Patents by Inventor Pradeep Kumar Kathail
Pradeep Kumar Kathail has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11960607Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.Type: GrantFiled: December 9, 2021Date of Patent: April 16, 2024Assignee: Cisco Technology, Inc.Inventors: Eric Voit, Einar Nilsen-Nygaard, Frank Brockners, Pradeep Kumar Kathail
-
Patent number: 11949593Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.Type: GrantFiled: May 10, 2022Date of Patent: April 2, 2024Assignee: Cisco Technology, Inc.Inventors: Pradeep Kumar Kathail, Eric Voit, David A. Maluf
-
Publication number: 20240106745Abstract: Personal network Software Defined-Wide Area Networks (SD-WANs) with attested permissions may be provided. A first one of a plurality Personal Area Network (PAN) devices in a PAN may seed a routing table entry for at least one application that the first one of the plurality PAN devices supports. The routing table entry may include at least one characteristic associated with an egress link between the first one of the plurality PAN devices and a device outside of the PAN. The routing table entry may be exchanged among the plurality of PAN devices in the PAN. Then data may be routed, based on the exchanged routing table entry, in the PAN through the first one of the plurality PAN devices through the egress link to the device outside of the PAN.Type: ApplicationFiled: September 26, 2022Publication date: March 28, 2024Applicant: Cisco Technology, Inc.Inventors: Eric Voit, Pascal Thubert, Pradeep Kumar Kathail
-
Publication number: 20240064101Abstract: A device for a virtual phone in a virtual network may be provided. A data packet may be received by the device, the device being in a personal-area-network (PAN) with a peer, the data packet containing information defining a characteristic of a software application. The data packet may be profiled, the data packet comprising information about the software application. An SLA table stored on the device may be seeded with the information in the data packet. A routing table may be populated with an address for forwarding the information to the peer.Type: ApplicationFiled: August 17, 2022Publication date: February 22, 2024Applicant: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Voit, Pradeep Kumar Kathail
-
Patent number: 11902161Abstract: A device for a virtual phone in a virtual network may be provided. A data packet may be received by the device, the device being in a personal-area-network (PAN) with a peer, the data packet containing information defining a characteristic of a software application. The data packet may be profiled, the data packet comprising information about the software application. An SLA table stored on the device may be seeded with the information in the data packet. A routing table may be populated with an address for forwarding the information to the peer.Type: GrantFiled: August 17, 2022Date of Patent: February 13, 2024Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Voit, Pradeep Kumar Kathail
-
Publication number: 20240031808Abstract: This disclosure describes techniques and mechanisms for performing user defined network (UDN) service authorization based on secondary identity credentials within a wireless network. For instance, the techniques may include receiving, from a user device, a first request to access a wireless network (e.g., such as a WLAN), where the first request may include primary access credentials for accessing the WLAN. Once primary access authentication of the user device is complete, the techniques may include receiving a second request from the user device to access a UDN group within the wireless network. The second request can include secondary credentials for accessing the UDN group. In response to the second request, a secondary EAP dialogue may be established to authenticate the user device using the secondary credentials. Once the secondary credentials are authenticated, the techniques may include granting the user device access to the UDN group.Type: ApplicationFiled: July 22, 2022Publication date: January 25, 2024Inventors: Srinath Gundavelli, Stephen Orr, Shree Murthy, Pradeep Kumar Kathail
-
Publication number: 20240022548Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.Type: ApplicationFiled: July 15, 2022Publication date: January 18, 2024Inventors: Ali Sajassi, Pradeep Kumar Kathail, Samir Thoria
-
Publication number: 20230370373Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.Type: ApplicationFiled: May 10, 2022Publication date: November 16, 2023Applicant: Cisco Technology, Inc.Inventors: Pradeep Kumar Kathail, Eric Voit, David A. Maluf
-
Patent number: 11800422Abstract: In one embodiment, an earthbound transceiver in a low earth orbit (LEO) satellite network establishes a connection with a first LEO satellite from a first set of LEO satellites. The first set of LEO satellites are distributed across a first plurality of orbits including first neighboring LEO satellites of the first LEO satellite, and the first neighboring LEO satellites have a fixed or semi-fixed position relative to the first LEO satellite. The earthbound transceiver determines first signal strength values associated with the first set of LEO satellites and second signal strength values associated with a second set of LEO satellites. The earthbound transceiver then periodically compares the first signal strength values to the second signal strength values. At an optimal handoff time, the earthbound transceiver initiates the handoff operation from the first LEO satellite to a second LEO satellite from the second set of LEO satellites.Type: GrantFiled: July 30, 2021Date of Patent: October 24, 2023Assignee: Cisco Technology, Inc.Inventors: Arman Rezaee, Ali Sajassi, Alessandro Erta, Elango Ganesan, Pradeep Kumar Kathail
-
Publication number: 20230300059Abstract: Techniques for automating traffic optimizations for egress traffic of an application orchestration system that is being sent over a network to a remote service. In examples, the techniques may include receiving, at a controller of the network, an egress traffic definition associated with egress traffic of an application hosted on the application orchestration system, the egress traffic definition indicating that the egress traffic is to be sent to the remote service. Based at least in part on the egress traffic definition, the controller may determine a networking path through the network or outside of the network that is optimized for sending the egress traffic to the remote service. The controller may also cause the egress traffic to be sent to the remote service via the optimized networking path.Type: ApplicationFiled: August 18, 2022Publication date: September 21, 2023Inventors: Alberto Rodriguez Natal, Saswat Praharaj, Lorand Jakab, Fabio R. Maino, Pradeep Kumar Kathail
-
Publication number: 20230275868Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: May 9, 2023Publication date: August 31, 2023Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
Publication number: 20230247484Abstract: According to an embodiment, a node comprises one or more processors operable to execute instructions to cause the node to perform operations. The operations comprise determining a link quality associated with each satellite link of a plurality of satellite links and applying load balancing to the plurality of satellite links. The load balancing is based at least in part on the respective link quality associated with each satellite link. The load balancing comprises determining which of the satellite links to include in an active set selected to communicate data to or from the node and, for each satellite link in the active set, determining a portion of the data to communicate via the respective satellite link. The operations further comprise transmitting or receiving the data via the satellite links in the active set. Each satellite link in the active set communicates its respective portion of the data.Type: ApplicationFiled: February 2, 2022Publication date: August 3, 2023Inventors: Ali Sajassi, Arman Rezaee, Pradeep Kumar Kathail
-
Patent number: 11683286Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: GrantFiled: November 18, 2021Date of Patent: June 20, 2023Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
MEDIA ACCESS CONTROL (MAC) ADDRESS ANONYMIZATION BASED ON ALLOCATIONS BY NETWORK CONTROLLER ELEMENTS
Publication number: 20230188523Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.Type: ApplicationFiled: February 10, 2023Publication date: June 15, 2023Inventors: Srinath Gundavelli, Shree N. Murthy, Pradeep Kumar Kathail, Brian Weis -
Publication number: 20230185918Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.Type: ApplicationFiled: December 9, 2021Publication date: June 15, 2023Inventors: Eric Voit, Einar Nilsen-Nygaard, Frank Brockners, Pradeep Kumar Kathail
-
Publication number: 20230179579Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: February 1, 2023Publication date: June 8, 2023Inventors: David A. Maluf, Srinath Gundavelli, Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, Eric Voit, Ali Sajassi
-
Publication number: 20230155978Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.Type: ApplicationFiled: November 18, 2021Publication date: May 18, 2023Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
-
Patent number: 11652824Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.Type: GrantFiled: February 10, 2022Date of Patent: May 16, 2023Assignee: Cisco Technology, Inc.Inventors: Pradeep Kumar Kathail, Eric Voit
-
Patent number: 11621957Abstract: This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.Type: GrantFiled: March 31, 2021Date of Patent: April 4, 2023Assignee: Cisco Technology, Inc.Inventors: Indermeet Gandhi, Srinath Gundavelli, Pradeep Kumar Kathail
-
Media access control (MAC) address anonymization based on allocations by network controller elements
Patent number: 11611557Abstract: A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.Type: GrantFiled: May 4, 2021Date of Patent: March 21, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Srinath Gundavelli, Shree N. Murthy, Pradeep Kumar Kathail, Brian Weis