Patents by Inventor Mohamed Khalid

Mohamed Khalid has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8036221
    Abstract: A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node.
    Type: Grant
    Filed: September 15, 2008
    Date of Patent: October 11, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Scott Fluhrer, Warren Scott Wainner, Sheela Rowles, Kavitha Kamarthy, Mohamed Khalid, Haseeb Naizi, Pratima Sethi
  • Patent number: 7987506
    Abstract: A method, system, and computer program product for dynamically updating a routing table in a virtual private network including a concentrator with a routing table and one or more security associations is provided. A change is identified in the virtual private network, and related network information is also identified. A notification update message is created, including (i) a type of change to be made to the routing table based on to the identified change and (ii) the related network information. The notification update message is sent to the concentrator, which updates the routing table according to the notification update message. During the updating of the routing table of the concentrator, current security associations of the virtual private network tunnel are maintained.
    Type: Grant
    Filed: November 3, 2006
    Date of Patent: July 26, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Rajiv Asati, Shashidhar P. Patil, Aamer Akhter
  • Patent number: 7969981
    Abstract: A method is provided in one example implementation and includes sending a PIM join message to the second spoke router by the hub router. The second spoke router dynamically determines each interested remote spoke router by parsing a hub-sent PIM message and accordingly constructs the multicast routing entry such that the first and second spoke routers establish multicast communication independent of a hub router. In more specific embodiments, the PIM join/prune messaging includes a list of each downstream spoke router that sent a PIM join/prune, in a new attribute. The PIM join/prune message is sent by the hub router towards a multicast source. A new receiver-list attribute is created that the hub router populates with a non-broadcast multi-access (NBMA) address for each interested spoke router.
    Type: Grant
    Filed: September 2, 2008
    Date of Patent: June 28, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Rajiv Asati, Yiqun Cai, Mohamed Khalid
  • Patent number: 7944854
    Abstract: A method for IP Security within Multi-Topology Routing is disclosed. Disclosed methods may also include IKE extensions. A route eligible for IPSec protection is injected into a topology routing table. Network traffic can then be protected in accordance with a security session, such as an IPSec session, between a first network node and a second network node and forwarded through a selected topology to take advantage of the service-differentiation capabilities of MTR.
    Type: Grant
    Filed: January 4, 2008
    Date of Patent: May 17, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Aamer Akhter, Manikchand Roopchand Bafna, Rajiv Asati, Mohamed Khalid
  • Patent number: 7895425
    Abstract: In one embodiment, a method can include: selecting an operation, administration, and maintenance (OAM) type for a destination, where the destination is enabled for a service insertion architecture (SIA); encapsulating an OAM packet with the OAM type indicated in a service header therein; and sending the OAM packet to the destination.
    Type: Grant
    Filed: August 3, 2007
    Date of Patent: February 22, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Paul Quinn, Kenneth Durazzo, Robert Gleichauf, Richard M. Pruss
  • Publication number: 20110035796
    Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.
    Type: Application
    Filed: August 4, 2009
    Publication date: February 10, 2011
    Inventors: Mohamed Khalid, Sunil Cherukuri, Haseeb Sarwar Niazi, Muhammad Afaq Khan
  • Publication number: 20110023090
    Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker.
    Type: Application
    Filed: July 22, 2009
    Publication date: January 27, 2011
    Applicant: CISCO TECHNOLOGY, INC
    Inventors: Rajiv ASATI, Mohamed KHALID, Sunil CHERUKURI, Kenneth A. DURAZZO, Shree MURTHY
  • Patent number: 7869446
    Abstract: Method and apparatus including registering a first spoke router with a hub router, forwarding an Internet Protocol version Four (IPv4) data packet from the first spoke router to a second spoke router over an Internet Protocol version Six (IPv6) multipoint tunnel via the hub router, transmitting a binding information associated with the first spoke router from the hub router to the second spoke router, and establishing a direct communication path by the second spoke router with the first spoke router based on the received binding information are provided.
    Type: Grant
    Filed: October 6, 2008
    Date of Patent: January 11, 2011
    Assignee: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Rajiv Asati, Ciprian Popoviciu, Aamer Akhter, Manikchand Roopchand Bafna
  • Patent number: 7860100
    Abstract: A service chain system is provided. The system includes a packet of data that is operable to pass through a network of service nodes as defined by a service chain; and a service classification device that is operable to change the service chain based on a system performance.
    Type: Grant
    Filed: October 1, 2008
    Date of Patent: December 28, 2010
    Assignee: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Paul Quinn, Kenneth Durazzo, Richard Manfred Pruss
  • Publication number: 20100254385
    Abstract: Systems, methods, and other embodiments associated with interworking a VPN and an SIA are described. One example apparatus includes a mapping data store to store a mapping between two logical groups of network devices having separate forwarding planes that are at least partially incompatible. The apparatus includes an instantiation logic to establish the mapping based on unique identifiers associated with the logical groups. The apparatus also includes an encoding logic to implicitly encode information to identify the first logical group in a packet received from the first logical group, provided to the second logical group, and then provided back to the first logical group. The implicitly encoded information is configured to be used without modification by the forwarding plane associated with the second logical group and is configured to facilitate a member of the second logical group resolving the mapping.
    Type: Application
    Filed: April 7, 2009
    Publication date: October 7, 2010
    Applicant: CISCO TECHNOLOGY, INC.
    Inventors: Govind Prasad Sharma, Mohamed Khalid, Shree Murthy, Rajiv Asati
  • Publication number: 20100256823
    Abstract: In an example embodiment, a method includes determining the network activity associated with a predetermined area of a building and determining a desired environmental service for the area in response to the activity.
    Type: Application
    Filed: April 4, 2009
    Publication date: October 7, 2010
    Applicant: Cisco Technology, Inc.
    Inventors: Sunil Cherukuri, Mohamed Khalid
  • Publication number: 20100135265
    Abstract: In one example, an Edge Quadrature Amplitude Modulation (EQAM) communicates EQAM information to a Modular Cable Modem Termination System (M-CMTS) core using a routing protocol that is configured on a packet switched network coupling the EQAM to the M-CMTS core. The EQAM generates a routing message according to the routing protocol and inserts EQAM information, such as a description of a modulated channel extending from the EQAM, the service-group information, etc, into the routing message. The EQAM then floods the EQAM information over at least portions of a routing domain by transmitting the routing message to an adjacent intermediary device.
    Type: Application
    Filed: December 2, 2008
    Publication date: June 3, 2010
    Applicant: Cisco Technology, Inc.
    Inventors: Rajiv ASATI, John Chapman, Mohamed Khalid
  • Publication number: 20100135294
    Abstract: Systems, methods, and other embodiments associated with any-to-any multicasting in a tunnel based virtual private network (VPN) are described. One example method includes calculating a resolved address for an unknown reverse path forwarding (RPF) neighbor in an any-to-any multicasting route. The resolved address is calculated using next hop resolution protocol (NHRP) resolution. The address is to be resolved based on control plane traffic. The NHRP address resolution is not to affect unicast routing. The example method may also include establishing the any-to-any multicasting route. Since the multicasting route is any-to-any (e.g., spoke-to-spoke), the multicasting route is not required to include a hub in the logical hub-and-spoke network.
    Type: Application
    Filed: December 3, 2008
    Publication date: June 3, 2010
    Applicant: CISCO TECHNOLOGY, INC.
    Inventors: Rajiv Asati, Mohamed Khalid, Manikchand R. Bafna
  • Publication number: 20100085977
    Abstract: Method and apparatus including registering a first spoke router with a hub router, forwarding an Internet Protocol version Four (IPv4) data packet from the first spoke router to a second spoke router over an Internet Protocol version Six (IPv6) multipoint tunnel via the hub router, transmitting a binding information associated with the first spoke router from the hub router to the second spoke router, and establishing a direct communication path by the second spoke router with the first spoke router based on the received binding information are provided.
    Type: Application
    Filed: October 6, 2008
    Publication date: April 8, 2010
    Applicant: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Rajiv Asati, Ciprian Popoviciu, Aamer Akhter, Manikchand Roopchand Bafna
  • Publication number: 20100080226
    Abstract: A service chain system is provided. The system includes a packet of data that is operable to pass through a network of service nodes as defined by a service chain; and a service classification device that is operable to change the service chain based on a system performance.
    Type: Application
    Filed: October 1, 2008
    Publication date: April 1, 2010
    Inventors: Mohamed Khalid, Paul Quinn, Kenneth Durazzo, Richard Manfred Pruss
  • Publication number: 20100063988
    Abstract: Apparatus, methods and computer programs enable carrying service insertion architecture data plane packets in IPv4 or IPv6 networks by packaging destination addresses using IPv6 mechanisms. For example, a data processing apparatus is configured for receiving, from a service broker, a service label and an Internet Protocol version 6 (IPv6) address of a first service node; receiving an IPv4 packet requesting a service associated with the first service node; creating an IPv6 packet comprising a service label in a Flow Label field of the IPv6 packet, the IPv6 address of the first service node in a destination address field of the IPv6 packet, and the IPv4 packet in a payload field of the IPv6 packet; forwarding the IPv6 packet to the first service node. Approaches allow service insertion architecture support for all-IPv6 traffic including tunneled and non-tunneled techniques for environments in which user applications place data in the flow label field.
    Type: Application
    Filed: September 9, 2008
    Publication date: March 11, 2010
    Inventors: Mohamed Khalid, Ciprian Popoviciu, Patrick Grossetete, Kenneth Durazzoo
  • Publication number: 20100054245
    Abstract: A method is provided in one example implementation and includes sending a PIM join message to the second spoke router by the hub router. The second spoke router dynamically determines each interested remote spoke router by parsing a hub-sent PIM message and accordingly constructs the multicast routing entry such that the first and second spoke routers establish multicast communication independent of a hub router. In more specific embodiments, the PIM join/prune messaging includes a list of each downstream spoke router that sent a PIM join/prune, in a new attribute. The PIM join/prune message is sent by the hub router towards a multicast source. A new receiver-list attribute is created that the hub router populates with a non-broadcast multi-access (NBMA) address for each interested spoke router.
    Type: Application
    Filed: September 2, 2008
    Publication date: March 4, 2010
    Applicant: Cisco Technology, Inc.
    Inventors: Rajiv Asati, Yiqun Cai, Mohamed Khalid
  • Publication number: 20100046511
    Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with automated discovery of network devices supporting particular transport layer protocols, such as, but not limited to Stream Control Transmission Protocol (SCTP). Packet switching devices automatically discover peer packet switching devices supporting a particular transport layer protocol, and then establish a session using the particular transport layer protocol between them for subsequent use in transporting packets.
    Type: Application
    Filed: August 25, 2008
    Publication date: February 25, 2010
    Applicant: Cisco Technology, Inc., a corporation of California
    Inventors: Mohamed Khalid, Kenneth Durazzo, Randall R. Stewart, Vivek Datar, Ramakrishnan Rajamoni
  • Publication number: 20090274042
    Abstract: In one embodiment, a network device joins a first multicast tree to receive post-ad-inserted video content. The network device also joins a second multicast tree to receive the pre-ad-inserted video content. The content from the first multicast tree is forwarded by the network device to the receiver(s). The network device determines if it does not receive the content on the first multicast tree due to any failure, in which case, it delivers the content from the second multicast tree to the receiver(s). This enables the receiver to receive the original (pre-ad-inserted) content during the failure in first multicast tree. When the failure is resolved, the network device can go back to sending the content from the first multicast tree to the receiver(s).
    Type: Application
    Filed: April 30, 2008
    Publication date: November 5, 2009
    Applicant: CISCO TECHNOLOGY, INC.
    Inventors: Rajiv Asati, Gregory Shepherd, Mohamed Khalid
  • Patent number: 7613826
    Abstract: A system provides a request for a policy from a policy server, and receives the policy from the policy server. The policy indicates processing to be applied to a traffic partition passing through the device. The system configures the policy within a routing structure associated with the traffic partition for the policy in the device, and routes a stream of traffic for the routing structure in accordance with the policy for that routing structure.
    Type: Grant
    Filed: February 9, 2006
    Date of Patent: November 3, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: James N. Guichard, W. Scott Wainner, Brian E. Weis, Mohamed Khalid