Patents by Inventor Nancy Cam Winget

Nancy Cam Winget has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210360465
    Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.
    Type: Application
    Filed: April 21, 2021
    Publication date: November 18, 2021
    Inventors: Jerome Henry, Nancy Cam-Winget, Simone Arena, Darrin Joseph Miller, Sudhir Kumar Jain, Einar Nilsen-Nygaard
  • Patent number: 11178540
    Abstract: In accordance with one aspect, presented herein is a method to encrypt beacon device telemetry broadcast packets while respecting the low power and low processing requirements inherent to wireless beacon devices and various other challenges which such an encryption scheme brings. In accordance with another aspect, a methodology is provided through which the network can identify if an unauthorized connection is being established with a beacon device and thereby prevent potential beacon device tampering.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: November 16, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Abhishek Bhattacharyya, Nancy Cam-Winget, Jagdish Girimaji, Rahul Dasgupta, Damodharam Ammepalli
  • Patent number: 11110895
    Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.
    Type: Grant
    Filed: April 9, 2018
    Date of Patent: September 7, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: David A. Maluf, Nancy Cam-Winget, Andrew Michael McPhee
  • Publication number: 20210194912
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.
    Type: Application
    Filed: December 19, 2019
    Publication date: June 24, 2021
    Inventors: David Delano Ward, Nancy Cam-Winget, Eric Voit, Jesse Daniel Backman
  • Publication number: 20210119974
    Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
    Type: Application
    Filed: December 9, 2020
    Publication date: April 22, 2021
    Inventors: Jianxin Wang, Prashanth Patil, Flemming Andreasen, Nancy Cam-Winget, Hari Shankar
  • Patent number: 10911409
    Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: February 2, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Jianxin Wang, Prashanth Patil, Flemming Andreasen, Nancy Cam-Winget, Hari Shankar
  • Publication number: 20200389497
    Abstract: Presented herein is a system, device and method that involve creating a policy model and policy rule structure for a policy enforcement point to support policies adapt to rapid changing external conditions in addition to traditional policies that are static. The system facilitates the use of attributes that are either or both dynamically (at run-time) created and/or defined as ephemeral. A new policy attribute may be created dynamically (at run-time). The policy attribute may be mapped as being static or ephemeral. The methodology further involves facilitating evaluation of an attribute as an atomic or programmed set of functions.
    Type: Application
    Filed: November 27, 2019
    Publication date: December 10, 2020
    Inventors: Nancy Cam-Winget, Jianxin Wang, Dieter Derek Weber, Saman Taghavi Zargar, Robert Frederick Albach
  • Patent number: 10853499
    Abstract: In one example embodiment, a network-connected device provides or obtains one or more computer network communications protected by a key. The network-connected device determines a count of the one or more computer network communications according to one or more properties of the one or more computer network communications. Based on the count of the one or more computer network communications, the network-connected device computes an information entropy of the key. Based on the information entropy of the key, the network-connected device dynamically generates a predicted threat level of the key.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: December 1, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: David A. Maluf, Raghuram S. Sudhaakar, Nancy Cam-Winget
  • Publication number: 20200322382
    Abstract: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.
    Type: Application
    Filed: February 12, 2020
    Publication date: October 8, 2020
    Inventors: Jianxin Wang, Nancy Cam-Winget, Donovan O'Hara, Richard Lee Barnes, II
  • Publication number: 20200304506
    Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.
    Type: Application
    Filed: June 8, 2020
    Publication date: September 24, 2020
    Inventors: Jazib Frahim, Haseeb Sarwar Niazi, Hazim Hashim Dahir, Aamer Saeed Akhter, Nancy Cam-Winget, Aun Raza
  • Patent number: 10785809
    Abstract: In one embodiment, a device in a network receives node information regarding a plurality of nodes that are to join the network. The device determines network formation parameters based on the received node information. The network formation parameters are indicative of a network join schedule and join location for a particular node from the plurality of nodes. The device generates, according to the network join schedule, a join invitation for the particular node based on the network formation parameters. The join invitation allows the particular node to attempt joining the network at the join location via a specified access point. The device causes the sending of one or more beacons via the network that include the join invitation to the particular node. The particular node attempts to join the network via the specified access point based on the one or more beacons.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: September 22, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Max Pritikin, Eliot Lear, Toerless Eckert, Nancy Cam-Winget, Brian E. Weis
  • Patent number: 10693878
    Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: June 23, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Jazib Frahim, Haseeb Sarwar Niazi, Hazim Hashim Dahir, Aamer Saeed Akhter, Nancy Cam-Winget, Aun Raza
  • Publication number: 20200137563
    Abstract: In accordance with one aspect, presented herein is a method to encrypt beacon device telemetry broadcast packets while respecting the low power and low processing requirements inherent to wireless beacon devices and various other challenges which such an encryption scheme brings. In accordance with another aspect, a methodology is provided through which the network can identify if an unauthorized connection is being established with a beacon device and thereby prevent potential beacon device tampering.
    Type: Application
    Filed: December 18, 2018
    Publication date: April 30, 2020
    Inventors: Abhishek Bhattacharyya, Nancy Cam-Winget, Jagdish Girimaji, Rahul Dasgupta, Damodharam Ammepalli
  • Patent number: 10547503
    Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: January 28, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Eliot Lear, Nancy Cam-Winget, Brian Weis
  • Publication number: 20200014696
    Abstract: In one embodiment, functionality is disclosed for commissioning a target device based, at least in part, on providing identifying information that identifies a target device, where that identifying information is configured to be included in a request for authorization to commission the target device, and that request for authorization to commission the target device comprises one or more requested commissioning actions; receiving a commissioning authorization, where the commissioning authorization comprises information regarding one or more authorized commissioning actions for which a license is available, where the one or more authorized commissioning actions were selected from among the one or more requested commissioning actions; and performing the one or more authorized commissioning actions.
    Type: Application
    Filed: September 17, 2019
    Publication date: January 9, 2020
    Inventors: Xuechen Yang, Nancy Cam-Winget
  • Patent number: 10515391
    Abstract: In an example embodiment, an apparatus comprising a transceiver configured to send and receive data and logic coupled to the transceiver. The logic is configured to determine from a signal received by the transceiver whether an associated device sending the signal supports a protocol for advertising available services. The logic is configured to send a request for available services from the associated device via the transceiver responsive to determining the associated device supports the protocol. The logic is configured to receive a response to the request via the transceiver, the response comprising at least one service advertisement and a signature. The logic is configured to validate the response by confirming the signature.
    Type: Grant
    Filed: September 24, 2013
    Date of Patent: December 24, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: David Stephenson, Esteban Raul Torres, Joseph Salowey, Chetin Ersoy, Nancy Cam-Winget
  • Publication number: 20190356694
    Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
    Type: Application
    Filed: May 21, 2018
    Publication date: November 21, 2019
    Inventors: Jianxin Wang, Prashanth Patil, Flemming Andreasen, Nancy Cam-Winget, Hari Shankar
  • Patent number: 10462137
    Abstract: In one embodiment, a system and method are disclosed for receiving a request for authorization to commission a target device based, at least in part, on a plurality of requested commissioning actions; determining whether each of the requested commissioning actions is authorized; sending a commissioning authorization, which includes information identifying the one or more authorized commissioning actions; receiving a commissioning complete confirmation message, which includes information identifying one or more completed commissioning actions; validating the commissioning complete confirmation message, in order to ensure that each of the completed actions had been previously authorized; and if all of the completed commissioning actions were previously authorized, sending an acknowledgement message.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: October 29, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Xuechen Yang, Nancy Cam-Winget
  • Publication number: 20190308589
    Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.
    Type: Application
    Filed: April 9, 2018
    Publication date: October 10, 2019
    Inventors: David A. Maluf, Nancy Cam-Winget, Andrew Michael McPhee
  • Publication number: 20190236493
    Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.
    Type: Application
    Filed: September 19, 2018
    Publication date: August 1, 2019
    Inventors: Nancy Cam-Winget, Subharthi Paul, Blake Anderson, Saman Taghavi Zargar, Oleg Bessonov, Robert Frederick Albach, Sanjay Kumar Agarwal, Mark Steven Knellinger