Patents by Inventor Rashmikant B. Shah

Rashmikant B. Shah has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11909741
    Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
    Type: Grant
    Filed: May 26, 2021
    Date of Patent: February 20, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
  • Publication number: 20210297454
    Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
    Type: Application
    Filed: May 26, 2021
    Publication date: September 23, 2021
    Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
  • Patent number: 11038893
    Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: June 15, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
  • Patent number: 10601664
    Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: March 24, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
  • Patent number: 10298581
    Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: May 21, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
  • Publication number: 20190089747
    Abstract: A process to protect secure communication sessions from a network device that may have been subjected to a malicious network attack or otherwise the source of malicious network traffic. A cellular-connected network device, such as an IoT gateway, may receive data from one or more IoT devices. The cellular-connected network device may also communicate with a datacenter via a communication tunnel. The network device may include a usage profile reference. The network device, before transmitting data received from the IoT devices, may transmit the usage profile reference to the datacenter for authentication purposes. The datacenter may use the usage profile reference to resolve a usage profile that the usage profile reference references. Using the usage profile, the datacenter may negotiate with the cellular-connected network device to restrict the types of data that is transmitted between the datacenter and the cellular-connected network device.
    Type: Application
    Filed: September 19, 2017
    Publication date: March 21, 2019
    Inventors: Wenyi Wang, Rashmikant B. Shah, Brian Weis, Michael L. Sullenberger, Yuan Cai
  • Publication number: 20180332053
    Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
    Type: Application
    Filed: May 15, 2017
    Publication date: November 15, 2018
    Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
  • Publication number: 20180316673
    Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.
    Type: Application
    Filed: April 28, 2017
    Publication date: November 1, 2018
    Applicant: Cisco Technology, Inc.
    Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
  • Publication number: 20180316563
    Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
    Type: Application
    Filed: April 28, 2017
    Publication date: November 1, 2018
    Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak