Patents by Inventor Brian E. Weis
Brian E. Weis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240109899Abstract: The present invention is directed to compounds of formula (I) and (II), wherein all substituents are defined herein, as well as pharmaceutically acceptable compositions comprising compounds of the invention and methods of using said compositions in the treatment of various disorders.Type: ApplicationFiled: February 3, 2022Publication date: April 4, 2024Applicant: BRISTOL-MYERS SQUIBB COMPANYInventors: BRIAN E. FINK, EMILY CHARLOTTE CHERNEY, LIPING ZHANG, JULIAN C. LO, GRETCHEN M. SCHROEDER, TRAM N. HUYNH, DONNA D. WEI, VIJAY T. AHUJA, CLAUDE A. QUESNELLE
-
Patent number: 11909741Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: GrantFiled: May 26, 2021Date of Patent: February 20, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Patent number: 11283831Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.Type: GrantFiled: May 24, 2019Date of Patent: March 22, 2022Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Eliot Lear, Brian E. Weis
-
Publication number: 20210297454Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: ApplicationFiled: May 26, 2021Publication date: September 23, 2021Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Patent number: 11038893Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: GrantFiled: May 15, 2017Date of Patent: June 15, 2021Assignee: Cisco Technology, Inc.Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Patent number: 10841164Abstract: In one embodiment, a classification device in a computer network analyzes data from a given device in the computer network, and classifies the given device as a particular type of device based on the data. The classification device may then determine whether a manufacturer usage description (MUD) policy exists for the particular type of device. In response to there being no existing MUD policy for the particular type of device, the classification device may then determine patterns of the analyzed data, classify the patterns into context-based policies, and generate a derived MUD policy for the particular type of device based on the context-based policies. The classification device may then apply one of either the existing or derived MUD policy for the given device within the computer network.Type: GrantFiled: February 9, 2018Date of Patent: November 17, 2020Assignee: Cisco Technology, Inc.Inventors: Panagiotis Theodorou Kampanakis, Blake Harrell Anderson, Brian E. Weis, Charles Calvin Byers, M. David Hanes, Joseph Michael Clarke, Gonzalo Salgueiro
-
Patent number: 10785809Abstract: In one embodiment, a device in a network receives node information regarding a plurality of nodes that are to join the network. The device determines network formation parameters based on the received node information. The network formation parameters are indicative of a network join schedule and join location for a particular node from the plurality of nodes. The device generates, according to the network join schedule, a join invitation for the particular node based on the network formation parameters. The join invitation allows the particular node to attempt joining the network at the join location via a specified access point. The device causes the sending of one or more beacons via the network that include the join invitation to the particular node. The particular node attempts to join the network via the specified access point based on the one or more beacons.Type: GrantFiled: December 19, 2016Date of Patent: September 22, 2020Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Max Pritikin, Eliot Lear, Toerless Eckert, Nancy Cam-Winget, Brian E. Weis
-
Patent number: 10637889Abstract: Aspects of the embodiments are directed to systems, methods, and computer program products to program, via a northbound interface, a mapping between an endpoint identifier (EID) and a routing locator (RLOC) directly into a mapping database at a mapping system; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier; identify an RLOC based, at least in part, on the destination identifier of the EID tuple from the mapping database; and transmit the RLOC to the first tunneling router implementing an high level policy that has been dynamically resolved into a state of the mapping database.Type: GrantFiled: July 22, 2016Date of Patent: April 28, 2020Assignee: Cisco Technology, Inc.Inventors: Vina Ermagan, Fabio R. Maino, Florin T. Coras, Marius Horia Miclea, John William Evans, Paul Quinn, Darrel Jay Lewis, Brian E. Weis
-
Patent number: 10601664Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: GrantFiled: April 28, 2017Date of Patent: March 24, 2020Assignee: Cisco Technology, Inc.Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Publication number: 20190281085Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.Type: ApplicationFiled: May 24, 2019Publication date: September 12, 2019Inventors: Pascal Thubert, Eric Levy-Abegnoli, Eliot Lear, Brian E. Weis
-
Publication number: 20190253319Abstract: In one embodiment, a classification device in a computer network analyzes data from a given device in the computer network, and classifies the given device as a particular type of device based on the data. The classification device may then determine whether a manufacturer usage description (MUD) policy exists for the particular type of device. In response to there being no existing MUD policy for the particular type of device, the classification device may then determine patterns of the analyzed data, classify the patterns into context-based policies, and generate a derived MUD policy for the particular type of device based on the context-based policies. The classification device may then apply one of either the existing or derived MUD policy for the given device within the computer network.Type: ApplicationFiled: February 9, 2018Publication date: August 15, 2019Inventors: Panagiotis Theodorou Kampanakis, Blake Harrell Anderson, Brian E. Weis, Charles Calvin Byers, M. David Hanes, Joseph Michael Clarke, Gonzalo Salgueiro
-
Patent number: 10356124Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.Type: GrantFiled: March 1, 2017Date of Patent: July 16, 2019Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Eliot Lear, Brian E. Weis
-
Patent number: 10298581Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: GrantFiled: April 28, 2017Date of Patent: May 21, 2019Assignee: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
-
Patent number: 10243928Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.Type: GrantFiled: January 29, 2016Date of Patent: March 26, 2019Assignee: Cisco Technology, Inc.Inventors: Warren Scott Wainner, Sheela D. Rowles, Brian E. Weis, David Arthur McGrew, Scott R. Fluhrer, Kavitha Kamarthy
-
Publication number: 20180332053Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: ApplicationFiled: May 15, 2017Publication date: November 15, 2018Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Publication number: 20180316673Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Applicant: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
-
Publication number: 20180316563Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Patent number: 10104050Abstract: A method is provided in one example embodiment and includes receiving at a node of a transitive IP network a data packet including a Network Services Header (“NSH”); accessing by the transitive IP network node context contained in the NSH, wherein the context may be used by the transitive IP network node to perform an enhanced network service in connection with the received data packet; performing by the transitive IP network node the enhanced network service in connection with the received data packet using the accessed context; and, subsequent to the performing, forwarding the received packet to a next node.Type: GrantFiled: May 4, 2016Date of Patent: October 16, 2018Assignee: Cisco Technology, Inc.Inventors: Warren Scott Wainner, Brian E. Weis, Paul Quinn, Scott Roy Fluhrer
-
Publication number: 20180255092Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.Type: ApplicationFiled: March 1, 2017Publication date: September 6, 2018Inventors: Pascal Thubert, Eric Levy-Abegnoli, Eliot Lear, Brian E. Weis
-
Publication number: 20170324714Abstract: A method is provided in one example embodiment and includes receiving at a node of a transitive IP network a data packet including a Network Services Header (“NSH”); accessing by the transitive IP network node context contained in the NSH, wherein the context may be used by the transitive IP network node to perform an enhanced network service in connection with the received data packet; performing by the transitive IP network node the enhanced network service in connection with the received data packet using the accessed context; and, subsequent to the performing, forwarding the received packet to a next node.Type: ApplicationFiled: May 4, 2016Publication date: November 9, 2017Applicant: CISCO TECHNOLOGY, INC.Inventors: Warren Scott Wainner, Brian E. Weis, Paul Quinn, Scott Roy Fluhrer