Application regression detection in computing systems
US-2019108115-A1 · Apr 11, 2019 · US
Seamless rotation of keys for data analytics and machine learning on encrypted data
US11212079B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212079-B2 |
| Application number | US-201816186662-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 12, 2018 |
| Priority date | Nov 12, 2018 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a network assurance service maintains a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in a monitored network. The service receives a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network. The service forms, during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data. The service augments, during the key rotation time period, the first set of telemetry data with the mapped dataset. The service assesses, during the time period, performance of the network by applying a machine learning-based model to the first set of telemetry data augmented with the mapped dataset.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: maintaining, by a network assurance service that monitors a network, a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in the network, wherein the network assurance service applies a machine learning-based model to the first set of telemetry data to assess performance of the network; receiving, at the network assurance service, a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network; forming, by the network assurance service and during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data; augmenting, by the network assurance service and during the key rotation time period, the first set of telemetry data with the mapped dataset; and assessing, by the network assurance service and during the key rotation time period, performance of the network by applying the machine learning-based model to the first set of telemetry data augmented with the mapped dataset. 2. The method as in claim 1 , wherein the anonymized tokens in the first and second sets of telemetry data comprise at least one of: anonymized Internet Protocol (IP) addresses or anonymized media access control (MAC) addresses of the network entities. 3. The method as in claim 1 , wherein the network entities comprise one or more of: a router, a switch, a wireless access point, or a wireless access point controller. 4. The method as in claim 1 , further comprising: receiving, at the network assurance service, the key rotation notification via a user interface, wherein the key rotation notification further indicates the key rotation time period. 5. The method as in claim 1 , further comprising: deleting, by the network assurance service, the augmented first set of telemetry data on expiration of the key rotation time period. 6. The method as in claim 1 , further comprising: assessing, by the network assurance service and after expiration of the key rotation time period, performance of the network by applying the machine learning-based model to the second set of telemetry data. 7. The method as in claim 1 , further comprising: augmenting, by the network assurance service, the second set of telemetry data with a portion of the first set of telemetry data, wherein the anonymized tokens in the portion of the first set of telemetry data used to augment the second set of telemetry data are converted into the anonymized tokens in the second set of telemetry data; and assessing, by the network assurance service, performance of the network by applying the machine learning-based model to the augmented second set of telemetry data. 8. The method as in claim 1 , wherein the machine learning-based model comprises an unsupervised learning-based anomaly detection model. 9. The method as in claim 1 , wherein the network assurance service uses a mapping received from the network to convert the anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data, wherein the mapping maps tokens anonymized using the first key to tokens anonymized using the second key. 10. The method as in claim 1 , wherein the network assurance service is a cloud-based service that is remote from the monitored network. 11. An apparatus, comprising: one or more network interfaces; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed configured to: maintain a first set of telemetry data from a monitored network anonymized using a first key regarding a plurality of network entities in the network, wherein the apparatus applies a machine learning-based model to the first set of telemetry data to assess performance of the network; receive a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network; form, during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data; augment, during the key rotation time period, the first set of telemetry data with the mapped dataset; and assess, during the key rotation time period, performance of the network by applying the machine learning-based model to the first set of telemetry data augmented with the mapped dataset. 12. The apparatus as in claim 11 , wherein the anonymized tokens in the first and second sets of telemetry data comprise at least one of: anonymized Internet Protocol (IP) addresses or anonymized media access control (MAC) addresses of the network entities. 13. The apparatus as in claim 11 , wherein the network entities comprise one or more of: a router, a switch, a wireless access point, or a wireless access point controller. 14. The apparatus as in claim 11 , wherein the process when executed is further configured to: receive the key rotation notification via a user interface, wherein the key rotation notification further indicates the key rotation time period. 15. The apparatus as in claim 11 , wherein the process when executed is further configured to: delete the augmented first set of telemetry data on expiration of the key rotation time period. 16. The apparatus as in claim 11 , wherein the process when executed is further configured to: assess, after expiration of the key rotation time period, performance of the network by applying the machine learning-based model to the second set of telemetry data. 17. The apparatus as in claim 11 , wherein the process when executed is further configured to: augment the second set of telemetry data with a portion of the first set of telemetry data, wherein the anonymized tokens in the portion of the first set of telemetry data used to augment the second set of telemetry data are converted into the anonymized tokens in the second set of telemetry data; and assess performance of the network by applying the machine learning-based model to the augmented second set of telemetry data. 18. The apparatus as in claim 11 , wherein the machine learning-based model comprises an unsupervised learning-based anomaly detection model. 19. The apparatus as in claim 11 , wherein the apparatus uses a mapping received from the network to convert the anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data, wherein the mapping maps tokens anonymized using the first key to tokens anonymized using the second key. 20. A tangible, non-transitory, computer-readable medium storing program instructions that cause a network assurance service that monitors a network to execute a process comprising: maintaining, by the network assurance service, a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in the network, wherein the network assurance service applies a machine learning-based model to the first set of telemetry data to assess performance of the network; receiving, at the network assurance service, a key rotation notification indicative of a key changeover from the first key to a second key for ano
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound · CPC title
- H04L9/0819Primary
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
- H04L63/0407Primary
wherein the identity of one or more communicating identities is hidden (cryptographic mechanisms or cryptographic arrangements for anonymous credentials or for identity based cryptographic systems H04L9/00) · CPC title
Discovery or management thereof, e.g. service location protocol [SLP] or web services · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212079B2 cover?
- In one embodiment, a network assurance service maintains a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in a monitored network. The service receives a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network. The service f…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0819. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).