-
公开(公告)号:US10601664B2
公开(公告)日:2020-03-24
申请号:US15582294
申请日:2017-04-28
Applicant: Cisco Technology, Inc.
Inventor: Kannan Kumar , Brian E. Weis , Rashmikant B. Shah , Manoj Kumar Nayak
Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
-
公开(公告)号:US11909741B2
公开(公告)日:2024-02-20
申请号:US17330641
申请日:2021-05-26
Applicant: Cisco Technology, Inc.
Inventor: Brian E. Weis , Blake Harrell Anderson , Rashmikant B. Shah , David McGrew
CPC classification number: H04L63/104 , G06N20/00 , H04L63/20
Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
公开(公告)号:US10298581B2
公开(公告)日:2019-05-21
申请号:US15582113
申请日:2017-04-28
Applicant: Cisco Technology, Inc.
Inventor: Rashmikant B. Shah , Brian E. Weis , Kannan Kumar , Manoj Kumar Nayak
IPC: H04L29/06
Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
-
公开(公告)号:US20190089747A1
公开(公告)日:2019-03-21
申请号:US15708453
申请日:2017-09-19
Applicant: Cisco Technology, Inc.
Inventor: Wenyi Wang , Rashmikant B. Shah , Brian Weis , Michael L. Sullenberger , Yuan Cai
Abstract: A process to protect secure communication sessions from a network device that may have been subjected to a malicious network attack or otherwise the source of malicious network traffic. A cellular-connected network device, such as an IoT gateway, may receive data from one or more IoT devices. The cellular-connected network device may also communicate with a datacenter via a communication tunnel. The network device may include a usage profile reference. The network device, before transmitting data received from the IoT devices, may transmit the usage profile reference to the datacenter for authentication purposes. The datacenter may use the usage profile reference to resolve a usage profile that the usage profile reference references. Using the usage profile, the datacenter may negotiate with the cellular-connected network device to restrict the types of data that is transmitted between the datacenter and the cellular-connected network device.
-
Patent Agency Ranking
公开(公告)号:US20180332053A1
公开(公告)日:2018-11-15
申请号:US15595016
申请日:2017-05-15
Applicant: Cisco Technology, Inc.
Inventor: Brian E. Weis , Blake Harrell Anderson , Rashmikant B. Shah , David McGrew
CPC classification number: H04L63/126 , G06N99/005 , H04L63/04 , H04L63/08 , H04L63/104
Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
公开(公告)号:US20210297454A1
公开(公告)日:2021-09-23
申请号:US17330641
申请日:2021-05-26
Applicant: Cisco Technology, Inc.
Inventor: Brian E. Weis , Blake Harrell Anderson , Rashmikant B. Shah , David McGrew
Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
公开(公告)号:US11038893B2
公开(公告)日:2021-06-15
申请号:US15595016
申请日:2017-05-15
Applicant: Cisco Technology, Inc.
Inventor: Brian E. Weis , Blake Harrell Anderson , Rashmikant B. Shah , David McGrew
Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
公开(公告)号:US20180316673A1
公开(公告)日:2018-11-01
申请号:US15582113
申请日:2017-04-28
Applicant: Cisco Technology, Inc.
Inventor: Rashmikant B. Shah , Brian E. Weis , Kannan Kumar , Manoj Kumar Nayak
IPC: H04L29/06
CPC classification number: H04L63/0892 , H04L63/166 , H04L63/20
Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
-
公开(公告)号:US20180316563A1
公开(公告)日:2018-11-01
申请号:US15582294
申请日:2017-04-28
Applicant: Cisco Technology, Inc.
Inventor: Kannan Kumar , Brian E. Weis , Rashmikant B. Shah , Manoj Kumar Nayak
CPC classification number: H04L41/0893 , H04L41/0853 , H04L41/5051 , H04L63/029 , H04L63/101 , H04L63/20 , H04L67/12 , H04W4/50 , H04W4/70 , H04W12/0023 , H04W12/0808 , H04W12/1002
Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.014 seconds)
