-
1.发明授权公开(公告)号:US10609081B1
公开(公告)日:2020-03-31
申请号:US15796948
申请日:2017-10-30
Applicant: Cisco Technology, Inc.
Inventor: Syam Sundar V Appala , Shyamsundar Nandkishor Maniyar , Sanjay Kumar Hooda , Kiran Kumar Yedavalli
Abstract: In one example embodiment, a network appliance is configured to process packets in a network. The network appliance obtains a mapping of a domain name to a security group tag having associated therewith one or more security policies. The network appliance receives a network packet having an Internet Protocol address. The network appliance determines a particular domain name associated with the Internet Protocol address of the packet. Based on the mapping of the domain name to the security group tag and the particular domain name, the network appliance determines whether the network packet is associated with the security group tag. The network appliance applies the one or more security policies to the network packet based on the security group tag when the particular domain name of the network packet matches the domain name.
-
公开(公告)号:US20180337920A1
公开(公告)日:2018-11-22
申请号:US15597332
申请日:2017-05-17
Applicant: Cisco Technology, Inc.
Inventor: Steven Richard Stites , Morteza Ansari , Syam Sundar V Appala , Prashanth Patil
Abstract: A device obtains access to an application resource from a remote application server based on an authenticated device identifier. The device sends a request to access the application resource provided by the remote application server. The device receives a first message from the remote application server directing the device to send an authentication message to a device identity server. The authentication message requests an authenticated device identity for the device. The device attaches metadata associated with the device to the authentication message and sends the authentication message with the attached metadata to the device identity server. The device receives the authenticated device identity from the device identity server and sends the authenticated device identity to the remote application. The device obtains access to the application resource from the remote application server based on the authenticated device identity.
-
3.发明申请公开(公告)号:US20180255017A1
公开(公告)日:2018-09-06
申请号:US15447291
申请日:2017-03-02
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
CPC classification number: H04L41/0893 , H04L61/2514 , H04L61/2521 , H04L61/2571 , H04L67/306
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.
-
公开(公告)号:US10887175B2
公开(公告)日:2021-01-05
申请号:US16502554
申请日:2019-07-03
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.
-
5.发明申请公开(公告)号:US20190327150A1
公开(公告)日:2019-10-24
申请号:US16502554
申请日:2019-07-03
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.
-
Patent Agency Ranking
公开(公告)号:US11374980B1
公开(公告)日:2022-06-28
申请号:US16746167
申请日:2020-01-17
Applicant: Cisco Technology, Inc.
Inventor: Syam Sundar V Appala , Rex Emmanuel Fernando , Sanjay Kumar Hooda
IPC: H04L9/40 , H04L41/0893 , H04L41/12
Abstract: A plurality of policies to be enforced in a network environment via a plurality of devices are determined. A topology of the plurality of devices within the network environment is also determined. For each policy of the plurality of policies, a device of the plurality of devices is selected as the location at which to enforce the policy of the plurality of policies. Selecting the device for each policy of the plurality of policies includes correlating the policy of the plurality of policies with another of the plurality of policies and correlating the policy of the plurality of policies with the topology.
-
公开(公告)号:US10958622B2
公开(公告)日:2021-03-23
申请号:US15867124
申请日:2018-01-10
Applicant: Cisco Technology, Inc.
Inventor: Syam Sundar V Appala , Kiran Kumar Yedavalli , Shyamsundar Nandkishor Maniyar , Sanjay Kumar Hooda
Abstract: In one example, a network element in a first network receives a network packet including a first security group identifier. The network element identifies the first security group identifier, determines that the first security group identifier is hierarchically correlated with a second security group identifier, and inserts the second security group identifier into the network packet. The network element forwards the network packet including the second security group identifier.
-
公开(公告)号:US10540507B2
公开(公告)日:2020-01-21
申请号:US15597332
申请日:2017-05-17
Applicant: Cisco Technology, Inc.
Inventor: Steven Richard Stites , Morteza Ansari , Syam Sundar V Appala , Prashanth Patil
Abstract: A device obtains access to an application resource from a remote application server based on an authenticated device identifier. The device sends a request to access the application resource provided by the remote application server. The device receives a first message from the remote application server directing the device to send an authentication message to a device identity server. The authentication message requests an authenticated device identity for the device. The device attaches metadata associated with the device to the authentication message and sends the authentication message with the attached metadata to the device identity server. The device receives the authenticated device identity from the device identity server and sends the authenticated device identity to the remote application. The device obtains access to the application resource from the remote application server based on the authenticated device identity.
-
公开(公告)号:US10397060B2
公开(公告)日:2019-08-27
申请号:US15447291
申请日:2017-03-02
Applicant: Cisco Technology, Inc.
Inventor: Sanjay Kumar Hooda , Syam Sundar V Appala , Kaushik Kumar Dam , Vimarsh Puneet
Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. The policy server receives a first message from a network element connected to the client device. The first message requests an identity-based policy for the client device, and includes a first network address. The policy server receives a second message from an identity server. The second message includes information indicating an identity role and a second network address. The policy server receives a third message from a NAT device. The third message includes a NAT mapping that correlates the first network address with the second network address. After the policy server determines the identity-based policy based on a combination of the first message, the second message, and the third message, the policy server implements the identity-based policy in the network element.
-
公开(公告)号:US20190215303A1
公开(公告)日:2019-07-11
申请号:US15867124
申请日:2018-01-10
Applicant: Cisco Technology, Inc.
Inventor: Syam Sundar V Appala , Kiran Kumar Yedavalli , Shyamsundar Nandkishor Maniyar , Sanjay Kumar Hooda
IPC: H04L29/06
CPC classification number: H04L63/0236 , H04L63/104 , H04L63/20
Abstract: In one example, a network element in a first network receives a network packet including a first security group identifier. The network element identifies the first security group identifier, determines that the first security group identifier is hierarchically correlated with a second security group identifier, and inserts the second security group identifier into the network packet. The network element forwards the network packet including the second security group identifier.
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.079 seconds)
