Patents by Inventor Scott Fluhrer

Scott Fluhrer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11018866
    Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: May 25, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: James Anil Pramod Kotwal, Christopher Blayne Dreier, David Aaron Wyde, Kellen Mac Arb, David McGrew, Scott Fluhrer
  • Patent number: 10404588
    Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: September 3, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Thamilarasu Kandasamy, Scott Fluhrer, Lewis Chen, Brian Weis
  • Publication number: 20190052462
    Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.
    Type: Application
    Filed: October 18, 2018
    Publication date: February 14, 2019
    Inventors: James Anil Pramod Kotwal, Chritopher Blayne Dreier, David Aaron Wyde, Kellen Mac Arb, David McGrew, Scott Fluhrer
  • Patent number: 10158487
    Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.
    Type: Grant
    Filed: July 16, 2015
    Date of Patent: December 18, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: James Anil Pramod Kotwal, Christopher Blayne Dreier, David Aaron Wyde, Kellen Mac Arb, David McGrew, Scott Fluhrer
  • Patent number: 9912480
    Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: March 6, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Paul Quinn, Scott Fluhrer, Jim Guichard, Tirumaleswar Reddy, Prashanth Patil, David Ward
  • Patent number: 9832175
    Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: November 28, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Lewis Chen, Scott Fluhrer, Warren Scott Wainner, Brian Weis
  • Publication number: 20170237562
    Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.
    Type: Application
    Filed: February 27, 2017
    Publication date: August 17, 2017
    Inventors: Paul QUINN, Scott FLUHRER, Jim GUICHARD, Tirumaleswar REDDY, Prashanth PATIL, David WARD
  • Patent number: 9621520
    Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to he generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.
    Type: Grant
    Filed: May 31, 2015
    Date of Patent: April 11, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Paul Quinn, Scott Fluhrer, Jim Guichard, Tirumaleswar Reddy, Prashanth Patil, David Ward
  • Publication number: 20170019423
    Abstract: A server sends information to a client that allows the client to establish a first key at the client. The server then receives a session ID that has been encrypted using the first key. The first key is then established at the server, which can then decrypt the session ID using the first key. After the server validates the session ID, it determines a second key that is different from the first key. The server then receives the session ID encrypted with the second key, and decrypts the session ID encrypted with the second key.
    Type: Application
    Filed: July 16, 2015
    Publication date: January 19, 2017
    Inventors: James Anil Pramod Kotwal, Christopher Blayne Dreier, David Aaron Wyde, Kellen Mac Arb, David McGrew, Scott Fluhrer
  • Publication number: 20160380894
    Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.
    Type: Application
    Filed: September 7, 2016
    Publication date: December 29, 2016
    Inventors: Thamilarasu Kandasamy, Scott Fluhrer, Lewis Chen, Brian Weis
  • Publication number: 20160344713
    Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.
    Type: Application
    Filed: August 8, 2016
    Publication date: November 24, 2016
    Inventors: Lewis Chen, Scott Fluhrer, Warren Scott Wainner, Brian Weis
  • Patent number: 9461914
    Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.
    Type: Grant
    Filed: April 7, 2014
    Date of Patent: October 4, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Thamilarasu Kandasamy, Scott Fluhrer, Lewis Chen, Brian Weis
  • Publication number: 20160277188
    Abstract: In one embodiment, a network service packet header security method includes receiving a network service packet, analyzing the network service packet in order to identify a plurality of service functions and an associated service function path for the service functions, identifying which security function or functions may be performed by each of the service functions on a network service packet header to be generated for the network service packet, requesting at least one key for securing at least part of the network service packet header, receiving the at least one key, securing the network service packet header based on the at least one key, and sending the network service packet with the network service packet header to one of the service functions. Related apparatus and methods are also described.
    Type: Application
    Filed: May 31, 2015
    Publication date: September 22, 2016
    Inventors: Paul QUINN, Scott FLUHRER, Jim GUICHARD, Tirumaleswar REDDY, Prashanth PATIL, David WARD
  • Patent number: 9444796
    Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.
    Type: Grant
    Filed: April 9, 2014
    Date of Patent: September 13, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Lewis Chen, Scott Fluhrer, Warren Scott Wainner, Brian Weis
  • Publication number: 20150295899
    Abstract: Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers.
    Type: Application
    Filed: April 9, 2014
    Publication date: October 15, 2015
    Applicant: Cisco Technology, Inc.
    Inventors: Lewis Chen, Scott Fluhrer, Warren Scott Wainner, Brian Weis
  • Publication number: 20150288603
    Abstract: Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router.
    Type: Application
    Filed: April 7, 2014
    Publication date: October 8, 2015
    Applicant: Cisco Technology, Inc.
    Inventors: Thamilarasu Kandasamy, Scott Fluhrer, Lewis Chen, Brian Weis
  • Publication number: 20140044262
    Abstract: Data to be transmitted across an Optical Transport Network (OTN) is encrypted with a non-malleable encryption algorithm. An authentication code configured to allow authentication of the data with a low latency encryption algorithm is generated. A packet is generated which is configured to be transferred across the OTN and contains the encrypted data and the authentication code. The packet is transmitted across the OTN. Non-malleable encryption, origin authentication, data integrity and anti-replay protection are provided for OTNs over Dense Wavelength Division Multiplexed (DWDM) links. In one example, XTS-AES encryption and GMAC authentication techniques are combined to secure OTN frames.
    Type: Application
    Filed: August 9, 2012
    Publication date: February 13, 2014
    Applicant: Cisco Technology, Inc.
    Inventors: Gilberto Loprieno, David McGrew, Fabio Maino, Scott Fluhrer
  • Patent number: 8625599
    Abstract: A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network.
    Type: Grant
    Filed: September 19, 2011
    Date of Patent: January 7, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Scott Fluhrer, Warren Scott Wainner, Sheela Rowles, Kavitha Kamarthy, Mohamed Khalid, Haseeb Niazi, Pratima Sethi
  • Publication number: 20130347109
    Abstract: Techniques are provided for detecting modifications to software instructions. At a computing apparatus configured to execute a software program comprising a plurality of instructions, at least a first check point having a first check value and a second check point having a second check value are assigned within the instructions. At least first and second portions of the instructions are identified. The first portion of the instructions comprises one or more check points other than the first check point. The second portion of the instructions comprises one or more check points other than the second check point. A first hashing operation is performed over the first portion resulting in a first equation and a second hashing operation is performed over the second portion resulting in a second equation. The first check value and the second check value are computed based on the first equation and the second equation.
    Type: Application
    Filed: June 21, 2012
    Publication date: December 26, 2013
    Applicant: CISCO TECHNOLOGY, INC.
    Inventor: Scott Fluhrer
  • Patent number: 8160255
    Abstract: Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in secure gateway-to-secure gateway network communication. Embodiments provide systems and methods for generating a sender secure gateway private identity, obtaining a receiver secure gateway public identity, generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity, encrypting a data packet using the encryption key, and sending the encrypted data packet to a receiver secure gateway. Embodiments also provide systems and methods for generating a receiver secure gateway private identity, obtaining a sender secure gateway public identity, generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity, receiving an encrypted data packet from a sender secure gateway, and decrypting the data packet using the decryption key.
    Type: Grant
    Filed: April 24, 2006
    Date of Patent: April 17, 2012
    Assignee: Cisco Technology, Inc.
    Inventor: Scott Fluhrer