US Pat. No. 9,590,850

DISCOVERY OF CONNECTIVITY AND COMPATIBILITY IN A COMMUNICATION NETWORK

Cisco Technology, Inc., ...

1. An apparatus configured for operation in a first network comprising an overlay network for communication among a plurality
of client nodes, the apparatus comprising:
an interface configured to communicate with a node in a second network comprising an underlying network for communication
among a plurality of server nodes, said interface connecting said overlay network to said underlying network;

a processor configured to identify at the apparatus, said interface as a spare interface and advertise said spare interface
to one or more of said client nodes in said overlay network when said spare interface is not in use for communication between
said overlay network and said underlying network, wherein advertising said spare interface comprises transmitting connectivity
information associated with said underlying network and server or client compatibility information for said spare interface
for auto-discovery of said spare interface by said client nodes or a management node; and

memory for storing said connectivity and compatibility information;
wherein said spare interface comprises an interface available to accommodate new services within said overlay network, and
wherein advertisement of said spare interface is used to identify a compatible spare interface in said overlay network and
direct traffic over a network path containing said spare interface.

US Pat. No. 9,590,906

NETWORK RESOURCE SHARING FOR ROUTING AND FORWARDING INFORMATION

Cisco Technology, Inc., ...

1. An apparatus comprising:
a processor;
a forwarding or routing table;
a memory having instructions stored thereon, wherein the instructions when executed by the processor, cause the processor
to:

upon receiving a first MAC address (media access protocol) and a first IP (intemet protocol) address associated with a device
for entry to the forwarding or routing table, store the first MAC address and the first IP address in the forwarding or routing
table; and

upon receiving the first MAC address and one or more second IP addresses associated with the device for entry to the forwarding
or routing table, forward, via a tunnel maintained with a second apparatus, the one or more second IP addresses to the second
apparatus, wherein the forwarded one or more second IP addresses are entered in a second forwarding or routing table associated
with the second apparatus;

wherein, thereafter, routing or forwarding to, or from, the device in connection with the first MAC address is performed by
the apparatus,

wherein, thereafter, routing or forwarding to, or from, the device in connection with the first IP address is performed by
the apparatus, and

wherein, thereafter, routing or forwarding to, or from, the device in connection with the second one or more IP addresses
is performed using the second apparatus and across the tunnel.

US Pat. No. 9,183,834

SPEECH RECOGNITION TUNING TOOL

Cisco Technology, Inc., ...

1. A method, comprising:
accessing a voice mail record of a user within a voice mail system;
accessing a recorded audio file of a name of the user in the voice mail record spoken by the user;
providing the audio file to a speech recognition system that is operable with an automated attendant;
processing the audio file in the speech recognition system and obtaining a text result;
determining whether a confidence score of the text result is below a predetermined threshold;
adding, at least, the name of the user to a list of low confidence names when the confidence score is below the predetermined
threshold;

when the name of the user is listed in the list of low confidence names, storing a plurality of actual alternate spellings
for the name of the user, wherein the plurality of actual alternate spellings are accessible to the speech recognition system
and are received via a user interface configured to be presented to an administrator of the automated attendant;

receiving a voice call at the automated attendant including receiving a voice command comprising a spoken name of the user;
and

processing the spoken name of the user including comparing a spelled name result generated by the speech recognition system
to the plurality of actual alternate spellings previously stored to identify the user.

US Pat. No. 9,166,969

SESSION CERTIFICATES

Cisco Technology, Inc., ...

1. A method comprising:
requesting, by a client device, permission from a network access device to access a network associated with the network access
device;

sending, from the client device, credentials of a user for authenticating with the network access device, wherein the user
is associated with the client device;

receiving, at the client device and from the network access device, permission to access the network along with a session
certificate and an associated key, wherein the session certificate and the key are associated with the credentials of the
user;

based on receiving the permission, establishing, by the client device, a network session using the network;
establishing, by the client device during the network session, a secure communications channel with a web server associated
with a website;

authenticating, using the client device, the user to the website by sending the session certificate to the web server over
the secure communications channel; and

based on information received at the web server from an authentication, authorization and accounting (AAA) server indicating
that the session certificate is valid in response to the web server requesting the information from the AAA server, receiving,
from the web server at the client device, permission from the website to access contents of the website,

wherein the information received by the web server from the AAA server indicating that the session certificate is valid is
based on information received at the AAA server from the network access device relating to the status of the network session,
and

wherein the request from the web server to the AAA server for information includes information on the session certificate.

US Pat. No. 9,172,952

METHOD AND SYSTEM FOR ANALYZING VIDEO STREAM ACCURACY IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method using a processor, comprising:
receiving a video sequence having at least one code symbol embedded therein, the at least one code symbol being selected from
a sequence of code symbols;

determining whether the at least one code symbol is decodable;
determining one or more video quality parameters based upon whether the at least one symbol is decodable, wherein the video
quality parameters include one or more of a duration of distortions in the video sequence, a duration of freezes in the video
sequence, and a duration of jumps in the video sequence; and

determining a video quality metric associated with the video sequence based upon the one or more video quality parameters
and a total length of the video sequence;

wherein determining the video quality metric includes:
summing the duration of distortions in the video sequence, the duration of freezes in the video sequence, and the duration
of jumps in the video sequence; and

dividing the summation of distortions, freezes, and jumps by the total length of the video sequence.

US Pat. No. 9,288,763

BATTERY CONSUMPTION MONITORING

Cisco Technology, Inc., ...

1. A method for battery monitoring on a computing device, the method comprising:
estimating an event battery consumption estimate for a user scheduled event on said computing device;
estimating a pre-event consumption estimate for expected battery usage prior to a start of said user scheduled event;
checking a battery charge level according to a schedule of time intervals preceding a start of said user scheduled event;
determining according to a set of battery notification rules whether or not to provide a battery warning notification on said
computing device, wherein said determining is based at least on said event battery consumption estimate, said pre-event battery
consumption estimate, said time intervals, and said battery charge level according to said checking; and

providing said battery warning notification if required in accordance with said determining.

US Pat. No. 9,270,384

SUB-SAMPLED CARRIER PHASE RECOVERY

Cisco Technology, Inc., ...

1. A method comprising:
obtaining a plurality of consecutive symbols associated with an optical signal received at an optical receiver;
performing carrier phase recovery of the optical signal using one or more carrier phase estimation stages to generate a phase
recovered signal; and

at each of the one or more carrier phase estimation stages, selecting a subset of the plurality of consecutive symbols for
use in carrier phase estimation, wherein the subset of symbols selected for use in carrier phase estimation at each of the
one or more stages comprises one or more symbols having a highest ratio of measured signal phase error to additive noise.

US Pat. No. 9,392,050

AUTOMATIC CONFIGURATION OF EXTERNAL SERVICES BASED UPON NETWORK ACTIVITY

Cisco Technology, Inc., ...

1. A computer-implemented method, comprising:
applying, by an application, an input filter to an ingress port of a first network element to monitor one or more network
flows traversing the ingress port of the first network element using an application programming interface (API), the API abstracting
a control plane of the first network element to permit the application to monitor and control data traffic traversing the
first network element, wherein the first network element is in a software defined networking (SDN) enabled network, wherein
the SDN enabled network comprises a private cloud network;

monitoring, by the input filter, a load attribute of the one or more network flows;
upon determining that the load attribute exceeds a predefined threshold, issuing, by the input filter applied to the first
network element, a high load notification to the application;

provisioning, by the application, an additional service on an external network, wherein the external network comprises a public
cloud network, wherein the external network is external to and not a part of the SDN enabled network; and

extending, by the application, the SDN enabled network to include the additional service on the external network, wherein
extending the SDN enabled network creates a hybrid network comprising the private cloud network and the public cloud network.

US Pat. No. 9,276,828

SYSTEM AND METHOD FOR A SERVICE METERING FRAMEWORK IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method executed at a service metering framework (SMF) engine including a processor, comprising:
interfacing, by an event listener at the SMF engine, with an application being executed in a cloud by a remote client device
through a metering plugin tailored to the application, with different applications being associated with different metering
plugins, the metering plugin being programmed to indicate metering events to the event listener;

detecting, by the event listener, a metering event associated with an operation in the application during execution of the
application, the metering event including at least one metering attribute of the application, with different applications
having correspondingly different metering attributes associated with respective functionalities inside application contexts;

receiving, at the metering plugin, a value of the at least one metering attribute associated with the metering event in a
formatted metered record; and

storing the at least one metering attribute and the value as the formatted metered record in a SMF database searchable according
to the metering attribute.

US Pat. No. 9,118,941

SCRAMBLED PACKET STREAM PROCESSING

Cisco Technology Inc., S...

1. A method for processing a packet-based scrambled stream, the method comprising:
receiving a plurality of scrambled packets in a packet stream;
descrambling any of said scrambled packets; and
transmitting a modified packet stream comprising at least one of said descrambled packets and at least one of said scrambled
packets.

US Pat. No. 9,282,100

PRIVILEGE SEPARATION

Cisco Technology, Inc., ...

1. A method comprising:
installing an interposer library on a system;
executing, using a processor, processes of the system, wherein the interposer library intercepts data indicative of relationships
of the processes;

generating an access map based on the relationships of the processes of the system;
storing the access map; and
modifying privileges of the processes of the system according to a set of procedures derived from the access map,
wherein the set of procedures define a least privilege solution for the processes of the system that assign privileges at
a lowest level possible for the processes and maintain the relationships of the processes.

US Pat. No. 9,288,804

ALMOST BLANK SUBFRAME BASED ORTHOGONAL RESOURCE ALLOCATION IN A WIRELESS NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving at a serving Evolved Universal Terrestrial Radio Access Network (E-UTRAN) nodeB (eNB), almost blank sub-frame (ABS)
patterns from a plurality of neighboring eNBs in a orthogonal frequency-division multiplexing (OFDM) based network, wherein
each neighboring eNB transmits a separate ABS pattern;

setting a maximum duty cycle of physical downlink control channel (PDCCH) in a frame to be transmitted by the serving eNB
within its serving cell; and

computing an optimal ABS pattern at the serving eNB subject to the maximum duty cycle and based on the ABS patterns received
from the plurality of neighboring eNBs.

US Pat. No. 9,197,553

USING A VIRTUAL INTERNET PROTOCOL ADDRESS TO REPRESENT DUALLY CONNECTED HOSTS IN AN INTERNET PROTOCOL OVERLAY NETWORK

Cisco Technology, Inc., ...

1. A method comprising:
at a first router device in a network, receiving a packet from a first host device that is destined for a second host device
in the network;

determining that the first host device is dually-connected to the first router device and a second router device in the network,
wherein the second router device is part of a virtual port channel pair with the first router device and the virtual port
channel pair has a Layer 3 address commonly associated with the first router device and the second router device;

when it is determined that the first host device is dually-connected to the first router device and the second router device,
sending to the second router device a message indicating that the first host device is connected to the second router device;

encapsulating the packet received from the first host device with an overlay header; and
sending the encapsulated packet to a third router device that is connected to the second host device, wherein the encapsulated
packet contains a Layer 2 address associated with the first host device and the Layer 3 address commonly associated with the
first router device and the second router device.

US Pat. No. 9,241,066

SECURE CALL ANALYSIS AND SCREENING OF A SECURE CONNECTION

Cisco Technology, Inc., ...

1. An apparatus, comprising:
a communication interface operable to communicate with an associated call control agent associated with a call control server,
wherein the call control agent is operable to communicate, via the communication interface, media keying material to at least
first and second communication endpoints to establish a secure, bidirectional real-time voice communication session between
the communication endpoints; and

decryption and correlation logic associated with a voice analysis device communicatively coupled with the communication interface,
wherein the decryption and correlation logic is operable to pre-establish an authenticated connection with the call control
agent,

wherein the decryption and correlation logic obtains, via the communication interface, computer telephony integration events
from the call control agent, wherein the computer telephony integration events comprise communication of the media keying
material from the call control agent to the voice analysis device, and wherein the communication interface receives telephone
integration events with new media keying material according to a key derivation rate,

wherein the decryption and correlation logic is responsive to correlate the computer integration events with the new keying
material to corresponding secure media packets and to decrypt the corresponding secure media packets employing the new media
keying material,

wherein a first secure transport layer security connection is established between the communication interface and a call control
agent through a computer telephony integration connection for receiving the computing telephony integration events,

wherein a second secure transport layer security connection is established between the communication endpoints,
wherein a session key is received into the decryption and correlation logic from the associated call control agent, in accordance
with a pre-established authenticated connection, through the secure computer telephony integration channel for decrypting
signals from the associated call control agent;

wherein the decryption and correlation logic sniffs via the communication interface a secure media packet sent from the first
endpoint to the second endpoint,

wherein the decryption and correlation logic sniffs via the communication interface a secure media packet sent from the second
endpoint to the first endpoint,

wherein the decryption and correlation logic correlates the computer telephony integration events with the secure media packet
sent from the first endpoint to the second endpoint and decrypts the secure media packet with the keying material from the
correlated computer telephony events in accordance with the received session key, and

wherein the decryption and correlation logic correlates the computer telephony integration events with the secure media packet
sent from the second endpoint to the first endpoint and decrypts the secure media packet with the keying material from the
correlated computer telephony events; and

control logic coupled to the communication interface and operable to control the operation of the communication interface,
wherein the control logic performs voice quality troubleshooting for the real-time voice communication session occurring between
the first and second communication endpoints by evaluating the decrypted secure media packets.

US Pat. No. 9,270,397

CASCADED COMMUNICATION OF SERIALIZED DATA STREAMS THROUGH DEVICES AND THEIR RESULTING OPERATION

Cisco Technology, Inc., ...

1. An apparatus, comprising:
a first integrated circuit device, including:
a first interface configured to receive a first plurality of serialized data streams from a source external to the first integrated
circuit device;

first framing circuitry, communicatively coupled to the first interface, configured to produce a first sequence of data frames
from the first plurality of serialized data streams;

processing circuitry configured to perform operations based on the first sequence of data frames and to generate a second
sequence of data frames;

first phase aligning circuitry, communicatively coupled to the first interface, configured to align, but not frame, the first
plurality of serialized data streams to produce a first aligned plurality of serialized data streams;

a second interface configured to produce the first aligned plurality of serialized data streams from the first integrated
circuit device, with the first aligned plurality of serialized data streams not being framed within the first integrated circuit
device;

second framing circuitry configured to produce a second plurality of serialized data streams based on the second sequence
of data frames; and

a third interface configured to produce the second plurality of serialized data streams from the first integrated circuit
device.

US Pat. No. 9,240,913

FULL-DUPLEX CAPACITY ALLOCATION FOR OFDM-BASED COMMUNICATION

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
transmitting a first data frame, with a transmitter of a first device, along at least one of a plurality of subcarriers, the
first data frame including information associated with one or more additional data frames pending transmission by the transmitter;

receiving a second data frame, with a receiver of the first device, subsequently to the first data frame, the second data
frame including information regarding any pending data frames enqueued to be sent to the receiver by one or more other devices;
and

dynamically selecting, by a processor of the first device, whether to transmit the one or more additional frames in half-duplex
mode or in full-duplex mode based on the information included in the received second data frame, wherein the first device
selects a subset of the plurality of subcarriers to transmit the additional frames when full-duplex mode is selected and the
selected subset of the plurality of subcarriers do not overlap subcarriers used by the one or more other devices for transmitting,
wherein the first device selects the entire plurality of subcarriers to transmit the additional frames when half-duplex mode
is selected, and wherein the first device selects half-duplex mode in response to the information included in the received
second data frame indicating that there are no pending data frames enqueued to be sent to the receiver of the first device
by the one or more other devices.

US Pat. No. 9,262,639

PLAINTEXT INJECTION ATTACK PROTECTION

Cisco Technology Inc., S...

1. A system comprising:
a memory having a plurality of regions;
a digital rights management engine to protect the provisioning and consumption of multimedia content associated with a license,
the digital rights management engine being a trusted and distinct element from the memory, the digital rights management engine
being operative to:

receive a plurality of ciphertext blocks of the multimedia content;
decrypt the ciphertext blocks yielding a plurality of plaintext blocks;
output the plaintext blocks to a first region of the memory;
provide a plurality of groups of other blocks in addition to the plaintext blocks for scattering to a plurality of different
regions of the memory for storage while the ciphertext blocks of the multimedia content are being decrypted to provide protection
against a plaintext injection attack, the plurality of different regions of the memory being distinct from the first region
of the memory, each of the groups of other blocks having a predetermined pattern including at least three blocks, wherein
at least two of the at least three blocks consist of the same data and wherein a size of each of the ciphertext, plaintext
and other blocks is between 56 and 256 bits; and

output the groups of other blocks to the plurality of different regions of the memory for storage; and
a content renderer to retrieve the plaintext blocks from the first region of the memory and render the plaintext blocks, exclusive
of the groups of other blocks.

US Pat. No. 9,253,693

OPTIMIZING A NEIGHBOR LIST OF ACCESS POINTS

Cisco Technology, Inc., ...

14. A method, comprising:
obtaining a neighbor access point list; and
optimizing the neighbor access point list for a client associated with a current access point, comprising:
maintaining statistics for a current access point the client is currently associated with, the statistics comprising previous
access points previous clients have roamed from prior to associating with the current access point, and next access points
the previous clients associated with;

maintaining counters associated with access points where previous clients that associated with the current access point associated
with the client have roamed;

reducing the counters in a manner that preserves the proportion of the counters when a predefined threshold is exceeded; and
upon determining a direction of travel of the client based on the maintained counters and statistics, prioritizing neighboring
access points within the neighbor access point list based on the determined direction of travel;

wherein neighboring access points are prioritized in the optimized neighbor access point list based on the next access points
previous clients associated with that also associated with the same previous access point as the client.

US Pat. No. 9,408,335

ICM OPTIMIZATION AND STANDARDIZATION FOR AUTOMATION

Cisco Technology, Inc., ...

1. An apparatus comprising:
a circuit board;
an integrated connector having a plurality of receptacles comprising at least a first receptacle and a second receptacle,
the integrated connector being mounted to the circuit board and having a Faraday cage, the integrated connector comprising
a first plurality of transformers and a second plurality of transformers, the first plurality of transformers being connected
to the first receptacle and the Faraday cage to block ground currents corresponding to the first receptacle and the second
plurality of transformers being connected to the second receptacle and the Faraday cage to block ground currents corresponding
to the second receptacle, the plurality of receptacles, the first plurality of transformers, and the second plurality of transformers
being surrounded by the Faraday cage;

a choke structure external to the integrated connector and mounted to the circuit board;
noise causing components mounted to the circuit board, the noise causing components being outside the integrated connector
and outside the choke structure, the noise causing components having a ground in common with the Faraday cage;

a first choke enclosed within the choke structure, the first choke being electrically connected to the first plurality of
transformers and the first receptacle through the circuit board, the first choke having the capacity to filter noise on the
first receptacle caused by the noise causing components; and

a second choke enclosed within the choke structure, the second choke being electrically connected to the second plurality
of transformers and the second receptacle through the circuit board, the second choke having the capacity to filter noise
on the second receptacle caused by the noise causing components.

US Pat. No. 9,231,850

KEEPALIVE MECHANISM TO MAINTAIN LINKS IN A LOSSY ENVIRONMENT

Cisco Technology, Inc., ...

1. A method, comprising:
determining a selected link from a particular device toward a root device in a computer network, wherein traffic destined
away from the root device via the particular device utilizes the selected link in reverse;

monitoring a link quality of the selected link in reverse based on received traffic over the selected link;
determining whether the link quality is below a lower threshold;
in response to the link quality being below the lower threshold, activating use of keepalive messages from the particular
device over the selected link; and

deactivating the use of keepalive messages in response to determining that the link quality is above an upper threshold.

US Pat. No. 9,264,257

DYNAMIC TERNARY CONTENT-ADDRESSABLE MEMORY CARVING

CISCO TECHNOLOGY, INC., ...

1. A method for applying a revised template for ternary content addressable memory (TCAM) in a network switch, the TCAM comprising
a plurality of TCAM allocation units (TAUs), entries of data in the TCAM corresponding to forwarding modes are arranged according
to an original template mapping each forwarding mode to a subset of TAU(s), wherein the method comprises:
relocating the entries of data in the TCAM according to an intermediate template, wherein the intermediate template comprises
at least one unallocated TAU(s) for accommodating the revised template; and

after the entries of data are relocated according to the intermediate template, relocating the entries of data in the TCAM
according to the revised template.

US Pat. No. 9,258,208

MULTIPLE PATH AVAILABILITY BETWEEN WALKABLE CLUSTERS

Cisco Technology, Inc., ...

1. A method comprising:
creating, in a computing network, a hierarchal network layer routing topology for reaching a destination according to a network
layer routing protocol, the hierarchal network layer routing topology comprising supernodes including a single parent supernode
providing reachability to the destination, and a plurality of child supernodes, each supernode comprising a plurality of network
devices interconnected by intra-cluster data links according to a corresponding link layer topology of the corresponding supernode
and wherein in each child supernode one or more of the network devices operate as one or more exit network devices each providing
the corresponding child supernode a corresponding inter-cluster data link to one of the parent supernode or another child
supernode;

receiving, in one of the child supernodes from a distinct one of the child supernodes via the corresponding inter-cluster
data link, a data packet for delivery to the destination according to the network layer routing protocol;

causing the data packet to traverse along a sequence of two or more of any distinct available intra-cluster data links in
the one child supernode independent of any network layer routing topology established by the network devices in the one child
supernode, until the data packet reaches one of the exit network devices;

the one exit network device forwarding the data packet to the parent supernode in response to receipt thereof, via the corresponding
inter-cluster data link; and,

the parent supernode delivering the data packet toward the destination, in response to receipt thereof, according to the network
layer routing protocol.

US Pat. No. 9,258,213

DETECTING AND MITIGATING FORWARDING LOOPS IN STATEFUL NETWORK DEVICES

Cisco Technology, Inc., ...

1. A method, comprising:
receiving a packet on a particular interface of a stateful device in a computer network, the packet having a source identification
and a destination identification;

swapping the source identification and destination identification of the packet;
checking the swapped source identification and destination identification against a stateful connection table managed at the
stateful device for the particular interface;

detecting that a loop exists at the particular interface in response to the swapped source identification and destination
identification matching an existing entry in the stateful connection table by:

detecting that the loop exists at the particular interface in response to the packet sharing the same swapped source identification
and destination identification as a previous packet after a predetermined time duration has been exceeded since the swapped
source identification and destination identification of the previous packet matched the existing entry in the stateful connection
table; and

dropping the packet in response to a detected loop.

US Pat. No. 9,270,040

SYSTEMS AND METHODS FOR PROVIDING A SEAMLESS ELECTRICAL SIGNAL BETWEEN ELECTRICAL COMPONENTS

CISCO TECHNOLOGY, INC., ...

1. An apparatus comprising:
a support structure that, at least in part, borders a cavity in which to receive an electrical module;
at least one beam comprising:
a first end supported by the support structure and a second end;
a clip proximate the second end, wherein the clip is to retain a conductive connector;
a raised portion located between the first end and the second end and extended into the cavity, wherein the raised portion
is to facilitate flexing the beam to disconnect an electrical contact between the conductive connector and a plurality of
electrical contacts upon insertion of the electrical module into the cavity.

US Pat. No. 9,111,340

FREQUENCY-MODULATED WATERMARKING

Cisco Technology Inc., S...

1. A method for image processing, comprising:
storing a data string; and
applying a background modulation to an image, the modulation comprising a periodic spatial pattern of chromatic variations
over an area of the image with a constant luminance over the area and with a spatial frequency of the chromatic variations
that encodes the data string, wherein:

the chromatic variations are defined by first and second chrominance components;
the chromatic variations comprise respective first and second variations of the first and second chrominance components, with
different, respective first and second spatial frequencies, which are used to encode the data string; and

the data string is encoded by a ratio of the first and second spatial frequencies.

US Pat. No. 9,253,274

SERVICE INSERTION ARCHITECTURE

Cisco Technology, Inc., ...

1. An apparatus, comprising a service broker having:
one or more hardware processors; and
logic encoded in one or more non-transitory storage medium for execution by the one or more processors, and when executed
operable to configure the service broker to:

register a service classifier to allow the service classifier to redirect an incoming packet for delivery of a service;
register a plurality of service nodes including receiving service capabilities and locations for each service node; and
provide context information from the service broker to the service classifier, wherein the context information comprises a
service header, a reachability indication, and an encapsulation, the context information being used by the service classifier
in redirecting the incoming packet to a first service node included in a service chaining order of service nodes for delivery
of the service, wherein the service header provided by the service broker is inserted as a header in the redirected packet
and provides information on (i) the service chaining order that includes an ordered list of service features to be performed
on the redirected packet by the service nodes included in the service chaining order and (ii) classification information associated
with avoiding duplicate classification or providing the classification information to a particular service node, and wherein
the service header inserted in the redirected packet is alterable by any of the service nodes receiving the redirected packet
to modify the service chaining order such as to alter a path taken by the redirected packet through the service chaining order,

wherein a service directory coupled to the service broker includes a policy that provides the service header that is provided
to the service classifier to provide information on how the service features are to be applied to the incoming packet.

US Pat. No. 9,264,422

SECURE NETWORK DEPLOYMENT

Cisco Technology, Inc., ...

1. An apparatus comprising:
a non-volatile memory containing a manufacturer installed certificate that includes an address for the apparatus and a model
number for the apparatus; and

logic encoded in one or more tangible media for execution and when executed operable to:
generate a message including a unique identification number;
digitally sign message using the manufacturer installed certificate that contains the address for the apparatus;
receive a configuration profile for the apparatus in response to the message, the configuration profile containing a locally
significant certificate; and

configure the apparatus with the configuration profile.

US Pat. No. 9,113,184

DELIVERING AN AUDIO VIDEO ASSET

Cisco Technology Inc., S...

1. A method of delivering an audio video asset, said method comprising:
receiving orders, each order specifying an audio video asset to be delivered and a delivery destination for said audio video
asset, wherein said delivery destination represents one or more physical delivery recipients;

determining delivery paths that could be used to deliver said audio video asset to said delivery destination, wherein said
determining comprises: for each delivery path, matching a delivery sink associated with a delivery capability to a delivery
source represented by a delivery option according to one or more criteria of a delivery scheme representing a delivery technology;

retrieving a set of path capacity timelines for said delivery paths, wherein path capacity timelines in said set of path capacity
timelines each model a quantity of available capacity varying over time;

processing said path capacity timelines to yield delivery path capacities;
applying an allocation algorithm to said delivery path capacities to yield candidate delivery allocations, wherein said candidate
delivery allocations each comprise one or more time periods during which one or more time periods a defined quantity of capacity
can be allocated for delivery of said audio video asset;

applying a cost function to said candidate delivery allocations to yield cost values, said cost function parameterized by
at least one time period, said at least one time period associated with at least one cost factor for calculating said cost
values according to at least said at least one time period, wherein said cost values each represent a cost of delivering said
audio video asset according to said candidate delivery allocations;

calculating scores for said candidate delivery allocations in dependence on a cost value for each of said candidate delivery
allocations and one or more other objectives;

selecting one of said candidate delivery allocations having a lowest score to yield a selected candidate delivery allocation;
and

delivering said audio video asset according to said selected candidate delivery allocation.

US Pat. No. 9,264,495

APPARATUS AND METHODS FOR HANDLING NETWORK FILE OPERATIONS OVER A FIBRE CHANNEL NETWORK

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
receiving, at an interposed file access protocol layer of a server device, an operation message from a Fibre Channel (FC)
layer of the server device, wherein the message does not include data and pertains to a file write request, and wherein such
message was transmitted from a client over a Fibre Channel (FC) network and the interposed file access protocol layer is interposed
between the Fiber Channel layer and an upper file access protocol layer;

retaining, at the interposed file access protocol layer of the server device, the file write request, allocating a buffer
that is sized to receive data that is associated with the message, and sending one or more transfer ready messages to the
client to solicit the data;

transmitting the one or more transfer ready messages from the server over the FC network to the client;
receiving, at the interposed file access protocol layer of the server device, one or more data messages from the FC layer
of the server device, the one or more data messages being sent from the client in response to the one or more transfer ready
messages and being associated with the message;

retaining data from the one or more data messages, along with the retained file write request, within the allocated buffer
and sending a write file operation to the upper file access protocol layer of the server, wherein the write file operation
specifies the allocated buffer; and

transmitting, over the FC network, a reply from the upper file access protocol layer of the server to the client, wherein
the reply was generated in response to the write file operation.

US Pat. No. 9,256,548

RULE-BASED VIRTUAL ADDRESS TRANSLATION FOR ACCESSING DATA

Cisco Technology, Inc., ...

1. A method, comprising:
matching a virtual address simultaneously in parallel against a set of a plurality of predetermined rules in identifying one
or more storing description parameters for converting the virtual address to a lookup address, with each of the plurality
of predetermined rules including a range of one or more virtual addresses stored in a binary or ternary content-addressable
memory entries, with said matching operation including performing a single hardware-based content-addressable memory lookup
operation simultaneously and in parallel on each of said content-addressable memory entries resulting in a single matching
rule, and retrieving said storing description parameters from a location in a storing description parameter storage corresponding
to the single matching rule;

converting the virtual address to the lookup address based on said identified storing description parameters; and
performing one or more data access operations in one or more particular memory units based on the lookup address said converted
from the virtual address.

US Pat. No. 9,225,681

ENABLING MOBILE APPLICATIONS TO ACQUIRE A MAC ADDRESS FOR OBTAINING LOCATION INFORMATION

Cisco Technology, Inc., ...

1. A method comprising:
receiving, at a network element in a network, a request from an application on a device, the request being encapsulated in
a packet that includes a header that contains a physical layer identifier of the device to which the application does not
have access;

obtaining the physical layer identifier at the network element; and
sending a response to the application on the device, the response including a web cookie containing the physical layer identifier
of the device, wherein the physical layer identifier enables the application to query an entity using the physical layer identifier
to obtain location information of the device.

US Pat. No. 9,158,901

GLITCH RESISTANT DEVICE

Cisco Technology Inc., S...

1. A system for device security, the system comprising:
at least one integrated circuit comprising a CPU;
a key register storing a hardware enabling key, the key comprising a number of bits, such that each bit of the number of bits
has a value, and if any one bit of the number of bits is set to an incorrect value the key will not function correctly;

a combination circuit for performing a function, ƒ, such that the combination circuit is activated by the key, the combination
circuit only performing function ƒ if each one of the number of bits of the key is set to the value of that one bit, and there
exists no set of intermediate or output bits derived from the number of bits of the key, which determine if the combination
circuit performs function ƒ, said set intermediate or output bits comprising fewer bits than comprise the key.

US Pat. No. 9,100,313

SHARED EGRESS BUFFER IN A MULTI-STAGE SWITCH

Cisco Technology, Inc., ...

1. An apparatus comprising:
an ingress stage that includes a plurality of ingress port subsystems each comprising a plurality of ingress ports that receive
packets;

an unscheduled crossbar switching fabric connected to the ingress stage and comprising a plurality of crossbar switching elements
that receive one or more packets from at least one of the ingress port subsystems; and

an egress stage connected to the unscheduled crossbar switching fabric, wherein the egress stage includes a plurality of egress
port subsystems each comprising:

a memory comprising at least one shared egress buffer that receives any packets forwarded by the crossbar switching elements
from the ingress stage directed to the egress port subsystem, and

a plurality of egress ports that transmit the packets received in the shared egress buffer,
wherein a first crossbar switching element generates a negative acknowledgement message for transmission to a first ingress
port subsystem when a first packet received from the first ingress port subsystem cannot be forwarded to the egress stage,
and wherein the first ingress port subsystem is configured to randomly select a second crossbar from among the plurality of
crossbar switching elements that are not the first crossbar switching element and to retransmit the first packet to the second
crossbar switching element for forwarding to the egress stage after receipt of the negative acknowledgement message.

US Pat. No. 9,124,770

METHOD AND SYSTEM FOR PREVENTION OF CONTROL WORD SHARING

Cisco Technology Inc., S...

1. A method of preventing control word sharing, the method comprising:
receiving an entitlement control message (ECM), the ECM comprising a temporal key, denoted TKi, at a removable security element, the ECM further comprising a control word derivable by the removable security element;

deriving the control word from the ECM at the removable security element;
combining at least the control word and a value associated with an ID of the removable security element, thereby producing
combined control word and removable security element ID data;

encrypting the combined control word and removable security element ID data according to an encryption function, wherein the
encrypting comprises using TKi, as an encryption key; and

at a time after a removable security element interface has received TKi, in the ECM, but prior to a start of a crypto period with which the control word is associated, sending the encrypted combined
control word and removable security element ID data to the removable security element interface.

US Pat. No. 9,485,197

TASK SCHEDULING USING VIRTUAL CLUSTERS

Cisco Technology, Inc., ...

1. A method comprising:
receiving, at a device, information regarding a data set to be processed by a map-reduce process, wherein the map-reduce process
comprises a rack-aware scheduler;

generating a set of virtual clusters for the map-reduce process based on network bandwidths between nodes of the virtual clusters,
each node of a virtual cluster corresponding to a resource device, wherein the set of virtual clusters are generated such
that intra-cluster bandwidths in the set are greater than inter-cluster bandwidths in the set;

associating the data set with a map-reduce process task; and
scheduling, by the rack-aware scheduler, the execution of the task by a node of the virtual clusters based on the network
bandwidth between the node and a source node on which the data set resides, wherein the virtual clusters are used by the rack-aware
scheduler in lieu of a physical rack to make scheduling decisions.

US Pat. No. 9,276,827

ALLOCATING COMPUTING RESOURCES BASED UPON GEOGRAPHIC MOVEMENT

Cisco Technology, Inc., ...

1. A method for allocating resources based on geographic movement of a client, the method comprising:
determining a first geographic location of the client;
receiving identification data for identifying the client from at least one application programming interfaces (API) operating
in a network device in a software-defined networking (SDN) enabled network, wherein the API identifies the identification
data by filtering a network flow traversing an ingress port of the network device;

associating the network flow to a client ID using the identification data;
determining, based on the network flow, a second geographic location of the client, wherein the first and second geographic
locations are different; and

allocating computing resources associated with the client ID in response to the client moving from the first geographic location
to the second geographic location.

US Pat. No. 9,219,712

WAN OPTIMIZATION WITHOUT REQUIRED USER CONFIGURATION FOR WAN SECURED VDI TRAFFIC

Cisco Technology, Inc., ...

1. A method comprising:
intercepting Virtual Desktop Infrastructure (“VDI”) traffic;
encrypting all data redundancy elimination messages received in the VDI traffic; and
sending the encrypted data redundancy elimination messages to a peer network device.

US Pat. No. 9,201,202

QSFP TO SFP+ ADAPTER CABLE

Cisco Technology, Inc., ...

1. An apparatus comprising:
a quad small form-factor pluggable (QSFP) transceiver module configured to send and receive a plurality of data signals;
a plurality of enhanced small form-factor pluggable (SFP+) transceiver cage devices, wherein each of the SFP+ transceiver
cage devices is configured to interface with an SFP+ transceiver module; and

a plurality of management cables each of which is configured to interface with the QSFP transceiver module and corresponding
ones of the plurality of SFP+ transceiver cage devices, wherein each of the plurality of management cables comprises:

a data communication path to manage data flow between the QSFP transceiver module and one of the SFP+ transceiver cage devices,
wherein the QSFP transceiver module comprises a direct current (DC) blocking device coupled to the data communication path
to allow alternating current (AC) signals to be delivered between the QSFP transceiver module and an SFP+ transceiver module
that interfaces with the one of the SFP+ transceiver cage devices;

a power supply path extending from the QSFP transceiver module to the one of the SFP+ transceiver cage devices to deliver
power from the QSFP transceiver module to an SFP+ transceiver module that interfaces with the one of the SFP+ transceiver
cage devices, wherein the QSFP transceiver module comprises a current limiting switch coupled to the power supply path to
selectively switch the power supply path to a low power mode; and

a management data path extending from the QSFP transceiver module to the one of the SFP+ transceiver cage devices to map status
and control signals between the QSFP transceiver module and the one of the SFP+ transceiver cage devices.

US Pat. No. 9,148,411

KNOWN PLAINTEXT ATTACK PROTECTION

Cisco Technology Inc., S...

1. A system comprising:
an encoder to encode input data yielding a plurality of data packets, each of the packets having a header and a payload;
a post encoding hardware processor to:
identify ones of the data packets having the payload with a suspected known plaintext; and
based on identifying the data packets having the payload with a suspected known plaintext, for each of at least some of the
identified packets with the payload having a suspected known plaintext: add an adaptation field or lengthen a pre-existing
adaptation field; and reduce a length of the payload to less than a certain length, yielding a reduced payload; and

an encryption processor to encrypt the data packets not having the reduced payload but not encrypt the data packets having
the reduced payload wherein the data packets identified as having a suspected known plaintext and having the reduced payload
are not encrypted.

US Pat. No. 9,197,650

PROXY THAT SWITCHES FROM LIGHT-WEIGHT MONITOR MODE TO FULL PROXY

Cisco Technology, Inc., ...

1. A method comprising:
passively monitoring, at a proxy device, packets passing through the proxy device of a communication session between a first
device and a second device;

determining full proxy services should be applied to the communication session at the proxy device, wherein determining comprises
determining packets associated with a sequence number greater than a determined number are to have full proxy services applied
to them, and packets associated with a sequence number less than or equal to the determined sequence number will pass through
the proxy device;

passing through the proxy device, after the determination that full proxy services should be applied, a packet of a first
exchange initiated prior to the determination; and

actively applying at the proxy device, after the determination that full proxy services should be applied, full proxy services
to a packet of a second exchange initiated after the determination.

US Pat. No. 9,124,929

SECURE FAST CHANNEL CHANGING

Cisco Technology Inc., S...

1. A method for communication, comprising:
distributing over a communication network multiple channels of digital content, which are encrypted using different, channel-specific
control words; and

transmitting over the communication network, different, channel-specific entitlement control messages from which the control
words are derivable such that each of the different channel-specific control words is derivable from any of the different
channel-specific entitlement control messages by authorized receivers of the channels on the communication network, wherein:
(a) a first channel-specific control word for a first channel is derivable from a channel key for the first channel and a
master control word which is derivable from a first channel-specific entitlement control message for the first channel; and
(b) a second channel-specific control word for a second channel is derivable from a channel key for the second channel and
the master control word in the absence of the first channel-specific control word.

US Pat. No. 9,106,574

SUPPORTING QUALITY OF SERVICE DIFFERENTIATION USING A SINGLE SHARED BUFFER

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving a plurality of data packets at an ingress port of a network element, wherein each data packet of the plurality of
data packets belongs to one of a plurality of classes;

transmitting a first portion of the plurality of data packets from the ingress port to a buffer maintained by an egress port
of the network element based on a metering policy, wherein the buffer has four thresholds comprising an ON threshold, a LOW
threshold, a HI threshold, and an OFF threshold, and wherein the transmitting further comprises:

responsive to the buffer being below the ON threshold, enabling transmission of classes of the plurality of classes;
responsive to the buffer being above the LOW threshold, enabling and disabling transmission of the plurality of classes of
the plurality of data packets according to the metering policy using a plurality of weights;

responsive to the buffer being above the OFF threshold, disabling transmission of classes of the plurality of data packets;
and

responsive to the buffer being below the HI threshold, enabling and disabling transmission of the plurality of classes of
the plurality of data packets according to the metering policy using a plurality of weights;

fetching the first portion of the plurality of data packets from the buffer according to a scheduling policy; and
retaining a remaining portion of the plurality of data packets at the ingress port;
wherein the metering policy and the scheduling policy each have a plurality of weights associated with the plurality of classes
and wherein a maximum credit for the plurality of classes is larger than a largest weight of the plurality of weights.

US Pat. No. 9,264,406

PUBLIC KEY CRYPTOGRAPHY WITH REDUCED COMPUTATIONAL LOAD

Cisco Technology Inc., S...

1. A cryptographic method, comprising:
receiving a public key belonging to a message recipient having a private key corresponding to the public key;
selecting a numerical seed, having a first entropy;
using the numerical seed and the public key, generating key recovery information having a second entropy, which is less than
the first entropy, and generating a message key having a third entropy, which is less than the first entropy, wherein: the
entropy of the message key is less than the entropy of the numerical seed; and the entropy of the key recovery information
is less than the entropy of the numerical seed;

encrypting a message using the message key; and
transmitting the encrypted message and the key recovery information to the message recipient providing a secure transfer of
a cryptographic key, whereby the recipient reconstructs the message key using the key recovery information and the private
key and decrypts the encrypted message using the reconstructed message key.

US Pat. No. 9,185,714

METHOD AND SYSTEM FOR DYNAMICALLY ASSIGNING CHANNELS ACROSS MULTIPLE RADIOS IN A WIRELESS LAN

Cisco Technology, Inc., ...

1. A method, comprising:
monitoring, at one or more wireless network access elements, signal strength of signals transmitted by respective neighboring
wireless network access elements;

collecting information from said wireless network access elements and converting said information into reportable data about
signal strength observed during the monitoring the signal strength of signals by the one or more wireless network access elements
and about access element load, wherein the reportable data about access element load comprises:

data regarding wireless network traffic load corresponding to each of said wireless network access elements over a period
of time; and

physical interference;
creating a signal strength matrix describing the signal strength observed between each of the access elements;
creating a utilization matrix describing the load observed at each access element over a given time interval;
combining the signal strength matrix and the utilization matrix to create an average signal strength matrix describing the
average signal strength observed between each of the access elements;

creating a first interference matrix by matrix-multiplying the average signal strength matrix by a channel assignment matrix
describing a plurality of possible combinations of channel assignments of the physical channels across the access elements;
and

identifying, based at least in part, on said physical interference associated with concurrent signal transmissions of the
wireless network access elements, a combination of channel assignments for the one or more wireless network access elements
from the plurality of possible combinations of channel assignments and assigning channels for concurrent, respective use by
said wireless network access elements based on the identified combination of channel assignments.

US Pat. No. 9,411,985

PASSING HIDDEN INFORMATION USING ATTACK DETECTORS

Cisco Technology Inc., S...

1. An electronic device, comprising:
a communication interface;
a processor, which is configured to store and process secret information and to communicate with a host device via the communication
interface; and

an environmental detector, which is configured to detect a change, relative to a baseline, in an operating environment of
the electronic device, and in response to the detected change, to initiate a secure communication between the processor and
the host device when the detected change is in a predefined first range, and to invoke a countermeasure against tampering
with the device when the detected change is in a predefined second range, disjoint from the first range, the environmental
detector being operative to issue to the processor, when the detected change is in the predefined first range, an instruction
to conduct the secure communication with the host device via the communication interface, the host device being operative
to actuate an environmental signal generator to generate changes that are within the predefined first range, relative to the
baseline, in the operating environment of the electronic device,

wherein the change detected by the environmental detector comprises at least one of the following:
a glitch in a voltage that is input to the electronic device;
a variation in a frequency of a clock that is provided to the electronic device;
a change in radiation; and
a change in temperature.

US Pat. No. 9,332,318

EXTRA RICH CONTENT METADATA GENERATOR

CISCO TECHNOLOGY INC., S...

1. A method implemented on a content metadata generator, said method comprising:
receiving, at a content metadata generator manager unit, content provider metadata related to content items provided by a
content provider;

retrieving additional external metadata for a subset of said content provider metadata related to said content items, said
additional external metadata comprising language variations of said content provider metadata retrieved from one or more external
sources using one or more web crawlers, said language variations comprising at least one of: a written format; a pronunciation
format; and a social common name;

storing said content provider metadata with said additional external metadata in a storage device, wherein said content provider
metadata is stored and indexed in association with said additional external metadata;

receiving, at a search engine, a content item search request from a user, said content item search request comprising one
or more search terms expressed in a first language variation;

identifying, using said index, relevant metadata matching said one or more search terms among said content provider metadata
or said additional external metadata stored and indexed in association in said storage device;

identifying additional relevant metadata stored and indexed in association with said relevant metadata in said storage device,
said additional relevant metadata comprising language variations of said relevant metadata and corresponding to content provider
metadata and/or additional external metadata other than said relevant metadata matching said one or more search terms; and

adding one or more additional search terms to said content item search request, said one or more additional search terms corresponding
to said additional relevant metadata.

US Pat. No. 9,219,816

SYSTEM AND METHOD FOR AUTOMATED WHITELIST MANAGEMENT IN AN ENTERPRISE SMALL CELL NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving a network address associated with a wireless device at a first network element, the network address identifying
the wireless device on a first network;

receiving user credentials from a directory service associated with a second network, the user credentials identifying a user
associated with the wireless device on the second network;

associating the user credentials with the network address;
communicating a request message to a second network element, the request message including a request for a user identifier
identifying the user on a third network;

receiving a response message from the second network element including the user identifier;
associating the user credentials with the user identifier; and
storing the association of the user credentials and the user identifier in a whitelist.

US Pat. No. 9,332,557

HIGH DENSITY DEPLOYMENT USING TRANSMIT OR TRANSMIT-RECEIVE INTERFERENCE SUPPRESSION WITH SELECTIVE CHANNEL DIMENSION REDUCTION/ATTENUATION AND OTHER PARAMETERS

Cisco Technology, Inc., ...

1. A method comprising:
at a second access point, determining one or more antennas paths for which to disable reception in order to suppress co-channel
interference associated with transmissions made by a first access point; and

sending channel state information from the second access point to the first access point, the channel state information indicating
which one or more antennas paths are to be disabled at the second access point.

US Pat. No. 9,244,720

AUTOMATED TECHNIQUE TO CONFIGURE AND PROVISION COMPONENTS OF A CONVERGED INFRASTRUCTURE

Cisco Technology, Inc., ...

1. A method comprising:
generating task definitions to configure respective ones of compute, storage, and network components of a converged infrastructure
(CI) when invoked, each task definition including a task identifier (ID), one or more component configuration commands, and
one or more task arguments through which one or more corresponding component configuration parameters are passed to corresponding
ones of the one or more component commands;

generating an ordered sequence of task identifiers (IDs) identifying corresponding ones of the task definitions that configure
respective ones of the computer, storage and network components of the CI; and

automatically invoking each of the task definitions by task ID according to the ordered sequence in order to configure the
CI, wherein the automatically invoking includes providing the one or more component configuration commands and the corresponding
one or more passed configuration parameters of each invoked task definition to the respective ones of the CI components, and
wherein the automatically invoking further includes, for each invoked task definition:

receiving each component configuration parameter through the corresponding task argument;
validating a total number of the received component configuration parameters and a type of each received component configuration
parameter against a total number of task arguments and a type of each argument defined in the task definition; and

passing each received component configuration parameter that is validated to each corresponding component configuration command
and not passing each received component configuration parameter that is not validated.

US Pat. No. 9,213,152

RELEASABLE FIBER CONNECTOR FOR OPTO-ELECTRONIC ASSEMBLIES

Cisco Technology Inc., S...

1. An apparatus comprising:
an interposer substrate for supporting a plurality of opto-electronic components for creating optical output signals and receiving
optical input signals;

an enclosure including a transparent lid covering the interposer substrate, wherein the transparent lid is positioned to allow
the optical output and input signals to pass through first and second surfaces of the transparent lid, wherein the first and
second surfaces are parallel;

a magnetic connector component disposed on the transparent lid, the magnetic connector component including a central opening
for allowing the optical output and input signals to pass through the magnetic connector component; and

a fiber connector for supporting one or more optical fibers and including a metallic connector component for mating with the
magnetic connector component and providing releasable attachment of the fiber connector to the enclosure in a manner allowing
the optical output and input signals to align with the one or more optical fiber, wherein the magnetic connector component
is disposed between the transparent lid and the fiber connector.

US Pat. No. 9,135,453

PREVENTING DATA EXTRACTION BY SIDE-CHANNEL ATTACK

CISCO TECHNOLOGY INC., S...

1. A method for data transfer, comprising:
receiving a control signal triggering a transfer of a secret value into an element of a circuit; in response to the control
signal, inserting a deterministic non-constant dummy value and the secret value in succession into the element of the circuit;
and

asserting a data valid signal after inserting the secret value into the element, wherein the data valid signal is deasserted
while the element holds the dummy value.

US Pat. No. 9,094,344

ESTABLISHING A BIDIRECTIONAL FORWARDING DETECTION (BFD) ASYNCHRONOUS MODE SESSION WITHOUT KNOWING A PRIOR LAYER-2 OR LAYER-3 INFORMATION

Cisco Technology, Inc., ...

1. A method, comprising:
performing operations by a first packet switching device, with said operations including:
sending, from a first interface of the first packet switching device to a second interface of a second packet switching device
that is connected to the first packet switching device over a point-to-point link, a Media Access Control (MAC) frame requesting
a Bidirectional Forwarding Detection (BFD) asynchronous session be established over the link, with the second interface associated
with a unique MAC address to use in sending and receiving packets, and with the MAC Frame including a group, broadcast or
other MAC address as the destination address of the MAC frame that is not the unique MAC address but is a destination address
that the second packet switching device will recognize and thus process the received MAC frame requesting the BFD asynchronous
session be established over the link; and

receiving a BFD control packet from the second packet switching device responding to said sent requested BFD asynchronous
session.

US Pat. No. 9,113,193

VIDEO CONTENT ITEM TIMELINE

CISCO TECHNOLOGY INC., S...

1. A method implemented on a computing device, the method comprising:
querying a database for data related to a video content item currently being displayed on a display device, said video content
item comprising at least one video scene;

receiving said data upon identifying said video content item in said database, said data comprising metadata relevant to one
or more promoted objects appearing in said at least one video scene and a maximum number of promoted objects to display;

generating a graphical timeline of said video content item using said metadata, wherein said graphical timeline comprises
an interactive visual indication and an interactive thumbnail for each of said one or more promoted objects appearing in said
at least one of video scene, said interactive visual indication identifying a particular promoted object from said one or
more promoted objects and said interactive thumbnail identifying a video scene of said video content item in which said particular
promoted object appears; and

displaying said generated graphical timeline of said video content item, said graphical timeline being displayed by adjusting
a zoom factor value of said display device so that said maximum number of promoted objects can be displayed on said display
device.

US Pat. No. 9,203,744

CONVERGENCE OF MULTI-DESTINATION TRAFFIC IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving, at a leaf switch in a Transparent Interconnection of Lots of Links (TRILL) network, a first type-length-value (TLV)
message from a true broadcast root in the TRILL network indicating a first subset of multi-destination trees in the TRILL
network;

receiving, at the leaf switch, a second TLV message from the true broadcast root indicating a second subset of multi-destination
trees in the TRILL network, wherein a union of the first subset and the second subset indicates at least one inactive multi-destination
tree in the TRILL network; and

deleting, by the leaf switch using a processor, the indicated inactive multi-destination tree from a hash table of active
multi-destination trees stored in a memory element of the leaf switch, wherein the true broadcast root receives a link-state
packet (LSP) indicating a change from an active status to an inactive status of the indicated multi-destination tree to be
deleted from the hash table, and broadcasts the first TLV and the second TLV to the TRILL network.

US Pat. No. 9,385,995

ANONYMOUS AUTHENTICATION

Cisco Technology Inc., S...

1. A method for anonymous purchase by a first user device, the method comprising performing in the first user device:
obtaining an anonymized token, data string T, by performing the following steps:
selecting a random number r;
deriving a result, R, by performing a one-way function on the random number r;
sending R from the first user device to a second user device, the second user device sending R to a service provider, the
service provider storing R with a data string T and returning a digitally signed R and T to the second user device, thereby
providing the data string T to the second user device;

storing r;
receiving, from the second user device, R and T at the first user device, thereby ensuring that the identity of the first
user device remains unknown to the service provider;

using T to execute an anonymous purchase of a service by performing the following steps:
opening a communication channel between the first user device and the service provider;
sending the service provider the stored r and the received T from the first user device to the service provider via the communication
channel along with a request for the service provider to provide a service; and

receiving the requested service from the service provider.

US Pat. No. 9,220,007

WIRELESS ACCESS POINT MAC ADDRESS PRIVACY

Cisco Technology, Inc., ...

1. A computer-implemented method, comprising:
assigning a first Media Access Control (MAC) address to a wireless-side interface of a wireless access point, wherein the
wireless-side interface facilitates wireless communications between client systems and the wireless access point, and wherein
the first MAC address is communicated to the client systems during the wireless communications as part of service station
identifier (SSID) messages broadcast by the wireless access point; and

upon determining one or more triggering conditions for automatically changing the first MAC address assigned to the wireless-side
interface of the wireless access point to a second MAC address have been satisfied based on at least one of (i) the number
of currently attached client devices being less than a predetermined threshold number of client devices and (ii) the amount
of time where no traffic has passed over the wireless interface exceeding a predetermined threshold amount of time:

disconnecting all client systems currently connected to the wireless access point via the wireless-side interface;
determining the second MAC address; and
re-assigning the second MAC address to the wireless-side interface of the wireless access point, thereby replacing the first
MAC address assigned to the wireless-side interface of the wireless access point, wherein the second MAC address is then included
in subsequent SSID messages broadcast by the wireless access point.

US Pat. No. 9,270,770

SYSTEM AND METHOD FOR OPTIMIZING PUBLICATION OF OPERATING STATES

Cisco Technology, Inc., ...

1. A method for optimizing publication of operating states, comprising:
receiving, at a presence server, a first publication message from an authorization, and accounting (AAA) server, the first
publication message associated with an initiation of a data session by a mobile unit, the first publication message comprising
an operating state of a mobile unit;

creating, by the presence server, a data session slot storing the operating state of the mobile unit during the data session,
the data session slot identified by a first entity tag value;

sending, by the presence server, the first entity tag value to the AAA server;
receiving from the AAA server a second publication message communicating a session identifier value, a correlation value,
a second entity tag value, and an update of the operating state of the mobile unit during the data session, wherein:

the session identifier value comprises a first string of characters uniquely identifying the data session, and
the correlation identifier value comprises a second string of characters uniquely identifying authorization granting permission
to instantiate the data session;

determining that the second entity tag value of the second publication message does not match the first entity tag value identifying
the data session slot for storing, by the presence server, the operating state of the mobile unit during the data session;

in response to determining that the second entity tag value of the second publication message does not match the first entity
tag value, deriving by the presence server, the first entity tag value from the session identifier value and the correlation
identifier, wherein deriving the entity tag value comprises performing an operation on the first string of characters and
the second string of characters to construct the entity tag value;

using the first entity tag value to identify the data session slot storing the operating state of the mobile unit during the
data session; and

storing the update of the operating state of the mobile unit in the data session slot.

US Pat. No. 9,510,362

OVERLAYING RECEIVE SCHEDULES FOR ENERGY-CONSTRAINED DEVICES IN CHANNEL-HOPPING NETWORKS

Cisco Technology, Inc., ...

1. A method, comprising:
determining a start time at which a first device in a frequency-hopping communication network is expected to transmit a data
message;

generating a first schedule based on the determined start time the first device is expected to transmit the data message,
the first schedule defining a first timeslot during which a second device in the network listens for the data message; and

overlaying the first schedule on a frequency-hopping schedule for the second device, wherein
the frequency-hopping schedule defines a plurality of second timeslots during which the second device listens for data messages
from other devices in the network,

a duration of the first timeslot is greater than respective durations of the plurality of second timeslots; and
setting the duration of the first timeslot based on an expected synchronization error of the first device.

US Pat. No. 9,414,416

LOCATION AWARE CAPTIVE GUEST PORTAL

Cisco Technology, Inc., ...

1. A method, comprising:
receiving, from a client device, a request to access a wireless network for a physical environment, the wireless network comprising
a plurality of wireless access points configured to provide a common network;

determining a physical location of the client device within the physical environment, comprising:
retrieving a floor map data structure specifying a physical position of each of the wireless access points within the physical
environment;

determining a measure of signal strength between the client device and each of two or more of the plurality of wireless access
points; and

determining the physical location of the client device, based on the floor map data structure and the determined measures
of signal strength;

determining a location profile corresponding to the physical location of the client device;
selecting one of a plurality of captive guest portals based on the determined location profile, wherein each of the plurality
of captive guest portals processes requests using a distinctive theme; and

processing the request to access the wireless network using the selected captive guest portal, wherein processing the request
includes transmitting, by the selected captive guest portal, a web page corresponding to the respective theme to the client
device.

US Pat. No. 9,258,724

METHOD AND SYSTEM FOR AUTOMATICALLY IDENTIFYING WIRELESS SIGNAL QUALITY OF A REGION

Cisco Technology, Inc., ...

9. A system, comprising:
an interface operable to:
receive signal quality information associated with wireless signals communicated with each of a plurality of mobile endpoints;
receive location information identifying locations of each of the plurality of mobile endpoints;
a processor coupled to the interface and operable to:
based on the received signal quality information and the received location information, identify a first region of an area,
the first region having a first signal quality;

based on the received signal quality information and the received location information, identify a second region of the area,
the second region having a second signal quality; and

wherein the second signal quality is higher than the first signal quality.

US Pat. No. 9,277,040

PRESENCE BASED CONNECTING NUMBER SEARCH

Cisco Technology, Inc., ...

1. A method comprising:
obtaining at least a partial entry, the partial entry being associated with a destination address, the destination address
being arranged to identify a first destination to be accessed;

identifying a plurality of potential destinations, wherein each potential destination of the plurality of potential destinations
includes the partial entry, the plurality of potential destinations including the first destination, the plurality of potential
destinations including previously accessed destinations and destinations programmed into a database;

determining a presence status of each potential destination of the plurality of potential destinations, wherein determining
the presence status of each potential destination of the plurality of potential destinations includes determining whether
the presence status of each potential destination indicates presence, determining whether the presence status of each potential
destination indicates a lack of presence, and determining whether the presence status of each potential destination is unknown;

ordering the plurality of potential destinations, wherein ordering the plurality of potential destinations includes using
the presence status of at least some of the potential destinations, wherein ordering the plurality of potential destinations
includes determining whether to use the presence status of a second potential destination of the plurality of potential destinations
when ordering the plurality of potential destinations;

determining if the first destination has been selected from the plurality of potential destinations; and
automatically completing the destination address if it is determined that the first destination has been selected, wherein
automatically completing the destination address includes automatically adding on to the partial entry to cause the first
destination to be accessed.

US Pat. No. 9,270,713

MECHANISM FOR COMPACTING SHARED CONTENT IN COLLABORATIVE COMPUTING SESSIONS

Cisco Technology, Inc., ...

7. An apparatus, comprising:
at least one network interface configured to transmit and receive data on a computer network;
a group of participant devices in data communication with each other via the network;
a processor coupled to the at least one network interface and configured to execute one or more processes; and
a memory configured to store a collaboration process executable by the processor, the collaboration process when executed
operable to:

initiate a collaborative computing session between the group of participant devices in data communication with each other,
wherein at least one participant device operates as a presenter device to share data with at least one other participant viewer
device;

designate data associated with the group consisting of: (i) at least one application program executing on the presenter device
to generate at least two windows and at least one background region between the two windows on a display of the presenter
device, (ii) a predefined area of the display of the presenter device, and (iii) combinations thereof, to be shared with at
least one viewer device;

transmit the designated shared data to the at least one viewer device;
render the shared data for display on the at least one viewer device, wherein the shared data is rendered in accordance with
display capabilities of the at least one viewer device; and

display the rendered shared data on the at least one viewer device, such that the background region between the at least two
windows is removed and the at least two windows will be displayed contiguously on the at least one viewer device.

US Pat. No. 9,282,040

SMARTER POLICY DECISIONS BASED ON METADATA IN DATA FLOWS

CISCO TECHNOLOGY, INC., ...

1. A method for communicating feedback to enforce security policies on transport of content, comprising:
receiving, from a Port Control Protocol (PCP) client of a first device at a PCP server of a network, a PCP Map request comprising
a query whether the PCP client can bundle a plurality of streams into a flow according to a 5-tuple comprising source Internet
Protocol (IP) address, destination IP address, protocol, source port number, and destination port number;

determining, by the PCP server using a policy application, whether at least one of the plurality of streams is to be provided
to a security application through a relay element;

in response to determining the PCP client must transmit at least one of the plurality of streams separately from the rest
of the plurality of streams, transmitting, from the PCP server to the PCP client, a first PCP Option response indicating to
the PCP client that bundling is not allowed for the at least one of the plurality of streams and the at least one of the plurality
of streams is to be provided to the security application through a relay element;

determining, by the PCP server using the policy application, whether the PCP client is allowed to bundle the rest of the plurality
of streams into the flow and the network is configured to classify traffic on a per-packet basis; and

in response to determining the PCP client is allowed to bundle the rest of the plurality of streams into the flow and the
network is configured to classify traffic on a per-packet basis, transmitting, from the PCP server to the PCP client, a second
PCP Option response to the query indicating to the PCP client that bundling for the rest of the plurality of streams is allowed.

US Pat. No. 9,252,971

SYSTEM AND METHOD FOR PROVISIONING CONNECTIONS AS A DISTRIBUTED DIGITAL CROSS-CONNECT OVER A PACKET NETWORK

Cisco Technology, Inc., ...

1. A computerized method, comprising:
receiving, at an interface of a network device, a request to provision a path for a requested wireless communication service,
the path associated with at least a portion of a packet network;

determining, by one or more processors of the network device, whether a router is required by a type of virtual circuit used
by the requested wireless communication service, wherein the determination comprises:

determining a type of wireless communication service requested;
determining the type of virtual circuit associated with the requested wireless communication service, wherein the type of
virtual circuit is selected from the group consisting of: an Asynchronous Transfer Mode Adaptation Layer-2 (AAL2) virtual
circuit and an Asynchronous Transfer Mode Adaptation Layer-5 (AALS) virtual circuit; and

determining whether the router is required based on the type of virtual circuit associated with the requested wireless communication
service;

if the router is not required, provisioning a first connection between a first gateway and a second gateway, wherein the first
connection does not include the router;

if the router is required, provisioning a second connection between the first gateway and the router, and provisioning a third
connection between the router and the second gateway;

at least one of associating and disassociating a first endpoint of the first gateway and a second endpoint of the second gateway
with one or more of the connections; and

storing, in a non-transitory computer readable medium, an object model comprising at least a portion of the path;
wherein when the type of virtual circuit associated with the requested wireless communication service is an AAL5 virtual circuit,
associating the first and second endpoints with one or more of the connections comprises:

generating a Realtime Transfer Protocol (RTP) port value associated with the one or more connections, wherein the one or more
connections are at least a portion of the virtual circuit that requires the router;

mapping the RTP port value to a first Digital Signal level 0 (DSO) connection at the first gateway; and
mapping the RTP port value to a second DSO connection at the second gateway;
wherein when the type of virtual circuit associated with the requested wireless communication service is an AAL2 virtual circuit,
associating the first and second endpoints with one or more of the connections comprises:

generating a channel identifier (CID) associated with the one or more connections, wherein the one or more connections are
at least a portion of the virtual circuit that does not require the router;

mapping the CID to a first Digital Signal level 0 (DSO) connection at the first gateway; and
mapping the CID to a second Digital Signal level 0 (DSO) connection at the second gateway.

US Pat. No. 9,277,374

DELIVERING WIRELESS INFORMATION ASSOCIATING TO A FACILITY

Cisco Technology, Inc., ...

1. A method for delivering a message, the method comprising:
receiving a message from a first mobile device;
based upon a physical location of the first mobile device, identifying one or more facilities with which to associate the
message;

providing, to the first mobile device, data to represent the identified one or more facilities with which to associate the
message and additional data to represent a respective distance from the physical location to each of the one or more facilities,
in a format such that when the data and the additional data are displayed on the first mobile device, a user is allowed to
select at least one of the identified one or more facilities with which to associated the message;

receiving, from the first mobile device, an indication of a selection by the user of the at least one of the identified one
or more facilities;

associating the message with the selected at least one of the identified one or more facilities;
receiving an indication when a second mobile device is:
proximate to the selected at least one of the identified one or more facilities, and
engaged in a message browsing mode; and
presenting, in response to receiving the indication that the second mobile device is proximate to the selected at least one
of identified the one or more facilities and engaged in the message browsing mode, the message to the second mobile device.

US Pat. No. 9,262,489

REPOSITORY-BASED ENTERPRISE SEARCH WITH USER CUSTOMIZATIONS

Cisco Technology, Inc., ...

1. A method, comprising:
receiving a search string from a user;
receiving a plurality of plug-in components, wherein each plug-in component corresponds to a repository and the plug-in component
includes a search algorithm native to for that repository and a user interface specific to that repository;

sending the search to each plug-in component to provide parallel processing of each repository;
determining a search type of the search string;
based on the search type, determining an order of repositories to search;
searching each repository;
receiving search results from each repository, wherein the search results include a separate panel for each plug-in component
and the plug-in component formats the search results within that panel; and

displaying search results to the user in separate panels for each repository, wherein the panels are ordered based on search
type and search results within each panel are ordered using that respective repository's relevancy.

US Pat. No. 9,307,053

DIRECT DATA PLACEMENT OVER USER DATAGRAM PROTOCOL IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
creating a queue pair (QP) in memory for unreliable datagram transport, wherein an application generates data over the QP
for transmission in a network environment, the data being compatible with an OpenFabrics Application Programming Interface
(API), wherein creating the QP comprises mapping a QP number of the QP to a user datagram protocol (UDP) port number in a
reserved free port list;

mapping the data to a UDP datagram, wherein mapping the data comprises setting a destination port number in the UDP datagram
to the QP number, and including the data in a payload of the UDP datagram; and

passing the UDP datagram to a network interface for transmission.

US Pat. No. 9,250,084

SYSTEM AND METHOD FOR NAVIGATING USING MULTIPLE MODALITIES

Cisco Technology, Inc., ...

1. A system for navigating comprising:
an interface operable to:
receive an identification of a destination inside a building;
receive position information of a first modality comprising global positioning satellite (GPS) information, the position information
of the first modality associated with a navigation unit;

a processor coupled to the interface, wherein the processor is operable to:
determine directions from a current location of the navigation unit to the destination inside the building;
detect that the navigation unit is within range of a radio frequency identification (RFID) network associated with the building,
the building comprising a plurality of RFID tags;

wherein the interface is further operable to:
receive RFID position information of the navigation unit;
the processor further operable to:
navigate to the destination inside the building based on the GPS and RFID position information by automatically switching
from GPS to RFID upon the detection that the navigation unit is within range of the RFID network associated with the building,
wherein the processor utilizes GPS information outside the building and RFID information inside the building for the navigation;
and

wherein the processor is further operable to receive instructions to dynamically program one or more RFID tags of the plurality
of RFID tags to transmit a user request to a navigation unit in the RFID network.

US Pat. No. 9,419,964

SHARING BETWEEN CPE AND COMPANION DEVICE

Cisco Technology Inc., S...

1. A companion device based system for sharing an application context and authorization context between a consumer premises
equipment (CPE) device comprising at least one of a television or a set top box and a companion device comprising at least
one of a hand held computing device, a smart phone, a tablet, or a laptop or a personal computer, the companion device system
comprising:
a companion device search request transmitter for transmitting a search request using a service discovery protocol;
a companion device receiver for receiving a response to the search request from the CPE device;
a companion device authorization context creating processor which creates an authorization context, the authorization context
comprising metadata that grants access to a resource;

a companion device authorization context transmitter which transmits the authorization context to an application resident
on the CPE device;

a companion device application that establishes a trusted session between the application resident on the CPE and the device
application, the device application comprising:

a companion device certificate requester which requests a digital certificate from the CPE;
a companion device certificate receiver for receiving the digital certificate from the CPE; and
a companion device certificate validator which validates the digital certificate;
a companion device application context data creating processor which creates application context data; and
a companion device application context data transmitter which transmits the application context data created to the CPE device,
wherein the application context data enables the CPE device to request access to an authorized resource from a resource provider.

US Pat. No. 9,089,063

METHOD OF REDUCING SOLDER WICKING ON A SUBSTRATE

Flextronics AP, LLC, San...

1. A method of reducing solder wicking on a substrate when connecting a surface mount component to a plated via and conductive
pad structure connected to conductive layers of the substrate, comprising:
placing the surface mount component on the plated conductive pad, wherein the surface mount component includes a package having
an upper surface with solderable terminal sides and a terminal end;

surrounding the plated via with a solder mask;
exposing a part of the conductive pad that extends beyond each of the solderable terminal sides of the surface mount component
to increase solder formation between the conductive pad and the solderable terminal sides; and

covering with a solder mask the part of the conductive pad that extends beyond the solderable terminal end to reduce solder
formation at the terminal end of the surface mount component and to reduce solder formation at the plated via.

US Pat. No. 9,563,440

FAST LEARNING TO TRAIN LEARNING MACHINES USING SMART-TRIGGERED REBOOT

Cisco Technology, Inc., ...

1. A method, comprising:
determining, by a processor, a need for additional reboot times to compute additional joining times;
in response to determining the need for additional reboot times to compute additional joining times, initiating, by the processor,
a triggered reboot of a field area router (FAR) of a computer network during a quiet period of the network predicted by a
learning machine process;

saving, by the processor, gathered states of the FAR;
informing, by the processor, nodes in the computer network of the triggered reboot;
collecting, by the processor, feedback from the nodes in response to the triggered reboot;
determining, by the processor whether to complete the triggered reboot based on the feedback; and
rebooting the FAR in response to determining to complete the triggered reboot.

US Pat. No. 9,160,977

PROVIDING INFORMATION ABOUT VIDEO CONTENT

Cisco Technology Inc., S...

1. A method of providing information about video content to a user of a client device, said method comprising:
receiving a request from the client device requesting information about video content, wherein, without input from the user
and prior to rendering a web page to which the user has navigated, said request is automatically created and submitted by
said client device in response to said client device parsing a portion of hypertext markup language text, said request including
an internet protocol address of said client device;

establishing (a) a geographic location of said client device from said internet protocol address; and (b) a time of said request;
identifying one or more content providers available in said geographic location;
in dependence on said one or more content providers and said time, retrieving information about said video content from a
database; and

providing said information to said client device.

US Pat. No. 9,246,676

SECURE ACCESS FOR ENCRYPTED DATA

Cisco Technology, Inc., ...

1. A method, comprising:
providing, at a client system, an encrypted private key, wherein the encrypted private key, when processed by a decryption
operating using a locker key, produces a recovered private key, and wherein the encrypted private key is stored as a value
in a name-value pair in a web browser on the client system;

receiving encrypted data from a remote system operating within a cloud computing environment and configured to store the encrypted
data on a storage device within the cloud computing environment;

determining that the received encrypted data can be decrypted using the recovered private key produced by processing the encrypted
private key;

executing a program contained within a received web page to perform an operation for decrypting the encrypted data, comprising:
transmitting a request to the remote system for the locker key corresponding to the encrypted private key;
receiving, from the remote system, the requested locker key;
performing a decryption operation on the encrypted private key using the received locker key to produce the recovered private
key; and

decrypting the encrypted data, using the recovered private key.

US Pat. No. 9,232,278

VIRTUAL CONTENT SHARING

Cisco Technology Inc., S...

1. A method for providing DLNA compatible content directory service (CDS) on a media content server device, the method comprising:
detecting changes in at least one content item in a content database, wherein said detecting comprises at least one of monitoring
said content database with a file system monitor or receiving notification from a notifier function associated with said content
database;

in response to said detecting, updating a virtual properties database in accordance with said changes, wherein said updating
comprises:

in said virtual properties database, creating a file system properties class associated with said at least one content item,
creating at least one additional class that inherits from said file system properties class, wherein said at least one additional
class is at least one of an audio, video or photo class, and

entering content item metadata properties into said virtual properties database according to said file system properties class
and said at least one additional class, wherein each of said content item metadata properties is associated with said at least
one content item stored in said content database;

adding said associated content item to CDS sharing as a virtual content item defined by said entered content item metadata
properties;

in response to a user's request, displaying on a display device said virtual content item in a listing of content information
based at least on said content item metadata properties, without accessing said content database;

enabling said user to select said virtual content item from said listing; and
playing said associated content item from said content database.

US Pat. No. 9,137,010

WATERMARK WITH DATA INTEGRITY VERIFICATION

Cisco Technology Inc., S...

1. A system comprising: a processor; and a memory to store data used by the processor, wherein the processor is operative
to: receive a media content item including a watermark embedded in the media content item, the watermark encoding a series
of encrypted bits derived from encrypting an information element multiple times with a plurality of cryptographic keys such
that each of the times the encryption of the information element uses a different one of the cryptographic keys yielding a
plurality of encrypted instances of the information element in the series of encrypted bits, the order of the cryptographic
keys used in the series of encrypted bits being defined such that an ith encrypted instance of the information element in the series of encrypted bits being encrypted with an ith one of the cryptographic keys Ki, the information element consisting of N bits;
identify at least part of the watermark in the media content item;
extract at least some of the encrypted bits from the at least part of the identified watermark;
decrypt a series of N bits using a first one of the cryptographic keys yielding a first value, the series of N bits including
Q bits of the encrypted bits as ordered in the series of the encrypted bits and K guessed bits, K being greater than, or equal
to, zero, K plus Q equaling N;

re-encrypt the first value using a second one of the cryptographic keys yielding a second value, the second cryptographic
key being different from the first cryptographic key; and

compare at least part of the second value to M bits of the encrypted bits as ordered in the series of the encrypted bits to
determine if the at least part of the second value matches the M bits as ordered in the series of the encrypted bits in order
to provide a level of confidence that the first value is indeed the information element which was encrypted and embedded as
the watermark in the media content item, the Q bits and the M bits being selected from different bits of the encrypted bits,
M being greater than zero;

re-encrypt the first value using a third one of the cryptographic keys yielding a third value, the third cryptographic key
being different from the first cryptographic key and the second cryptographic key; and

compare the at least part of the third value to P bits of the encrypted bits as ordered in the series of the encrypted bits
to determine if the at least part of the third value matches the P bits as ordered in the series of the encrypted bits in
order to provide a further level of confidence that the first value is the information element which was encrypted and embedded
as the watermark in the media content item, the Q bits and the M bits and the P bits being selected from different bits of
the encrypted bits, the M bits and the P bits corresponding to different parts of the information element, and wherein:

the first cryptographic key is a jth one of the cryptographic keys; j is an integer;

the M bits and the P bits are positioned in encrypted instances of the information element which are either side of one of
the encrypted instances of the information element which includes the Q bits;

the second cryptographic key is a j+1th one of the cryptographic keys; and

the third cryptographic key is a j?1th ; one of the cryptographic keys.

US Pat. No. 9,224,173

ORDERING ACTIVITIES AND NOTIFICATIONS WITHIN A COLLABORATION PLATFORM

Cisco Technology, Inc., ...

1. A method comprising:
establishing a communication session between a computing device of a user and at least one other computing device within a
collaboration platform to facilitate one or more communications between the user and other users associated with the collaboration
platform;

receiving updates to a user account of the user that is accessible via the user's computing device, wherein the updates provide
information relating to posted activities, notifications or other content and individuals associated with the posted activities,
notifications or other content, the posted activities, notifications or other content being available at one or more computing
devices associated with the platform;

generating, at the one or more computing devices, weighted data structures for both (i) a heuristic order of the updates that
prioritizes the updates based on work projects associated with the user and a reporting hierarchy for the user as identified
in a user profile of the user associated with the user account, and (ii) a semantic order of the updates based on user interests
in the profile, wherein the generating the semantic order comprises: assigning a semantic recommended weight to each update
based at least in part upon at least one of:

content associated with the update being related to keywords or phrases defined within an interest category or an expertise
category of the user profile; and

other semantic information comprising information about at least one of social relationships and a tag cloud associated with
the user profile;

automatically organizing, at the one or more computer devices, the updates in the heuristic order and the semantic order based
on the generated weighted data structures;

selecting, at the one or more computer devices, either the heuristic order or the semantic order of the updates; and
providing, at the computing device of the user, a listing of the updates in the selected order.

US Pat. No. 9,366,718

DETECTION OF DISASSEMBLY OF MULTI-DIE CHIP ASSEMBLIES

Cisco Technology Inc., S...

1. A multi-die chip assembly comprising a plurality of dies, the multi-die chip assembly further comprising:
at least one detection apparatus which detects manipulations of the multi-die chip assembly, the at least one detection apparatus
comprising:

a distributed reference circuit comprising a single circuit, the single circuit comprising a plurality of elements, the plurality
of elements being distributed among the plurality of dies, the single circuit comprising a first free running clock;

at least one local reference circuit disposed wholly in at least one of the plurality of dies of the multi-die chip assembly,
each of the at least one local reference circuit comprising a local free running clock; and

at least one non-volatile memory, in which is stored during manufacture of the multi-die chip assembly, an allowed range of
a result of a calibration application of a function having at least two arguments for each of the at least one local reference
circuit, the at least two arguments comprising:

a value of a frequency of the at least one local reference circuit as manufactured; and
a value of a frequency of the distributed reference circuit comprising a single circuit as manufactured,
wherein at least one element of the plurality of elements being disposed in each one of the plurality of dies comprising at
least one of the at least one local reference circuit.

US Pat. No. 9,246,797

PORT BASED REDUNDANT LINK PROTECTION

Cisco Technology, Inc., ...

1. A method, comprising:
transmitting a multicast datastream via a forwarding connection, wherein
the forwarding connection is one of a plurality of connections between an upstream routing element and a downstream routing
element, and

each of the plurality of connections comprises a link and respective interfaces of the upstream and the downstream routing
elements coupled to the link;

detecting a failure of the forwarding connection;
prior to the detecting the failure, determining a candidate connection from the plurality of connections between the upstream
routing element and the downstream routing element, wherein

the candidate connection is configured to replace the forwarding connection, and
the candidate connection does not transmit the multicast datastream prior to the detecting the failure; and
in response to the detecting, installing the candidate connection as a replacement forwarding connection for the transmitting
the multicast datastream.

US Pat. No. 9,147,012

USER REQUEST BASED CONTENT RANKING

Cisco Technology Inc., S...

1. A content recommendation method comprising:
providing a plurality of content items as part of a content catalog to a plurality of users, a number of items comprising
the plurality of content items designated as N;

symbolically representing each of the N content items as a point on a two-dimensional plane, in a processor of a ranking server,
where each one of the N content items is associated with a pair of x and y coordinates that initially have random values;

automatically updating the values of the x and y coordinates of a first point on the two-dimensional plane whenever one of
the plurality of users requests the content item associated with the first point, and where the updating is based on the last
content item requested before the content item associated with the first point;

automatically determining respective distances between the first point and each of a multiplicity of points on the two-dimensional
plane, where each of the multiplicity of points is associated, respectively, with another one of the N content items;

returning an at least first content recommendation to an information server, the at least first content recommendation identifying
a recommended content item, from among the N content items; where a present point on the two-dimensional plane is associated
with a content item, from among the N content items, that is presently viewed by a user, where the recommended content item
is associated with a recommended point on the two-dimensional plane, and where a distance between the present point and the
recommended point is less than a distance between the present point and any other point associated with one of the N content
items;

providing the first content recommendation to the user's set top box from the information server; and
upon selection of a second one of the N content items by the user:
calculating new x and y coordinates for the present point associated with the content item that was viewed by the user immediately
prior to the selection of the second one of the N content items;

calculating new x and y coordinates for a second point associated with the second one of the N content items selected by the
user; and

calculating a distance between the new x and y coordinates of the second point and the new x and y coordinates for the present
associated with the content item that was being viewed by the user immediately prior to selection of the second content item.

US Pat. No. 9,045,095

SECURITY FOR A WIRELESS ECU VEHICLE SYSTEM

CISCO TECHNOLOGY INC., S...

1. A method for securing wireless communications for a multiplicity of electronic control units (ECUs) installed in a vehicle,
the method comprising:
connecting a communication unit on each of said ECUs via electrical wiring to a power source of said vehicle, wherein said
ECUs are configured to control one or more of electrical component systems and subsystems of said vehicle;

configuring one of said ECUs as a key manager;
generating at least one key by said key manager;
distributing said at least one key from said key manager via said electrical wiring to other said ECUs from among said multiplicity
of ECUs; and

applying said distributed at least one key to secure said wireless communications between at least two of said multiplicity
of ECUs, wherein said wireless communications are performed via wireless transceivers on said at least two ECUs.

US Pat. No. 9,386,086

DYNAMIC SCALING FOR MULTI-TIERED DISTRIBUTED SYSTEMS USING PAYOFF OPTIMIZATION OF APPLICATION CLASSES

Cisco Technology Inc., S...

1. A method comprising:
monitoring workloads of a plurality of application classes, each of said application classes describing services provided
by one or more applications in a multi-tiered system, and each of said application classes comprising a plurality of instantiated
execution resources;

estimating, for each of said application classes, a number of execution resources able to handle said monitored workloads,
to simultaneously maintain a multi-tiered system response time below a determined value and minimize a cost per execution
resource, wherein said multi-tiered system response time is maintained below the determined value and said cost per execution
resource is minimized by optimizing a payoff function defined for each of said application classes, wherein said payoff function
defined for each of said application classes depends on:

a workload arriving at an application class;
a local response time of said application class; and
a unitary cost for instantiating an execution resource for said application class; and
for each one application class of said plurality of application classes:
dynamically adjusting said plurality of instantiated execution resources comprised in said one application class based on
said estimated number of execution resources, said dynamically adjusting comprises increasing or decreasing the number of
execution resources for an application class for said monitored workload for said application class.

US Pat. No. 9,197,844

USER INTERFACE

Cisco Technology Inc., S...

1. A method comprising:
displaying a user interface on a display device associated with a client device, said user interface enabling user interaction
with said client device;

enabling an electronic device having a rendering screen to control said client device;
after said enabling, detecting a current orientation of said electronic device;
in response to said detected current orientation:
enabling a first operating mode if said detected current orientation corresponds to a first orientation of said electronic
device, said first operating mode enabling a user of said electronic device to interact with said user interface displayed
on said display device; and

enabling a second operating mode if said detected current orientation corresponds to a second orientation of said electronic
device, said second operating mode comprising: rendering said user interface on said rendering screen of said electronic device;
and enabling a user of said electronic device to interact with said user interface rendered on said rendering screen.

US Pat. No. 9,197,856

VIDEO CONFERENCING FRAMING PREVIEW

Cisco Technology Inc., S...

1. A method comprising:
receiving an image stream captured by an image capture device associated with one of a plurality of video conferencing endpoints
of a video conferencing system;

receiving a request to detect objects in said received image stream;
upon detecting one or more objects, displaying a first framing preview of said received image stream, wherein said first framing
preview is framed to include said detected one or more objects and is selectable to be used for adjusting said image capture
device;

upon detecting a change in said one or more objects, displaying at least one second framing preview of said received image
stream, wherein said at least one second framing preview is framed to include said detected change in said detected one or
more objects and is selectable to be used for adjusting said image capture device;

receiving an input, said input corresponding to a user's selection of one of said first framing preview and said at least
one second framing preview as a relevant framing preview; and

adjusting said image capture device based on said relevant framing preview.

US Pat. No. 9,092,688

ASSISTED OCR

CISCO TECHNOLOGY INC., S...

1. An assisted OCR method, comprising:
receiving an image file including an image of a text document, the image of the text document including a plurality of glyphs;
determining a position of each of the glyphs in the image of the text document;
determining a spacing of the glyphs in the image of the text document;
identifying word boundaries in the image of the text document from the spacing of the glyphs thereby implying the existence
of a first plurality of words in the image of the text document, each one of the first plurality of words having a word length
measured by the number of glyphs in the one word;

preparing a first array of word lengths based on the word length of each of the first plurality of words, the first array
being ordered according to the order in which the first plurality of words appear in the image of the text document;

receiving a text file including a certain text, the text file including a second plurality of words and a plurality of characters,
each of the second plurality of words having a word length;

preparing a second array of word lengths based on the word length of each of the second plurality of words, the second array
being ordered according to the order in which the second plurality of words appear in the text file;

comparing at least part of the first array of word lengths to at least part of the second array of word lengths in order to
find a best alignment between the first array of word lengths and the second array of word lengths;

selecting a letter of an alphabet included in the characters of the text file;
selecting some of the glyphs of the image of the text document that correspond to the selected letter of the alphabet based
on the best alignment;

comparing the selected glyphs with each other to provide a level of confidence in the best alignment;
deriving a layout of at least part of the certain text as arranged in the image of the text document at least based on the
position of each of the at least some glyphs in the image of the text document and assigning at least some of the characters
of the text file of the certain text to at least some of the glyphs of the image of the text document according to the best
alignment; and

extracting a watermark embedded in the image of the text document.

US Pat. No. 9,277,166

MAP YOUR MOVIE

Cisco Technology Inc., S...

1. A method of displaying a displayed interactive geographical representation associated with a video content item, said method
comprising:
playing said video content item, wherein said video content item comprises a plurality of video scenes;
retrieving a video content item identifier and a time elapsed since a start time for said video content item:
requesting relevant metadata associated with said video content item from an external database, wherein: said video content
item is identified in said external database using said video content item identifier; at least one video scene of said plurality
of video scenes displayed at said elapsed time is identified using said elapsed time; and said relevant metadata comprises
a geographical representation of said video content item and geolocation metadata associated with said plurality of video
scenes and said at least one video scene, said geographical representation corresponding to a geographical area where action
of said plurality of video scenes of said video content item takes place;

receiving said relevant metadata; and
upon receiving said relevant metadata, displaying the displayed interactive geographical representation of said video content
item along with a plurality of visual indications, wherein each visual indication of said plurality of visual indications,
including the visual indication corresponding to said at least one video scene displayed at said elapsed time, is representative
of one video scene of said plurality of video scenes and is positioned on said displayed interactive geographical representation
at a location indicated by said geolocation metadata.

US Pat. No. 9,166,713

SYSTEM FOR PROVIDING ACCESS TO OPERATION INFORMATION

Cisco Technology Inc., S...

1. A method for providing access to operation information relating to a portion of a digital signal, the method comprising:
receiving a digital signal, the digital signal comprising a data section and at least one other section, the data section
comprising operation information;

utilizing the operation information; and
placing the operation information in a retrieval area,
wherein:
the one other section is encrypted, and
the data section is not encrypted, and
the one other section comprises a copy of the operation information.

US Pat. No. 9,596,739

DISTRIBUTED CONTROL OF LIGHTS SUBJECT TO COMPLIANCE CONSTRAINTS

Cisco Technology, Inc., ...

1. A method comprising:
obtaining at least one command including a first command and a second command to control operation of the same at least one
light fixture connected to a lighting control system;

responsive to the at least one command, generating controls in accordance with a predetermined operating policy such that
upon determining that there is a conflict between a first attribute value of the first command and a second attribute value
of the second command, either calculating an average attribute value from the first attribute value and the second attribute
value and generating the controls based on the average attribute value or generating the controls based on the first attribute
value; and

transmitting the controls to the at least one light fixture via a communication network, wherein the lighting control system
comprises a first local lighting control system, at least a second local lighting control system and a central lighting control
system connected to the first and the at least second local lighting system, wherein the at least one light fixture is connected
to the first local lighting system and the first local lighting system comprises a first local control processor and at the
least one lighting control device, and

wherein the at least one command is obtained by the at least one lighting control device and relayed to the first local control
processor via the communication network to generate the controls in accordance with the predetermined operating policy.

US Pat. No. 9,407,941

DISTRIBUTING AUDIO VIDEO CONTENT

Cisco Technology Inc., S...

1. A method of distributing audio video content, said method comprising:
receiving configuration data for a plurality of devices;
for each device in said plurality of devices, computing a set of bit rates based, at least in part, on said configuration
data, producing a set of bit rates across the plurality of devices;

minimizing a number of bit rates in said set of bit rates across the plurality of devices, based, at least in part, on available
bandwidth, and producing from the minimized set of bit rates across the plurality of devices a revised set of bit rates for
each device in said plurality of devices;

encoding audio video content at each bit rate in said revised set of bit rates for each device to produce a plurality of encoded
audio video content streams;

splitting each encoded audio video content stream in said plurality of encoded audio video content streams into chunks to
produce a plurality of chunked encoded audio video content streams;

for each device in said plurality of devices, creating a separate index file, each separate index file comprising references
to at least one of said plurality of chunked encoded audio video content streams;

publishing a locator for each separate index file in a catalogue; and
transmitting said plurality of chunked encoded audio video content streams and each separate index file to a network.

US Pat. No. 9,654,331

SYSTEM AND METHOD FOR RECOVERY OF CUSTOMER PREMISE EQUIPMENT INFORMATION ON AN ACCESS CONCENTRATOR

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving a packet in a data stream;
determining that an access concentrator has lost customer premise equipment information related to the received packet, wherein
the lost customer premise equipment information includes prefix delegation route information;

evaluating the received packet to determine if the received packet is from customer premise equipment or is destined for the
customer premise equipment; and

obtaining the customer premise equipment information that is lost by evaluating Neighbor Discovery data and dynamic host configuration
protocol version six (DHCPv6) lease query data, wherein data related to customer premise equipment behind a cable modem that
is offline is filtered from the DHCPv6 lease query data, wherein a source verify operation is used in response to the received
packet being from the customer premise equipment associated with the customer premise equipment information and a reverse
path forwarding operation was successful, and wherein a downstream route lookup is used in response to the received packet
being destined for the customer premise equipment.

US Pat. No. 9,301,431

APPARATUS AND METHOD FOR PREVENTING COMPONENT OVERHEATING AND EXTENDING SYSTEM SURVIVABILITY

CISCO TECHNOLOGY, INC., ...

1. An apparatus comprising:
a component assembly removably inserted in a first slot of an appliance, the component assembly having a length and a side,
and a door disposed on the side substantially along the length, the door being rotatable, about a hinge, between a first position,
a second position, and a third position, the first position and the third position being parallel to the side, the second
position being substantially perpendicular to the side, the first position being opposite to the third position, and the door
being bi-directionally rotatable, about the hinge, from the second position to the first position and the third position,
wherein the door, in the second position, substantially blocks airflow through a second slot of the appliance, the second
slot being adjacent to the first slot and being empty, and wherein the door is rotatable from the second position to the first
position to accommodate another component assembly being inserted into the second slot.

US Pat. No. 9,655,232

SPANNING TREE PROTOCOL (STP) OPTIMIZATION TECHNIQUES

Cisco Technology, Inc., ...

1. A computer implemented method by one or more processors of a network infrastructure device, comprising:
receiving system capabilities information from a link level peer at a port of the network infrastructure device, wherein the
system capabilities information identifies whether the link level peer is a host or a network infrastructure device;

determining a device type of the link level peer based on the system capabilities information; and
automatically configuring a Spanning Tree Protocol (STP) port type for the port based on the device type of the link level
peer, triggered in response to receiving the system capabilities information.

US Pat. No. 9,208,352

LFSR WATERMARK SYSTEM

CISCO TECHNOLOGY INC., S...

1. A system comprising: a hardware processor; and a memory to store data used by the hardware processor, wherein the hardware
processor is operative to:
receive a media content item including a watermark embedded in the media content item, the watermark encoding a series of
data values of an output stream of a linear feedback shift register initialized with a seed including an information element
and an assurance value, the information element consisting of N bits, the assurance value consisting of P bits, the linear
feedback shift register having a plurality of states including an initial state, each of the states including a first value
of N bits and a second value of P bits;

identify at least part of the watermark in the media content item;
extract two or more data values of the data values from the at least part of the identified watermark;
process two or more extracted data values of the extracted data values yielding the initial state of the linear feedback shift
register including: generating a plurality of equations based on the two or more extracted data values and an offset of each
of the two or more extracted data values and a recursion mask of the linear feedback shift register and solving the equations
to yield a first state of the states of the linear feedback shift register; and/or rolling back the linear feedback shift
register to the initial state; and

based on determining the initial state via the rolling back and/or solving the equations: authenticate the first value of
the initial state using the second value of the initial state; confirm that the first value of the initial state is indeed
the information element which was included in the seed processed by the linear feedback shift register; and provide a positive
identification of an illegitimate distributor of the media content item.

US Pat. No. 9,390,754

VIDEO TRICK MODE SYSTEM

Cisco Technology Inc., S...

1. A method for generating an auxiliary video stream for reverse trick mode play, the method comprising: providing a primary
video stream comprising at least one group of pictures, the group of pictures commencing with a first key frame and terminating
with a frame immediately preceding a second key frame, the group of pictures further comprising at least one unidirectional
predicted frame and a plurality of bidirectional predicted frames, predicting, on the basis of the second key frame, a substitute
frame; and creating the auxiliary video stream by performing the following: substituting the at least one unidirectional predicted
frame with the substitute frame, wherein the substitute frame of the auxiliary video stream corresponds to the at least one
unidirectional predicted frame in the at least one group of pictures; for each one of a plurality of additional unidirectional
predicted frames in the primary video stream, predicting, on the basis of a first following unidirectional predicted frame,
a corresponding substitute frame, the corresponding substitute frame corresponding to only one of the plurality of the additional
unidirectional predicted frames in the primary video stream; and substituting each one of the plurality of the additional
unidirectional predicted frames with its corresponding substitute frame; thereby creating the auxiliary video stream for reverse
trick mode play.

US Pat. No. 9,380,061

SERVICE PROTECTION

Cisco Technology Inc., S...

1. A method for determining whether user accounts in a client-server architecture are legitimate, the method comprising:
determining a first integer value, hereinafter denoted N, and a second integer value, hereinafter denoted K, such that 1 performing, by the server, the following steps, while the server is connected to a plurality of client devices ranging from
at least two client devices to at most floor (N/K) client devices, the client devices associated with a particular user and
at least K/N connections of the particular user connections to the server are from one client device, wherein the at most
floor (N/K) client devices comprises a maximum number of client devices connectable to the server within a predetermined time
period:

(a) receiving a request at the server from one of the plurality of client devices, the request including a unique user identification
and a password, the request being a request to access an object, the unique user identification and password being associated
with an account associated with the particular user;

(b) providing a share to be stored in a state object to the one of the plurality of client devices, in response to the request,
wherein the state object comprises an object received from the server to which the server has both read and write privileges;

(c) after sending the share from the server, at least K times, to the plurality of client devices associated with the account
associated with the particular user, and prior to sending at least N-floor(N/K)+1 shares from the server, verifying at the
server that one client device of the plurality of client devices has at least K stored shares in the state object;

as a positive result of the verifying, flagging in a database that the account associated with the particular user associated
with the unique user identification and password received by the server is a legitimate user account;

as a negative result of the verifying, flagging the account associated with the particular user associated with the unique
user identification and password received by the server as an illegitimate user account;

repeating steps (a)-(c) at least once after sending at least N-floor(N/K)+1 shares from the server, wherein the server zeros
a counter of a number of shares sent prior to the repeating.

US Pat. No. 9,407,604

METHOD AND APPARATUS FOR BEST EFFORT PROPAGATION OF SECURITY GROUP INFORMATION

Cisco Technology Inc., S...

16. A computer system comprising:
a processor;
a network interface coupled to the processor;
a computer-readable storage medium coupled to the processor; and
a plurality of instructions, encoded in the computer-readable storage medium and configured to cause the processor to
request authentication of an entity requesting entry into a network, wherein
the network comprises a plurality of network nodes,
the computer system is a first network node of the plurality of network nodes, and
the computer system is configured to communicate with others of the plurality of network nodes by virtue of being coupled
to the network via the network interface,

receive an authentication message, wherein
the authentication message indicates authentication of the entity, and
in response to receipt of the authentication message,
determine a security group identifier for the entity, wherein
determining the security group identifier is performed by the first network node,
the determining is based on a destination address of the first network node,
the security group identifier identifies a destination security group, and
the entity is a member of the destination security group, and
propagate the security group identifier towards a host, wherein
the host is a member of a source security group,
the security group identifier comprises information that facilitates a determination by a second network node of whether traffic
is permitted between members of the source security group and members of the destination security group,

the determination comprises the second network node performing a lookup using both the source security group and the security
group identifier,

the second network node is nearer to the host than is the first network node,
the instructions configured to cause the processor to propagate comprise instructions configured to cause the processor to
send the security group identifier from the first network node to the second network node, and

the plurality of network nodes comprises the second network node.

US Pat. No. 9,264,585

ENRICHED DIGITAL PHOTOGRAPHS

Cisco Technology Inc., S...

1. A method for enriching digital photographs, said method comprising a specially programmed physical device performing the
following steps:
receiving a digital photograph and audio video data captured before a time at which said digital photograph is captured until
after said time, wherein said audio video data comprises video frames and audio samples;

processing said digital photograph and said video frames to spatially decompose said digital photograph and said video frames
into a plurality of layers;

processing said audio samples to decompose said audio samples into a plurality of audio sources;
creating a video layer sequence for each of said plurality of layers, wherein each video layer sequence comprises said processed
digital photograph and said processed video frames belonging to a same layer;

creating a plurality of audio source sequences, wherein each audio source sequence of said plurality of audio source sequences
comprises said processed audio samples of a same source,

defining an order of said plurality of layers;
generating playback guidance, said playback guidance defining how to combine said video layer sequences during playback and
how to combine said audio source sequences with said video layer sequences; and

transmitting said order, said video layer sequences, said audio source sequences and said playback guidance to a display device
for playback.

US Pat. No. 9,560,728

NETWORKED LIGHTING MANAGEMENT

Cisco Technology, Inc., ...

1. A method comprising:
receiving a lighting request at a light fixture in a networked lighting system, wherein the light fixture comprises a local
processor and a plurality of light emitters;

extracting one or more light control settings from the lighting request; and
adjusting lighting attributes of one or more of the plurality of light emitters based on the one or more light control settings.

US Pat. No. 9,270,575

SERVICE NODE USING SERVICES APPLIED BY AN APPLICATION NODE

Cisco Technology Inc., S...

1. A packet switching device, comprising:
one or more processing elements;
memory;
a plurality of interfaces configured to send and receive packets; and
one or more packet switching mechanisms configured to packet switch packets among said interfaces;
wherein the packet switching device is configured to perform operations, including:
receiving on one of the plurality of interfaces a particular packet from another packet switching device; and
in response to determining to apply a service to the particular packet by one or more application nodes located remotely from
the packet switching device:

creating a request packet encapsulating the particular packet, with the request packet including an identification of a general
service to be applied to the particular packet by said one or more application nodes, and one or more service parameters for
the general service defining a particular service of the general service, with the identification of the general service and
said one or more service parameters said included in the request packet in fields not within the particular packet;

forwarding the request packet to a particular application node of said one or more application nodes, wherein each of said
one or more application nodes is external to the packet switching device;

receiving on one of the plurality of interfaces from an external source, a response packet corresponding to said forwarded
request packet, the response packet encapsulating a service-applied packet corresponding to the particular packet after at
least the particular service has been applied to the particular packet, not to the request packet, by said one or more application
nodes;

extracting the service-applied packet from the response packet; and
sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device on
one of the plurality of interfaces;

wherein the packet switching device, said another packet switching device, and each of said one or more application nodes
are different stand-alone appliances communicatively coupled via one or more networks.

US Pat. No. 9,270,544

METHOD AND SYSTEM TO IDENTIFY A NETWORK DEVICE ASSOCIATED WITH POOR QOS

Cisco Technology, Inc., ...

1. A method comprising:
transmitting a sample data stream at a known first quality in a network between a source endpoint and a destination endpoint
across a test data path that includes at least two network devices, at least one of the two network devices being a WAN edge
router that lies between the source endpoint and the destination endpoint in the test data path;

comparing a measured second quality of the received sample data stream with the known first quality of the transmitted sample
data stream;

determining that the measured second quality is less than the known first quality; and
in response to the determination that the measured second quality fails to meet the known first quality, performing operations
including:

identifying at least one network device in the test data path;
obtaining device performance data of the at least one network device, wherein the device performance data of the WAN edge
router is obtained from an interface of the WAN edge router;

using the device performance data of the WAN edge router to determine if the WAN edge router is contributing to the failure
of the measured second quality to meet the known first quality; and

generating a network report based on the device performance data, the network report relating the at least one device in the
test data path to a failure of the measured second quality to meet the known first quality.

US Pat. No. 9,262,637

SYSTEM AND METHOD FOR VERIFYING INTEGRITY OF PLATFORM OBJECT USING LOCALLY STORED MEASUREMENT

CISCO TECHNOLOGY, INC., ...

1. A method to be performed by a baseboard management controller (BMC) for verifying firmware integrity in a computing system,
the method comprising:
receiving a run-time reference measurement of a firmware object from a basic input/output system (BIOS), wherein the reference
measurement is stored in a trusted platform module and the reference measurement is retrieved by the BIOS during a power-on
self-test (POST);

querying a system manager to locate a golden measurement, wherein the golden measurement is associated with the firmware in
a guaranteed trust state;

accessing the golden measurement of the firmware object based on the query, wherein the BMC can bypass the querying the system
manager when the BMC is configured with the location of the golden measurement; and

comparing the reference measurement with the golden measurement during a pre-operating system environment, wherein a policy
action is applied when a variance is detected between the reference measurement and the golden measurement.

US Pat. No. 9,208,534

SYSTEM AND METHOD FOR EMBEDDING DATA

Cisco Technology Inc., S...

1. A method for embedding a watermark in a sequence of video frames, the method, executed at an embedding device, comprising:
defining, for each one of the video frames, a set of N rectangular patches;
defining two palettes of pixel values in a selected color space, such that the two palettes are denoted as P0 and P1, and
P0?P1; and

in each one of the N patches:
choosing one of P0 and P1 according to a value of a payload bit to be encoded;
calculating one of: a variance of pixel values in the frame;
and edginess for the pixel values in the frame, thereby determining a calculated value; and
determining if the calculated value is beneath a given threshold value;
if the calculated value is beneath the threshold value:
calculating a function of the pixel values;
choosing a closest value to a result of calculating the function in the chosen palette; and
replacing the pixel values within the patch with the closest value.

US Pat. No. 9,717,106

SYSTEM FOR UTILIZING IDENTITY BASED ON PAIRING OF WIRELESS DEVICES

Cisco Technology, Inc., ...

1. An apparatus comprising:
wireless circuitry; and
a processor, wherein the processor is configured to:
create a wireless connection to a wireless device via the wireless circuitry;
form a pairing between the apparatus and the wireless device over the wireless connection in response to the wireless device
being within range of the apparatus, wherein the formation of the pairing is based on a unique identifier of the wireless
device that identifies the wireless device during the formation of the pairing, and the unique identifier is received from
the wireless device during the formation of the pairing;

identify a user of the wireless device from user data associated in a database with the unique identifier of the wireless
device in response to receipt of the unique identifier of the wireless device from the wireless device during the formation
of the pairing;

determine that an Internet Protocol telephony service should be established for the user by the apparatus based upon the user
data;

initiate configuration of the Internet Protocol telephony service between the apparatus and an Internet Protocol telephony
service device in response to the formation of the pairing, wherein the configuration is based, at least in part, on the user
data, and the configuration includes creation of an Internet Protocol telephony connection; and

transmit data over the Internet Protocol telephony connection between the apparatus and the Internet Protocol telephony service
device.

US Pat. No. 9,379,893

CONTENT CONSUMPTION FRUSTRATION

Cisco Technology Inc., S...

1. An end-user device comprising:
a receiver to receive a media stream from a Headend system, the media stream including:
media content for a plurality of services, the media content being packed into a plurality of packets, each one of the packets
having a header and a payload, the payload of each one of the packets including a part of the media content of one of the
services;

a mapping table or at least two mapping tables, the mapping table directly mapping, or the at least two tables together indirectly
mapping, the services to a plurality of packet-IDs such that each one of the services is mapped to one of the packet-IDs,
thereby enabling the packets including the media content of the one service to be identified via the one packet-ID identifying
the one service; and

a plurality of encrypted packet-IDs such that each one of the packets includes one of the encrypted packet-IDs in the header
of the one packet so that the one encrypted packet ID included in the one packet is for the one service of the part of the
media content included in the one packet, the one encrypted packet ID being encrypted using a first secret and a function;
and

a packet filter to filter the packets of a first service of the plurality of services from the media stream without decrypting
or encrypting or hashing the encrypted packet-ID in the header of each of the packets in the media stream, the packet filter
being operative to:

derive a first packet-ID from the mapping table or the mapping tables mapping to the first service;
encrypt the first packet-ID using the first secret and the function yielding a first encrypted packet-ID; and
filter the packets of the first service from the media stream by filtering packets from the media stream where the header
includes the first encrypted packet-ID.

US Pat. No. 9,286,473

QUARANTINE-BASED MITIGATION OF EFFECTS OF A LOCAL DOS ATTACK

Cisco Technology, Inc., ...

1. A method, comprising:
receiving, at a management device, data indicating that one or more nodes in a shared-media communication network are under
attack by an attacking node; and

communicating a quarantine request packet to the one or more nodes under attack, the quarantine request packet providing instructions
to the one or more nodes under attack to alter their frequency hopping schedule without allowing the attacking node to learn
of the altered frequency hopping schedule by encrypting the frequency hopping schedule.

US Pat. No. 9,280,604

UNIFIED COMMUNICATION AUDIT TOOL

Cisco Technology, Inc., ...

1. A method comprising:
querying a first portion of a first component of a telecommunication network;
extracting from the first portion, configuration information about a configuration of the first component;
selecting at least one best practice rule associated with the first component from a list of best practice rules associated
with components of the telecommunication network;

comparing the extracted configuration information to the selected at least one best practice rule; and
generating a report indicating a result of the comparison.

US Pat. No. 9,282,649

STAND-OFF BLOCK

CISCO TECHNOLOGY, INC., ...

1. An apparatus comprising:
a substrate comprising an electric chip;
a circuit board;
a ball grid array structure disposed between the substrate and the circuit board, the ball grid array structure configured
to electrically connect the electric chip to the circuit board; and

a stand-off structure disposed on the circuit board between the substrate and the circuit board, the stand-off structure being
adjacent to the ball grid array structure wherein a gap is disposed between the stand-off structure and the substrate.

US Pat. No. 9,535,708

RATE-CONTROLLING OF HEAT GENERATING DATA PROCESSING OPERATIONS

CISCO TECHNOLOGY INC., S...

1. A method, comprising:
performing rate-controlling data processing operations by a particular apparatus to stay within a heat budget for performing
said data processing operations based on one or more heat price tags associated with said data processing operations, wherein
said performing rate-controlling data processing operations includes:

determining, by the particular apparatus, to delay performing a particular next scheduled non-latency sensitive or low-priority
operation of said data processing operations in response to a particular heat price tag associated with the particular next
scheduled non-latency sensitive or low-priority operation that would not allow said data processing operations to stay within
a predetermined additional heat budget margin below the heat budget if the particular next scheduled non-latency sensitive
or low-priority operation is performed prior to a time delay, with said heat budget margin providing a heat margin such that
a low-latency or high-priority operation of said data processing operations may be performed prior to a next scheduled non-latency
sensitive or low-priority operation if performance of the low-latency or high-priority operation will allow said data processing
operations to stay within the heat budget;

in response to said determining to delay performing the particular next scheduled non-latency sensitive or low-priority operation,
the particular apparatus performing a particular latency sensitive or high-priority operation of said data processing operations
while staying within the heat budget; and

subsequent to said performing the particular latency sensitive or high-priority operation of said data processing operations,
performing the particular next scheduled non-latency sensitive or low-priority operation in response to the particular heat
price tag associated with the particular next scheduled non-latency sensitive or low-priority operation allowing said data
processing operations to stay within the predetermined additional heat budget margin below the heat budget.

US Pat. No. 9,256,039

ELECTROMAGNETIC ISOLATING BALL SPRING

Cisco Technology, Inc., ...

1. An apparatus comprising:
a first port barrel
a first ball spring;
a second port barrel;
a second ball spring,
a first enclosure part;
a second enclosure part, and
a mounting plate disposed adjacent to the first enclosure part and comprising a first mounting hole and a second mounting
hole,

wherein:
the first port barrel is arranged extending through the first mounting hole,
the first ball spring is arranged between an inner surface of the first mounting hole and an exterior surface of the first
port barrel,

the second port barrel is arranged extending through the second mounting hole,
the second ball spring is arranged between an inner surface of the second mounting hole and an exterior surface of the second
port barrel, and

the mounting plate extends from the first enclosure part in a direction normal to a surface of the first enclosure part, and
the mounting plate is integrally formed with the first enclosure part and in sealing contact with the second enclosure part.

US Pat. No. 9,756,014

SYSTEM AND METHOD FOR RESPONDING TO AGGRESSIVE BEHAVIOR ASSOCIATED WITH WIRELESS DEVICES

CISCO TECHNOLOGY, INC., ...

1. A system comprising a control center server for managing aggressive behavior of a wireless device in a wireless network,
the system comprising:
the control center server comprising:
a processor; and
a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when
executed cause the processor to perform operations to:

determine that the wireless device is an aggressive wireless device, wherein the aggressive wireless device is present when
the wireless device repeatedly retries, in response to network denials, to perform a network signaling in a time frame such
that a threshold for the retries is exceeded;

retrieve at least one data log from at least one network element comprising at least one of a diagnostic device, the HLR,
a Mobile Switching Center (MSC), a Gateway GPRS Support Node (GGSN), a Serving GPRS Support Node (SGSN), a Short Message Service
Center (SMSC), a signal transfer point (STP) node, or a Remote Authentication Dial In User Service (RADIUS) server by utilizing
a wireless device identifier;

determine that the threshold for the retries is exceeded in the time frame; and
transmit a provisioning instruction to provision at least one of the HLR, the MSC, the GGSN, the SGSN, the SMSC, the STP node,
or the RADIUS server for real-time throttling, re-directing or blocking of the network signaling transmitted from the wireless
device.

US Pat. No. 9,276,834

LOAD SHARING AND REDUNDANCY SCHEME

Cisco Technology, Inc., ...

1. A computing device comprising:
a chassis;
a communication backplane;
a first router disposed in the chassis, the first router being configured to operate as a master router and to generate and
store a configuration file; and

a second router disposed in the chassis, the second router being configured to operate as a slave router and to share a set
of interfaces with the first router and to generate and store at least a partial copy of the configuration file;

wherein the first router is configured to transmit information indicating a hardware state of the computing device and spanning
tree protocol updates to the second router over the shared set of interfaces, and to communicate a failure of the first router
to the second router over the communication backplane.

US Pat. No. 9,253,748

NETWORK-ENABLED LIGHT FIXTURE FOR LOCATING MOVABLE OBJECT

Cisco Technology, Inc., ...

1. A method comprising:
providing a light bulb comprising a wireless detector;
detecting, by the wireless detector in the light bulb, a movable object within a prescribed detection zone of the wireless
detector; and

the light bulb sending a message identifying detection of the movable object to a remote gateway, allowing the remote gateway
to locate the movable object.

US Pat. No. 9,215,131

METHODS FOR EXCHANGING NETWORK MANAGEMENT MESSAGES USING UDP OVER HTTP PROTOCOL

CISCO TECHNOLOGY, INC., ...

1. A computer-implemented method for exchanging network management messages between a network access device and a management
server, the method comprising:
periodically sending a PING or HELLO message from the network access device to the management server;
determining whether a response to the PING or HELLO message is received from the management server within a predetermined
period of time;

determining, at the network access device, whether the management server is reachable using a UDP protocol based at least
upon the response to the PING or HELLO message;

receiving, at the network access device, a user datagram protocol (UDP) packet from a client to be transmitted to the management
server over Internet, the UDP packet including a management message to be sent to the management server, wherein the network
access device is one of a plurality of network access devices managed by the management server over the Internet, wherein
each of the network access devices represents one of a router, an access point, and a switch, wherein each of the network
access devices is associated with a local area network (LAN) and provides access to the LAN for its client devices;

transmitting the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the
management server is reachable using the UDP protocol;

if the management server is unreachable using the UDP protocol,
extracting a UDP payload from the UDP packet,
encapsulating the UDP payload within a hypertext transfer protocol (HTTP) POST request, the HTTP POST request including a
predetermined universal resource locator (URL) associated with the management server, and

transmitting the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol
over the Internet.

US Pat. No. 9,807,821

NEUTRAL CELL HOST SOLUTION PROVIDING COMMUNICATION TO USER EQUIPMENTS ASSOCIATED WITH DIFFERENT WIRELESS PROVIDERS

Cisco Technology, Inc., ...

1. A method comprising:
communicating, at a small cell, between a first User Equipment (UE) and a first packet core, wherein the small cell communicates
with the first UE over an unlicensed wireless protocol, and wherein the first UE and the first packet core are each associated
with a first wireless provider;

communicating, at the small cell, between a second UE and a second packet core, wherein the small cell communicates with the
second UE over the unlicensed wireless protocol, and wherein the second UE and the second packet core are each associated
with a second wireless provider; and

coordinating, by a secondary Radio Resource Control (RRC) of the small cell, mobility of the first UE between the small cell
and a second small cell, wherein the second small cell is to communicate between the first UE and the first packet core associated
with the first wireless provider over the unlicensed wireless protocol and provide communication between at least one UE and
the second packet core associated with the second wireless provider over the unlicensed wireless protocol;

wherein the first wireless provider associated with the first UE and first packet core is different from the second wireless
provider associated with the second UE and the second packet core, and wherein the small cell is registered with the first
and second packet cores at the same time.

US Pat. No. 9,117,448

METHOD AND SYSTEM FOR SPEECH RECOGNITION USING SOCIAL NETWORKS

Cisco Technology, Inc., ...

1. An apparatus, comprising:
an audio input configured to receive an audio signal representative of a voice input of an associated calling party;
the audio input further configured to generate audio data corresponding to the received audio signal;
a data interface configured to communicate with one or more associated social graphs, in accordance with an Application Programming
Interface (API) corresponding thereto, via an associated internetworking system; and

logic coupled with the audio input and the data interface;
wherein the logic is configured to identify the calling party and a plurality of social graphs associated with the calling
party;

wherein the logic is configured to acquire data representative of a called party from the audio data, the data representative
of the called party indicating a relationship between the calling party and the called party;

wherein the logic converts the data indicating the relationship between the calling party and called party to a form that
is compatible with one or more of the plurality of social graphs;

wherein the logic initiates a session with the plurality of social graphs in accordance with an identity of the calling party;
wherein the logic is configured to initiate, in accordance with a predetermined priority, a prioritized search of the plurality
of social graphs associated with the calling party for the data representative of the called party to identify the called
party responsive to acquiring the data representative of the called party, wherein the predetermined priority comprises one
or more of a time of day, a social characteristic of social graphs of the plurality of social graphs, a business characteristic
of social graphs of the plurality of social graphs, a favorite preference of the associated calling party, or a frequency
of use by the associated calling party of social graphs of the plurality of social graphs.

US Pat. No. 9,246,702

SYSTEM AND METHOD FOR CONFIGURING SERVICE APPLIANCES AS VIRTUAL LINE CARDS IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
establishing a communication channel between a service appliance and a switch; and
configuring the service appliance to offload network control plane and network data plane operations to the switch, wherein
the configured service appliance acts as a virtual line card in the switch, wherein the configuring comprises

communicating control messages between the service appliance and the switch over the communication channel and configuring
a service instance to transmit data messages between the service appliance and the switch over the communication channel,
wherein services provided by the service appliance are managed and provisioned at the switch, wherein the services run on
the service appliance appearing as the virtual line card in the switch.

US Pat. No. 9,198,203

SYSTEM AND METHOD FOR ROUTING CRITICAL COMMUNICATIONS

Cisco Technology, Inc., ...

9. A system configured to transmit a message in a Low-power and Lossy Network (LLN), the system comprising a processor and
instructions that when executed on a processor cause the processor to:
receive, on a first node in the LLN, a message from a sending node;
determine if the message has already been received by the first node previously;
identify the received message as a critical message;
in response to both identification of the message as a critical message and to determination that the message has not been
received by the first node previously, identify a first parent and a second parent of the first node to which the message
is to be transmitted;

transmit the message with a critical message indication from the first node to the first parent node;
receive a negative acknowledgment message from the first parent node indicating that the message with the critical message
indication has been received by the first parent node previously;

in response to receiving the negative acknowledgment message from the first parent node, transmit the message with the critical
message indication to the second parent node;

receive a negative acknowledgment message from the second parent node indicating that the message with the critical message
indication has been received by the second parent node previously;

in response to receiving the negative acknowledgment message from the second parent node, transmit the message with the critical
message indication to a third parent node,

wherein a path of transmission of the message through the LLN is not identified before the message is transmitted through
the LLN, and

wherein an order of nodes used for transmission of the message through the LLN is determined dynamically as the message moves
through the LLN;

receive a negative acknowledgement message from two or more siblings indicating that an uplink path is experiencing adverse
performance;

in response to receiving the negative acknowledgement message from the two or more siblings:
identify two or more child nodes that are directly accessible from an intermediate node, the two or more sibling nodes siblings
of the intermediate node and the two or more child nodes children of the intermediate node;

configure the two or more child nodes to send the message using a different parent node; and
transmit message to the two or more child nodes for transmission to the different parent node.

US Pat. No. 9,099,769

ANTENNA MECHANICAL FACEPLATE DESIGN

Cisco Technology, Inc., ...

1. An apparatus comprising:
a faceplate configured for attachment to a communications module, wherein the faceplate comprises a first surface arranged
in a vertical direction relative to the chassis and a second surface arranged at an angle to the first surface wherein the
second surface comprises at least one primary connector and wherein the angle is selected to increase available cabling space
between the at least one primary connector and the first surface.

US Pat. No. 9,215,228

AUTHENTICATION OF DEVICES HAVING UNEQUAL CAPABILITIES

Cisco Technology, Inc., ...

1. An apparatus for authentication of in-vehicle network devices comprising:
a first communication port configured to receive via an associated communication network a first authentication request from
at least one network device of a first set of associated network devices having a first authentication capability, and a second
authentication request from at least one network device of a second set of associated network devices having a second authentication
capability different than the first authentication capability, wherein the second authentication request is unidirectional
message data; and

a connected vehicle gateway portion of a selected in-vehicle device implemented as an onboard authentication proxy logic operatively
coupled with the first communication port;

wherein the authentication proxy logic is configured to:
selectively authenticate at least one of the first set of associated network devices based on the first authentication request
in accordance with the first authentication capability, wherein selectively authenticating the at least one of the first set
of associated network devices comprises selectively generating a first cryptographic key set;

selectively authenticate at least one of the second set of associated network devices based on the second authentication request
in accordance with the second authentication capability, wherein selectively authenticating the at least one of the second
set of associated network devices comprises selectively generating a second cryptographic key set; and

distribute the first and second cryptographic key sets to the first set of associated network devices, without distributing
the first and second cryptographic key sets to the second set of associated network devices.

US Pat. No. 9,112,710

SYSTEM AND METHOD FOR PROVIDING SMART GRID COMMUNICATIONS AND MANAGEMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving first phasor measurement unit (PMU) data in a first transmission without multicast information;
determining whether one or more subscribers identified by a first multicast group address are present;
converting the first transmission into a first multicast transmission if one or more of the subscribers are present;
multicasting the first PMU data to the first multicast group address if one or more of the subscribers are present; and
discarding the first PMU data if none of subscribers are present.

US Pat. No. 9,479,443

SYSTEM AND METHOD FOR TRANSPORTING INFORMATION TO SERVICES IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving an update for a service at a local policy anchor included in a gateway, wherein the service is included in one or
more service chains accessible by the gateway and wherein the update is at least one of a policy update and a charging update;

determining if the local policy anchor has a session established with the service;
communicating the update to a classifier within the gateway if the local policy anchor does not have a session established
with the service;

determining, by the classifier, one or more service chains including the service if the local policy anchor does not have
a session established with the service;

injecting, by the classifier, a packet including a service header containing the update into the one or more determined service
chains including the service if the local policy anchor does not have a session established with the service; and

communicating the update to the service from the local policy anchor if the local policy anchor has a session established
with the service.

US Pat. No. 9,282,110

CLOUD-ASSISTED THREAT DEFENSE FOR CONNECTED VEHICLES

Cisco Technology, Inc., ...

1. A system comprising:
a non-transient memory disposed on an associated motor vehicle and configured to store data representative of security threats
related to the associated motor vehicle;

an interface operable to communicate with the associated motor vehicle and at least one source external to the associated
motor vehicle; and

control logic coupled with the interface and with the memory;
wherein the control logic is operable to receive data from at least one on-board unit of the associated motor vehicle and
the at least one source external to the associated motor vehicle, wherein the received data includes data representative of
at least one file identified for operation on the associated motor vehicle;

wherein the control logic is operable to determine whether at least one predefined characteristic exists with respect to the
file;

wherein, in response to a determination that at least one predefined characteristic exists with respect to the file and that
data associated with the file is located in the memory, the control logic is operable to determine whether the file includes
a security threat by analyzing the file based on the data representative of security threats stored in the memory;

wherein, in response to a determination that the data associated with the file is not located in the memory, the control logic
is operable to (i) transmit data related to the file to a cloud-based component communicatively coupled to the control logic
via the interface, wherein the cloud-based component is configured to store the data representative of security threats and
(ii) receive a threat assessment from the cloud-based component regarding the file; and

wherein the control logic is operable to generate a signal based on at least one of determining whether the file includes
the security threat and analyzing the threat assessment.

US Pat. No. 9,203,755

ERROR MESSAGE MONITORING IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
identifying a flow of packets sent from a server device over a TCP network via a gateway device to at least one endpoint device,
the endpoint device accessing the TCP network via the gateway device over a wireless access network, such that the endpoint
device communicates with the server device via the gateway device;

caching a series of the packets to facilitate sending a copy of at least one of the series of packets to the endpoint device;
identifying a message to be sent from the endpoint device to the server device via the gateway device, wherein the message
communicates an error condition relating to at least one packet in the flow;

predicting that the error condition is based, at least in part, on a non-congestion-related condition within the wireless
access network;

filtering the message to exclude communication of the error condition to the server device based on the prediction that the
error condition is based, at least in part, on the non-congestion-related condition within the wireless access network; and

when the error condition identifies a loss of at least one packet in the flow of packets, identifying a particular lost packet
from the message, retrieving a copy of the particular lost packet from the caching, and sending the co of the s articular
lost packet to the endpoint device.

US Pat. No. 9,432,312

PROACTIVE AND SELECTIVE TIME-STAMPING OF PACKET HEADERS BASED ON QUALITY OF SERVICE EXPERIENCE AND NODE LOCATION

Cisco Technology, Inc., ...

1. A method, comprising:
receiving, at a node in a network, a first message indicating that the node is classified as a critical node, and requesting
the node to proactively time-stamp data packets;

receiving data packets from one or more child nodes of the node;
selecting a data packet of the received data packets to time-stamp;
proactively inserting a time-stamp in the selected data packet;
sending the time-stamped data packet toward a central management node;
assigning a probability value to a child node of the node that is based on a criticality metric, wherein the selecting of
the data packet is based on the assigned probability value; and

sending a second message to the child node requesting the child node to proactively time-stamp data packets, wherein
the second message propagates downwardly through the sub-network of the child node, and
the time-stamp is inserted in the selected data packet only when the data packet has not already been time-stamped by another
node.

US Pat. No. 9,280,359

SYSTEM AND METHOD FOR SELECTING A LEAST COST PATH FOR PERFORMING A NETWORK BOOT IN A DATA CENTER NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
logging in to a multipath target via first and second boot devices instantiated on a network device, the first and second
boot devices respectively connected to the multipath target via first and second paths;

determining which of the first and second paths comprises a least cost path;
determining whether boot LUN discovery was successful via the determined least cost path;
if boot LUN discovery was successful via the determined least cost path, booting an operating system via the determined least
cost path; and

if boot LUN discovery was not successful via the determined least cost path, booting the operating system via the other one
of the first and second paths.

US Pat. No. 9,276,871

LISP STRETCHED SUBNET MODE FOR DATA CENTER MIGRATIONS

CISCO TECHNOLOGY, INC., ...

1. A method for enabling a migration of network elements from a first location to a second location remote from the first
location without changing the Internet Protocol (IP) addresses, subnet mask, and/or default gateway of the network elements,
the first location having a first Locator/Identifier Separation Protocol (LISP) router configured on a stick and the second
location having a second LISP router configured on a stick, both the first LISP router and the second LISP router on the same
subnet, the method comprising:
detecting, by the first LISP router, a first network element having a first Internet Protocol (IP) address at the first location
prior to the migration;

receiving, at the first LISP router via a mapping database from second LISP router at the second location after the migration,
an entry mapping the first IP address to the IP address of the second LISP router; and

updating, by the first LISP router, a cache of the mapping database of the first LISP router to configure the first LISP router
to route traffic targeted to the first network element through the first LISP router.

US Pat. No. 9,270,638

MANAGING ADDRESS VALIDATION STATES IN SWITCHES SNOOPING IPV6

Cisco Technology, Inc., ...

1. A method, comprising:
receiving a neighbor discovery (ND) message from a non-trusted non-switch device, the ND message having an associated address;
creating and storing a corresponding binding entry for the address in a temporary tentative state without forwarding the ND
message, wherein the temporary tentative state indicates a probable state of the non-trusted non-switch device;

generating and forwarding a first duplicate address detection (DAD) message on behalf of the non-trusted non-switch device;
and

in response to receiving a second DAD message from a non-owner device:
determining whether a corresponding second address of the second ND message is already an entry in a tentative state;
dropping the second DAD message when the corresponding second address of the second DAD message is stored as the tentative-state
entry; and

forwarding the second DAD message to a corresponding owner device of the second address for neighbor advertisement (NA) defense
when the second address is not stored as a tentative-state entry.

US Pat. No. 9,246,700

GENERIC CONTROL PROTOCOL

Cisco Technology, Inc., ...

1. A method comprising:
generating at a master device generic control protocol (GCP) control messages configured to control a slave device configured
to communicate with modulator/demodulators (modems), wherein the GCP control messages comprise control fields including a
structured access field and a register access field collectively used to configure a Media Access Control (MAC) layer and
a physical (PHY) layer interface of the slave device and provide power management control of the slave device;

wherein the structured access field includes one or more of (i) a device management message configured to provide device control
of the slave device and (ii) an exchange data structure message configured with a payload field configured to store a data
structure defined in a non-GCP protocol to configure the slave device;

wherein the register access field includes one or more of (i) an exchange data registers message configured to read and write
directly to a hardware register in the slave device and (ii) a mask write register message configured to write directly to
individual bits of a hardware register in the slave device; and

transmitting the GCP control messages to the slave device in order to control the slave device.

US Pat. No. 9,247,528

SYSTEM AND METHOD FOR REDUCING PAGING IN UTRAN/GERAN/E-UTRAN NETWORKS WHEN IDLE SIGNALING REDUCTION IS ACTIVE

CISCO TECHNOLOGY, INC., ...

1. A method comprising: receiving a request for a mobile device at a first core network node implementing a first radio access
technology (RAT); determining whether the mobile device is connected to the first core network node and is in an active state
at the first core network node; if the mobile device is not in an active state at the first core network node, determining
whether the mobile device is connected to a second core network node and is in an active state at the second core network
node, the first network node making the determination in response to the request received for the mobile device and based
on stored information at the first core network node about the state of the second core network node, wherein the stored information
is based on information received in at least one access indication message, and wherein the first core network node refrains
from paging the mobile device before the determination is complete; and if the mobile device is not in an active state at
the first core network node but is connected to the second core network node and is in an active state at the second core
network node, the first core network node subsequently refraining from paging the mobile device for allowing data to be sent
to the mobile device via the second core network node; wherein the first core network node and the second core network node
are in communication with different RAT access networks.

US Pat. No. 9,606,596

POWER CONTROL SUBSYSTEM WITH A PLURALITY OF CURRENT LIMIT VALUES

Cisco Technology Inc., S...

1. A power control subsystem for controlling the supply of power transmitted to at least one node over communication cabling,
the power control subsystem comprising:
a plurality of power allocation circuits;
a power supply providing a power input to each of the power allocation circuits;
a control circuit providing control signals to each of the power allocation circuits;
wherein each of the power allocation circuits comprises:
a current limiter arranged to limit current of the power input from the power supply to one of a plurality of values, the
plurality of values being set by a plurality of programmable voltages;

a plurality of references, each of the references provided by a respective one of the programmable voltages, wherein each
of the plurality of programmable voltages is provided by a voltage source receiving a control signal from the management circuit;
and

a plurality of comparators, each of the comparators being associated with a particular one of the plurality of references,
wherein the current limiter is in communication with, and responsive to, the plurality of comparators and wherein the plurality
of values are a function of the plurality of references, the current limiter providing a current limited output signal to
the communication cabling.

US Pat. No. 9,246,837

SYSTEM AND METHOD FOR MANAGING OUT OF ORDER PACKETS IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
creating by a network element an entry comprising an out of order (“OOO”) sequence number range associated with a flow, wherein
the OOO sequence number range is indicated by a request packet received at the network element;

receiving by the network element a packet associated with the flow, wherein the packet corresponds to a first sequence number
range, wherein the first sequence number range falls within the OOO sequence number range designated in the entry;

updating the entry to remove sequence numbers comprising the first sequence number range from the OOO sequence number range;
and

forwarding the packet without awaiting receipt of any other packets associated with the flow;
wherein the updating and forwarding are performed by the network element.

US Pat. No. 9,286,469

METHODS AND APPARATUS PROVIDING COMPUTER AND NETWORK SECURITY UTILIZING PROBABILISTIC SIGNATURE GENERATION

Cisco Technology, Inc., ...

1. A method of providing computer security in a computer networking environment including at least one computer system, the
method comprising:
receiving information from at least one security interceptor associated with at least one computer system, the information
including identifying details associated with a traffic flow in a computer system of the computer networking environment;

wherein receiving information from at least one security interceptor associated with at least one computer system comprises
receiving information from the at least one security interceptor indicating an occurrence, at a time the traffic flow was
intercepted, of at least one of: a buffer overflow, a process exception and a system configuration file modification;

wherein the details identify at least one system event that occurred on the same computer system;
determining a probability that an attack on the computer system is in progress based on attack information associated with
previous attacks;

establishing a probabilistic link between the at least one system event and the probability that an attack on the computer
system is in progress;

wherein the probabilistic link is a correlation between the at least one system event and one or more system events in a plurality
of system events associated with previous attacks;

wherein the probability is based at least in part on one or more weights associated with the at least one system event; and
based on the information provided by the at least one security interceptor, generating a signature utilized to prevent a similar
attack on the computer system.

US Pat. No. 9,479,421

DYNAMIC INSTALLATION OF LOCAL STORING MODE PATHS IN A NON-STORING LOW-POWER AND LOSSY NETWORK

Cisco Technology, Inc., ...

1. A method comprising:
identifying, by a network device operating in a network topology as a directed acyclic graph (DAG) root, a source-route path
for reaching a destination device in the network topology;

determining whether one or more parent devices along the source-route path between the network device and the destination
device are capable of storing a temporary route entry specifying routing information for reaching the destination device for
a temporary interval; and

causing installation of a temporary route entry for reaching the destination device in one or more of the parent devices determined
as capable of storing the corresponding temporary route entry.

US Pat. No. 9,280,487

METHODS AND APPARATUS FOR DATA PROCESSING USING DATA COMPRESSION, LINKED LISTS AND DE-DUPLICATION TECHNIQUES

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
receiving a request to store a current block of data at a particular logical block address;
generating a hash value from the block of data to be stored and a hash function;
compressing the block of data to be stored to generate a current compressed block of data having a first size;
determining whether there is a previously stored hash value at the particular logical block address within a logical block
address to hash value table;

when it is determined that there is not a previously stored hash value at the particular logical block address, determining
whether there is a previously stored physical block address linked list entry within a hash value to physical block address
table at an index corresponding to the generated hash value;

when it is determined that there is a physical block address linked list entry at the index corresponding to the generated
hash value, determining whether the current block of data matches a previously stored block of data associated with the physical
block address linked list entry at the index corresponding to the generated hash value; and

when it is determined that the current block of data matches the previously stored block of data, updating the logical block
address to hash value table to include a new entry at the particular logical block address and not storing the current compressed
block of data.

US Pat. No. 9,215,543

MICROPHONE MUTE/UNMUTE NOTIFICATION

Cisco Technology, Inc., ...

1. A processor, comprising circuitry configured to:
receive far-end and near-end audio signals;
detect voice activities from the audio signals using a voice activity detection algorithm;
detect sound activities from the audio signals using a sound activity detection algorithm;
detect a sound position from the audio signals using an acoustic source localization algorithm;
receive data indicative of a region of interest;
when the voice activity detection algorithm indicates voice activities at a same time that the sound activity detection algorithm
indicates sound activities, determine whether the sound position is in the region of interest;

determine that an audio event in the audio signals is an interference event in response to the sound position being outside
of the region of interest; and

generate a mute or unmute indication based on whether the audio event being the interference event.

US Pat. No. 9,184,820

SPATIO-TEMPORAL PROCESSING FOR COMMUNICATION

Cisco Technology, Inc., ...

1. A method comprising:
at a wireless communication device, for each of a plurality of destinations, generating symbols representing data to be transmitted;
selecting one or more spatial directions for each of the plurality of destinations;
weighting the symbols at each of a plurality of frequency bins across a plurality of antennas to produce a plurality of weighted
symbols to be transmitted to respective ones of the plurality of destinations;

converting the plurality of weighted symbols to the time-domain to produce a plurality of time-domain sequences; and
converting the plurality of time-domain sequences to analog signals for modulation and simultaneous transmission across the
plurality of antennas to corresponding ones of the plurality of destinations.

US Pat. No. 9,262,986

REFERENCE FRAME MANAGEMENT FOR SCREEN CONTENT VIDEO CODING USING HASH OR CHECKSUM FUNCTIONS

Cisco Technology, Inc., ...

1. A method comprising:
providing a video data stream including a plurality of frames, each frame including a plurality of pixels that define content
within the frame;

utilizing a hash or checksum function, determining a plurality of hash code values associated with partitioned portions of
a current frame within the plurality of frames, wherein each hash code value is determined as an output value from the hash
or checksum function based upon an input value comprising one or more pixel values for a corresponding partition within the
current frame;

comparing the hash code value of each partitioned portion of the plurality of partitioned portions of the current frame with
the hash code value of a corresponding partitioned portion of each reference frame; and

selecting a plurality of reference frames as candidate reference frames for coding the current frame based upon hash code
values of the selected reference frames that are closest matches to hash code values for the current frame, wherein the selecting
a plurality of reference frames comprises:

selecting a reference frame having a hash code value at the corresponding partitioned portion of the reference frame that
is a closest match to the hash code value of the partitioned portion of the current frame as the candidate reference frame
for the partitioned portion of the current frame.

US Pat. No. 9,439,214

LEVERAGING MULTIPLE ACCESS TECHNOLOGIES SIMULTANEOUSLY

CISCO TECHNOLOGY, INC., ...

1. A gateway comprising:
interfaces for communicating with mobile devices, including a first mobile device, via a wireless cellular access technology
and a wireless non-cellular access technology; and

a processor for executing software modules stored in a memory device;
the gateway configured to:
provide, the first mobile device, a single Internet Protocol (IP) address for use to communicate with a server associated
with an access point name (APN) simultaneously over the cellular wireless access technology and the non-cellular wireless
access technology, wherein the IP address is allocated by the gateway when the mobile device attaches to the gateway to communicate
using the wireless cellular access technology and the gateway sends an acknowledgment to an enhanched packet data gateway
(ePDG) confirming allocation of the same IP address for the mobile device when the mobile device attaches to the gateway to
communicate using the wireless non-cellular access technology,

receive and send IP flow information for allowing simultaneous access with the wireless cellular access technology and the
wireless non-cellular access technology,

provide to the first mobile device a single traffic flow template (TFT), applicable for the wireless cellular access technology
and the wireless non-cellular access technology, to allow the first mobile device to select the wireless cellular access technology
for providing a first data flow associated with a first application and to select the wireless non-cellular access technology
for providing a second data flow associated with a second application,

provide simultaneous data flows to the first mobile device via the cellular access technology and the non-cellular access
technology, wherein the communication with the first mobile device for attachment to the gateway for the non-cellular access
technology is performed via the enhanced packet data gateway (ePDG), and

send a message to a server in communication with the gateway, indicating that a particular data flow is associated with either
the wireless cellular access technology or the wireless non-cellular access technology.

US Pat. No. 9,397,687

MONOTONIC SEGMENTED DIGITAL TO ANALOG CONVERTER

Cisco Technology, Inc., ...

1. A method comprising:
receiving an input analog signal indicative of a light output of a laser;
determining an input binary word, wherein the input binary word includes a plurality of most significant bits and a plurality
of least significant bits;

decoding the input binary word to an intermediate value including a bit width equal to or greater than a bit width of the
input binary word;

setting a plurality of output switches according to the intermediate value, wherein the plurality of output switches includes
one or more switches for states of the plurality of most significant bits and one or more switches for states of the plurality
of least significant bits; and

providing an analog output signal that represents the input binary word, wherein the analog output signal is controlled by
the plurality of output switches.

US Pat. No. 9,282,059

QUALITY OF SERVICE (QOS) CONFIGURATION IN LOW-POWER AND LOSSY NETWORKS

Cisco Technology, Inc., ...

1. A method, comprising:
receiving one or more timestamped packets at a minimalistic connected object (MCO) as a visited device along a path between
an origin device of the packets and a distributed intelligence agent (DIA);

forwarding the packets from the MCO without applying any deep packet inspection or quality of service (QoS) mechanisms to
the packets;

receiving downloaded QoS configuration parameters at the MCO from the DIA in response to a particular flow associated with
the packets not meeting a corresponding service level agreement (SLA) according to the DIA, the QoS configuration parameters
for future packets; and

in response to receiving future packets at the MCO, applying the QoS configuration parameters according to the QoS configuration
parameters from the DIA.

US Pat. No. 9,203,632

METHOD, ENDPOINT, AND SYSTEM FOR ESTABLISHING A VIDEO CONFERENCE

Cisco Technology, Inc., ...

1. A method comprising:
receiving, by a first endpoint, a request for a video conferencing session from a second endpoint; and
determining, by the first endpoint, whether the first endpoint is in a peek accepting mode that allows the first endpoint
to initially peek at video of the second endpoint requesting the video conferencing session before sending a regular multimedia
stream;

in response to the first endpoint being in a peek accepting mode, acknowledging the request,
in response to the first endpoint being in a peek accepting mode, activating a first filter to change a visibility of a video
image from the first endpoint,

in response to the first endpoint being in a peek accepting mode, providing a first multimedia stream from one or more first
media sources associated with the first endpoint,

in response to the first endpoint being in a peek accepting mode, modifying the first multimedia stream by the first filter
to produce a first modified multimedia stream,

in response to the first endpoint being in a peek accepting mode, transmitting the first modified multimedia stream to the
second endpoint;

deactivating the peek accepting mode;
activating a multimedia stream mode to transmit the first multimedia stream without the first filter,
participating in a multipoint video conferencing session or in multiple point-to-point video conferencing sessions, with at
least two other endpoints; and

displaying, on a screen at the first endpoint, one or more modified multimedia streams received from the at least two other
endpoints, in a grid display layout containing multiple areas with the same or different filters applied.

US Pat. No. 9,558,043

SYSTEM AND METHOD FOR ABSTRACTING AND ORCHESTRATING MOBILE DATA NETWORKS IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY INC., S...

1. A method, comprising:
receiving, by a server, data from a network element;
determining, by a data control task having a plurality of candidate data processing tasks associated therewith, a particular
candidate data processing task of the plurality of candidate processing tasks for the received data based upon a first similarity
metric representative of a measure of similarity between the received data and data currently associated with the particular
candidate data processing task, wherein determining the particular candidate data processing task includes determining whether
the first similarity metric is within a predetermined threshold; and

sending the received data to the particular candidate data processing task, wherein the particular candidate data processing
task is configured to determine whether the received data is suitable for the particular candidate data processing task based
upon a second similarity metric between the received data and data currently associated with the particular candidate data
processing task, wherein the second similarity metric is representative of a greater level of similarity analysis than the
first similarity metric.

US Pat. No. 9,473,364

LEARNING MACHINE-BASED GRANULAR SEGMENT/PATH CHARACTERISTIC PROBING TECHNIQUE

Cisco Technology, Inc., ...

1. A method, comprising:
determining a routing topology of a network including nodes interconnected by communication links;
determining important nodes in the network which are of relative importance based on their location in the determined routing
topology;

designating a head node of the important nodes;
sending one or more request messages causing the important nodes to gather local network metrics; and
in response to the one or more request messages, receiving one or more response messages including the network metrics gathered
by each important node.

US Pat. No. 9,148,290

FLOW-BASED LOAD-BALANCING OF LAYER 2 MULTICAST OVER MULTI-PROTOCOL LABEL SWITCHING LABEL SWITCHED MULTICAST

Cisco Technology, Inc., ...

1. A method, comprising:
determining, by a particular provider edge (PE) device of a plurality of multi-homing PE devices between a core network and
a local network, a subset of traffic for which the particular PE device is responsible;

establishing, by the particular PE device with itself as root, a multicast tree within the local network for one or more underlay
multicast groups;

admitting traffic received at the particular PE device from the core network into the local network only if the core traffic
corresponds to the subset of traffic for which the particular PE device is responsible, the admitted traffic mapped by the
particular PE device into one of the one or more underlay multicast groups for which the particular PE device is the root;
and

forwarding multicast traffic received at the particular PE device from the local network into the core network only if the
multicast traffic corresponds to the subset of traffic for which the particular PE device is responsible,

wherein the core traffic received at the particular PE device from the core network into the local network is received at
the particular PE from a label switched multicast (LSM) tree.

US Pat. No. 9,432,901

SYSTEM AND METHOD TO FACILITATE RADIO ACCESS POINT LOAD PREDICTION IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
training a statistical model representing radio access point loads or load changes for a plurality of radio access points,
wherein the statistical model is trained using, at least in part, historical measurement data associated with a plurality
of previous user equipment (UE) handovers among the plurality of radio access points and wherein the historical measurement
data used to train the statistical model is gathered before and after the plurality of previous UE handovers;

collecting current measurement data associated with a source radio access point and a target radio access point; and
calculating a predicted load or load change for the target radio access point for one or more potential UE handovers from
the source radio access point to the target radio access point for one or more UE based, at least in part, on application
of the current measurement data to the trained statistical model.

US Pat. No. 9,392,066

CONNECTION PERSISTENCE ACROSS SERVER FARMS IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
associating a first real server with a first server farm attached to a first virtual Internet Protocol address (VIP), wherein
the first real server is configured to service a first connection from a client to the first VIP in a network environment;

associating a second real server with a second server farm attached to a second VIP, wherein the second real server is configured
to service a second connection from the client to the second VIP in the network environment;

linking the first real server with the second real server in a particular group; and
facilitating connection persistence of the first connection with the second connection across the first server farm and the
second server farm, wherein the facilitating connection persistence comprises:

directing the first connection from the client to the first real server;
associating the particular group with the client through an entry in a sticky database;
receiving the second connection from the client;
identifying the particular group associated with the client, wherein the identifying comprises looking up the entry in the
sticky database;

identifying the second real server belonging to the particular group; and
directing the second connection to the second real server.

US Pat. No. 9,338,687

QUALITY OF SERVICE DETERMINATION BASED ON UPSTREAM CONTENT SOURCE

CISCO TECHNOLOGY, INC., ...

1. A gateway comprising:
a processor operable to execute instructions;
one or more interfaces for communicating with a plurality of mobile devices and with an upstream content source via a service
provider's network; and

a non-transitory memory storing computer-readable instructions that, when executed by the processor, cause the processor to:
receive packets in a session at the gateway at a first quality of service (QoS) level from the upstream content source and
intended for a recipient mobile device of the plurality of mobile devices;

inspect the packets to determine an identity of a mobile subscriber associated with the recipient mobile device, wherein the
identity of the mobile subscriber is determined based at least in part from at least one of a network access identifier, a
user name and password combination, and a subscriber identity module card identifier;

determine whether to provide a higher QoS level for the session based at least in part on the determined identity of the mobile
subscriber; and

based on the determined identity, modify the level of service for the session from the first QoS level to a higher QoS level.

US Pat. No. 9,203,726

PERFORMANCE MEASUREMENT IN A NETWORK SUPPORTING MULTIPROTOCOL LABEL SWITCHING (MPLS)

Cisco Technology, Inc., ...

1. A computer implemented method comprising:
using at least one digital processing unit;
receiving a data packet at a router, the data packet including a tracking indicator, a tracking portion, and a payload;
extracting the tracking indicator from the data packet and identifying the router as supporting hop-by-hop tracking;
adding a timestamp to the tracking portion to form an amended data packet;
identifying a next node in a transmission path as not supporting hop-by-hop tracking, the transmission path including the
router among other nodes;

terminating hop-by-hop tracking; and
transmitting the amended data packet with the added timestamp to a next downstream router.

US Pat. No. 9,059,867

TECHNIQUE FOR SELECTING A PATH COMPUTATION ELEMENT BASED ON RESPONSE TIME DELAY

Cisco Technology, Inc., ...

1. A method for efficiently selecting a path computation element (PCE) to compute a path between nodes of a computer network,
the method comprising:
receiving, by a path computation client (PCC), a notification of a predictive response time (PRT) of one or more PCEs to a
path computation request;

selecting a PCE to service the path computation request and compute the path between nodes of the computer network, based
on the PRT of the PCE; and

receiving, by the PCC, a computed path between nodes of the computer network from the selected PCE.

US Pat. No. 9,363,170

LOOP AVOIDANCE DURING NETWORK CONVERGENCE IN SWITCHED NETWORKS

Cisco Technology, Inc., ...

8. A non-transitory computer-readable storage medium comprising program instructions executable by a first network node to:
detect a topology change within a network in which a segment routing (SR) protocol is implemented, wherein
the topology change disrupts an existing forwarding path between the first network node and a destination network node;
calculate new forwarding table information in response to the topology change, wherein
the new forwarding table information comprises forwarding table information for at least one updated forwarding path from
the first network node to the destination network node, and

the new forwarding table information is generated according to the SR protocol;
identify a maximum time for at least a portion of the network to reach a post-convergence state with respect to the topology
change;

until the maximum time has elapsed at the first network node,
explicitly specify at least a portion of the at least one updated forwarding path in a packet header of a packet, if the packet
is being sent from the first network node to the destination network node; and

after the maximum time has elapsed at the first network node,
non-explicitly specify the at least the portion of the at least one updated forwarding path in a packet header of an additional
packet, if the additional packet is being sent from the first network node to the destination network node.

US Pat. No. 9,357,410

WIRELESS NETWORK FLOW MONITORING

Cisco Technology, Inc., ...

1. A method comprising:
at a wireless controller configured to communicate with a wireless access point, obtaining a packet to be sent to the wireless
access point for wireless transmission in a wireless network, wherein the packet comprises a payload that includes media content
comprising one or more of audio content or video content;

identifying, based on the packet, traffic session flow information associated with the media content within the packet payload,
wherein the traffic session flow information enables a downstream network device to determine performance metrics associated
with the media content within the packet;

encapsulating the packet with an access point management and provisioning protocol tunneling header that includes a Real-Time
Transport Protocol (RTP) field to produce an encapsulated packet;

inserting, in the RTP field, traffic session flow information associated with the media content, wherein the traffic session
flow information in the RTP field is accessible to downstream network devices without decapsulating the packet payload and
enables the downstream network devices to determine performance metrics associated with the media content within the packet
payload; and

sending the encapsulated packet from the wireless controller to the wireless access point.

US Pat. No. 9,277,482

ADAPTIVE REOPTIMIZATION RATE FOR UNSTABLE NETWORK TOPOLOGIES

Cisco Technology, Inc., ...

1. A method, comprising:
determining, by a network device, a network stability of a communication network based on one or more network metrics related
to stability;

determining, by the network device, based on the network stability, with what frequency to perform route reoptimization, wherein
the frequency inversely corresponds to the network stability; and

triggering, by the network device, distributed route reoptimization in the communication network at the determined frequency.

US Pat. No. 9,252,902

PRECISION TIMING IN A DATA OVER CABLE SERVICE INTERFACE SPECIFICATION (DOCSIS) SYSTEM

Cisco Technology, Inc., ...

1. A method comprising:
frequency synchronizing a downstream Data Over Cable Service Interface Specification (DOCSIS) Timing Protocol (DTP) client
in a DOCSIS network to an upstream DTP server in the DOCSIS network;

time synchronizing the DTP client to the DTP server, the time synchronizing including:
recovering, at the DTP client, a DOCSIS timestamp transmitted from the DTP server;
receiving from the DTP server one or more DTP timestamp extensions including higher order bits configured to align the DOCSIS
timestamp with a protocol time reference point associated with the non-DOCSIS timing signal and lower order bits configured
to increase a resolution of the DOCSIS timestamp; and

generating a non-DOCSIS timestamp, based on the one or more DTP timestamp extensions; and
generating, based on the frequency and time, including the non-DOCSIS timestamp, of the DTP client synchronized to the DTP
server, a non-DOCSIS timing signal at the output of the DTP client.

US Pat. No. 9,113,243

METHOD AND SYSTEM FOR OBTAINING AN AUDIO SIGNAL

Cisco Technology, Inc., ...

11. A system comprising:
a first microphone, which receives a first sound signal, arranged at a first height vertically above a flat surface;
a second microphone, which receives a second sound signal, arranged at a second height vertically above the flat surface;
a third microphone, which receives a third sound signal, arranged at the second height above the flat surface, wherein the
third microphone is a toroid microphone;

a low pass filter configured to process a signal provided by the first microphone;
a bandpass filter configured to process a signal provided by the third microphone;
a high pass filter configured to process a signal provided by the second microphone; and
an adder configured to add an output signal provided by the low pass filter, an output signal provided by the band pass filter,
and an output signal provided by the high pass filter to form a sum signal output as an audio signal.

US Pat. No. 9,088,658

INTELLIGENT OVERLOAD CONTROL FOR CONTACT CENTER

Cisco Technology, Inc., ...

1. A method comprising:
determining the existence of an overload condition at a contact center, the overload condition defined by at least one of:
a maximum number of contacts connecting to the contact center, a network condition,
a service level agreement (SLA),
a performance metric based on resource utilization and delay analysis, past history of contact attempts during certain times
of day, and

a projected high revenue time period, the projected high revenue time period associated with a scheduled marketing campaign;
activating a contact metric determiner in response to the determining the existence of an overload condition;
determining, by the contact metric determiner, a contact evaluation metric for a specific contact connected to the contact
center to distinguish the specific contact connected to the contact center from other contacts connected to the contact center,
wherein the specific contact is distinguished based on an objective business value relative to the other contacts connected
to the contact center, the objective business value being potential revenue impact of the specific contact, a criticality
of the specific contact, and customer satisfaction of the specific contact; and

determining an action to perform for the contact based on the contact evaluation metric, the action being performed based
on the overload condition existing.

US Pat. No. 9,083,633

SYSTEM AND METHOD FOR DISTRIBUTED NETFLOW EXPORTER WITH A SINGLE IP ENDPOINT IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
configuring a network protocol stack of an exporter coupled to a processor and a memory with switched virtual interface (SVI)
state information, wherein the SVI state information includes a public Internet Protocol (IP) address and a Media Access Control
(MAC) address of an SVI associated with a switch in a network, wherein the exporter in the processor executes instructions
associated with a data on an adaptor of a server in the network;

retrieving flow data from a NetFlow cache, wherein the flow data corresponds to flows propagating through the adaptor; and
communicating the flow data to a collector according to the configured network protocol stack, wherein the collector perceives
the flow records as being communicated by the SVI.

US Pat. No. 9,402,195

OPERATION OF BASE STATION IN A CELLULAR COMMUNICATIONS NETWORK

CISCO TECHNOLOGY, INC., ...

1. A method of forming a neighbor cell list in a base station of a cellular communications network, the method comprising,
at periodic intervals, and for specified durations:
requesting at least one wireless device that is in connected mode with the base station to report a unique identifier for
each other base station that it is able to detect;

receiving reports from each wireless device that is in connected mode with the base station;
operating with a neighbor cell list compiled on the basis of the received reports; and
reporting instances where one or more of the wireless devices in connected mode reports that it can detect signals from two
other base stations that are using a same physical cell identifier as each other, but have different unique identifiers.

US Pat. No. 9,379,931

SYSTEM AND METHOD FOR TRANSPORTING INFORMATION TO SERVICES IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with
one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain
including one or more services accessible by the gateway;

determining a service chain to receive the subscriber's packet;
communicating, at least in part, the service chain determined for the subscriber and an Internet Protocol (IP) address of
the local policy anchor to a classifier for interfacing with the determined service chain, wherein the communicating includes
communicating at least one of policy information and charging information associated with one or more services in the determined
service chain and wherein the classifier maintains an association between the subscriber, the determined service chain and
the at least one of the policy information and the charging information;

appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information
for the subscriber and IP address for the local policy anchor; and

injecting the packet including the header into the service chain determined for the subscriber.

US Pat. No. 9,276,867

HIERARCHICAL SCHEDULING SYSTEM WITH LAYER BYPASS INCLUDING UPDATING SCHEDULING INFORMATION OF A SCHEDULING LAYER FOR EACH ITEM WHETHER OR NOT IT BYPASSES THE SCHEDULING LAYER

Cisco Technology, Inc., ...

1. A method, comprising:
scheduling items of a first source using a hierarchical scheduling system including a plurality of scheduling layers implemented
using scheduling circuitry, with said items of the first source including a plurality of first items and a plurality of bypassing
items, wherein said scheduling items of the first source includes:

propagating the plurality of first items through the hierarchical scheduling system through propagating circuitry of said
scheduling circuitry and updating scheduling information associated with the first source in each of the plurality of scheduling
layers based on said propagated first items as said propagated first items propagate through the plurality of scheduling layers,
and

propagating the plurality of bypassing items through the hierarchical scheduling system through propagating and bypassing
circuitry of said scheduling circuitry, with said propagating the plurality of bypassing items including bypassing one or
more scheduling layers of the plurality of scheduling layers and updating scheduling information associated with the first
source based on said bypassing items in each of said bypassed one or more scheduling layers and in each of the plurality of
scheduling layers actually through which said bypassing items propagated;

wherein the method is performed by a particular machine using a hardware-based said hierarchical scheduling system; and wherein
said operations of propagating the plurality of first items and the plurality of bypassing items through the hierarchical
scheduling system are done in parallel.

US Pat. No. 9,160,712

RF-AWARE PACKET FILTERING IN RADIO ACCESS NETWORKS

CISCO TECHNOLOGY, INC., ...

7. A wireless communication system comprising:
an access device for providing an interface between a radio access network (RAN) and an internet protocol (IP) network;
the interface with the RAN receiving an indication of a state of an RF connection regarding whether the RF connection is established
on an airlink between a mobile subscriber (MS) and the RAN for transferring data; and

a data packet filter configured for:
determining RF connection state information indicating whether the RF connection is already established on the airlink between
the MS and the RAN for transferring data, wherein the RF connection establishment is identified based at least in part on
a state variable received from the access device indicating an amount of bandwidth currently allocated to the MS, wherein
a zero bandwidth amount indicates a dormant state for the RF connection state information, and wherein a positive bandwidth
amount indicates an established state for the RF connection state information;

determining whether to deny passage of a data packet from the IP network to the RAN at least in part based on the determined
RF connection state information, wherein the RF connection state information indicates whether the RF connection is already
established on the airlink between the MS and the RAN for transferring data; and

if the data packet filter determines not to deny passage of the data packet based at least in part on the RF connection state
information, permitting passage of the data packet from the IP network to the RAN.

US Pat. No. 9,202,237

GENERATING A SINGLE BILLING RECORD FOR MULTIPLE SESSIONS IN A NETWORK ENVIRONMENT

Cisco Technology, Inc., ...

1. An apparatus, comprising:
a client services packet gateway operable to communicate with a postpaid end user in order to manage a transaction comprising
an item of content, the item of content communicated through a plurality of communication sessions, at least two of the plurality
of communication sessions comprising charging data, the plurality of communication sessions comprising different communication
protocols; and

a session manager element operable to:
receive the plurality of communication sessions associated with the transaction;
extract charging data from a first communication session of the plurality of communication sessions associated with the transaction;
extract additional charging data from one or more remaining communication sessions of the plurality of communication sessions
associated with the transaction;

determine that the one or more remaining communication sessions are associated with the first communication session based
on the extracted charging data and the extracted additional charging data; and

generate a single billing record for the plurality of communication sessions after the transaction is completed, the single
billing record comprising the extracted charging data from the first communication session and the extracted additional charging
data from the one or more remaining communication sessions of the plurality of communication sessions associated with the
transaction.

US Pat. No. 9,088,600

SYSTEM AND METHOD FOR IMPLEMENTING A SESSION INITIATION PROTOCOL FEATURE

Cisco Technology, Inc., ...

1. A method for implementing a Session Initiation Protocol (SIP) feature, comprising:
providing a shared line implementing a shared line protocol to serve a plurality of endpoints coupled to the shared line,
the plurality of endpoints comprising at least a first endpoint and a second endpoint;

establishing a SIP communication session via a communications platform, the communication session being between the first
endpoint and at least one other endpoint, the communications platform implementing the shared line protocol to serve the plurality
of endpoints using the single shared line;

after establishing the SIP communication session between the first endpoint and the at least one other endpoint, receiving
a request to place the SIP communication session on hold, the request identifying at that a second endpoint may pick-up the
SIP communication session; and

while the SIP communication session is on hold, enabling the second endpoint to pick-up the SIP communication session while
locking the SIP communication session to prevent endpoints other than the first endpoint and the second endpoint from picking-up
the SIP communication session.

US Pat. No. 10,076,054

ADJUSTABLE CABLE MANAGEMENT FOR FIBER AND CABLE

Cisco Technology, Inc., ...

1. An adjustable cable management system comprising:a tray base having a first end;
a tray door coupled to the tray base and substantially parallel and opposite the first end of the tray base when in a closed position;
a plurality of apertures formed only in the first end the tray base around a central standoff at a plurality of selectable circumferential locations from the central standoff; and
a plurality of cable guides coupled to the first end of the tray base and located between the first end of the tray base and the tray door, wherein a proximal end of a particular cable guide of the plurality of cable guides is coupled to the central standoff and at a selected circumferential location from among the plurality of selectable circumferential locations through at least one aperture of the plurality of apertures,
wherein the particular cable guide includes an elongated portion and is configured to engage the tray door with a distal end opposite the proximal end.

US Pat. No. 9,357,524

SUBSCRIBER-AWARE PAGING

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
maintaining, at a mobility management entity (MME) in a communication network, a list of eNodeBs from which a user equipment
(UE) was actively communicating with the communication network, the list also including indications of tracking areas of eNodeBs
of the list, wherein each tracking area includes a plurality of eNodeBs of the communication network;

receiving a page request for the UE at the MME;
in response to determining the tracking area of an eNodeB with which the UE was last actively communicating, sending a first
page request to at least one eNodeB in the tracking area of the eNodeB with which the UE was last actively communicating;

identifying a set of at least one tracking area to flood based on the list maintained at the MME, wherein at least one tracking
area identified in the list maintained by the MME is excluded from the set of at least one tracking area to flood based on
a frequency with which one or more eNodeBs of the at least one tracking area was used by the UE to actively communicate with
the communication network; and

sending an additional page request to at least one eNodeB of each tracking area of the identified set of at least one tracking
area to flood.

US Pat. No. 9,285,267

OPTICAL COMMUNICATION RECEPTION SYSTEM

Cisco Technology, Inc., ...

1. A method, comprising:
receiving an optical signal, via an attenuator;
receiving a local oscillator signal from a local oscillator source;
identifying voltages for optical signal components of the optical signal and of the local oscillator signal, wherein the voltages
for the optical signal components are analog signal components;

identifying voltages for additional signal components associated with optical noise and electrical noise;
determining a ratio representing a relationship between signal power of the optical signal and signal power of the local oscillator
signal based on the voltages for the analog signal components and the additional signal components; and

transmitting a control signal to the attenuator, the control signal configured to control the optical signal to maintain the
ratio.

US Pat. No. 9,160,551

ANALYTIC RECORDING OF CONFERENCE SESSIONS

Cisco Technology, Inc., ...

1. A method comprising:
at a conference server hosting a conference session in which a plurality of active speakers each participate at separate conference
endpoints, receiving a plurality of audio signals each associated with one of the active speakers;

mixing, at the conference server, the audio signals each associated with one of the active speakers to form a mixed audio
signal;

recording a mixed audio track that comprises the mixed audio signal;
determining a relative loudness of each of the active speakers for given periods of time; and
recording a plurality of original audio tracks that each comprises an original voice of one or more of the active speakers
before mixing, wherein the original voice recorded in each of the original audio tracks during the given periods of time is
based on the relative loudness of the active speakers.

US Pat. No. 9,497,708

POWER SETTING

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
determining, at a first base station, one or more neighbor base stations that belong to a group of base stations, wherein
the first base station is a member of the group of base stations;

detecting at least one adjacent base station that is adjacent to the first base station and that is not a member of the group
of base stations;

determining a degree of association between the first base station and the adjacent base station, wherein determining the
degree of association comprises determining whether the adjacent base station was detected directly by the first base station,
or by a neighbour base station within the group of base stations and wherein if the adjacent base station was detected by
a neighbour base station within the group, determining a neighbour relation of the neighbour base station that detected the
adjacent base station; and

setting a maximum downlink power for transmissions from the first base station based, at least in part, on the degree of association
between the first base station and the adjacent base station, wherein the maximum downlink power is increased for a higher
degree of association between the first base station and the adjacent base station.

US Pat. No. 9,356,856

APPARATUS AND METHOD TO HIDE TRANSIT ONLY MULTI-ACCESS NETWORKS IN OSPF

CISCO TECHNOLOGY, INC., ...

1. A method comprising:
determining, by a first router, whether a network coupling the first router to one or more second routers is transit-only,
wherein transit-only indicates connecting only routers to provide for transmission of data from router to router;

in response to determining that the network is transit-only, generating an Open Shortest Path First (OSPF) Link State Advertisement
(LSA) that includes an address for the network and a designated network mask, the designated network mask operating as a transit-only
identification, the transit-only identification indicating that the address is not permitted to be installed in a Routing
Information Base (RIB) upon receipt of the OSPF LSA at the one or more second routers; and

in response to determining that the network is not transit-only, generating an OSPF LSA that includes the address for the
network but does not include the designated network mask, to permit installation of the address in a RIB upon receipt of the
OSPF LSA at the one or more second routers.

US Pat. No. 9,100,298

HOST VISIBILITY AS A NETWORK SERVICE

Cisco Technology, Inc., ...

1. A method comprising:
detecting, at a data switching device in a data center, whether a host has connected to a cloud computing network of which
the data switching device and the data center are components, wherein the detecting is performed by monitoring data packets
that are sent to another entity from the host and that are received by the host from the another entity and that pass through
the data switching device, wherein the another entity is other than the data switching device;

determining, at the data switching device, properties of the host;
generating, at the data switching device, a message comprising data representative of the properties of the host; and
sending, from the data switching device, the message to a node in the cloud computing network that is configured to manage
components of the cloud computing network associated with the host, wherein the components are other than the data switching
device and the host.

US Pat. No. 9,854,695

SINGLE RACK UNIT STORAGE BLADE WITH REDUNDANT CONTROLLERS

Cisco Technology, Inc., ...

1. A storage blade apparatus comprising:
a blade housing configured to fit within a single rack unit (1U) form factor blade slot of a chassis;
a first drive drawer in the blade housing and including a first set of drive bays;
a second drive drawer in the blade housing and including a second set of drive bays; and
at least first and second redundant controllers contained within the blade housing, wherein each of the first and second redundant
controllers is operably connected to each of the drive bays included in the first set of drive bays and each of the drive
bays included in the second set of drive bays, and wherein the second controller is disposed on top of, and inverted with
respect to, the first controller.

US Pat. No. 9,094,307

MEASURING LATENCY WITHIN A NETWORKING DEVICE

Cisco Technology, Inc., ...

1. A method comprising:
receiving a packet at a component of a network device comprising one or more components;
associating with the packet a timestamp representing a time of arrival of the packet at a first point in the network device,
the timestamp being generated with respect to a clock of the network device;

generating a signature of the packet based on one or more flow parameters associated with the packet;
detecting the packet at a second point in the network device based on the signature;
computing a latency value for the packet based on at least one of the timestamp and current time of arrival at the second
point in the network device and based on the signature of the packet;

defining a latency statistic group for packets that satisfy particular flow parameter criteria;
detecting packets that satisfy the particular flow parameter criteria based on the signature associated with the packets;
and

updating one or more latency statistics for the latency statistic group based on the latency value, based on the packets that
satisfy the particular flow parameter criteria, and based on the signature of the packets.

US Pat. No. 9,065,750

CONGESTION-BASED NOTIFICATION DURING FAST REROUTE OPERATIONS IN STATEFUL PATH COMPUTATION ELEMENT ENVIRONMENTS

Cisco Technology, Inc., ...

1. A method, comprising:
detecting, at a point of local repair (PLR), activation of use of a backup tunnel for a primary tunnel in a computer network;
determining at the PLR whether a level of congestion of a path of the backup tunnel is greater than a threshold, wherein the
threshold is when the path of the backup tunnel would be considered overloaded due to link utilization;

sending a congestion notification to a stateful path computation element (PCE) to cause the PCE to start pre-computing a rerouted
primary tunnel;

in response to the PLR determining that the level is greater than the threshold, sending a reroute notification to a head-end
node of the primary tunnel to reroute the primary tunnel, wherein the head-end node is a PCE client that communicates with
the PCE; and

in response to the PLR determining that the level is not greater than the threshold, allowing the backup tunnel to remain
activated without sending the reroute notification to reroute the primary tunnel to the head end node.

US Pat. No. 9,860,852

SYSTEM AND METHOD TO FACILITATE SMALL CELL UPLINK POWER CONTROL IN A NETWORK ENVIRONMENT

Cisco Technology, Inc., ...

1. A method comprising:
determining user equipment (UE) path loss information associated with one or more UE served by one or more small cell radios;
determining macro path loss information associated with each of the one or more small cell radios and a macro cell radio;
determining, at a central management entity, one or more sets of optimized power control parameters for uplink UE transmissions
for the one or more UE served by the one or more small cell radios based on the determined UE path loss information and the
determined macro path loss information, wherein the one or more sets of optimized power control parameters satisfy a first
interference constraint associated with limiting interference between the one or more small cell radios and satisfy a second
interference constraint associated with limiting interference toward the macro cell radio;

generating one or more messages for each of the one or more small cell radios identifying the one or more sets of optimized
power control parameters; and

setting, by each small cell radio of the one or more small cell radios, uplink transmit power for each UE served by each small
cell radio based, at least in part, on the identified one or more sets of optimized power control parameters.

US Pat. No. 9,369,303

USER-EQUIPMENT-INITIATED FRAMED ROUTES ON CUSTOMER-PREMISES EQUIPMENT FOR WIRELESS WIDE AREA NETWORKS

CISCO TECHNOLOGY, INC., ...

1. A gateway comprising:
a memory configured to store framed routes, virtual private networking routing and forwarding (VRF) names, tunnel identifiers,
and packet data protocol (PDP) addresses;

an interface; and
a processor coupled to the memory and the interface;
the gateway to:
extract at least one framed route and at least one VRF name from an attach request message received from a customer premises
equipment (CPE), wherein the at least one framed route specifies a plurality of network addresses represented by a network
address and a subnet;

associate a tunnel identifier and a PDP address with the extracted at least one framed route and the at least one VRF name;
store the associated tunnel identifier, PDP address, at least one framed route, and at least one VRF name; and
install the at least one framed route in a corresponding VRF, in response to the received attach request message so that a
framed route request initiated by a user equipment (UE) can be supported.

US Pat. No. 9,300,453

PROVIDING IN-LINE SERVICES THROUGH RADIO ACCESS NETWORK RESOURCES UNDER CONTROL OF A MOBILE PACKET CORE IN A NETWORK ENVIRONMENT

CISCO TECHNOLOGY, INC., ...

1. A method, comprising:
sending, by a first entity associated with an access network, a first request message including a session identifier associated
with a user session to a second entity associated with a core network;

establishing a first control channel with the second entity, the first control channel associated with the session identifier,
wherein the first control channel is an in-band channel between the first entity and the second entity; and

receiving policy information associated with the user session from the second entity using the first control channel, the
policy information indicative of one or more policies to be applied in the access network to user data associated with the
user session, wherein the policy information is included within a tunneling protocol packet.

US Pat. No. 9,113,037

VIDEO CONFERENCE VIRTUAL ENDPOINTS

Cisco Technology, Inc., ...

1. A virtual endpoint adapted to be installed on a computer device associated with a video conference endpoint adapted to
participate in a multi-party video conference, the video conference endpoint being adapted to encode and transmit an upstream
media stream including at least video data in an upstream direction and to receive and decode a combined media stream in a
downstream direction, the virtual endpoint comprising:
at least one upstream decoder adapted to decode the upstream encoded media stream received from the video conference endpoint
into an upstream decoded media stream;

a scaling device adapted to scale the upstream decoded media stream into a scaled upstream media stream;
at least one upstream encoder adapted to encode the scaled upstream media stream into an encoded scaled upstream media stream;
a first downstream decoder adapted to decode a downstream encoded media stream of a first resolution;
at least one second downstream decoder adapted to decode at least one of a number of downstream encoded media streams of a
second resolution;

a media composer adapted to compose a combined downstream media stream of decoded media streams of the first and the second
resolution; and

at least one downstream encoder adapted to encode the combined downstream media stream.