公开(公告)号：US11929984B2

公开(公告)日：2024-03-12

申请号：US17308375

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L9/40 ,  H04L65/102

CPC classification number: H04L63/0263 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L65/102

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US20220360562A1

公开(公告)日：2022-11-10

申请号：US17308375

申请日：2021-05-05

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L29/06

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US12003486B2

公开(公告)日：2024-06-04

申请号：US17397230

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

公开(公告)号：US11893849B2

公开(公告)日：2024-02-06

申请号：US17474002

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: G07C9/28 ,  G07C9/22 ,  H04L9/40 ,  G07C9/00

CPC classification number: G07C9/28 ,  G07C9/00309 ,  G07C9/22 ,  H04L63/0853 ,  G07C2009/00769 ,  H04L2463/082

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

公开(公告)号：US20230083426A1

公开(公告)日：2023-03-16

申请号：US17474002

申请日：2021-09-13

Applicant: Cisco Technology, Inc.

Inventor： Thomas Szigeti ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: G07C9/28 ,  G07C9/22 ,  G07C9/00 ,  H04L29/06

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

公开(公告)号：US20230042610A1

公开(公告)日：2023-02-09

申请号：US17397230

申请日：2021-08-09

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk

IPC: H04L29/06

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

公开(公告)号：US12206646B2

公开(公告)日：2025-01-21

申请号：US18537156

申请日：2023-12-12

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L9/40 ,  H04L65/102

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US11979375B2

公开(公告)日：2024-05-07

申请号：US17219157

申请日：2021-03-31

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  David Hanes ,  Gonzalo Salgueiro

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0236 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine. Further, a feedback loop may be established between the SASE engine and the endpoint device(s), enabling the SASE engine with the ability to autonomously and dynamically update security profiles.

公开(公告)号：US20240146696A1

公开(公告)日：2024-05-02

申请号：US18537156

申请日：2023-12-12

Applicant: Cisco Technology, Inc.

Inventor： David Hanes ,  Gonzalo Salgueiro ,  Sebastian Jeuk ,  Robert Edgar Barton

IPC: H04L9/40 ,  H04L65/102

CPC classification number: H04L63/0263 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L65/102

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

公开(公告)号：US20220321534A1

公开(公告)日：2022-10-06

申请号：US17219157

申请日：2021-03-31

Applicant: Cisco Technology, Inc.

Inventor： Sebastian Jeuk ,  David Hanes ,  Gonzalo Salgueiro

IPC: H04L29/06

Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine. Further, a feedback loop may be established between the SASE engine and the endpoint device(s), enabling the SASE engine with the ability to autonomously and dynamically update security profiles.