Patents by Inventor Kannan Kumar

Kannan Kumar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12289232
    Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.
    Type: Grant
    Filed: November 8, 2023
    Date of Patent: April 29, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
  • Patent number: 12225051
    Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.
    Type: Grant
    Filed: July 28, 2022
    Date of Patent: February 11, 2025
    Assignee: Cisco Technology, Inc.
    Inventors: Balaji Sundararajan, Vishnuprasad Raghavan, Kannan Kumar, Ramana Babu Polamarasetti, Mahalakshmi Rajaram
  • Publication number: 20250039141
    Abstract: This disclosure describes techniques for orchestrating implementation of a security solution among network devices. The techniques include determining capabilities of routers of the network and capabilities of a cloud security service to perform security features of a security solution. Based at least in part on the capabilities, the techniques include configuring a router of the network to execute a first subset of the security features on data traffic of the network, and configuring the cloud security service to execute a second subset of the security features on the data traffic. The techniques may also include causing the security solution to be presented to a security administrator via a display, the display providing representations of the first subset and the second subset of the security features.
    Type: Application
    Filed: July 24, 2023
    Publication date: January 30, 2025
    Inventors: Faizan Amjad Mohammed, Venkatesh Nataraj, Gowri Mahendran Lingam Chandramohan, Saravanan Radhakrishnan, Kannan Kumar
  • Publication number: 20250030743
    Abstract: Methods and systems are described herein for dynamically applying a security policy based on one or more tag attributes. The method comprises receiving, at a network controller, information about an instance of a cloud workload instantiated at a cloud provider. The cloud workload is associated with a tag attribute. The method further comprises querying the cloud provider for at least one IP address associated with the tag attribute and learning the at least one IP address associated with the tag attribute, including the IP address for the instance of the cloud workload. The method further comprises associating a security policy with the at least one IP address associated with the tag attribute and propagating the security policy to at least one edge router for implementation.
    Type: Application
    Filed: July 21, 2023
    Publication date: January 23, 2025
    Inventors: Balaji Sundararajan, Kannan Kumar, Madhu Somu, Ramakumara Kariyappa, Kushal A Patel, Vishnuprasad Raghavan, Deepthi Tammireddy
  • Publication number: 20240179125
    Abstract: This disclosure describes techniques and mechanisms for disclosure describes techniques and mechanisms for optimizing firewall enforcement. The techniques may implement a dynamic detection of Layer 7 processing at one end of the network, alleviating the need to enforce another layer 7 firewall inspection at the other end, thereby saving processing and network resources. The techniques enable firewalls and policies to be statically defined and located in one place.
    Type: Application
    Filed: November 30, 2022
    Publication date: May 30, 2024
    Inventors: Balaji Sundararajan, Venkatesh Nataraj, Kannan Kumar, Padmanabha Nallur, Abha Jain, Kushal Patel
  • Publication number: 20240106855
    Abstract: This disclosure describes techniques and mechanisms for improving security within SDWAN fabric and utilizing telemetry data from non-enterprise providers to remediate compromised SDWAN site(s) and/or user(s). The techniques may implement an integration of non-enterprise application(s) and API(s) with an enterprise network, thereby enabling the enterprise network to identify compromised endpoint(s), identify user(s), group(s), site(s) that are impacted, and take a corrective action (by the enterprise network and/or the non-enterprise application(s) or API(s)) on the enterprise fabric.
    Type: Application
    Filed: February 7, 2023
    Publication date: March 28, 2024
    Inventors: Balaji Sundararajan, Vivek Agarwal, Vishnuprasad Raghavan, Kannan Kumar, Chandra Balaji Rajaram
  • Publication number: 20240080267
    Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.
    Type: Application
    Filed: November 8, 2023
    Publication date: March 7, 2024
    Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
  • Publication number: 20240039956
    Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.
    Type: Application
    Filed: July 28, 2022
    Publication date: February 1, 2024
    Inventors: Balaji Sundararajan, Vishnuprasad Raghavan, Kannan Kumar, Ramana Babu Polamarasetti, Mahalakshmi Rajaram
  • Patent number: 11824770
    Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.
    Type: Grant
    Filed: March 8, 2022
    Date of Patent: November 21, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
  • Publication number: 20230188461
    Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.
    Type: Application
    Filed: March 8, 2022
    Publication date: June 15, 2023
    Inventors: Laxmikantha Reddy Ponnuru, Arul Murugan Manickam, Michael David Tracy, Kannan Kumar, Hamzah Kardame
  • Patent number: 10601664
    Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: March 24, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
  • Patent number: 10298581
    Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: May 21, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
  • Publication number: 20180316563
    Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
    Type: Application
    Filed: April 28, 2017
    Publication date: November 1, 2018
    Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
  • Publication number: 20180316673
    Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
    Type: Application
    Filed: April 28, 2017
    Publication date: November 1, 2018
    Applicant: Cisco Technology, Inc.
    Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak