公开(公告)号：US10601664B2

公开(公告)日：2020-03-24

申请号：US15582294

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Kannan Kumar ,  Brian E. Weis ,  Rashmikant B. Shah ,  Manoj Kumar Nayak

IPC: H04L12/24 ,  H04L29/06 ,  H04W12/10 ,  H04L29/08 ,  H04W4/50 ,  H04W12/08 ,  H04W12/00 ,  H04W4/70

Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.

公开(公告)号：US10298581B2

公开(公告)日：2019-05-21

申请号：US15582113

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Rashmikant B. Shah ,  Brian E. Weis ,  Kannan Kumar ,  Manoj Kumar Nayak

IPC: H04L29/06

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

公开(公告)号：US20180316673A1

公开(公告)日：2018-11-01

申请号：US15582113

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Rashmikant B. Shah ,  Brian E. Weis ,  Kannan Kumar ,  Manoj Kumar Nayak

IPC: H04L29/06

CPC classification number: H04L63/0892 ,  H04L63/166 ,  H04L63/20

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

公开(公告)号：US20180316563A1

公开(公告)日：2018-11-01

申请号：US15582294

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Kannan Kumar ,  Brian E. Weis ,  Rashmikant B. Shah ,  Manoj Kumar Nayak

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L41/0893 ,  H04L41/0853 ,  H04L41/5051 ,  H04L63/029 ,  H04L63/101 ,  H04L63/20 ,  H04L67/12 ,  H04W4/50 ,  H04W4/70 ,  H04W12/0023 ,  H04W12/0808 ,  H04W12/1002

Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.