公开(公告)号：US12225052B2

公开(公告)日：2025-02-11

申请号：US17877989

申请日：2022-07-31

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Benjamin William Ryder ,  Jean Andrei Diaconu ,  Hervé Muyal ,  Hitesh S. Saijpal

IPC: H04L9/40 ,  H04L67/10

Abstract: In one embodiment, a device may determine a compliance status of a communication of a type of data between a first workload and a second workload based on a data compliancy policy and a verified node location of at least one of the first workload and the second workload. The device may send, based on the compliance status of the communication, an instruction for handling the communication to at least one of a node executing the first workload and a node executing the second workload.

公开(公告)号：US20240037254A1

公开(公告)日：2024-02-01

申请号：US17877495

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Arash Salarian ,  Herve Muyal ,  Jean Andrei Diaconu ,  Jelena Kljujic ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F3/04847 ,  G06F40/279 ,  G06F40/166

CPC classification number: G06F21/6209 ,  G06F3/04847 ,  G06F40/279 ,  G06F40/166 ,  G06Q50/265

Abstract: In one embodiment, a device may extract, from one or more bodies of text, a data usage restriction for a particular type of data. The device may send, to a user interface, the data usage restriction extracted from the one or more bodies of text for presentation for a user. The device may receive, via the user interface, feedback from the user regarding the data usage restriction. The device may generate a data compliance constraint that controls how an application service handles the particular type of data, based on the data usage restriction and the feedback from the user.

公开(公告)号：US20240012918A1

公开(公告)日：2024-01-11

申请号：US17859693

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Herve Muyal ,  Jean Andrei Diaconu ,  Frank Brockners ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F9/54

CPC classification number: G06F21/6209 ,  G06F9/543

Abstract: In one embodiment, a device obtains program code of an application that defines annotations denoting a plurality of data types handled by the application. The device determines, for each of the plurality of data types, an association between that data type and a category of sensitive data. The device creates, based on the association for each of the plurality of data types, a protection binding that defines a data handling scope bonded to the association between that data type and its associated category of sensitive data. The device causes data compliance policies to be applied to the application according to its corresponding associations and protection bindings.

公开(公告)号：US12282575B2

公开(公告)日：2025-04-22

申请号：US17859720

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Hervé Muyal ,  Jean Andrei Diaconu ,  Frank Brockners ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F9/54 ,  G06F21/60 ,  G06F16/2457

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

公开(公告)号：US12149564B2

公开(公告)日：2024-11-19

申请号：US17877508

申请日：2022-07-29

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Benjamin William Ryder ,  Jean Andrei Diaconu ,  Hervé Muyal ,  Hitesh S. Saijpal

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/40

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.