Fabric-based root-of-trust
Granted: May 6, 2025
Patent Number:
12292979
A method of creating a root-of-trust (RoT) within a network fabric may include powering on a network interface card (NIC) baseboard management controller (BMC) (NIC BMC), booting up a NIC via the NIC BMC, obtaining an address for the NIC, verifying an identity of the NIC at a fabric trust identity server using a key obtained from a secure vault communicatively coupled to the NIC BMC, verifying with the fabric trust identity server a number of images of a host device residing in the NIC…
Verifying trust postures of heterogeneous confidential computing clusters
Granted: May 6, 2025
Patent Number:
12294614
Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after…
Intelligent quarantine on switch fabric for physical and virtualized infrastructure
Granted: May 6, 2025
Patent Number:
12294594
Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the…
Authorization scope management for low-code programming environments
Granted: May 6, 2025
Patent Number:
12294583
In one embodiment, a device receives a set of actions for a low-code workflow specified via a user interface. The device determines authorization scopes for targets of the set of actions. The device compares the authorization scopes for the targets to authorization scopes needed for the set of actions. The device provides, to the user interface, an excessive authorization notification, when the authorization scopes for the targets exceed the authorization scopes needed for the set of…
Layer-3 policy enforcement for layer-7 data flows
Granted: May 6, 2025
Patent Number:
12294569
Techniques for using proxies with overprovisioned IP addresses to demultiplex data flows, which may otherwise look the same at L7, into multiple subflows for L3 policy enforcement without having to modify an underlying L3 network. The techniques may include establishing a subflow through a network between a first proxy and a second proxy, the subflow associated with a specific policy. In some examples, the first proxy node may receive an encrypted packet that is to be sent through the…
Stretched EPG and micro-segmentation in multisite fabrics
Granted: May 6, 2025
Patent Number:
12294532
An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can…
Initiator-based data-plane validation for segment routed, multiprotocol label switched (MPLS) networks
Granted: May 6, 2025
Patent Number:
12294513
Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a…
Directed broadcast in network fabric
Granted: May 6, 2025
Patent Number:
12294512
This technology enables directed broadcasts in network fabrics. A control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address. A fabric border node receives a directed broadcast, extracts a destination address, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply with a multicast destination. The fabric…
Cell-based architecture for an extensibility platform
Granted: May 6, 2025
Patent Number:
12294505
According to one or more embodiments of the disclosure, an example method herein may comprise: managing a particular cell of a multi-celled architecture for an extensibility platform having one or more tenants served by datastores of the particular cell; connecting to a global cell manager for global cell management of all cells of the multi-celled architecture; identifying a consumption limit indicating a maximum amount of system resources that a particular tenant of the one or more…
Tenant fairness in a multi-tenant environment
Granted: May 6, 2025
Patent Number:
12293224
A method for allocating resources of a virtual controller is disclosed. The method comprises: allocating resources of a virtual controller to a first tenant, wherein the first tenant is allocated a first tenant quantity of guaranteed resources of the virtual controller and a second tenant is allocated a second tenant quantity of guaranteed resources of the virtual controller; determining that resources requested by the first tenant are greater than the first tenant quantity of guaranteed…
Receiver photodiode biasing circuit
Granted: May 6, 2025
Patent Number:
12292329
The present disclosure describes an optical system that uses a source optical signal to bias a receiver photodiode. The system includes an optical source, a receiver photodiode, a first biasing photodiode, a variable optical attenuator, and a compensation photodiode. The optical source produces a first optical signal. The receiver photodiode converts a second optical signal into an electrical signal. The first biasing photodiode generates a bias voltage for the receiver photodiode based…
Two layer polarization splitter rotator
Granted: April 29, 2025
Patent Number:
12287512
A polarization splitter rotator includes a first lower waveguide and a second lower waveguide disposed on a first layer, the first lower waveguide and the second lower waveguide, in a first portion of the device, widening symmetrically as the first lower waveguide and the second lower waveguide extend from an input end of the device to an output end of the device, and, in a second portion of the device, at least the second lower waveguide widening further, asymmetrically, from the first…
System and method for mapping policies to SD-WAN data plane
Granted: April 29, 2025
Patent Number:
12289640
In one embodiment, a method includes receiving one or more 5G software-defined wide area network (SD-WAN) policies, identifying one or more identity-based policies from the one or more 5G SD-WAN policies, communicating the identified one or more identity-based policies to one or more WAN routers, communicating one or more 5G bindings to the one or more WAN routers, and applying the identified one or more identity-based policies to one or more flows between the one or more WAN routers.
Artificial intelligence generated dynamic virtual backgrounds
Granted: April 29, 2025
Patent Number:
12289558
A request for a virtual background is received from an endpoint of a participant who is participating in an online meeting. The request includes a description of the virtual background. One or more virtual backgrounds are generated using an image generator based on a command that includes the description of the virtual background. The one or more virtual backgrounds are transmitted to the endpoint. A selection of the virtual background from the one or more virtual backgrounds is received…
Automated conversational menu overlay with IVR in contact centers
Granted: April 29, 2025
Patent Number:
12289426
At a contact center that operates to provide customer service to callers by receiving calls from the callers and directing the callers to desired endpoints that deliver information to the callers based upon an expressed intent of each caller associated with each call, a current call by the contact center is processed utilizing an Interactive Voice Response (IVR) model or a Conversational Menu (CM) model. The IVR model processes the current call by directing the current caller to a…
Deploying just in time (JIT) deceptions at scale in networks
Granted: April 29, 2025
Patent Number:
12289342
Techniques for utilizing a deception service to deploy deceptions at scale in a network, such as, for example, a client network. The deception service may be configured to generate a small number (e.g., 5, 10, 15, etc.) of deceptions of hosts and/or services associated with the network (or emulations of the hosts/services and/or emulations of protocols associated with the hosts/services) and deploy them to a number of deception host computing devices that cover all of the components…
Secured storage and playback of recorded collaboration session videos
Granted: April 29, 2025
Patent Number:
12289296
A method, computer system, and computer program product are provided for securely controlling playback of a recorded collaboration session. A plurality of video feeds is received from a plurality of client devices of users participating in a video meeting, wherein each video feed is encoded by each client device in an encoded format that distorts the video feed, wherein a unique key is used by each client device to encode the video feed. The plurality of video feeds are stored in the…
Networking apparatus and a method for networking
Granted: April 29, 2025
Patent Number:
12289252
Disclosed is networking apparatus comprising: a plurality of communications ports that interface with external computing systems to channel physical layer signals; a dynamic routing module that interconnects communication ports with discrete reconfigurable data conduits, each of the data conduits defining a transmission pathway between the communications ports for physical layer signals. Each of the plurality of communication ports is paired with a receiver module which is adapted to…
Systems and methods for asymmetrical peer forwarding in an SD-WAN environment
Granted: April 29, 2025
Patent Number:
12289232
In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node…
Synthetic path tracing of segment routed networks
Granted: April 29, 2025
Patent Number:
12289210
In one embodiment, a device obtains topology information for a segment routed network. The device generates, based on the topology information, segment routing label stacks to probe different paths between a source and destination in the segment routed network. The device conducts probing of the different paths during which synthetic probe packets are sent via the segment routed network using the segment routing label stacks. The device presents results of the probing of the different…
