公开(公告)号：US09571524B2

公开(公告)日：2017-02-14

申请号：US14600473

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Christopher Duane ,  Denis Knjazihhin

IPC: H04L29/06 ,  G06F21/10

CPC classification number: H04L63/20 ,  G06F21/10 ,  H04L63/0227 ,  H04L63/0254 ,  H04L63/102

Abstract: A management entity generates selectable security policy classifications each identifying security policies that share common security rules. Each of the security policies is applied by a corresponding one of different security devices to control access to a resource. The management entity creates a new policy template that includes all of the security policies identified by selected ones of the policy classification selections and then creates a new security policy based on the new policy template. The management entity applies the new security policy to a security device over a network.

Abstract translation: 管理实体生成可选择的安全策略分类，每个分类标识共享公共安全规则的安全策略。 每个安全策略由相应的一个不同的安全设备应用来控制对资源的访问。 管理实体创建一个新的策略模板，其中包括由选定的策略分类选择标识的所有安全策略，然后基于新的策略模板创建新的安全策略。 管理实体通过网络将新的安全策略应用于安全设备。

公开(公告)号：US20160344738A1

公开(公告)日：2016-11-24

申请号：US14807120

申请日：2015-07-23

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Christopher Duane ,  Daniel Hollingshead ,  Denis Knjazihhin

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0263 ,  H04L63/20

Abstract: First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.

Abstract translation: 在配置文件中访问第一个和第二个安全规则。 确定比较第一和第二安全规则的比较点。 每个比较点标识第一和第二安全规则的相应规则参数。 相应权重分配给比较点。 对于每个比较点，将相应的规则参数彼此进行比较以产生指示水平相似度的相应比较分数。 每个比较分数由对应于比较分数的比较点的权重加权。 加权比较分数被组合成指示第一和第二安全规则之间的总体相似程度的总分数。

公开(公告)号：US10038697B2

公开(公告)日：2018-07-31

申请号：US14807120

申请日：2015-07-23

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Christopher Duane ,  Daniel Hollingshead ,  Denis Knjazihhin

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0263 ,  H04L63/20

Abstract: First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.

公开(公告)号：US09787722B2

公开(公告)日：2017-10-10

申请号：US14755228

申请日：2015-06-30

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Zachary D. Siswick ,  Christopher Duane ,  Daniel Hollingshead

IPC: H04L29/00 ,  H04L29/06 ,  G06F17/30 ,  G06F21/60 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F17/30106 ,  G06F17/30598 ,  G06F21/57 ,  G06F21/604

Abstract: An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.

公开(公告)号：US20160344773A1

公开(公告)日：2016-11-24

申请号：US14755228

申请日：2015-06-30

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Zachary D. Siswick ,  Christopher Duane ,  Daniel Hollingshead

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/20 ,  G06F17/30106 ,  G06F17/30598 ,  G06F21/57 ,  G06F21/604

Abstract: An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.

Abstract translation: 集成开发环境（IDE）预处理包括安全规则在内的配置文件。 预处理根据对象名称的对象定义将安全规则中的对象名称映射到关联对象值。 响应于在编辑器中打开的配置文件，IDE为编辑器提供对预处理结果的访问。 搜索打开的配置文件中的每个安全规则的对象名称。 IDE通过在预处理期间执行的映射将搜索中找到的每个对象名称链接到映射到其上的关联对象值。 IDE在打开的配置文件的安全规则中接收对象名称的选择，并生成用于显示链接到所选对象名称的关联对象值。

公开(公告)号：US20170317999A1

公开(公告)日：2017-11-02

申请号：US15139750

申请日：2016-04-27

Applicant: Cisco Technology, Inc.

Inventor： Denis Knjazihhin ,  Yedidya Dotan ,  Christopher Duane ,  Jason M. Perry

IPC: H04L29/06 ,  G06F9/44 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F9/4416 ,  G06F21/575 ,  H04L63/0884 ,  H04L67/28

Abstract: Presented herein are techniques for remotely releasing bootstrap credentials to a cloud management proxy device. In particular, a cloud management proxy device that is associated with a cloud system commences a boot operation. The cloud management proxy device then initiates a remote credential release process to obtain the bootstrap credentials, which are useable by the cloud management proxy device to complete the boot operation. Upon completion of the remote credential release process, the bootstrap credentials are received from a remote credential manager system.

公开(公告)号：US20160212168A1

公开(公告)日：2016-07-21

申请号：US14600473

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Yedidya Dotan ,  Christopher Duane ,  Denis Knjazihhin

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/10 ,  H04L63/0227 ,  H04L63/0254 ,  H04L63/102

Abstract: A management entity generates selectable security policy classifications each identifying security policies that share common security rules. Each of the security policies is applied by a corresponding one of different security devices to control access to a resource. The management entity creates a new policy template that includes all of the security policies identified by selected ones of the policy classification selections and then creates a new security policy based on the new policy template. The management entity applies the new security policy to a security device over a network.

Abstract translation: 管理实体生成可选择的安全策略分类，每个分类标识共享公共安全规则的安全策略。 每个安全策略由相应的一个不同的安全设备应用来控制对资源的访问。 管理实体创建一个新的策略模板，其中包括由选定的策略分类选择标识的所有安全策略，然后基于新的策略模板创建新的安全策略。 管理实体通过网络将新的安全策略应用于安全设备。