validating peers of the plurality of validating peers, a notification of the root block with the root block pending validation status to provide an indication of the information. The validating peer determines whether the information is authentic. If the information is determined to be authentic, the validating peer changes the root block pending validation status to a root block authenticated validation status and shares, with the other validating peers, a notification of the root block authenticated validation status to indicate that the information is authentic.Type: GrantFiled: October 9, 2017Date of Patent: August 4, 2020Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Prashanth Patil, Puneeth Rao Lokapalli, Carlos M. Pignataro
-
Patent number: 10728280Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.Type: GrantFiled: August 24, 2016Date of Patent: July 28, 2020Assignee: Cisco Technology, Inc.Inventors: K. Tirumaleswar Reddy, Daniel G. Wing, Blake Harrell Anderson, David McGrew
-
Publication number: 20200177631Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.Type: ApplicationFiled: February 3, 2020Publication date: June 4, 2020Inventors: K Tirumaleswar Reddy, Prashanth Patil, Carlos M. Pignataro