公开(公告)号：US20250055870A1

公开(公告)日：2025-02-13

申请号：US18446053

申请日：2023-08-08

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Poojalakshmi D.

IPC: H04L9/40

Abstract: Provided herein are techniques to facilitate dynamic policy enforcement for cloud-based applications in an enterprise environment. In one example, a method may include obtaining, from a cloud network of a cloud-based application, an authentication request associated with an enterprise user that is seeking to utilize the cloud-based application, wherein the authentication request comprises an application identifier and a vulnerability index associated with the cloud-based application; identifying one or more vulnerabilities of the cloud-based application based on the application identifier and the vulnerability index; determining an access level for which the cloud-based application is allowed to access the enterprise network based, at least in part, on one or more vulnerabilities of the cloud-based application and one or more access rules associated with the cloud-based application; and sending a response to the cloud network indicating the access level for which the cloud-based application is allowed to access the enterprise network.

公开(公告)号：US12192192B2

公开(公告)日：2025-01-07

申请号：US17749274

申请日：2022-05-20

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Rajesh Indira Viswambharan ,  Nagendra Kumar Nainar ,  Akram Ismail Sheriff ,  David John Zacks

IPC: H04L9/40

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

公开(公告)号：US20240414089A1

公开(公告)日：2024-12-12

申请号：US18206245

申请日：2023-06-06

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Carlos M. Pignataro ,  Akram Sheriff ,  Vinay Saini ,  Rajesh Indira Viswambharan

IPC: H04L47/10 ,  H04L45/12

Abstract: Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving a registration from an IPS that includes service ISP service parameters, and storing the registration in a NaaS database. A request to connect to a remote service from a user device, including user parameters required is received. ISPs having respective service parameters compatible with the user parameters are identified in the NaaS database. Multiple paths offered by the service providers between the user device and the remote service are determined. Network performance data for each path is received from a network monitoring service. Using the network performance data, an optimal path for establishing the connection is identified. A request to instantiate a tunnel between the user device and remote service is transmitted to the service providers along the optimal path and the tunnel information is transmitted to the user device.

公开(公告)号：US12149936B2

公开(公告)日：2024-11-19

申请号：US17848879

申请日：2022-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vinay Saini ,  Snezana Mitrovic ,  Timothy P. Stammers ,  Rajesh Indira Viswambharan

IPC: H04W12/08 ,  H04W12/06 ,  H04W12/37

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

公开(公告)号：US12137125B2

公开(公告)日：2024-11-05

申请号：US17886030

申请日：2022-08-11

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Vinay Saini ,  Akram Sheriff ,  Rajesh Indira Viswambharan ,  David John Zacks

IPC: H04L9/40

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

公开(公告)号：US20240147232A1

公开(公告)日：2024-05-02

申请号：US18052013

申请日：2022-11-02

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Ram Mohan Ravindranath ,  Prashanth Patil

IPC: H04W12/06 ,  H04L9/40 ,  H04W12/63

CPC classification number: H04W12/06 ,  H04L63/20 ,  H04W12/63 ,  H04L2463/082

Abstract: Disclosed herein are systems, methods, and computer-readable media for enabling multi-factor authentication (MFA) for an Internet Of Things (IoT) device. In one aspect, a method includes receiving a network connection request from the IoT device to connect to a network. In one aspect, the method includes fetching authentication information for the device in response to the request. In one aspect, the method includes authenticating the device to the network. In one aspect, the method includes in response to the authentication of the device to the network, establishing a network connection between the IoT device and the network. In one aspect, the method includes applying the MFA policy. In one aspect, the method includes after successful compliance with the MFA policy establishing a session between the device and the application over the network.

公开(公告)号：US11902804B2

公开(公告)日：2024-02-13

申请号：US17568562

申请日：2022-01-04

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Saravanan Radhakrishnan ,  Girish Thimmalapura Shivanna ,  Mahaveer Jain ,  Rishi Kant ,  Sarthak Udai Singh

IPC: H04W24/04 ,  H04W12/06 ,  H04W12/61 ,  H04L41/0677 ,  H04W48/02

CPC classification number: H04W24/04 ,  H04L41/0677 ,  H04W12/06 ,  H04W12/61 ,  H04W48/02

Abstract: The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.

公开(公告)号：US20230217273A1

公开(公告)日：2023-07-06

申请号：US17568562

申请日：2022-01-04

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Saravanan Radhakrishnan ,  Girish Thimmalapura Shivanna ,  Mahaveer Jain ,  Rishi Kant ,  Sarthak Udai Singh

IPC: H04W24/04 ,  H04W48/02 ,  H04L41/0677 ,  H04W12/06 ,  H04W12/61

CPC classification number: H04W24/04 ,  H04W48/02 ,  H04L41/0677 ,  H04W12/06 ,  H04W12/61

Abstract: The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.

公开(公告)号：US11570066B1

公开(公告)日：2023-01-31

申请号：US17369173

申请日：2021-07-07

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Girish Thimmalapura Shivanna ,  Mahaveer Jain

IPC: H04L41/5041 ,  H04W24/02 ,  H04W28/02 ,  H04W28/08 ,  H04W24/10 ,  H04L43/091

Abstract: An approach to configure enterprise wireless mobile network slices. A method includes receiving slice definition information representative of a network slice, the slice definition information including an expected slice efficiency index of the network slice, provisioning the network slice, consistent with the slice definition information, in a wireless network, receiving telemetry corresponding to operational metrics of an instance of the network slice that is used by one or more devices in the wireless network, calculating an actual slice efficiency index for the instance of the network slice based on the telemetry corresponding to the operation metrics of the instance of the network slice, determining whether the expected slice efficiency index differs from the actual slice efficiency index by a predetermined threshold, and indicating a course of action to cause the actual slice efficiency index to more closely align with the expected slice efficiency index.

公开(公告)号：US20230010527A1

公开(公告)日：2023-01-12

申请号：US17369173

申请日：2021-07-07

Applicant: Cisco Technology, Inc.

Inventor： Rajesh Indira Viswambharan ,  Girish Thimmalapura Shivanna ,  Mahaveer Jain

IPC: H04L12/24 ,  H04W24/02 ,  H04W24/10 ,  H04W28/02 ,  H04W28/08

Abstract: An approach to configure enterprise wireless mobile network slices. A method includes receiving slice definition information representative of a network slice, the slice definition information including an expected slice efficiency index of the network slice, provisioning the network slice, consistent with the slice definition information, in a wireless network, receiving telemetry corresponding to operational metrics of an instance of the network slice that is used by one or more devices in the wireless network, calculating an actual slice efficiency index for the instance of the network slice based on the telemetry corresponding to the operation metrics of the instance of the network slice, determining whether the expected slice efficiency index differs from the actual slice efficiency index by a predetermined threshold, and indicating a course of action to cause the actual slice efficiency index to more closely align with the expected slice efficiency index.